HELP! Challenge/Response buttons grayed out

Hi Ivanwee,

The fact that the machine rebooted on it's own looks like a classic case of local cache corruption.  The localcache of the machine contains all the configuration of the client and various other sensitive files such as policies and certificates etc.

As such, it is imperitive that the client preserve the integrity of this information and so it is cryptographically secured.  Any changes made to this folder:

C:\ProgramData\Utimaco\SafeGuard Enterprise\LocalCache

Will cause the machine to immediately and forcibly reboot.  If a copy of the localcache can be restored from backup then it will, if not, then the workstation is locked to prevent access to the data, and as the client is damaged and cannot continue booting, the challenge response options are greyed out too.

The most common cause of this is that something such as AV software is scanning the localcache and modifying it.  As such, we always recommend excluding the above folder from scanning to prevent this sort of thing from happening.

As for recovering your data (which is all you can do in this instance as the client is damaged and will not allow the machine to start) I suggest looking at the document in the following article:

http://www.sophos.com/support/knowledgebase/article/108156.html

This documents all the possible ways to recover data from SafeGuard protected clients.

If you have difficulty in recovering the data from the machine then I suggest that you raise a support ticket with us.

Regards,

Stephen.

oh craps..

we're using Sophos AV as well.

I've gone through the document.. looks like i cannot do anything to the PC anymore. Even the WinPE CD requires me to go past the POA screen. But i cannot because the OK button is grayed out.

Hi ivanwee,

If you are still trying to recover this computer with the corrupt Local Cache, I recommend at this point using a tool like FixMBR to recover the original Windows 7 MBR. This will work as long as the drive did not get encrypted (which it sounds like it didn't).

After you recover the Windows 7 MBR, then uninstall the SGNClient.msi and the Client Configuration MSI. Ater you reboot from that uninstall, exclude the install path for SGN Client from Sophos AV scanning. It's usually C:\Program Files\Utimaco\SafeGuard Enterprise\<app names>.

Please let us know your results.

Hi David, thanks for the advice, you're right the disk is not encrypted, it is just a corrupted cache i guess. Anyway I've formatted the PC already, but what i've learnt here will be useful if i run into such problems again.

Hi David,

I'm experiencing this problem on a few Safeguard clients but excluding the localcache folder doesnot appear to resolve the problem. We're using Trend AV (Officescan 10.5 SP1) and SGN 4.50.152 and I've setup a global exclusion which I've confirmed using regedit is propogated down to the clients.

I'd say about 98% of our users are fine but every now and again this little gremlin keeps crawling back in

Hi Adam,

Thanks for posting your question in the SophosTalk community forums.

I'm glad to hear that you are experiencing a high success rate in deployment and would like to help you get to 100% success. This is a tricky one to troubleshoot over a forum such as this because there will be a lot of going back and forth until we find the root cause.

Did you read the KBA Preparations prior to installing SGN ? It may prove to be helpful. If this continues, during the installation have the installation logs written to a network share to send to Sophos Support so they can analyze if something is disconnecting during the installation.