Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 25300 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Up2Date and patterns not updating?

kdanway

Hello community,

I downloaded and installed Sophos UTM Home 9.351-3. I have it set to auto update. My current pattern version shows nothing, it's empty and last check shows never. Looking in the Up2Date message logs I see connection errors.
No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443)
No Authentication Servers found in DNS. Using defaults
There are other errors but didn't want to copy and paste the whole page. I'm really not sure what is happening, could anyone help out?  I'm also very confused about the manual updates shown at ftp://ftp.astaro.com/pub/. Could someone please explain the different update files?
Thank you very much,
Kenneth Waycaster



This thread was automatically locked due to age.
Parents
  • 0
    Hi Kenneth,

    First thing would be to get SSH access to the UTM for further troubleshooting.

    To enable SSH access to the UTM, please follow this guide:
    www.sophos.com/.../115120.aspx

    To access the UTM with PuTTy, please follow this guide:
    www.sophos.com/.../115863.aspx

    When you are logged into the UTM as root user, to get more information about what is occurring on the system, you can run:
    auisys.plx -level d --verbose --simulation

    This will allow you run a simulation of an up2date with verbose output, if there are any errors, they would typically be shown at the end.


    Also, to verify the integrity of the pattern packages, please run:
    rpm -qa | grep savi

    A good result should return:
    utm:/root # rpm -qa | grep savi
    libsaviglue-9.30-3.gf8decc4.rb1
    u2d-savi-9-8318

    However, if significantly more packages are listed, that could indicate a problem with the RPM database. To fix these issues, the following commands would work:
    This is the command to rebuild the rpm DB:
    rpmdb --rebuilddb

    This is the command to delete these old RPMs:
    rpm -e u2d<package-name>


    In regards to the manual updates, the ones for the UTM v9 are listed at: ftp.astaro.com/.../

    These can be manually downloaded and uploaded to the UTM, in case you wish to do offline updates of the UTM. Each up2date file is shown as two files together, like this:
    u2d-sys-9.350012-351003.tgz.gpg 155 MB 11/4/15, 8:35:00 AM
    u2d-sys-9.350012-351003.tgz.gpg.md5 66 B 11/4/15, 8:35:00 AM

    For the first line, the first section 9.350012 refers to version 9.35-12, the second section refers to 9.351-3 and the entire file is a gzip compressed archive file of 155MB in size.

    The second line, shows the same information, except it is referring to the md5 checksum hash used to verify that the file has not been tampered with.

    Thanks,

    Ted Reynolds
Reply
  • 0
    Hi Kenneth,

    First thing would be to get SSH access to the UTM for further troubleshooting.

    To enable SSH access to the UTM, please follow this guide:
    www.sophos.com/.../115120.aspx

    To access the UTM with PuTTy, please follow this guide:
    www.sophos.com/.../115863.aspx

    When you are logged into the UTM as root user, to get more information about what is occurring on the system, you can run:
    auisys.plx -level d --verbose --simulation

    This will allow you run a simulation of an up2date with verbose output, if there are any errors, they would typically be shown at the end.


    Also, to verify the integrity of the pattern packages, please run:
    rpm -qa | grep savi

    A good result should return:
    utm:/root # rpm -qa | grep savi
    libsaviglue-9.30-3.gf8decc4.rb1
    u2d-savi-9-8318

    However, if significantly more packages are listed, that could indicate a problem with the RPM database. To fix these issues, the following commands would work:
    This is the command to rebuild the rpm DB:
    rpmdb --rebuilddb

    This is the command to delete these old RPMs:
    rpm -e u2d<package-name>


    In regards to the manual updates, the ones for the UTM v9 are listed at: ftp.astaro.com/.../

    These can be manually downloaded and uploaded to the UTM, in case you wish to do offline updates of the UTM. Each up2date file is shown as two files together, like this:
    u2d-sys-9.350012-351003.tgz.gpg 155 MB 11/4/15, 8:35:00 AM
    u2d-sys-9.350012-351003.tgz.gpg.md5 66 B 11/4/15, 8:35:00 AM

    For the first line, the first section 9.350012 refers to version 9.35-12, the second section refers to 9.351-3 and the entire file is a gzip compressed archive file of 155MB in size.

