If the primary server update location is a webserver and you have not entered a username and a password (i.e. the webserver is accepting anonymous requests), you cannot use Sophos Enterprise Console (SEC) to protect clients.
First seen in
Enterprise Console 4.7.0
SEC won't work because the
-opwd parameters used in the installation task are empty. The 'Initial Install Source' points to a valid UNC path, but the install task is still trying to use credentials used for the primary server location.
What To Do
On the Primary Update Location tab, enter valid credentials for the UNC path, even if you don't need them to access the webserver.