Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 6654 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Enterprise Console Upgrade to 5.2 & Full Disk Encryption

cbc

We have just purchased and updated our Enterprise Console from V4.0 to V5.1 and then from 5.1 to 5.2.0.644

However when we try to use the Full disk Encryption by Right Clicking on the  default policy we get the following error. Any advice would be much appreciated.

Have tried running the setup again as suggested in the instructions but still have no option to add the Disk Encryption.

Sophos.UIController.Extension.UIControllerException: System.ServiceModel.FaultException`1[Sophos.Encryption.Entities.EncryptionFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Sophos.Encryption.Entities.EncryptionFault).

   at Sophos.Encryption.UI.EncryptionPolicyHandler.Edit(IntPtr parent, String name, String contentTag, IPolicyCallback policyCallback)

   at Sophos.UIController.Product.Policy.<>c__DisplayClass7.<EditPolicy>b__6()

   at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)

   at Sophos.UIController.Product.Policy.EditPolicy(IntPtr parent, String name, String contentTag, IPolicyCallback policyCallback)

----- [outer exception] -----

   -- error: 0x80004005 (Unspecified error)

   -- facility: Generic (System)

   -- source:   Sophos.Encryption.UI

   at void __thiscall PolicyDialogViewer::ShowPolicy(struct ISMT_Policy *,class ATL::CWindow,const class bl::UIPermissions &,unsigned long,const class ProductReleaseData &,const class TranslationService &)

   at __w64 long __thiscall CPolicyTreeCtrl::OnEditPolicy(unsigned int,__w64 unsigned int,__w64 long,int &)

   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)

   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

:38249


This thread was automatically locked due to age.
  • 0

    We have also found the following in the EncryptionFEService.log file

    2013-03-08 12:28:11,284 [30] [(null)] INFO  {SophosManagementSecurity.LogInformation} ==> Entered RoleBasedServiceAuthorizationManager:CheckAccess
    2013-03-08 12:28:11,487 [30] [(null)] INFO  {SophosManagementSecurity.LogInformation} ==> Exiting RoleBasedServiceAuthorizationManager:CheckAccess
    2013-03-08 12:28:11,487 [30] [(null)] INFO  {Sophos.Management.Logging.Log4NetOperationInvoker.LogEntryMessage} ==> Entering: IEncryptionFEService.GetPolicy Parameters: FullDiskEncryption,FactoryDefault,
    2013-03-08 12:28:11,487 [30] [(null)] INFO  {EncryptionFEPlugin.LogInformation} ==> GetPolicy for FactoryDefault type FullDiskEncryptioncalled ...
    2013-03-08 12:28:11,487 [30] [(null)] INFO  {EncryptionFEPlugin.LogInformation} ==> Check for policy factory default...
    2013-03-08 12:28:11,956 [30] [(null)] ERROR {EncryptionFEPlugin.LogError} ==> Replacing of Global FactoryDefaults failed
    2013-03-08 12:28:11,971 [30] [(null)] ERROR {EncryptionFEPlugin.LogError} ==> DB initialization failed: System.ServiceModel.FaultException: System.ServiceModel.FaultException`1[Sophos.Encryption.Entities.EncryptionFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Sophos.Encryption.Entities.EncryptionFault).
       at Sophos.Encryption.FrontEnd.EncryptionFEService.GenerateFactoryDefaultGlobalPolicy(Boolean reset)
       at Sophos.Encryption.FrontEnd.EncryptionFEService.CheckForEmptyFactoryPolicy(MainEntityBase policy)
    2013-03-08 12:28:11,971 [30] [(null)] WARN  {Sophos.Management.Logging.Log4NetOperationInvoker.Invoke} ==> Exception: IEncryptionFEService.GetPolicy
    System.ServiceModel.FaultException: System.ServiceModel.FaultException`1[Sophos.Encryption.Entities.EncryptionFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Sophos.Encryption.Entities.EncryptionFault).
       at Sophos.Encryption.FrontEnd.EncryptionFEService.CheckForEmptyFactoryPolicy(MainEntityBase policy)
       at Sophos.Encryption.FrontEnd.EncryptionFEService.GetPolicy(PolicyType policyType, String id)
       at SyncInvokeGetPolicy(Object , Object[] , Object[] )
       at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
       at Sophos.Management.Logging.Log4NetOperationInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
    2013-03-08 12:29:17,834 [26] [(null)] INFO  {SophosManagementSecurity.LogInformation} ==> Entered RoleBasedServiceAuthorizationManager:CheckAccess
    2013-03-08 12:29:18,037 [26] [(null)] INFO  {SophosManagementSecurity.LogInformation} ==> Exiting RoleBasedServiceAuthorizationManager:CheckAccess
    2013-03-08 12:29:18,037 [26] [(null)] INFO  {Sophos.Management.Logging.Log4NetOperationInvoker.LogEntryMessage} ==> Entering: IEncryptionFEService.GetGlobalPolicy Parameters:
    2013-03-08 12:29:18,037 [26] [(null)] INFO  {EncryptionFEPlugin.LogInformation} ==> Check for policy factory default...
    2013-03-08 12:29:18,568 [26] [(null)] ERROR {EncryptionFEPlugin.LogError} ==> Replacing of Global FactoryDefaults failed
    2013-03-08 12:29:18,568 [26] [(null)] ERROR {EncryptionFEPlugin.LogError} ==> DB initialization failed: System.ServiceModel.FaultException: System.ServiceModel.FaultException`1[Sophos.Encryption.Entities.EncryptionFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Sophos.Encryption.Entities.EncryptionFault).
       at Sophos.Encryption.FrontEnd.EncryptionFEService.GenerateFactoryDefaultGlobalPolicy(Boolean reset)
       at Sophos.Encryption.FrontEnd.EncryptionFEService.CheckForEmptyFactoryPolicy(MainEntityBase policy)
    2013-03-08 12:29:18,568 [26] [(null)] WARN  {Sophos.Management.Logging.Log4NetOperationInvoker.Invoke} ==> Exception: IEncryptionFEService.GetGlobalPolicy
    System.ServiceModel.FaultException: System.ServiceModel.FaultException`1[Sophos.Encryption.Entities.EncryptionFault]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Sophos.Encryption.Entities.EncryptionFault).
       at Sophos.Encryption.FrontEnd.EncryptionFEService.CheckForEmptyFactoryPolicy(MainEntityBase policy)
       at Sophos.Encryption.FrontEnd.EncryptionFEService.GetGlobalPolicy()
       at SyncInvokeGetGlobalPolicy(Object , Object[] , Object[] )
       at System.ServiceModel.Dispatcher.SyncMethodInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)
       at Sophos.Management.Logging.Log4NetOperationInvoker.Invoke(Object instance, Object[] inputs, Object[]& outputs)

