The following error is reported to the console by your endpoint computers after an update:
ERROR: Could not find a source for updated packages [0x00000071]
On the endpoint computer:
- if you check the ALC.log you will find the following strings:
ERROR: Could not find a source for updated packages
Could not connect to the server. Check that this computer is connected to the network and that Sophos AutoUpdate is configured to update from the correct location with the correct credentials and proxy details (if required)
- if you check the local ALUpdate.log you will find the following string mentioning the number '113' (which is decimal for the hexadecimal value of 71):
First seen in
Sophos Enterprise Manager 4.7.0
Enterprise Console 4.0.0
Various. Common causes include:
- Incorrect updating policy.
- Endpoint computer cannot access share (due to path set, account used, share permissions).
- General networking problems.
What To Do
There are various things to check both on the management server (i.e., or the server installed with Sophos Update Manager (SUM) if separate from the management server) and the endpoint computer(s). Listed below are a series questions and suggested steps to work through.
Has the endpoint computer recently reported to the console?
Important: Before troubleshooting the updating related error first check that the computer(s) reporting the error has recently reported to the console. Computers with alerts and errors that have not recently reported to the console (e.g., the Sophos Remote Management System (RMS) component is not working correctly or the computer is offline) should have the failure to report corrected first.
In the console, on the 'Computer Details' tab, check the 'Last message time' column. If the date and time shown is recent then the management server has received a message from the endpoint and you can assume the error message shown is accurate.
If the last message time is not recent then the endpoint maybe switched off or disconnected from the network. Or it may be having trouble reporting to the management server. Ensure the RMS component can communicate correctly by reviewing the firewall requirements in the Sophos endpoint deployment guide.
Is the central updating policy correct?
There are two things to check in the console regarding the updating policy: The update path set is correct and the account used by the endpoint computer is valid (inc. password).
Checking the path...
In the console, on the 'Update Details' tab, check the 'Primary server' column (and if set the 'Secondary server' column too). Ensure the path displayed can be accessed from the endpoint computer.
If the path is not correct edit the updating policy for the group and change the path.
Note: There is a maximum number of characters for the UNC path. For more information on the maximum number of allowable characters see: Naming Files, Paths, and Namespaces.
Checking the user account...
Open the updating policy for the group and confirm the 'Username' (on the 'Primary Server' and possibility 'Secondary Server' tab) is correct. If you are unsure of the password you can enter it again.
Warning: If you do not know the password for your updating account you could first reset the account's password (via Active Directory or Computer Management) first. However if you have a large number of endpoint computers you may experience the account repeatedly locking out (error 1909) due to multiple endpoints attempting to update with the original password before they receive the new updating policy from the management server. For medium to large size networks, or if you have a mixture of endpoints that are on and offline (i.e., will not have chance to receive the new updating policy before attempting to update) we recommend you create a new updating account (possibly a temporary account) that you know the password to and can use in the updating policy. Therefore the existing account will not lock out as only endpoints that have successfully communicated with the management server will have received details of the new account.
Check share permissions
The endpoint computers will attempt to access the central share with the account set in the updating policy. This account must be able to access the share (with 'Read' permissions) so that files can be downloaded.
On the server browse to the shares of the server (Start | Run | Type:
\\servername\ | Press return). Right-click on the 'SophosUpdate' share and under 'Properties' | 'Sharing' tab | 'Advanced Sharing' | 'Permissions' add the 'Everyone' group with read permissions. Apply the changes and force an update on the computer (locally or through the console by right-clicking on the computer).
Check the endpoint computer's policy
Having now confirmed the endpoint is communicating correctly with the console and the central policy is correct you should move on to troubleshooting the policy that the endpoint is currently using.
Using a text editor (e.g., Notepad.exe) open the iconn.cfg file. Confirm that the policy is the same as you have configured in the console.
If you need to locally alter the updating policy settings for a managed endpoint do not attempt to correct either the address or password. Instead enable the local user interface for the updating details.
Clear the local Cache and warehouse folders on the endpoint
The local copies of the files required for the update may be corrupt or truncated, follow the below steps to copy new copies to the affected endpoint:
- Delete the contents of the
- Delete the
status.xml file from
- Delete the contents of the
- Force an update - right click on the Sophos shield and select
Other things to consider
- The endpoint computer could be experiencing general networking issues. Ensure the computer is fully connected to the network (e.g., joined to the domain). You may want to perform a number of general networking test on the endpoint computer such as rebooting and checking the event logs.
- If you find your computers are attempting to connect to the share before they are fully connected to the network during start-up the error maybe generated. A workaround/suggestion to reduce the number of computers reporting the error is to script an update shortly after the computer has fully connected to the network. The VB script to force an update on the endpoint is available from article 36262 under the 'ALsvc.exe' description.