Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 3676 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN trouble after updating to Sophos Endpoint Security and Control 9.5

micmit

I established VPN long time ago, my credentials are saved. After updating to 9.5 and rebooting "Connect to"   brings user name/ password empty , entering my credentials results in the error

---------------------------
Network Connections
---------------------------
Cannot delete saved password.
Error 711: A configuration error on this computer is preventing this connection. For further assistance, click More Info or search Help and Support Center for this error number.
---------------------------
OK   
Making  Sophos Anti-Virus Windows Service start  manual and rebooting ( effectively doesn't start )  fixes the problem ( VPN brings screen with my saved credentials and connects ) .  Computer with Windows XP SP2.
:9927


This thread was automatically locked due to age.
  • 0

    Hi,

    That's most odd and I can't really think why SAVService itself would be the cause, unless it has prevented other system services from starting due to extra load.  This might be worth checking.  There are a few components that sit outside of SAVService that make requests of SAVService, components such as Detours, LSP, BHO.  Typically I would consider disabling those first.  

    To disable Detours open the keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

    and

    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

    if running on a 64 bit test machine and remove the entry to load the Sophos detours dll.  Please back up the keys before doing so or copy of the paths to the Sophos DLLs in both places so they can be added back later.

    Reboot.  With the SAVService loaded do you have the same problem in this configuration, if not I would call support telling them that detours is causing you a problem.  If it still fails with the above keys changed do put them back.

    To disable the LSP, if you turn off the "web protection" feature in SAV and then reboot, does it work?

    Otherwise I would be tempted to use Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645 on the machine. I.e.. In test 1, start the machine up with savservice, wait for the OS to fully load.  Start Process Monitor capturing the attempt to connect.  As soon as it brings up the blank dialog you can stop capturing.  Save all captured events as a pml file.  I would then repeat the test without SAVService, again creating a PML.  These can then be opened up side by side and compared.  I would have thought you could narrow down the significant point in the logs to quite a small window so it wouldn't be much to compare.

    Regards,

    Jak

    :9939
  • 0

    Yes, detours caused the problem. Just wondering, what consequences of leaving Sophos like this ( with this key deleted )  ? 

    :9983
  • 0

    Hi,

    Glad you've narrowed it down.  Here is the functionality it provides:

    http://www.sophos.com/support/knowledgebase/article/112099.html

    Also deleting that key or keys is not a permanent workaround, they will be put back.  

    As a more permanent workaround I was once given the key:
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\SAVService\SetupOptions]
    "DetourDLLState"="excluded"
    Note: Adjust path for 32bit.
     
    Then remove the reference from:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
    to the Sophos dll, leaving other entries as they are if present.
      
    You would then need to reboot to unload detoured from existing processes. 
     
    The above registry key will prevent detoured being rewritten on updates as just removing it from the AppInit_DLLs will not prevent it being re-created. 
    For the long term I suggest calling Support, detailing what we have found out and ideally try and provide them with steps to reproduce and if necessary a link to the VPN client software.

    Regards,

    Jak

    :9985