    The second line, shows the same information, except it is referring to the md5 checksum hash used to verify that the file has not been tampered with.

    Thanks,

    Ted Reynolds
Children
  • 0 in reply to TedReynolds
    Hey Ted,
    I did what you suggested but there were no errors with a simulation and there are no files in the rpm database. Can you make sense of this log file from up2date messages?
    I have reinstalled 3 times and also downgraded once with the same results.
    Thank you,
    Kenneth Waycaster

    2015:11:27-20:34:01 sophosutm audld[7691]: no HA system or cluster node
    2015:11:27-20:34:01 sophosutm audld[7691]: Starting Up2Date Package Downloader
    2015:11:27-20:34:02 sophosutm audld[7691]: patch up2date possible
    2015:11:27-20:34:02 sophosutm audld[7691]: >=========================================================================
    2015:11:27-20:34:02 sophosutm audld[7691]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-20:34:02 sophosutm audld[7691]:
    2015:11:27-20:34:02 sophosutm audld[7691]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:34:02 sophosutm audld[7691]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-20:34:02 sophosutm audld[7691]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-20:34:02 sophosutm audld[7691]: 4. main::main:138() audld.pl
    2015:11:27-20:34:02 sophosutm audld[7691]: 5. main::top-level:40() audld.pl
    2015:11:27-20:34:02 sophosutm audld[7691]: <=========================================================================
    2015:11:27-20:34:02 sophosutm audld[7691]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: >=========================================================================
    2015:11:27-20:34:03 sophosutm audld[7691]: All 3 Authentication Servers failed
    2015:11:27-20:34:03 sophosutm audld[7691]:
    2015:11:27-20:34:03 sophosutm audld[7691]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 4. main::main:174() audld.pl
    2015:11:27-20:34:03 sophosutm audld[7691]: 5. main::top-level:40() audld.pl
    2015:11:27-20:34:03 sophosutm audld[7691]: [CRIT-310] Up2Date prefetch failed
    2015:11:27-20:34:03 sophosutm audld[7691]: |=========================================================================
    2015:11:27-20:34:03 sophosutm audld[7691]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-20:34:03 sophosutm audld[7691]:
    2015:11:27-20:34:03 sophosutm audld[7691]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 3. main::main:174() audld.pl
    2015:11:27-20:34:03 sophosutm audld[7691]: 4. main::top-level:40() audld.pl
    2015:11:27-20:49:01 sophosutm audld[8821]: no HA system or cluster node
    2015:11:27-20:49:01 sophosutm audld[8821]: Starting Up2Date Package Downloader
    2015:11:27-20:49:02 sophosutm audld[8821]: patch up2date possible
    2015:11:27-20:49:02 sophosutm audld[8821]: >=========================================================================
    2015:11:27-20:49:02 sophosutm audld[8821]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-20:49:02 sophosutm audld[8821]:
    2015:11:27-20:49:02 sophosutm audld[8821]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:49:02 sophosutm audld[8821]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-20:49:02 sophosutm audld[8821]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-20:49:02 sophosutm audld[8821]: 4. main::main:138() audld.pl
    2015:11:27-20:49:02 sophosutm audld[8821]: 5. main::top-level:40() audld.pl
    2015:11:27-20:49:02 sophosutm audld[8821]: <=========================================================================
    2015:11:27-20:49:02 sophosutm audld[8821]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-20:49:03 sophosutm audld[8821]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-20:49:03 sophosutm audld[8821]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-20:49:03 sophosutm audld[8821]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-20:49:03 sophosutm audld[8821]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-20:49:03 sophosutm audld[8821]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-20:49:03 sophosutm audld[8821]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-20:49:03 sophosutm audld[8821]: >=========================================================================
    2015:11:27-20:49:03 sophosutm audld[8821]: All 3 Authentication Servers failed
    2015:11:27-20:49:03 sophosutm audld[8821]:
    2015:11:27-20:49:03 sophosutm audld[8821]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:49:03 sophosutm audld[8821]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:49:03 sophosutm audld[8821]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:49:03 sophosutm audld[8821]: 4. main::main:174() audld.pl
