Wednesday, 12 August 2015

ZyXEL USG & Sophos EndPoint - FILE Invalid XML Version Action: Reject Both Severity: severe

I encountered frequent update failures with Sophos EndPoint recently which co-incided with the activation of Intrusion Detection and Prevention (IDP) service on my ZyXEL USG310 firewall.

Sophos EndPoint (version 10.3) displayed the following error on the PC (Windows 8.1):-

Updating failed Sophos Endpoint Security and Control has failed to download updates

Windows system tray Sophos Update Error notification
Sophos AutoUpdate log file displayed the following error:

 ERROR: Could not find a source for updated packages

Error found in Sophos AutoUpdate Log file

This particular PC had Sophos EndPoint configured to retrieve updates directly from the Sophos AutoUpdate servers on the web rather than from the local EndPoint update server. I immediately checked the EndPoint server is still picking up the updates to distribute to clients and it everything seemed normal so the issue appears to be on a client basis only.

I immediately checked the firewall logs as the activation of IDP on the ZyXEL USG310 was the last major change to the network.In the logs I found the following multiple errors that pointed to the destination address of the PC on the network and coincided with every update attempt ran in Sophos:-

Rule_id=1 SSI=N [type=Sig(1058608)] FILE Invalid XML Version Action: Reject Both Severity: severe

To resolve this issue, I looked to inactivate the particular IDP rule that appears to be blocking Sophos by going to the ZyXEL Configuration > UTM Profile > IDP menu and editing the active rule:-

I then hit Switch to Query View 

...and searched by Signature ID, referencing the ID (1058608) that was in the ZyXEL log entry

I then inactivated the entry in the query result, hit Save and OK and then reattempted an update in Sophos resulting in the usual updating status screen that completed successfully. 

The cause of this issue appears to be a conflict with the IDP rule in ZyXEL not liking one of the XML files required early in the Sophos EndPoint updates process - possibly an invalid file on the servers at Sophos? More details on the IDP error were provided on the ZyXEL box under Monitor > UTM Statistics > IDP on the link below:-

Thursday, 30 July 2015

Windows 10 Upgrade - Error 80240020 when upgrading from Windows 8.1 Professional using Windows Update

Windows 10 was released on the 29th July 2015. Like many others, I signed up to reserve my free upgrade from my current version of Windows 8.1 Professional (64 bit). Since I did not receive the 'upgrade ready' prompt on the day of the release (and I was slightly impatient), I read online that the upgrade can be pushed through by deleting the contents of the following folder:-


...and then running the following command as administrator in the command prompt:-


After entering this and opening the Control Panel > Windows Update, it appeared I was well on the way to receiving the Windows 10 upgrade


I then deleted the C:\Windows\SoftwareDistribution\Download folder again and also the hidden folder C:\$Windows¬BT that seems to contain the Windows 10 upgrade. I restarted, retried forcing the installation several times again, but kept getting the same error.

I wondered if this error was due not meeting minimum available free storage on the C drive - I had about 12GB available on my SSD, so managed to free up another 10GB by temporary relocating a huge 10GB backup file found under the C:\Users\[MyAccount]\AppData\Roaming folder used for ITunes. - Still no luck!

I then tried another route to carry out the install - Windows 10 can be downloaded using the following tool:-

I ran the tool (MediaCreationToolx64.exe) using the upgrade route rather than burning installation media, but sadly this failed too,
I spotted that running this tool, created another hidden folder:-

In this folder was a setup file:-

Running this file gave me the upgrade option:-

I followed this upgrade process and after a couple of hours,  it finally completed, successfully!