"SophosSAU " account locks out.

Question

I am having problems with downloading the latest Updates from the SophosUpdate share.

If I click on the Blue Sophos Shield in the system tray and select "Update Now" I get a message saying "Could not contact Server".

In Active Directory Users and Computers the "SophosSAU" account which is used for downloading of Sophos updates becomes locked out each time I try to do an "Update Now" and the Sophos Blue Shield in the system tray has a red cross in it indicating that updating has failed.

In the "C:\Program Files\Sophos\AutoUpdate\logs\alc.log" there are references to
"There was a problem while establishing a connection to the server. Details : LogonUser ("SophosSAU-hostname",".",...) failed A Windows API call returned error 1326".

Now a confession : everything was working fine, but then I had to change the password hashing algorithm I use on this Server.

My guess is that the "SophosSAU" account or its password have been affected by this change, but I'm not sure what to do next. I tried re-installing by doing a "Protect Computers" from the "Enterprise Console" but that made no difference.

Any advice gratefully received.

Peter

This thread was automatically locked due to age.

PeterT · Accepted Answer

Thanks Christian, that ObfuscatePassword tip was handy and I've got it working again now. I started off by throwing away all , “SophosAUUKJFADE-W21”, etc. accounts from the Active Directory. Then I deleted the “HKLM\Software\Sophos\AutoUpdate\Service” registry key. Then I re-protected the Server which re-installed the Sophos software and a) re-generated the registry key, b) re-generated “SophosSAUhostname-0” account. At this stage it still wasn’’’’t working so I went into the registry and set the Obfuscate Password = 0 and changed the Download password to a simple 5 character text password. At this point I  also re-set the password in Active Directory for “SophosAU-hostname0” to the same simple 5 character text password. Then I had to unlock the “SophosAU-hostname0”  account in Active Directory. Then I stopped all Sophos services and started them again. Then from the Blue Sophos Shield in the System Tray I selected the “Update Now” option. Having done this it started to copy files across. That seemed to work. I’’’’ll keep an eye on it but all seems OK at the moment. i.e. Enterprise Console has gone green again. :16559

"SophosSAU <hostname>" account locks out.