Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1531 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos configured to use domain account but updating using local account?

Greedy

Im having a strange issue and forgive my ignorance, Im from a Symantec world.

 Right, so updates are failing for my server for some time now - the log fails with username and password issues - I check this account and its local, and keeps locking out.

Secondly, int eh update config, which is greyed out i presume as its done from the console, is supposed to be updating using the domain account 'Emanager' 

Why then is the update trying to use a local account?

Ive attached screenshots:

Local account that locks out (unsure what the password should be)

localaccount

The log showing its using the local accoutn and failing:

log

The config of update:

update

Why is it not using the domaina ccount for everything?

http://imageupper.com/i/?S0200010080011J1367317136191665
http://imageupper.com/i/?S0200010080021J1367317136191665
http://imageupper.com/i/?S0200010080031J1367317136191665

:39663


This thread was automatically locked due to age.
Parents
  • 0

    Hello Greedy,

    Why then is the update trying to use a local account?

    The best explanation I could find with a quick search in the knowledgebase is in this article (although it doe not apply to your problem). Quote:

    Technical Information

    The account is created by Sophos AutoUpdate and used for impersonation so that it can access the network to download files from a remote location.

    The impersonation account is needed because AutoUpdate normally runs as local SYSTEM, cannot make a network connection and therefore does not have the privileges to access the network. AutoUpdate therefore impersonates the account it creates to get access to the network.  It then uses the supplied credentials (if there are any) from the updating policy to access the distribution folder.

    Note: It is important to understand that the impersonation account is only used to gain access to the network (make a network socket) and not to access a network share.

    Perhaps this account's password has been changed - haven't heard of issues in this area lately if the server is not a DC (oh, BTW: You did not retouch the account's Full name in one of the images :smileywink:). Can't say if reprotecting the machine will do. The credentials are stored in HKLM\SOFTWARE\[Wow6432Node\]Sophos\AutoUpdate\Service - you should check if they change with the reprotect.  Not sure what to do if it does not, guess either uninstalling or removing the key and the user should work. 

    HTH

    Christian

    :39669
Reply
  • 0

    Hello Greedy,

    Why then is the update trying to use a local account?

    The best explanation I could find with a quick search in the knowledgebase is in this article (although it doe not apply to your problem). Quote:

    Technical Information

    The account is created by Sophos AutoUpdate and used for impersonation so that it can access the network to download files from a remote location.

    The impersonation account is needed because AutoUpdate normally runs as local SYSTEM, cannot make a network connection and therefore does not have the privileges to access the network. AutoUpdate therefore impersonates the account it creates to get access to the network.  It then uses the supplied credentials (if there are any) from the updating policy to access the distribution folder.

    Note: It is important to understand that the impersonation account is only used to gain access to the network (make a network socket) and not to access a network share.

    Perhaps this account's password has been changed - haven't heard of issues in this area lately if the server is not a DC (oh, BTW: You did not retouch the account's Full name in one of the images :smileywink:). Can't say if reprotecting the machine will do. The credentials are stored in HKLM\SOFTWARE\[Wow6432Node\]Sophos\AutoUpdate\Service - you should check if they change with the reprotect.  Not sure what to do if it does not, guess either uninstalling or removing the key and the user should work. 

    HTH

    Christian

    :39669
Children
No Data