    2015:11:27-20:49:03 sophosutm audld[8821]: 5. main::top-level:40() audld.pl
    2015:11:27-20:49:03 sophosutm audld[8821]: |=========================================================================
    2015:11:27-20:49:03 sophosutm audld[8821]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-20:49:03 sophosutm audld[8821]:
    2015:11:27-20:49:03 sophosutm audld[8821]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:49:03 sophosutm audld[8821]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:49:03 sophosutm audld[8821]: 3. main::main:174() audld.pl
    2015:11:27-20:49:03 sophosutm audld[8821]: 4. main::top-level:40() audld.pl
    2015:11:27-21:04:01 sophosutm audld[9932]: no HA system or cluster node
    2015:11:27-21:04:01 sophosutm audld[9932]: Starting Up2Date Package Downloader
    2015:11:27-21:04:02 sophosutm audld[9932]: patch up2date possible
    2015:11:27-21:04:02 sophosutm audld[9932]: >=========================================================================
    2015:11:27-21:04:02 sophosutm audld[9932]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-21:04:02 sophosutm audld[9932]:
    2015:11:27-21:04:02 sophosutm audld[9932]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:04:02 sophosutm audld[9932]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:04:02 sophosutm audld[9932]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:04:02 sophosutm audld[9932]: 4. main::main:138() audld.pl
    2015:11:27-21:04:02 sophosutm audld[9932]: 5. main::top-level:40() audld.pl
    2015:11:27-21:04:02 sophosutm audld[9932]: <=========================================================================
    2015:11:27-21:04:02 sophosutm audld[9932]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-21:04:02 sophosutm audld[9932]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:04:02 sophosutm audld[9932]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:04:02 sophosutm audld[9932]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:04:02 sophosutm audld[9932]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:04:03 sophosutm audld[9932]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:04:03 sophosutm audld[9932]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:04:03 sophosutm audld[9932]: >=========================================================================
    2015:11:27-21:04:03 sophosutm audld[9932]: All 3 Authentication Servers failed
    2015:11:27-21:04:03 sophosutm audld[9932]:
    2015:11:27-21:04:03 sophosutm audld[9932]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:04:03 sophosutm audld[9932]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:04:03 sophosutm audld[9932]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:04:03 sophosutm audld[9932]: 4. main::main:174() audld.pl
    2015:11:27-21:04:03 sophosutm audld[9932]: 5. main::top-level:40() audld.pl
    2015:11:27-21:04:03 sophosutm audld[9932]: |=========================================================================
    2015:11:27-21:04:03 sophosutm audld[9932]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-21:04:03 sophosutm audld[9932]:
    2015:11:27-21:04:03 sophosutm audld[9932]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:04:03 sophosutm audld[9932]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:04:03 sophosutm audld[9932]: 3. main::main:174() audld.pl
    2015:11:27-21:04:03 sophosutm audld[9932]: 4. main::top-level:40() audld.pl
    2015:11:27-21:05:07 sophosutm audld[10095]: no HA system or cluster node
    2015:11:27-21:05:07 sophosutm audld[10095]: Starting Up2Date Package Downloader
    2015:11:27-21:05:08 sophosutm audld[10095]: patch up2date possible
    2015:11:27-21:05:08 sophosutm audld[10095]: >=========================================================================
    2015:11:27-21:05:08 sophosutm audld[10095]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-21:05:08 sophosutm audld[10095]:
    2015:11:27-21:05:08 sophosutm audld[10095]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:05:08 sophosutm audld[10095]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:05:08 sophosutm audld[10095]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:05:08 sophosutm audld[10095]: 4. main::main:138() audld.pl
    2015:11:27-21:05:08 sophosutm audld[10095]: 5. main::top-level:40() audld.pl
    2015:11:27-21:05:08 sophosutm audld[10095]: <=========================================================================
