The update logs within the Sophos client give the following: "There was a problem while establishing a connection to the server. A windows API call returned error 1311" After lots of googling, we can find nothing relating to "error 1311". The primary update server (mgmt1) is configured the same on all machines through 1 Sophos policy. Why can the clients update successfully from mgmt1 but mgmt1 cannot connect to itself and update properly? windows error 1311 means ERROR_NO_LOGON_SERVERS or simply there are currently no logon servers available to service the logon request.
Likely establishing connection is failing due to connectivity or local/domain policy or wrong credential or account lockout, hard to ascertain but good to check the (e.g.
Client settings for devices: Specify the maximum transfer rate in (Kbps) that will be used by Configuration Manager clients when outside of the specified BITS throttling window.
They are also happily checking for and receiving updates when asked to do so (right-click Sophos icon in taskbar, "Check for Updates".
For System Center 2012 Configuration Manager SP1 and later: Select Yes if you want to deploy user data and profiles configuration items to Windows 8 computers in your hierarchy.
For more information about user data and profiles, see How to Create User Data and Profiles Configuration Items in Configuration Manager.
If you want to use the Juniper Networks preconfigured profile, use the profile named junos-sophos-av-defaults in your UTM policy.
See Example: Configuring Sophos Antivirus UTM Policies.
Details: Logon User ("[Account]", ".", ...) failed A Windows API call returned error 1326 Typically this "Sophos SAU" account is created automatically with a random password but you can set this account up before you install as per: