Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 6888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changed domain administrator now console wont open.

Testpilot

Hello,

We change the domain password to enhance security, Sophos was working without any problems before we changed the password. It seems the database is still running fine in the background and users can update their machines.

We are using 'Sophos Enterprise Console' product version 5.2.0.644

Only now we cannot launch the entprise console and get the following message:

Sophos.UIController.Extension.UIControllerException: Cannot retrieve session token after 8 retries. Please check that the Sophos Management Host service is running, otherwise see KBA 118513.
   at Sophos.UIController.IdentityServiceAbstracter.EndRetrieveSessionToken()
   at Sophos.UIController.UIControl.InitializeModulesDependencies()
   at Sophos.UIController.UIControl.<Initialize>b__b()
   at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
   at Sophos.UIController.UIControl.Initialize()

----- [outer exception] -----
   -- error: 0x80004005 (Unspecified error)
   -- facility: Generic (System)
   -- source:   Sophos.UIController

   at class ATL::CComBSTR __thiscall UIControl::initialize(class ATL::CComPtr<struct IDispatch>)
   at class ATL::CComPtr<struct IDispatch> __thiscall bl::CReusingManagementServiceClientBroker::logIn(const struct util::UserName &,class Loki::SmartPtr<class bl::SubEstate,class Loki::RefCountedMTAdj<class Loki::ClassLevelLockable>::RefCountedMT,struct Loki::DisallowConversion,struct util::NoDereferenceNull,class Loki::DefaultSPStorage>,const wchar_t *,class bl::UIControllerBase &)
   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)
   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

Solutions tried:

At first we tried a reboot.

After checking the services we saw 'Sophos Management Service' did not start,

there where also 3 services that used the domain administrator account for authentication.

We updated the password for those services, now SMS did start, but the console still won't do anything but display the error.

Once we saw something was still wrong we started to follow this KB 118513

This again lead us to Troubleshooting Kerberos

Now this artical ask me to check a huge amount of configurations, all ment to find the problem (wich i know -changed password).

Does anybody know a simple solution to this without having to enable auditing?

The only way we can start the Console now is to remove the 'IDENTITY' section from the EnterpriseConsole.exe.config file. This solution is only meant for troubleshooting and remote connection to the console still get the old error msg.


Thank you for any assistance you can provide.

Arris

:45647


This thread was automatically locked due to age.
  • 0

    We tried the solutions mentioned in the Kerberos article. Here are the results:

    installing support tools - Installed.

    Configure Tools for Troubleshooting - checked

    Enable Account logon failure Audition - Enabled.

    There are no failures reported.

    Make sure that the network infrastructure is functioning properly -Network is in optimal condition.

    Make sure that a domain controller is accassible - It is.

    Make sure that DNS is configured - It is.

    Make sure that the clocks are synchronized - The are in sync with the NTP server.

    Starting to think the problem is not my network or authentication accounts. The fact i changed the password of the account that was used to install the SQL-DB must be the cause.

    Where do i change the Passwords that sophos uses to authenticate the console on the SQL-DB?

    Any help would be appreciated. Thanks

    :45697
  • 0

    Contacted Sophos Support, they said the following:

    In this scenario you will need to re-run the enter the Enterprise Console installer. It won't lose any setting or PC's but it will allow you to re-enter your credentials afresh.
    Please ensure though you do run the installer for the current version you have otherwise it will cause issues.

    (Re- run the entire installation ( the SEC installer ). It will keep all your settings but allow you to re-enter your credentials.)

    The problem is now solved, the Console is working like before.

    :45721