    2015:11:27-21:05:08 sophosutm audld[10095]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-21:05:09 sophosutm audld[10095]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:05:09 sophosutm audld[10095]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:05:09 sophosutm audld[10095]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:05:09 sophosutm audld[10095]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:05:09 sophosutm audld[10095]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:05:09 sophosutm audld[10095]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:05:09 sophosutm audld[10095]: >=========================================================================
    2015:11:27-21:05:09 sophosutm audld[10095]: All 3 Authentication Servers failed
    2015:11:27-21:05:09 sophosutm audld[10095]:
    2015:11:27-21:05:09 sophosutm audld[10095]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:05:09 sophosutm audld[10095]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:05:09 sophosutm audld[10095]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:05:09 sophosutm audld[10095]: 4. main::main:174() audld.pl
    2015:11:27-21:05:09 sophosutm audld[10095]: 5. main::top-level:40() audld.pl
    2015:11:27-21:05:09 sophosutm audld[10095]: |=========================================================================
    2015:11:27-21:05:09 sophosutm audld[10095]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-21:05:09 sophosutm audld[10095]:
    2015:11:27-21:05:09 sophosutm audld[10095]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:05:09 sophosutm audld[10095]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:05:09 sophosutm audld[10095]: 3. main::main:174() audld.pl
    2015:11:27-21:05:09 sophosutm audld[10095]: 4. main::top-level:40() audld.pl
    2015:11:27-21:05:48 sophosutm audld[10183]: no HA system or cluster node
    2015:11:27-21:05:48 sophosutm audld[10183]: Starting Up2Date Package Downloader
    2015:11:27-21:05:49 sophosutm audld[10183]: patch up2date possible
    2015:11:27-21:05:49 sophosutm audld[10183]: >=========================================================================
    2015:11:27-21:05:49 sophosutm audld[10183]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-21:05:49 sophosutm audld[10183]:
    2015:11:27-21:05:49 sophosutm audld[10183]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:05:49 sophosutm audld[10183]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:05:49 sophosutm audld[10183]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:05:49 sophosutm audld[10183]: 4. main::main:138() audld.pl
    2015:11:27-21:05:49 sophosutm audld[10183]: 5. main::top-level:40() audld.pl
    2015:11:27-21:05:49 sophosutm audld[10183]: <=========================================================================
    2015:11:27-21:05:49 sophosutm audld[10183]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-21:05:49 sophosutm audld[10183]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:05:50 sophosutm audld[10183]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:05:50 sophosutm audld[10183]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:05:50 sophosutm audld[10183]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:05:50 sophosutm audld[10183]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:05:50 sophosutm audld[10183]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:05:50 sophosutm audld[10183]: >=========================================================================
    2015:11:27-21:05:50 sophosutm audld[10183]: All 3 Authentication Servers failed
    2015:11:27-21:05:50 sophosutm audld[10183]:
    2015:11:27-21:05:50 sophosutm audld[10183]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:05:50 sophosutm audld[10183]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:05:50 sophosutm audld[10183]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:05:50 sophosutm audld[10183]: 4. main::main:174() audld.pl
    2015:11:27-21:05:50 sophosutm audld[10183]: 5. main::top-level:40() audld.pl
    2015:11:27-21:05:50 sophosutm audld[10183]: |=========================================================================
    2015:11:27-21:05:50 sophosutm audld[10183]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-21:05:50 sophosutm audld[10183]:
    2015:11:27-21:05:50 sophosutm audld[10183]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:05:50 sophosutm audld[10183]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:05:50 sophosutm audld[10183]: 3. main::main:174() audld.pl
    2015:11:27-21:05:50 sophosutm audld[10183]: 4. main::top-level:40() audld.pl
    2015:11:27-21:06:56 sophosutm audld[10305]: no HA system or cluster node
    2015:11:27-21:06:56 sophosutm audld[10305]: Starting Up2Date Package Downloader
