Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 3557 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safeguard Enterprise - Wrong Encryption Key

Roberto
Hi guys, Now I have the following situation: I've made a policy for Device Encryption using the "Defined Machine Key" option. Everything was working correctly than I realize that some machines got a problem: the encryption key ( BOOT_MACHINENAME@domain ) have a different reference of the machine name, like the machine is computer1.domain and the encryption is BOOT_NOTEBOOK21@. I sync the Safeguard with Active Directory. Every new machine added to Active Directory we sync again. He also uses the SGN client inside an image for fast deployment, but without the configuration package. Questions: Does exist any recommendation for don't use the SGN client inside an image? This is the reason of the problem? Another question is if there is a way of the POA screen communicate with the Safeguard Server, or the machine receives a policy in the POA screen? Does exist any documentation about the output messages that are displayed when we sync AD ( the messages of the actions with the machines, like added, or renamed) happens? The definition of each action, because I'm not understanding clearly. Thank you in advance. Roberto Bruno
:655


This thread was automatically locked due to age.
  • 0

    HI Roberto,

    including SGN into an existing Image is not supported at the moment... If I understand you correctly you have installed SGN on the machine (w/o the Client Config) and after that you have created the image - correct?

    So please note that SGN creates the machine key upon the first reboot after the installation > the name of the current machine is taken. In case that you rename the machine after that the machine key will not be renamed!!! Probably this is the root cause for the "wrong" name of the machine key.

    Anyway since the key also has a unique ID it should always be possible to determine the right key for each machine.

    Again: A renaming of the key will not be possible > in case that you want the machine key match the machine name (which would be default when installing SGN after renaming a machine) you would have to completely uninstall SGN and reinstall it again.

    Hope that helps =)

    BR
    Dan

    :706
  • 0
    Daniel, Thank you VERY MUCH for that information! It will help me to solve some problems. Best Regards, Roberto Bruno
    :734