Sophos Anti-Virus: Troubleshooting updating from Web CID issues

  • ID de l'article 27539
  • Mis à jour : 05 mars 2013

Issues with updating from a Web CID can have a number of causes. The most common can be resolved by working through the following.

Known to apply to the following Sophos product and version

Sophos Update Manager

What to do

Review the IIS logs

This is suggested first as it will show the direct result of the HTTP transactions initiated by Sophos Auto Update. This event data is very useful in determining the failure reasons on why Endpoints cannot update.

IIS 6.0

IIS 7.0

Common areas to check

1. Check whether the CID can be accessed via a web browser.

If you don't know the address of your web CID, you can usually find it in the updating details. It will usually take the form http://servername/sharename/

IIS 6.0

  1. Check to see if you can access the share. If you cannot, check the share (e.g. C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Update Manager) as follows:
    • Right-click on the shared folder and select 'Properties'
    • Click on the 'Web Sharing' tab
    • Ensure 'Share on:' dropdown list is correctly set.
    • Ensure that ONLY the following are selected:
      • Share this folder
      • Read
      • Directory Browsing
    • Ensure 'Application Permissions' are set to 'none'.
  2. Check that files can be downloaded. To do this, right-click the file, and select 'Save As'. You should be able to download and save the document successfully on a computer. Test both the .exe and .upd files.

IIS 7.0

  1. Open up IIS Manager (Start | Programs | Administrative Tools | Internet Information Services (IIS) Manager).
  2. Under Server | Sites | select the Virtual Directory linked to the Update. Manager folder (C:\Program Data\Sophos\Update Manager\Update Manager).
  3. On the right side panel, click the link below Browser Virtual Directory.
  4. Once the link has opened on the computers default browser, you should be able to browse the folders and files below.
    Note: If you receive HTTP Error 403.14 - Forbidden, this means that Directory Browsing has been disabled, refer to the on-screen 'Things you can try:' instructions to resolve.
  5. Check that files can be downloaded. To do this, right-click the file, and select 'Save As'. You should be able to download and save the document successfully on a computer. Test both the .exe and .upd files.

Check the updating URL is correct

If you have added a new site to IIS with a Physical Path of the following:

  • IIS 6.0
    • C:\Program Data\Sophos\Update Manager\Update Manager
  • IIS 7.0
    • C:\Documents and Settings\All Users\Application Data\Sophos\Update Manager\Update Manager

This will result in an updating location similar to the following:

Http://servername/

If you have added a Virtual Directory (Or through a Web Share on IIS 6.0) to an existing Site in IIS, then you must include the Alias in the updating URL.

Http://servername/SophosUpdate/

Check the site binding

This Microsoft article details how to change the binding, in this case we only need to note the binding used on the site hosting the Sophos updating location. Each site will require a unique TCP/IP port, be default the first site wil use Port 80, additional sites will use additional ports.

For example an additional site is added called SophosUpdate it is bound to Port 81:

Http://servername:81/SophosUpdate

3. Check the Authentication method

IIS 6.0

  1. Open up IIS Manager (Start | Programs | Administrative Tools | Internet Information Services (IIS) Manager).
  2. Right-click on the chosen website and select 'Properties'.
  3. Select the 'Directory Security' tab.
  4. In the 'Authentication and Access Control' option Select 'edit'.
  5. Check the details are correct here.
    • Untick 'Basic authentication', this may resolve the issue.
    • 'Digest' authentication may fail on some web servers. Change authentication to only Integrated, restart IIS and test updating again.
    • If this still fails – allowing anonymous login will temporarily allow clients to update but this will not fix the initial problem and the Web CID will need further troubleshooting. This is most likely to be a permissions issue.

IIS 7.0

  1. Open up IIS Manager (Start | Programs | Administrative Tools | Internet Information Services (IIS) Manager).
  2. Click on the chosen Virtual Directory for your Update Manager share, go to Authentication in the middle pane.
  3. There are a wide variety of authentication types available here depending on the roles installed via Server Manager, under Roles | Web Server (IIS) | Role Services you can see which Security types are installed, an overview on configuring these types can be found here.
  4. If you intend to use a specific Windows account for updating, ensure that the account has the read permission on the Update Manager share.
    • Anonymous, Basic, Digest and Windows Authentication are all known to work correctly, however you should revert to Anonymous Authentication to allow endpoints to update during troubleshooting, if you have not already done so, we suggest you check the IIS logs.

4. Check the MIME details on the website

IIS 6.0

  1. Open up IIS Manager (Start | Programs | Administrative Tools | Internet Information Services (IIS) Manager).
  2. Right-click on the website and select 'Properties'.
  3. Select the 'HTTP Headers' tab.
  4. Click the 'MIME types' button.
  5. Check the details here. For test purpose you can choose 'New' and in the extension add '.*' and see if this resolves the issue. 
    • Clear the Sophos AutoUpdate Cache folder and force an update on a test client after changing the MIME types (otherwise a http 404 error may be seen).
    • An incorrect version of ASP.net (Select the 'ASP.NET' tab) can also cause MIME types to fail.

IIS 7.0

  1. Open up IIS Manager (Start | Programs | Administrative Tools | Internet Information Services (IIS) Manager).
  2. Click on the chosen Virtual Directory for your Update Manager share, go to Authentication in the middle pane.
  3. Open MIME Types
  4. There will be a large pre-configured list in most cases, to ensure that specific files not on this list are being downloaded correctly, click Add... on the far right pane.
  5. Use * as the File name extension and name the MIME Type Sophos Test.


 
Si vous avez besoin de plus d'informations ou d'instructions, veuillez contacter le support technique.

Évaluez cet article

Très mauvais Excellent

Commentaires