    2015:11:27-21:06:56 sophosutm audld[10305]: patch up2date possible
    2015:11:27-21:06:57 sophosutm audld[10305]: >=========================================================================
    2015:11:27-21:06:57 sophosutm audld[10305]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-21:06:57 sophosutm audld[10305]:
    2015:11:27-21:06:57 sophosutm audld[10305]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 4. main::main:138() audld.pl
    2015:11:27-21:06:57 sophosutm audld[10305]: 5. main::top-level:40() audld.pl
    2015:11:27-21:06:57 sophosutm audld[10305]: <=========================================================================
    2015:11:27-21:06:57 sophosutm audld[10305]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-21:06:57 sophosutm audld[10305]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:06:57 sophosutm audld[10305]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:06:57 sophosutm audld[10305]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:06:57 sophosutm audld[10305]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:06:57 sophosutm audld[10305]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:06:57 sophosutm audld[10305]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:06:57 sophosutm audld[10305]: >=========================================================================
    2015:11:27-21:06:57 sophosutm audld[10305]: All 3 Authentication Servers failed
    2015:11:27-21:06:57 sophosutm audld[10305]:
    2015:11:27-21:06:57 sophosutm audld[10305]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 4. main::main:174() audld.pl
    2015:11:27-21:06:57 sophosutm audld[10305]: 5. main::top-level:40() audld.pl
    2015:11:27-21:06:57 sophosutm audld[10305]: |=========================================================================
    2015:11:27-21:06:57 sophosutm audld[10305]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-21:06:57 sophosutm audld[10305]:
    2015:11:27-21:06:57 sophosutm audld[10305]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:06:57 sophosutm audld[10305]: 3. main::main:174() audld.pl
    2015:11:27-21:06:57 sophosutm audld[10305]: 4. main::top-level:40() audld.pl
    2015:11:27-21:08:02 sophosutm audld[10832]: no HA system or cluster node
    2015:11:27-21:08:02 sophosutm audld[10832]: Starting Up2Date Package Downloader
    2015:11:27-21:08:03 sophosutm audld[10832]: patch up2date possible
    2015:11:27-21:08:03 sophosutm audld[10832]: >=========================================================================
    2015:11:27-21:08:03 sophosutm audld[10832]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-21:08:03 sophosutm audld[10832]:
    2015:11:27-21:08:03 sophosutm audld[10832]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 4. main::main:138() audld.pl
    2015:11:27-21:08:03 sophosutm audld[10832]: 5. main::top-level:40() audld.pl
    2015:11:27-21:08:03 sophosutm audld[10832]: <=========================================================================
    2015:11:27-21:08:03 sophosutm audld[10832]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-21:08:03 sophosutm audld[10832]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:08:03 sophosutm audld[10832]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:08:03 sophosutm audld[10832]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:08:03 sophosutm audld[10832]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-21:08:03 sophosutm audld[10832]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-21:08:03 sophosutm audld[10832]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-21:08:03 sophosutm audld[10832]: >=========================================================================
    2015:11:27-21:08:03 sophosutm audld[10832]: All 3 Authentication Servers failed
    2015:11:27-21:08:03 sophosutm audld[10832]:
    2015:11:27-21:08:03 sophosutm audld[10832]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 4. main::main:174() audld.pl
    2015:11:27-21:08:03 sophosutm audld[10832]: 5. main::top-level:40() audld.pl
    2015:11:27-21:08:03 sophosutm audld[10832]: |=========================================================================
    2015:11:27-21:08:03 sophosutm audld[10832]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-21:08:03 sophosutm audld[10832]:
    2015:11:27-21:08:03 sophosutm audld[10832]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-21:08:03 sophosutm audld[10832]: 3. main::main:174() audld.pl
    2015:11:27-21:08:03 sophosutm audld[10832]: 4. main::top-level:40() audld.pl
  • 0 in reply to kdanway
    This is showing that a service resource record (SRV record) does not exist for _https._tcp.utmu2d.sophos.com

