An endpoint computer fails to update ('Could not contact server')

  • Article ID: 118209
  • Rating:
  • 88 customers rated this article 2.0 out of 6
  • Updated: 12 May 2014

Issue

Sophos Endpoint Security and Control fails to update.  You see one of the following problems on the endpoint computer:

  • A cross on the Sophos shield
  • Could not contact server
  • Updating failed
  • Sophos Endpoint Security and Control has failed to download updates.
  • Sophos Protection Updating: failed

First seen in

Sophos Endpoint Security and Control 10.0

Cause

There are various causes but the most common ones are:

  • Sophos AutoUpdate (SAU) is incorrectly configured:
    • The address attempting to be contacted is invalid or unreachable.
    • The username is incorrect.
    • The password is incorrect or has expired.
  • The computer is experiencing network connectivity problems.

What To Do

Before following the advice below it is recommended that you confirm the following:

  1. The computer is fully connected to your network (and the Internet if updating from Sophos).
  2. The address Sophos AutoUpdate is attempting to contact is correct.  This could either be a UNC path or HTTP address to a share hosted on your network or the one word address of 'Sophos' (without quotes) if updating from our databanks.  Note: We use 'Sophos' so the exact address can be changed by us inside the product without affecting your configuration.
  3. The username is correct - either a valid account for your network (if connecting to a local/remote share) or a valid and active username issued by Sophos (if connecting to the address 'Sophos').
  4. The password associated with the account has been entered correctly.
  5. No local firewalls are blocking the connection.  Check firewall settings and logs on your endpoint computer for blocked connections and also check your server's firewall (if attempting to connect to a share hosted on your own network).

If none of the above checks successfully resolve the problem continue below.

Check the AutoUpdate log

To troubleshoot the problem further you should check the ALC.log file.  This file records all actions made when Sophos AutoUpdate attempts to establish a network/Internet connection and perform an update.

To open the ALC.log file:

  1. Double-click on the Sophos shield (in the system tray, near the Windows clock) on the taskbar or right-click the Sophos shield and select 'Open Sophos Endpoint Security and Control'...


    Note: If the option to open the main application is grayed out you most likely have only the Sophos AutoUpdate component installed currently but not the Sophos Anti-Virus component.  Therefore select the 'Configure Updating...' option from the menu, move to the 'Logging' tab and select the 'View Log File' button.  Skip step two below if following this instruction.

  2. From the home screen (loaded by default when opening the application) locate the 'Updating' section and then click on the 'View updating log' link...

Reading the ALC.log file

To correctly read the ALC.log file:

  1. Maximize the log file window.
  2. Increase the width of the 'Message' column to see all the text for the longest message string in the 'Message' column.  This is an important step as the unique error text may only be mentioned at the end of the message.  Alternatively you can double-click the column heading between the 'Message' column and the 'Module' column (the mouse cursor will change to a vertical bar with two arrows)...


    Important:
     You must fully show all of the text in the Message column.

  3. Look down the Message column until you see the following text:
    *************** Sophos AutoUpdate started ***************

  4. Once you have located the first mention of the text shown above (from the top of the log) you have found the beginning of the last update cycle.  Information on the last update cycle is recorded between the '...*** Sophos AutoUpdate started...' line and the top of the log.
  5. Read up from the line mentioned in step three and check for any errors or problems.
    Important: Remember to read to the very end of the message to see what distinguishing message has been recorded.  You can then use the table below to identify the cause and resolution.

Errors shown in the ALC.log file

The table below shows the most common error messages found in the ALC.log file.

ALC.log Message Column shows... Cause and resolution
Sophos AutoUpdate could not continue because no valid update locations were defined. Cause

AutoUpdate is not currently configured.

What To Do

If the endpoint is centrally managed ensure the computer is in a group with a correct updating policy.

If the endpoint is not centrally managed open the Endpoint Security and Control application (from the Sophos shield) and select 'Configure Updating'.  Enter your required updating details.

If the endpoint is managed by a Sophos UTM see article 118987.

ERROR:   Download of [component] failed from server [updating address] Cause

The updating address currently set is incorrect or cannot be reached.

The updating policy is using an incorrect password.

What To Do

If the updating address is incorrect change either the central updating policy (from the console) or the local AutoUpdate settings.

If the address is correct confirm that the address can be reached - either via 'Start | Run' (for UNC address) or via a web browser (for http addresses).

If the address is correct and accessible by the endpoint computer the password set in the updating policy may be incorrect.  Confirm what the password is and then re-enter it into either the central policy or 'Configure Updating' option on the workstation.

Note:

  • There can be a number of reasons why the updating address cannot be reached.  Things to consider are firewalls or proxies blocking connections or if, for example, the update address is shared via IIS mime types and port numbers have to be correct.
  • If the endpoint is managed centrally error 0000006b can be returned to the central console when this issue exists on the workstation.
Installation of [component] skipped Cause

Check of update location (share) shows no new updates available.

What To Do

No action required.

