Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 31 replies
  • Subscribers 38 subscribers
  • Views 110433 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS V17 - Microsoft Update and Xbox Download Issues

ShawnGilronan

I recently upgraded my SFOS software to v17.0.0 GA from 16.05.8MR-8.  After upgrading, I was not able to run ANY updates from windows, let alone the anniversary updates people have had issues with lately.

Additionally, I thought my Xbox One X had died, after just getting it.  I had a bunch of patches to install for various games, and all of them were failing to install, until I connected the dots to the windows updates failing on all of my PCs as well.

Here's the curious part, after analyzing both the Xbox One downloads, as well as the windows updates, I noticed that all of the updates and downloads crashed out at the 2 GB mark.  It was easy to trace with the Xbox, as it gives you a running total of the current download.  However I ran the real-time logs through Sophos as well, and noticed every time the download hit the 2GB mark, it would be killed.

I set the exception for Microsoft Windows Update to ON for the Web Exception filtering, however it had no affect on the problem.

Why would Sophos kill any downloads from Microsoft that hit the 2GB mark?  What is special about that file size?  I did not have this problem with any other files of larger sizes.  I moved a bunch of my movies up to my google drive and onedrive, and was able to pull them back down no problem.

I would love to upgrade (again) to v17, however until this problem is resolved, I'll stick to v16.5.



This thread was automatically locked due to age.
  • 0 in reply to Michael Dunn

    Michael,

    I think we got off-track here. I am not having any issues with clients connecting to the WSUS server for updates, I have that working just fine. 

    The issue is the WSUS server is not downloading all needed files from Microsoft since I updated the Sophos XG to v17. I am also not able to download larger updates on any PC on the network if I click on "Check online for updates from Microsoft Update". I assume that this is all related to the same issues that this post is describing. 

    What I was asking is if you could elaborate on this sentence as to what exactly you are saying to do. "The workaround until then is to create a higher level firewall rule for service Web and destination network of just that site."

    Thanks!

  • 0 in reply to RyanE

    I just described the how to create "a higher level firewall rule for service Web and destination network of just that site".  If the description is not clear enough, let me know.

    If the issue is from WSUS server to Microsoft the solution is the same.

    You can create a firewall rule exactly as I described, but this time putting in the WSUS server as the source network rather than the destination network.  Then all Web traffic of any type from that computer will not go through the proxy.  Which is perhaps less safe.

    Alternately you can determine what Microsoft servers it is downloading and failing from (you should be able to see this in Web Filter logs and search for status_code="416") and create an FQDN host to use a destination.  It is possible that the Out-of-Box definition for Microsoft Services (*.microsoft.com) is what you need.

    You can even do both.  Create a rule from Source WSUS Server to Destination Microsoft.

    The solution (creating a firewall rule that bypasses proxy based on the source/destination) is the same and I've described it.  Choosing a source or destination that is appropriate for your environment is something you need to figure out.

     

    Edit: fixed status_code

  • 0 in reply to Michael Dunn

    Don't like it, but a quick fix for it is simple (put the rule on top). I hope devs patch this out fast.

  • 0

    Do we have any info is this fixed in MR-5 ?

  • 0 in reply to Gregor Ivezic

    is MR-5 out and available now?

    I have temporarily switched to a different FW, but i'm willing to switch back and try it as i'm not really hapy with the replacement either.

  • 0 in reply to tax

    ...yup, it's out and available for install.

  • 0 in reply to Gregor Ivezic

    thanks. i should be able to try it later today and will post my experiences with the update on the matter

  • 0 in reply to tax

    ...seems that the 2GB limitation on downloads for Xbox Live service is "lifted" in MR-5. I'm downloading ZOMBI (22GB game) and it went past the 2GB mark (2.7GB+ and downloading).

  • 0 in reply to Gregor Ivezic

    My W10 updates went through without any issues. Very pleasing to see.

    Ian

  • 0 in reply to Gregor Ivezic

    Finally got around to test some larger DLs ... it looks indeed fixed. I’m back to Sophos since Friday night, but Xbox live DLs we’re running very slowly - that’s why I didn’t want to judge yet. But all finished successfully in the end, so I guess we’re good.

    Cheers