Sophos Update Issues

Posted on 2013-08-27
Medium Priority
Last Modified: 2016-02-25

We're running a VM infrastructure of Windows Server 2008 R2 and Windows 7 clients. Our Management Server  (mgmt1) is hosting the latest release of Sophos Enterprise Management Console.

All clients and other servers have successfully been added to the console and are happily receiving updates automatically. They are also happily checking for and receiving updates when asked to do so (right-click Sophos icon in taskbar, "Check for Updates".

All machines are pointing at mgmt1 as the primary source for updates, including the Sophos client on mgmt1. The server is 'airgapped' and not connected to the internet. Updates are copied manually on to the mgmt1 server from CD. Putting the server online is not an option and therefore the Sophos servers are not an option for providing updates.

However, server mgmt1 won't update itself. When the "Check for updates..." option is clicked, the dialogue box displays that it cannot connect to server (depsite the server being itself and all other machines configured in the same way work).

The update logs within the Sophos client give the following:

"There was a problem while establishing  a connection to the server. Details: Logon User ("%username%" etc.) failed. A windows API call returned error 1311"

After lots of googling, we can find nothing relating to "error 1311". All usernames and passwords have been checked etc. The primary update server (mgmt1) is configured the same on all machines through 1 Sophos policy.

We're now a bit stuck. Why can the clients update successfully from mgmt1 but mgmt1 cannot connect to itself and update properly?

Thanks in advance.
Question by:JBrIT
LVL 47

Expert Comment

by:Craig Beck
ID: 39443977

Author Comment

ID: 39444653
Thanks Craigbeck, unfortunately, that's the site i've been going round in circles on for days to try and solve this. All permissions are in-place and correct.
LVL 23

Expert Comment

ID: 39444942
Make sure the user account thats login  to the server is a member of the Sophos Admin group.
You can add this user easy by cmd > net localgroup SophosAdministrator <YourUserName> /ADD .

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Author Comment

ID: 39445124
Hi CT,
All done, still no luck. Really odd!
LVL 23

Expert Comment

ID: 39445174
Is the account part of the domain admin group?

LVL 66

Accepted Solution

btan earned 2000 total points
ID: 39445232
windows error 1311 means ERROR_NO_LOGON_SERVERS or simply there are currently no logon servers available to service the logon request. Likely establishing connection is failing due to connectivity or local/domain policy or wrong credential or account lockout, hard to ascertain but good to check the ALC.log (e.g. C:\ProgramFiles\Sophos\AutoUpdate\Logs\alc.log)


Other extracts of interest

Also if the password for the account referenced here, HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\Service\

which by default the "SophosSAU<machinename><number>", is changed? In the alc log you (Launch SAV - on the main page you can see "view updating log" ) I would think you will have the error:
Time: 11/07/2012 08:33:12
Message: There was a problem while establishing a connection to the server. Details: LogonUser ("[Account]", ".", ...) failed A Windows API call returned error 1326

Typically this "SophosSAU" account is created automatically with a random password but you can set this account up before you install as per: http://www.sophos.com/en-us/support/knowledgebase/48910.aspx.  The advice here is to set "ObfuscatedPassword" to 0 and then secure the key such that only Administrators and System have access.  So you could set the same key and enter the password in clear, then secure the key.


Author Closing Comment

ID: 39448078
This worked. It appears our systems password encryption tool was encrypting the obfuscated password and therefore didnt match when un-hashed.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question