When the update location (e.g., on the server) has itself been updated (from its parent source) the endpoint computer will download the updates.  The delay on the endpoint downloading new updates is dependent on the updating schedule.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1326 Cause

The account name or password, as set in the updating policy, is incorrect.

What To Do

Confirm what the account name and password are and then re-enter them into either the central policy or 'Configure Updating' option on the workstation.

Error 0x00000071 can be returned to the central console when this issue exists on the workstation.

Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)

Cause

Various

What To Do

Check the log for another, more precise, error (mentioned below this error).

Check the log for more information (e.g., the line 'Could not add a connection...' which is mentioned above).

If no other information can be found check:

  • the computer is fully connected to the network (i.e., can ping the server
  • no firewalls or proxies are blocking connection
  • that the workstation can reach the updating address (if the updating address is UNC ('\\servername\SophosUpdate\...') attempt to browse to the share from a run box
  • On the server check permissions on the share.  Add the 'Everyone' group with read permissions

ERROR:   Could not find a source for updated packages

Cause

The updating address is incorrect.

What To Do

If the updating address is incorrect change either the central updating policy (from the console) or the local AutoUpdate settings.

If the address is correct confirm that the address can be reached - either via 'Start | Run' (for UNC address) or via a web browser (for http addresses).

Error 0x00000071 can be returned to the central console when this issue exists on the workstation.

If permissions are incorrectly set on the share this error can occur.  Add the 'Everyone' group with read permissions.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 87

Cause

The connection to the update location is being blocked.

What To Do

The most likely cause of this issue is that a firewall is blocking the connection.  Even the Sophos Client Firewall (SCF) could block the connection if the policy has not been set correctly (i.e., the 'LAN' tab | 'LAN settings:' | 'NetBIOS' option has not been selected).

Another cause is that file and printer sharing is disabled on the endpoint computer.  From the Control Panel, check the network adapter properties and ensure the option 'File and Printer Sharing for Microsoft Networks' is enabled.

Error 0x0000006b can be returned to the central console when this issue exists on the workstation.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1203

Cause

The Workstation service is not currently running on the endpoint computer.

What To Do

Ensure the Workstation service can be started on the endpoint computer.

Error 0x00000071 can be returned to the central console when this issue exists on the workstation.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1331

Cause

The account name mentioned in the message is disabled.

What To Do Enable the account.  Commonly this has to be done via Active Directory and more is available from Microsoft TechNet.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1907

Cause

The password of the account name mentioned in the message has expired.  Typically the parameter 'User must change password at next logon' is set.

What To Do

If the account's password used for updating can expire updating will break.  You may want to consider disabling this security measure for the updating service account or else proactively monitor the expiration dates and ensure console updating policies are set correctly.

For further information on the password expiration check see Microsoft TechNet.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1208

Cause

The account name mentioned in the message has not been allowed to log on to the computer hosting the share.

What To Do

Check group policy for restrictions on the account name mentioned in the message.

In Active Directory 'Users and Computer' check any computer names listed in the 'Log On To...' dialog under the account's properties, on the 'Account' tab.

Also check that there are no restrictions on when (time during th week) the account can log on to any computer.  This can again be checked on the 'Account' tab under 'Logon Hours...'.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1909

Cause

The account mentioned in the message is locked out.

What To Do

Unlock the account.  For more information on account lockout policies see Microsoft TechNet.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1222

Cause

Most likely that a Group Policy is restricting permissions on a Windows group.

What To Do

On the endpoint computer check what groups are a member of the 'Users' group.  By default the following are members:

  • NT AUTHORITY\Authenticated Users
  • NT AUTHORITY\INTERACTIVE
  • [domain name]\Domain Users

If the 'Users' group has no membership, add the 'Authenticated Users' group to it locally and force an update.  If the update is successful force a Group Policy update on the endpoint (Start | Run | Type: gpupdate /force | Press return) and check the group membership of 'Users' again.  If the 'Authenticated Users' group has been removed then a GPO is causing the problem.

A known problem with GPOs is where the 'Users' group is added to the Restricted Groups Policy.  For more information see Microsoft TechNet.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 53

Cause

There is a network connectivity problem such as NetBIOS name resolution.

The updating address may also be incorrect or cannot be reached.

What To Do

Information on this error is available from a number of Microsoft sources.  For more information see Microsoft TechNet.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 64

Cause

The server hosting the share has been shutdown or disconnected from the network.

What To Do

Ensure the server hosting the share is switched on and available on the network.

Could not add a connection to server [updating address]; user [domain\account name]; Windows error 67

Cause

The share cannot be accessed. Possibly the share does not exist or the computer hosting the share has been shutdown or disconnected from the network.

What To Do

Check the share (as set in the updating policy) is available and you can connect to it. Also ensure the server hosting the share is switched on and available on the network.

A file in rmsnt had an invalid signature Cause The problem is caused by a corrupted file in the distribution point (central share).
What To Do Check the logs for your Sophos Update Manager (SUM) using the Logviewer.exe program and look for problems updating and/or writing to the share that the failing endpoint is attempting to contact.

 

Still have a problem?

For further help post your error to our SophosTalk community.


 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments