Your proxy is not accessible from "outside"? Be aware that your license credentials travel in plain text see this thread. I'd use Sophos only as a last resort i. Typically I'd suggest that if you need clients to connect directly to Sophos, then simply provide them with the standalone installer and your EM credentials and they can install that - this will only connect to Sophos and have no interaction with your environment either updating or messaging.
However, if you need a managed package, you can configure the Primary to be an internal source and Sophos to be your Secondary source - remote clients will simply fail silently on the Primary, then update from the Secondary.
If you checked your local autoupdate logs, you will find the full URL for "Sophos", and could hard code this into your Primary, but I'd recommend against it - while it doesn't change often, it does change, and remote machines are the hardest ones to get at when you need to make a change to them - they would be out of luck if we had to change the URL. Second: Hardcoded isn't be the problem - unmanaged is, isn't it? Ensure the Workstation service can be started on the endpoint.
The account name mentioned in the message is disabled. Enable the account. This is commonly done via Active Directory. The password of the account name mentioned in the message has expired. Typically, the parameter User must change password at next login is set. If the account's password used for updating has expired, updating will break.
You may want to consider disabling this security measure for the updating service account or proactively monitor the expiration dates and ensure SEC updating policies are set correctly. For reference, take a look at the Microsoft article Password Expiration check. The account name mentioned in the message has not been allowed to log on to the computer hosting the share.
Check group policy for restrictions on the account name mentioned in the message. Click Log On To button to see any listed computer names. Check that there are no restrictions on when time during the week the account can log on to any computer. This can be verified by clicking the Logon Hours button. The account mentioned in the message is locked out. Unlock the account. Most likely that a Group Policy is restricting permissions on a Windows group.
On the endpoint, check the list of members of the group Users. If the update is successful, force a group policy update on the endpoint then check the list of members of the group Users. The updating address may also be incorrect or cannot be reached. If a different proxy is required or none available at a remote location the Proxy Details in Configure updating have to be changed as appropriate. Fiddling with the address will get you nowhere.
The goal of our network admin would be to allow a direct connection for accessing the sophos server, so that way we don't need to set a proxy in the settings. Ah, I think I see now. You want the Sophos address to work from inside your network without specifying a proxy, correct?
Normally a firewall enforces the use of a proxy and a decent firewall allows exceptions by DNS name, if not and you don't want to make all the exceptions in the article note the addresses the dci -names resolve to.
BTW - I've just found out that the addresses I get are not in the article's list so you better look them up anyway. Site Search User. You can select several sources. The first source in the list is the primary source. Additional sources in the list are optional alternate locations that the update manager uses if it cannot collect an update from the primary source. If you want to download software and updates directly from Sophos, select Sophos.
0コメント