One or more endpoint computers report 'Unknown' in the 'Up to date' column, on the 'Status' tab, of the console.
First seen in
Enterprise Console 4.5.0
The computer or computers reporting as 'Unknown' have a package installed that the Sophos Management Server does not know about because your authoritative Sophos Update Manager (SUM) has not reported this package to the database. This can be caused by:
- Your authoritative Sophos Update Manager (SUM) failing to complete a download and you have more than one SUM installed.
- Your authoritative SUM completes a download but fails to send the latest package information to the Sophos Management Server (if on the same computer there can be a communication problem between the SUM component and the Management Server component).
- Your authoritative SUM completes a download but there is a significant delay in sending the latest package information to the Sophos Management Server.
- Endpoint computers have an updating policy that allows them to update from a secondary source (i.e., another SUM, webCID or directly from Sophos' databank directly). When they successfully update from the secondary source they now have a package where the information on it is not held by the central database.
Hence the console does not know anything about the package reported by the endpoint and cannot provide any information as to whether or not the computer is up to date or has a previously downloaded package (i.e., 'Not since...').
What To Do
Troubleshooting the cause of this issue breaks down into:
- Check your authoritative SUM is downloading correctly.
- Check your authoritative SUM is sending information to the management server in a timely manner.
- Endpoint computers are connecting to the correct updating location.
How do I tell which SUM is the authoritative SUM?
If you have only one SUM then that will be the authoritative SUM. If you have more than one SUM you must find out which one the Sophos Management Server listens to for package information. For details on finding out the authoritative SUM see article 57638.
Confirm that your authoritative SUM is communicating with the management server and downloading
Once you have found the authoritative SUM you should ensure that is updating successfully and reporting to the console.
- Confirm from Enterprise Console that the ‘Last message time’ is recent. This can be checked by viewing the 'Computer details' page under the endpoints view or under the 'Computer Details' tab in later versions of Enterprise Console.
- Confirm there are no errors or warnings shown against the SUM in the 'Update managers' view of the console. If there are locate the exact error in the Logviewer.exe program.
My authoritative SUM has to update a lot of distribution points (either local or remote)
If you have configured your authoritative SUM to download from Sophos and then update a lot of distribution folders (e.g., remote shares on different computers or many local folders) this may result in endpoints reporting 'Unknown' for a period of time before showing as 'yes' in the 'Up to date' column.
Note: SUM only tells the Sophos Management Server what packages it has downloaded after fully updating all local and remote shares. This is done via a status message at the very end of the update cycle.
If SUM has to copy updates to multiple folders (local, remote, possibly over slow network links), endpoint computers can update to a newer package and report in faster than SUM can send the status message.
In this scenario we recommend you consider performing the following:
- Install additional SUMs at locations where you are currently pushing updates to from a central SUM.
- Install another SUM which is subscribed to all subscriptions but only updates a default local location. This SUM should then be made authoritative.
What to expect when endpoints can download from sources not controlled by your authoritative SUM
If your endpoint computers are configured to update from a secondary source, the update source contains a package that is slightly more up to date than the internal share, and the endpoint updates from the secondary source: the computer may appear as 'Unknown' in the column.
This is expected behavior. You can ignore endpoints that are moving on and off the network. However if endpoints (desktop computers), that should primarily update from an internal source, are constantly rolling over to their secondary source you should investigate why the primary location is unavailable.
Ensuring the majority of your endpoint computers can reliability update from a source controlled by a SUM reduces the number on computers that will update to a package version in advance of the SUM's schedule.
If you are unable to resolve the cause of the problem you should gather the information below and use the link at the bottom of this article to contact Technical Support.
- A Sophos Diagnostic Utility (SDU) output from both:
- The Sophos Management Server.
- One endpoint computer that has recently reported to the console (within 14 days) and is currently showing as 'Unknown' in the 'Up to date' column.
- The output files SDDMServersStatus.txt and outputReportedClientVersionData.txt from running the commands below.
On the computer hosting the Sophos databases:
- Download the text file getReportedClientVersionData.txt and save to the root of the C:\ drive.
- Open a command prompt (Start | Run | Type:
cmd.exe | Press return).
- Run the commands:
sqlcmd -E -S .\SOPHOS -d SOPHOS51 -s , -i C:\getReportedClientVersionData.txt -o outputReportedClientVersionData.txt -y 0 -h 10000
sqlcmd -E -S .\SOPHOS -d SOPHOS51 -Q "select StatusXML from dbo.SDDMServers" -o SDDMServersStatus.txt -y 0 -h 500
SOPHOS51 is the database name associated with your console version. For more information on Sophos databases see article 17323.
.\SOPHOS represents a local SOPHOS named SQL Server instance. For more information on determining your instance name see article 113030.