Sophos Update Issues


We're running a VM infrastructure of Windows Server 2008 R2 and Windows 7 clients. Our Management Server  (mgmt1) is hosting the latest release of Sophos Enterprise Management Console.

All clients and other servers have successfully been added to the console and are happily receiving updates automatically. They are also happily checking for and receiving updates when asked to do so (right-click Sophos icon in taskbar, "Check for Updates".

All machines are pointing at mgmt1 as the primary source for updates, including the Sophos client on mgmt1. The server is 'airgapped' and not connected to the internet. Updates are copied manually on to the mgmt1 server from CD. Putting the server online is not an option and therefore the Sophos servers are not an option for providing updates.

However, server mgmt1 won't update itself. When the "Check for updates..." option is clicked, the dialogue box displays that it cannot connect to server (depsite the server being itself and all other machines configured in the same way work).

The update logs within the Sophos client give the following:

"There was a problem while establishing  a connection to the server. Details: Logon User ("%username%" etc.) failed. A windows API call returned error 1311"

After lots of googling, we can find nothing relating to "error 1311". All usernames and passwords have been checked etc. The primary update server (mgmt1) is configured the same on all machines through 1 Sophos policy.

We're now a bit stuck. Why can the clients update successfully from mgmt1 but mgmt1 cannot connect to itself and update properly?

Thanks in advance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
JBrITAuthor Commented:
Thanks Craigbeck, unfortunately, that's the site i've been going round in circles on for days to try and solve this. All permissions are in-place and correct.
Make sure the user account thats login  to the server is a member of the Sophos Admin group.
You can add this user easy by cmd > net localgroup SophosAdministrator <YourUserName> /ADD .

Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

JBrITAuthor Commented:
Hi CT,
All done, still no luck. Really odd!
Is the account part of the domain admin group?

btanExec ConsultantCommented:
windows error 1311 means ERROR_NO_LOGON_SERVERS or simply there are currently no logon servers available to service the logon request. Likely establishing connection is failing due to connectivity or local/domain policy or wrong credential or account lockout, hard to ascertain but good to check the ALC.log (e.g. C:\ProgramFiles\Sophos\AutoUpdate\Logs\alc.log)

Other extracts of interest

Also if the password for the account referenced here, HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\AutoUpdate\Service\

which by default the "SophosSAU<machinename><number>", is changed? In the alc log you (Launch SAV - on the main page you can see "view updating log" ) I would think you will have the error:
Time: 11/07/2012 08:33:12
Message: There was a problem while establishing a connection to the server. Details: LogonUser ("[Account]", ".", ...) failed A Windows API call returned error 1326

Typically this "SophosSAU" account is created automatically with a random password but you can set this account up before you install as per:  The advice here is to set "ObfuscatedPassword" to 0 and then secure the key such that only Administrators and System have access.  So you could set the same key and enter the password in clear, then secure the key.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JBrITAuthor Commented:
This worked. It appears our systems password encryption tool was encrypting the obfuscated password and therefore didnt match when un-hashed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.