Issue
Either:
- One or more endpoint computers report to the console:
0000006d Restart needed for updates to take effect - In the endpoint's ALC.log file you see the following:
WARNING: Restart needed for updates to take effect
Having reboot the endpoint computer the alert does not clear.
Important: Sophos AutoUpdate 2.7.4.317 (as releases with SAV 10.0.7 in August 2012) changed the mechanism for storing the 'Reboot Required' state. The registry value that records this state is now created under a volatile key (HKLM\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\UpdateStatus\VolatileFlags\). A volatile key means the information is stored in memory and is not preserved when the corresponding registry hive is unloaded. For keys under HKLM, this occurs only when the system initiates a full shutdown. This guarantees that the key will be cleared on reboot and the correct state reflected in the console.
First seen in
Enterprise Console 3.0
Cause
A registry value is created on the endpoint computer when a reboot is required. If the registry key's creation or removal is affected by a third-party application or the message sent from the endpoint does not reach or get processed by the Sophos Management Server then the alert can remain in the console even after the endpoint has performed a reboot. This is because the endpoint does not send a reboot message on every reboot - only when the registry value is present and set to the correct value.
What to do
You can clear the alert by recreating the registry value on the endpoint (locally) and allowing the computer to report it has rebooted. Alternatively, if there is a large number of computers affected, you can clear the alert directly from the Sophos database.
Recreate registry value
- Go to the computer identified in the alert. You will need to create a registry key. Ensure that you have read the warning about editing the registry, and that you feel confident to do so.
- Create a registry key:
- For 32-bit systems this must be HKLM\SOFTWARE\Sophos\AutoUpdate\UpdateStatus | RebootRequired (DWORD) value 1.
- For 64-bit systems this must be HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus | RebootRequired (DWORD) value 1.
- Update the computer. Note: This will send a reboot message to the server.
- Change the registry key as follows:
- For 32-bit systems set HKLM\SOFTWARE\Sophos\AutoUpdate\UpdateStatus | RebootRequired to a 0
- For 64-bit systems set HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus | RebootRequired to a 0
- Update the computer again.
Note: You may want to script the above (e.g., VB Script). You should create your own script for writing and modifying the registry and fully test. To learn how to activate Sophos AutoUpdate via VBS see article 36262 under the 'ALSvc.exe' (AutoUpdate process) section.
Clear outstanding alerts directly from database
Warning: We recommend you have recent backup of the Sophos database before modifying the database. See article 114299 (console 5.x only) or 110380 (all versions).
Use the PurgeDB.exe tool to clear the particular warning:
PurgeDB.exe -action=delete -category=errors -historylengthindays=0 -type=AutoUpdate -code=109
For more information on PurgeDB.exe see article 109884.
