Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 7516 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Failed to activate encryption. Encryption could not be activated...

bsuk

 ... Please contact your system administrator."

Of course unfortunately, I am the system administrator.

I'm getting this error when attempting to encrypt a macbook pro running a clean "out of the box" install of OS X 10.9.4 following the successful installation of Sophos Endpoint Encryption.

Does anyone know how to troubleshoot this?

The manual merely suggests:  "Note: If activation of the encryption fails, an error message will be displayed. More information can be found in the log files. Unless you chose another location, you find them at /var/log/system.log"

Here are the relevant results from the log file in question:

Aug 19 14:05:55 mycomputer.mydomain.local SafeGuard:SGD[67]: sgdSynchronize(): start of sgdSynchronize
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser GUID: 0xA8CE668B3B38CD47895A2447C5FD9EE9
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser Name: bonshow
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser Domain: mydomain.local
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser GUID: 0x72316A427EAA7A47B83FD5436FC1DEB2
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser Name: badegg
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser Domain: mydomain.local
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:SGD[67]: sgdGetFileVaultUsers(): sgexecStdInStdOut() / FDESETUP_LIST 256 1
Aug 19 14:05:56 mycomputer.mydomain.local SafeGuard:sguiclientlib[1081]: -[SGUIClientlibThread sgUserCertificate]: sgclientCreateUserCertificateInfo NOT SUCCESSFUL error: [0x8000000000000003]
Aug 19 14:05:57 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser GUID: 0x72316A427EAA7A47B83FD5436FC1DEB2
Aug 19 14:05:57 mycomputer.mydomain.local SafeGuard:srvxml[67]: sgsrvxmlCreateUserDict(): SGNUser GUID: 0xA8CE668B3B38CD47895A2447C5FD9EE9
Aug 19 14:05:57 mycomputer.mydomain.local SafeGuard:sguiclientlib[1081]: -[SGUIClientlibThread sgUserCertificate]: sgclientCreateUserCertificateInfo NOT SUCCESSFUL error: [0x8000000000000003]
Aug 19 14:06:07 mycomputer.mydomain.local fdesetup[1124]: ==== EFILoginCopyUserGraphics name:Bad Egg userPictureData:no

I'm assuming the relevant titbit is:  sgclientCreateUserCertificateInfo NOT SUCCESSFUL error: [0x8000000000000003]

The account in question is an Active Directory mobile account, however, the same error occurs with local accounts also.

As far as I can tell, the software is installing correctly, and the certificate and config file also.

Am I missing a step in the admin console or elsewhere, in order for this to work correctly?!

Many thanks in advance.

BSUK.

:52779


This thread was automatically locked due to age.
Parents
  • 0

    Did you find a way around this?

    Experiancing similar issue.

    The mac synced find to SafeGuard server.

    But... wasn't getting the policies, turned out running sgdeadmin --status   in terminal revealed sophos was using the local machine name instead of the domain.

    fixed that with:

    sgdeadmin --update-machine-info --domain "domain"

    the machine then saw it had a policy assigned, asked for a password and started encrypting.

    However under the user details tab.

    Domain is still local machine name not our domain

    There is no certificate info.

    Looking in logs i get same errors regarding certificate creation

    Similar setup managed mobile accounts, tried local account. tried admins.

    Always the same errors and no certificate created.

    Not sure if linked but when in SafeGuard management there is no info under inventory for that machine, also the user has no certificate but you would expect that as it's not being created.

    :56471
Reply
  • 0

    Did you find a way around this?

    Experiancing similar issue.

    The mac synced find to SafeGuard server.

    But... wasn't getting the policies, turned out running sgdeadmin --status   in terminal revealed sophos was using the local machine name instead of the domain.

    fixed that with:

    sgdeadmin --update-machine-info --domain "domain"

    the machine then saw it had a policy assigned, asked for a password and started encrypting.

    However under the user details tab.

    Domain is still local machine name not our domain

    There is no certificate info.

    Looking in logs i get same errors regarding certificate creation

    Similar setup managed mobile accounts, tried local account. tried admins.

    Always the same errors and no certificate created.

    Not sure if linked but when in SafeGuard management there is no info under inventory for that machine, also the user has no certificate but you would expect that as it's not being created.

    :56471
Children
No Data
Cookie Information Banner