| ALC.log Message Column shows... | Cause and resolution |
Sophos AutoUpdate could not continue because no valid update locations were defined. | Cause | AutoUpdate is not currently configured. |
| What To Do | If the endpoint is centrally managed ensure the computer is in a group with a correct updating policy. If the endpoint is not centrally managed open the Endpoint Security and Control application (from the Sophos shield) and select 'Configure Updating'. Enter your required updating details. If the endpoint is managed by a Sophos UTM see article 118987. |
ERROR: Download of [component] failed from server [updating address] | Cause | The updating address currently set is incorrect or cannot be reached. The updating policy is using an incorrect password. |
| What To Do | If the updating address is incorrect change either the central updating policy (from the console) or the local AutoUpdate settings. If the address is correct confirm that the address can be reached - either via 'Start | Run' (for UNC address) or via a web browser (for http addresses). If the address is correct and accessible by the endpoint computer the password set in the updating policy may be incorrect. Confirm what the password is and then re-enter it into either the central policy or 'Configure Updating' option on the workstation. Note: - There can be a number of reasons why the updating address cannot be reached. Things to consider are firewalls or proxies blocking connections or if, for example, the update address is shared via IIS mime types and port numbers have to be correct.
- If the endpoint is managed centrally error 0000006b can be returned to the central console when this issue exists on the workstation.
|
Installation of [component] skipped | Cause | Check of update location (share) shows no new updates available. |
| What To Do | No action required. When the update location (e.g., on the server) has itself been updated (from its parent source) the endpoint computer will download the updates. The delay on the endpoint downloading new updates is dependent on the updating schedule. |
Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1326 | Cause | The account name or password, as set in the updating policy, is incorrect. |
| What To Do | Confirm what the account name and password are and then re-enter them into either the central policy or 'Configure Updating' option on the workstation. Error 0x00000071 can be returned to the central console when this issue exists on the workstation. |
| Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required) | Cause | Various |
| What To Do | Check the log for another, more precise, error (mentioned below this error). Check the log for more information (e.g., the line 'Could not add a connection...' which is mentioned above). If no other information can be found check the computer is fully connected to the network, no firewalls or proxies are blocking connection and that the workstation can reach the updating address. |
| ERROR: Could not find a source for updated packages | Cause | The updating address is incorrect. |
| What To Do | If the updating address is incorrect change either the central updating policy (from the console) or the local AutoUpdate settings. If the address is correct confirm that the address can be reached - either via 'Start | Run' (for UNC address) or via a web browser (for http addresses). Error 0x00000071 can be returned to the central console when this issue exists on the workstation. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 87 | Cause | The connection to the update location is being blocked. |
| What To Do | The most likely cause of this issue is that a firewall is blocking the connection. Even the Sophos Client Firewall (SCF) could block the connection if the policy has not been set correctly (i.e., the 'LAN' tab | 'LAN settings:' | 'NetBIOS' option has not been selected). Another cause is that file and printer sharing is disabled on the endpoint computer. From the Control Panel, check the network adapter properties and ensure the option 'File and Printer Sharing for Microsoft Networks' is enabled. Error 0x0000006b can be returned to the central console when this issue exists on the workstation. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1203 | Cause | The Workstation service is not currently running on the endpoint computer. |
| What To Do | Ensure the Workstation service can be started on the endpoint computer. Error 0x00000071 can be returned to the central console when this issue exists on the workstation. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1331 | Cause | The account name mentioned in the message is disabled. |
| What To Do | Enable the account. Commonly this has to be done via Active Directory and more is available from Microsoft TechNet. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1907 | Cause | The password of the account name mentioned in the message has expired. Typically the parameter 'User must change password at next logon' is set. |
| What To Do | If the account's password used for updating can expire updating will break. You may want to consider disabling this security measure for the updating service account or else proactively monitor the expiration dates and ensure console updating policies are set correctly. For further information on the password expiration check see Microsoft TechNet. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1208 | Cause | The account name mentioned in the message has not been allowed to log on to the computer hosting the share. |
| What To Do | Check group policy for restrictions on the account name mentioned in the message. In Active Directory 'Users and Computer' check any computer names listed in the 'Log On To...' dialog under the account's properties, on the 'Account' tab. Also check that there are no restrictions on when (time during th week) the account can log on to any computer. This can again be checked on the 'Account' tab under 'Logon Hours...'. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1909 | Cause | The account mentioned in the message is locked out. |
| What To Do | Unlock the account. For more information on account lockout policies see Microsoft TechNet. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 1222 | Cause | Most likely that a Group Policy is restricting permissions on a Windows group. |
| What To Do | On the endpoint computer check what groups are a member of the 'Users' group. By default the following are members: - NT AUTHORITY\Authenticated Users
- NT AUTHORITY\INTERACTIVE
- [domain name]\Domain Users
If the 'Users' group has no membership, add the 'Authenticated Users' group to it locally and force an update. If the update is successful force a Group Policy update on the endpoint (Start | Run | Type: gpupdate /force | Press return) and check the group membership of 'Users' again. If the 'Authenticated Users' group has been removed then a GPO is causing the problem. A known problem with GPOs is where the 'Users' group is added to the Restricted Groups Policy. For more information see Microsoft TechNet. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 53
| Cause | There is a network connectivity problem such as NetBIOS name resolution. The updating address may also be incorrect or cannot be reached. |
| What To Do | Information on this error is available from a number of Microsoft sources. For more information see Microsoft TechNet. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 64
| Cause | The server hosting the share has been shutdown or disconnected from the network. |
| What To Do | Ensure the server hosting the share is switched on and available on the network. |
| Could not add a connection to server [updating address]; user [domain\account name]; Windows error 67
| Cause | The share cannot be accessed. Possibly the share does not exist or the computer hosting the share has been shutdown or disconnected from the network. |
| What To Do | Check the share (as set in the updating policy) is available and you can connect to it. Also ensure the server hosting the share is switched on and available on the network. |
A file in rmsnt had an invalid signature | Cause | The problem is caused by a corrupted file in the distribution point (central share).
|
| What To Do | Check the logs for your Sophos Update Manager (SUM) using the Logviewer.exe program and look for problems updating and/or writing to the share that the failing endpoint is attempting to contact. |