After rebooting, re-entering my upstream update server credentials and deleting the relivent SUM directories I still had no luck.
The Problem
I first noticed there was something wrong as the "Last Updated" field was nearly a month old, which would indicate something was blocking the updates. Checking further I found the following logs/error messages.
In the Sophos Update Manager (SUM), the "Download status" was "Downloading binaries". Even 2 hours later, this status didn't change. I was not able to find any file system activity with Process Monitor so I presumed this was a hung process.
In the SUM I found the following error:
CODE: 80040406
Description: Delivery failed for software subscription 'Recommended'. Access to the source update location is denied or the location is otherwise available.
In the Windows Application Event Log I found the following error:
Log Name: Application
Source: SophosUpdateManager
EventID: 16443
Level: Error
Product release 'A845A8B5-6532-4EF1-B19E-1DB2B3CB73D1' could not be updated because the synchronize operation has failed due to an earlier error.
The SUM trace logs, which was located in "C:\ProgramData\Sophos\Update Manager\Logs", displayed the following error:
2011-12-29 19:46:31 : EventLog: 3758112769 1 Inserts:> "F26F7EC0-1302-4DA7-8B6B-A5383051D41A" "EXCEPTION_ACCESS_VIOLATION at 0x74BB4500" "RECOMMENDED" "http://contoso.com/databank/Warehouse"
There are a number of error messages associated with "access violation" or "source denied", all pointing to a permissions issue with the upstream update server. So I opened up a web browser, put in the upstream update server address and my username and password with no problems. The SUM is reporting a permissions error, yet my web browser can access the update source with no problems. Then whats going on?
The Resolution
Unfortunately these error messages are extremely misleading. If you were to purely troubleshoot SUM on its error messages you would never fix your problems.
After some google detective work by my mate Simon (thanks for your help with this one), he was able to uncover this Sophos forum thread. This thread gives some good tips on how to fix the problem, but I will break it down into easy to follow steps.
1. Stop the Sophos Agent Service, Sophos Message Router Service and the Sophos Update Manager Service.
2. Open Task Manager and kill the "SophosUpdateMgr.exe" and "SUMService.exe" processes if they are running. This will kill SUM if it has hung.
3. Open regedit and navigate to
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2C7A82DB-69BC-4198-AC26-BB862F1BE4D0}]
or if your on 64bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C7A82DB-69BC-4198-AC26-BB862F1BE4D0}]
4. Check the "UserData" value.
"UserData"="YourServer;YourDomain;SophosUpdateMgr;0;0"
The first part of this value (to the left of the first semi-colon) should be that of your SUM server. On my server (and it seems by the above linked Sophos forum the same applies to a number of other users) this "YourServer" value reads as a domain controller and not the Sophos server.
If the "YourServer" value does not reflect your SUM server then change it to reflect the correct server name.
5. Start the Sophos Update Manager service and wait 5 minutes. (The wait is important)
6. Start the Sophos Agent service and the Sophos Message Router service.
Voila, your SUM should be working again, at least it will be if you had the same error I did.
The "UserData" registry value is very interesting. Most of the time it doesn't matter if it reads as the domain controller and not the SUM server itself, in fact as soon as I updated again it changed back to the domain controller, yet I had no problems in the update process.
I believe a problem may arise when the "UserData" value is incorrect and there is a pending update to Sophos Update Manager itself, either way the above short process should resolve your issue.
Thanks...This worked for me!
ReplyDeleteThanks a lot, this guide is very helpful... it's work!!!
ReplyDelete