Sophos Anti-Virus for Windows: console reports 'Not updated since' or 'Unknown' in the 'Up to date' column
IssueEnterprise Console or Sophos Control Center reports that for a certain client computer the 'Up to date' column displays 'Not updated since' or 'Unknown' despite that computer being up to date following a manual check.
Sophos product and version
Enterprise Console, versions 3.0 and 2.0
Sophos Control Center, version 2.0
Operating system
Windows
What to do
1. Check that the client computer is managed by the console
Open the console and check that the computer is managed and protected by the console. For more information refer to one of the following:
- for Enterprise Console see the Sophos Endpoint Security and Control network startup guide
- for Sophos Control Center see the Sophos Anti-Virus SBE startup guide
2. Check the package checksums
Check to see if the issue is related to package checksums, by working through the following procedure. Ensure that you choose the correct options in this procedure, according to whether you are running Enterprise Console 2.0, Enterprise Console 3.0, or if you are using the Sophos Control Center (Small Business Solutions).
- If you have Enterprise Console 3.0
- Go to Start|Run, and type in the command:
osql -S .\sophos -E -d sophos3 -Q "select name, packageID from ComputersAndDeletedComputers" -o c:\clients.txt - Again, Go to Start|Run, and type in the command:
osql -S .\sophos -E -d sophos3 -Q "select ID, ProductID, IDEchecksum, ExpiryTime, NotificationTime from packages" -o c:\packages.txt -w 1000
- If you have Enterprise Console 2.0 or Sophos Control Center 2.0
- Go to Start|Run, and type in the following command:
osql -S .\sophos -E -d sophos2 -Q "select name, packageID from ComputersAndDeletedComputers" -o c:\clients.txt - Again, go to Start|Run, and type in the following command:
osql -S .\sophos -E -d sophos2 -Q "select ID, ProductID, IDEchecksum, ExpiryTime, NotificationTime from packages" -o c:\packages.txt -w 100
You now have created two files:
- 'Clients.txt' shows the checksum for each update of the client computers.
- 'Packages.txt ' shows what the database has registered as the most recent checksum for each package.
Compare the contents of these two files. If the client’s checksum does not match the most recent checksum in the database it will either be out of date (if the checksum matches an existing package that has been expired) or unknown (unknown if the checksum reported by the client does not match anything). Continue with the following procedure.
Note that if the contents of these two files do match, then the problem lies with the Sophos Remote Management System.
3. Run delete packages command
If you are running Enterprise Console, Sophos strongly advises that you make a backup of the Sophos database before making any alterations to it.
- To backup your database, go to C:\Program Files\Sophos\Enterprise Console\DB and run the BackupDB.bat script
RestoreDB.bat can used to restore a previous backup. (BackupDB and RestoreDB are only available in Enterprise Console 3.0. To Backup on Enterprise Console 2.0 you must alter the database name in the top of each file).
If you are running Sophos Control Center, you do not need to create a backup
- To ensure that EM Library is not currently doing an update, press Ctrl-Alt-Delete and open Windows Task Manager, click Processes and check that Dllloader.exe is not running.
- Go to Windows Services, and stop the ‘Sophos Enterprise Manager Scheduler’ service.
- Go to Start|Run and type in the following command line
- If you have Enterprise Console 3.0,
osql -E -S .\Sophos -d Sophos3 -Q "DELETE FROM Packages WHERE ID >= 0" -o c:\DeletedPackages.txt -w 1000 - If you have Enterprise Console 2.0 or Sophos Control Center 2.0
osql -E -S .\Sophos -d Sophos2 -Q "DELETE FROM Packages WHERE ID >= 0" -o c:\DeletedPackages.txt -w 1000
- If you have Enterprise Console 3.0,
- Go to Windows Services, and start the ‘Sophos Enterprise Manager Scheduler’ service.
- Open EM Library Console and click on 'Download Packages'. This process should now repopulate the Packages table in the database.
- Open the Enterprise Console or Control Center and check the status of the client computers, they should start to report as ‘Up to date’.
If the clients are still reporting as unknown, try running 'Update now (Checksum all files)' on each CID within Central Installations. It may help if problems persist to obtain the Clients.txt and Packages.txt files again as mentioned above.
If you need more information or guidance, then please contact technical support.
- Article ID: 28620
- Created: 13 Nov 2007
- Last updated: 6 Oct 2008