    The service resource record is used to specify the location of the servers for a certain service, protocol and DNS domain.

    The format of an SRV record is as follows:
    _Service._Proto.Name TTL Class SRV Priority Weight Port Target

    Without the SRV record, it will use the default authentication servers, which is seen in the next section.

    >=========================================================================
    2015:11:27-20:34:02 sophosutm audld[7691]: No service resource record found for (_https._tcp.utmu2d.sophos.com): SERVFAIL
    2015:11:27-20:34:02 sophosutm audld[7691]:
    2015:11:27-20:34:02 sophosutm audld[7691]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:34:02 sophosutm audld[7691]: 2. Modules::Audld::DNSQuery::_get_srv:73() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-20:34:02 sophosutm audld[7691]: 3. Modules::Audld::DNSQuery::get:43() /</sbin/audld.plx>Modules/Audld/DNSQuery.pm
    2015:11:27-20:34:02 sophosutm audld[7691]: 4. main::main:138() audld.pl
    2015:11:27-20:34:02 sophosutm audld[7691]: 5. main::top-level:40() audld.pl
    2015:11:27-20:34:02 sophosutm audld[7691]: <=========================================================================

    This section happens because no authentication servers are found in DNS, so it defaults to trying to connect to one of the up2date servers on port 443. First in the US (us1.utmu2d.sophos.com), then Singapore (sg1.utmu2d.sophos.com), then Europe (eu1.utmu2d.sophos.com).

    2015:11:27-20:34:02 sophosutm audld[7691]: No Authentication Servers found in DNS. Using defaults
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Can't connect to us1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Authentication Server sg1.utmu2d.sophos.com (code=500 500 Can't connect to sg1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: Could not connect to Authentication Server eu1.utmu2d.sophos.com (code=500 500 Can't connect to eu1.utmu2d.sophos.com:443).
    2015:11:27-20:34:03 sophosutm audld[7691]: >=========================================================================

    When contacting the three authentication servers fails, it runs Perl modules that send out a CRIT-310 notification saying the up2date prefetch has failed. This means that audld, which is used for downloading the up2date packages, was unable to authenticate to the up2date servers and download the files need for auisys, which handles the installation.

    2015:11:27-20:34:03 sophosutm audld[7691]: All 3 Authentication Servers failed
    2015:11:27-20:34:03 sophosutm audld[7691]:
    2015:11:27-20:34:03 sophosutm audld[7691]: 1. Modules::Logging::msg:46() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 2. Modules::Audld::Authentication::_handle_failure:235() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 3. Modules::Audld::Authentication::start:66() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 4. main::main:174() audld.pl
    2015:11:27-20:34:03 sophosutm audld[7691]: 5. main::top-level:40() audld.pl
    2015:11:27-20:34:03 sophosutm audld[7691]: [CRIT-310] Up2Date prefetch failed
    2015:11:27-20:34:03 sophosutm audld[7691]: |=========================================================================
    2015:11:27-20:34:03 sophosutm audld[7691]: id="3703" severity="error" sys="system" sub="up2date" name="Authentication failed, no valid answer from Authentication Servers"
    2015:11:27-20:34:03 sophosutm audld[7691]:
    2015:11:27-20:34:03 sophosutm audld[7691]: 1. Modules::Logging::alf:100() /</sbin/audld.plx>Modules/Logging.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 2. Modules::Audld::Authentication::start:70() /</sbin/audld.plx>Modules/Audld/Authentication.pm
    2015:11:27-20:34:03 sophosutm audld[7691]: 3. main::main:174() audld.pl
    2015:11:27-20:34:03 sophosutm audld[7691]: 4. main::top-level:40() audld.pl
    2015:11:27-20:49:01 sophosutm audld[8821]: no HA system or cluster node
    2015:11:27-20:49:01 sophosutm audld[8821]: Starting Up2Date Package Downloader
    2015:11:27-20:49:02 sophosutm audld[8821]: patch up2date possible
    2015:11:27-20:49:02 sophosutm audld[8821]: >=========================================================================

    I would try testing the connection to the up2date authentication servers on port 443 by running:
    telnet us1.utmu2d.sophos.com 443
    telnet sg1.utmu2d.sophos.com 443
    telnet eu1.utmu2d.sophos.com 443

    To show it can successfully connect, the result should look like:
    utm:/root # telnet us1.utmu2d.sophos.com 443
    Trying 184.72.238.199...
    Connected to us1.utmu2d.sophos.com.
    Escape character is '^]'.
    ^]

    If you are unable to contact the servers on port 443, I would look at the firewall logs using tail -fn0 /var/log/packetfilter.log to see if the packets are being dropped.
  • 0 in reply to kdanway
    Another option that will show more information about how the authentication request is being handled is audld.plx --dryrun --level d. This will give you debug level information about the authentication request being passed to the servers and what the response is.

