Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 10492 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"SophosSAU <hostname>" account locks out.

PeterT

I am having problems with downloading the latest Updates from the SophosUpdate share.

If I click on the Blue Sophos Shield in the system tray and select "Update Now" I get a message saying "Could not contact Server".

In Active Directory Users and Computers the "SophosSAU" account which is used for downloading of Sophos updates becomes locked out each time I try to do an "Update Now" and the Sophos Blue Shield in the system tray has a red cross in it indicating that updating has failed.

In the "C:\Program Files\Sophos\AutoUpdate\logs\alc.log" there are references to
"There was a problem while establishing a connection to the server. Details : LogonUser ("SophosSAU-hostname",".",...) failed A Windows API call returned error 1326".

Now a confession : everything was working fine, but then I had to change the password hashing algorithm I use on this Server.

My guess is that the "SophosSAU" account or its password have been affected by this change, but I'm not sure what to do next. I tried re-installing by doing a "Protect Computers" from the "Enterprise Console" but that made no difference.

Any advice gratefully received.

Peter

:16469


This thread was automatically locked due to age.
  • 0

    Hello Peter,

    so the server in question is a DC? Please take a look at Domain Controllers not updating with error 1909. Or just deleting the mentioned AutoUpdate\Service key before reprotecting the server might help.

    Christian

    :16477
  • 0

    Thanks for the reply Christian,

    it's still not working I'm afraid.

    I changed the password of "SophosSAU<servername>0" as suggested in the link but I was still getting the same problem after I re-protected the server.

    Then I tried deleting the AutoUpdate\Service key.

    This time the registry has set the Download User to be "SophosSAU<servername>1" instead of "SophosSAU<servername>0".

    But that account does not exist in the Active Directory so I guess that can't be right.

    The Download password in the registry's "AutoUpdate\Service" key is displayed as "ELIjwF........" which looks like it's been encrypted. The password I set up in Active Directory for "SophosSAU<servername>0" was just a simple 5 character plain text password.

    :16501
  • 0

    Slight correction to my last post :

    the "SophosSAU<servername>1" account does exist in Active Directory now. I just needed to Refresh the display.

    I've got a "SophosSAU<servername>2" account as well now following another attempt at throwing away the AutoUpdate\Service key and re-protecting.

    Still doesn't work though.

    :16503
  • 0

    The password I set up in Active Directory for "SophosSAU<servername>0" was just a simple 5 character plain text password.

    If you set the password in AD and change the registry value for Download Password you must also change the ObfuscatedPassword value to 0. But perhaps this too won't help as it failed with the newly created accounts as well.

    Even if it works you should contact Support as it looks like the installer is creating an account which subsequently can't be used.

    Christian

    :16517
  • 0

    Thanks Christian, that ObfuscatePassword tip was handy and I've got it working again now.

    I started off by throwing away all , “SophosAUUKJFADE-W21”, etc. accounts from the Active Directory.

    Then I deleted the “HKLM\Software\Sophos\AutoUpdate\Service” registry key.

    Then I re-protected the Server which re-installed the Sophos software and a) re-generated the registry key, b) re-generated “SophosSAUhostname-0” account.

    At this stage it still wasn’’’’t working so I went into the registry and set the Obfuscate Password = 0 and changed the Download password to a simple 5 character text password.

    At this point I  also re-set the password in Active Directory for “SophosAU-hostname0” to the same simple 5 character text password.

    Then I had to unlock the “SophosAU-hostname0”  account in Active Directory.

    Then I stopped all Sophos services and started them again.

    Then from the Blue Sophos Shield in the System Tray I selected the “Update Now” option.

    Having done this it started to copy files across.

    That seemed to work. I’’’’ll keep an eye on it but all seems OK at the moment. i.e. Enterprise Console has gone green again.

    :16559
  • 0

    Good to hear it works. You should be able to use an obfuscated password instead (please see Obfuscating the username and password).

    Still I think you should contact Support as others might encounter the same problem when they change settings as you did. From what you told there seems to be a issue with the "download user" which should be resolved. As there is no knowledgebase article (the one I referred to doesn't describe your situation) Sophos might or might not be aware of the issue.

    Christian

    :16599