After deploying a UTM managed endpoint, the Sophos Endpoint Security and Control fails to update.The primary update location details (Open Sophos Endpoint Security and Control, click on 'Configure Updating') shows no configured address or username/password details.
The Sophos AutoUpdate log may show the following:
Sophos AutoUpdate could not continue because no valid locations were defined.
The MCSClient.log shows the following warning:
OutboundDataHandler::SendingDelayExpired An exception was caught while sending data: There is no preferred server.
You may also see messages such as:
INFO HttpServer::HttpEventCallback The HTTP request completed with status 0.
INFO CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 0.
WARN CommandHandler::HttpCallback 3000: An HTTP transaction was not completed.
You may also see the following error reported in the 'Sophos Endpoint Bootstrap_yyyymmddhhmmss.txt' (located in %temp%):
ERROR,There was an unexpected problem with the installation of Sophos Endpoint Security and Control. Details: The MCS endpoint failed to register with the server
Information,------------------Installation program finishing with code 136 ------------------,
First seen in
UTM Managed Endpoint (Windows 2000+)
During the installation of the Sophos Endpoint software the Sophos Management Communication System (MCS) will attempt to register with Sophos Live Connect to obtain the update source and credentials required. The symptoms and behavior described above indicate that this registration process has not completed successfully.
What To Do
As there are multiple possible reasons for the registration failure, the following steps should help to resolve the issue.
First we need to establish which Sophos Live Connect address the endpoint is trying to connect to and whether the computer can access this location. To identify the address check the config.xml located in the following location:
- Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Management Communications System\Endpoint\Config\
- Windows Vista and above: C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\
Open the config.xml with notepad and verify the server address listed. The address will look something like:
https://mcs1.b68d.broker.sophos.com (You can ignore the part that reads
We need to confirm whether the endpoint can access the address listed in the config.xml by checking following:
- Can you ping the hostname within a command prompt? (Start | Run |
cmd | type
- Can you run an nslookup successfully against the address?
- Can you telnet to that address on port 443 successfully? (Start | Run |
cmd | type
telnet mcs1.b68d.broker.sophos.com 443)
- Are there any firewalls blocking access to the address or port? (The endpoint will communicate using HTTPS on port 443)
Ensure no explicit proxy is configured in the system proxy settings as MCS is not compatible with non-transparent proxies. As such UTM managed endpoints will need to use either a transparent proxy or be able to connect to the internet without the use of a proxy. See 'Technical Information' below for further details.
MCS uses the system specified proxy (as opposed to the proxy configured in Internet Options or browser settings, as these are user specific). Check the system specified proxy using the method described below to confirm that it gives the expected result.
Check any system specified proxy by running the following from a command prompt:
- Windows XP/2003:
- Windows Vista and above:
netsh winhttp show proxy
This command should return a message stating:
Direct Access (no proxy server)
UTM v9.1 will contain a new Managed Endpoint Installer which will support automatic proxy detection and manual proxy settings.
Digest and NTLM authentication methods will be supported with the manual proxy settings.
Changes for proxy detection are planned for UTM v9.0 Managed Endpoints, which will be available in a future release.