    For instance, the authentication request shown below is:

    >>> Modules::Audld::Authentication::_authenticate::158()
    Authentication request: 184.72.238.199:443/u2dauth.pl


    Successful dry run, but it failed to authenticate to 184.72.238.199 due to a timeout issue:
    utm:/root # audld.plx --dryrun --level d

    >>> Modules::HaHandler::ha_state::238()
    no HA system or cluster node
    Starting Up2Date Package Downloader

    >>> Modules::Audld::SystemAttributes::get::35()
    Start fetching system attributes ...

    >>> Modules::Audld::Cfg::U2d::_valid_u2d_types::134()
    Selected update types: cadata ohelp9 sys man9 geoip

    >>> Modules::Audld::Cfg::U2d::_u2d_patch_possible::202()
    patch up2date possible

    >>> Modules::Audld::Cfg::Proxy::_get_config::122()
    >> proxy configuration: $VAR1 = {
    'status' => 0
    };

    >>> Modules::Audld::LocalRestriction::_seek_own_country::131()
    My official IP address: x.x.x.x (XX)

    >>> Modules::Audld::LocalRestriction::get_unrestricted::69()
    using the following servers: $VAR1 = [
    '184.72.238.199:443',
    '175.41.132.12:443',
    '79.125.21.244:443'
    ];

    >>> Modules::Audld::Authentication::start::61()
    >>>>>> START up2date authentication

    >>> Modules::Audld::Authentication::_build_request_str::113()
    Auth attribs:
    {
    'asg' => '',
    'build' => 'msi-9.300-5.1.iso',
    'ccc' => '2121',
    'feature_accd' => 0,
    'feature_afc' => 0,
    'feature_agent' => 0,
    'feature_av' => 0,
    'feature_encrypt' => 0,
    'feature_epp' => 0,
    'feature_ftp' => 0,
    'feature_fw' => '1',
    'feature_ha' => 0,
    'feature_http' => 0,
    'feature_im_p2p_iptv' => 0,
    'feature_ips' => 0,
    'feature_mobile_control' => 0,
    'feature_pop3' => 0,
    'feature_ra' => 0,
    'feature_red' => 0,
    'feature_s2s' => 0,
    'feature_smtp' => 0,
    'feature_spam' => 0,
    'feature_spy' => 0,
    'feature_u2dcache' => 0,
    'feature_waf' => 0,
    'feature_wireless' => 1,
    'hid' => '56899f9eccf7a22e6a3eea70946d1d98',
    'lid' => '920633',
    'luips' => '9999',
    'oem' => '',
    'patchup2date' => 1,
    'pkg_cadata' => '9-69',
    'pkg_geoip' => '7-103',
    'pkg_man9' => '9-91',
    'pkg_ohelp9' => '9-118',
    'pkg_sys' => '9-351003',
    'product' => 'TM_GROMIT',
    'uips' => 0,
    'ver' => '9.351'
    }
    Authenticating ...

    >>> Modules::Audld::Authentication::OutboundIface::_get_interface::91()
    outbound interface for '184.72.238.199' (184.72.238.199) : eth2 (x.x.x.x)

    >>> Modules::Audld::Authentication::_authenticate::158()
    Authentication request: 184.72.238.199:443/u2dauth.pl

    >>> Modules::Audld::Authentication::_request::211()
    Could not connect to Authentication Server 184.72.238.199 (code=500 500 Can't connect to 184.72.238.199:443 (timeout)).

    >>> Modules::Audld::Authentication::OutboundIface::_get_interface::91()
    outbound interface for '175.41.132.12' (175.41.132.12) : eth2 (x.x.x.x)

    >>> Modules::Audld::Authentication::_authenticate::158()
    Authentication request: 175.41.132.12:443/u2dauth.pl

    >>> Modules::Audld::Authentication::start::74()
    Result of auth server contact:{
    'Packagelist' => {
    'revision' => '91763'
    }
    }
    Authentication successful!
    Dry run is enabled, stopping here.
Unfiltered HTML