    :38251
  • 0

    Just for clarity we have upgraded from End Point protection to Data Protection Suite. In doing so we were required to upgrade the Console SEC 4.0 to 5.1 before going to 5.2, and then we went to 5.2

    During the upgrade to SEC 5.1 we chose to allow SEC to manage encryption. Following the 5.1 upgrade we immediately went to 5.2. Now when we run setup.exe for 5.2 we don't see any options about Encryption. Is that to do with already having made that choice during the 5.1 upgrade?

    We notice that there are no entries in the SOPHOSENC52 database tables (there are also none in the SOPHOSENC51). So suspect that the upgrade has not initialised the database, hence the errors in the logfile.

    ** Check for policy factory default

    ** Replacing of Global FactoryDefaults failed

    ** DB initialization failed

    :38253
  • 0

    Further developments on this...

    We rolled everything back to SEC 4 as it's on a virtal and we have a snapshot. Then we proceeded with the upgrade to SEC 51 again. This time it went a lot better. SEC 51 works and has a populated SOPHOSENC51 database and has policies which we can manage.

    So with all that working we took a snapshot and began the upgrade to SEC 52... :( No joy. The upgrade process works fine, no errors but again we end up with an empty SOPHOSENC52 database and trying to edit a policy fails with the same error as previously.

    So we're a bit further on, but still stumped.

    :38347
  • 0

    Wooohooo, we finally got this sorted. Turned out it was a case of a bit of "missing information" in the upgrade instructions.

    We carried out the upgrade as per sec_52_ugeng.pdf and no where could we find the vital step to migrate the SOPHOSENC51 database.

    We reverted back to a 51 snapshot and then ran the upgrade process again:

    Enterprise Console 5.1

    C:\sec_51\ServerInstaller\DB\Core\InstallDB.bat (local)\SOPHOS [NetBIOSComputerName] SOPHOS51 Sophos_InstallCore51DB.log

    C:\sec_51\ServerInstaller\DB\Patch\CreatePatchDB.bat (local)\SOPHOS [NetBIOSComputerName] SOPHOSPATCH51 Sophos_InstallPatch51DB.log

    C:\sec_51\ServerInstaller\DB\Encryption\InstallEncryptionDB.bat (local)\SOPHOS [NetBIOSComputerName] SOPHOSENC51 Sophos_InstallEnc51DB.log

    but this time included the following step which we could find no reference for (until we got an email from Sophos support):

    If you are upgrading from Enterprise Console 5.1 you also need to run the following command to upgrade the Encryption database:

    C:\sec_52\ServerInstaller\DB\Encryption\UpgradeEncryptionDB.bat (local)\SOPHOS [NetBIOSDomainName] SOPHOSENC51 SOPHOSENC52 Sophos_UpgradeEncDB.log

    Which then gave us a fully populated SOPHOSENC52. We then had to manually run the stored procedure "dbo.From51" to migrate 51 data into 52

    NExt is the important step. Rename the OLD databases to anything other than SOPHOS51 etc. We just stuck "old" onto the end. And presto SOPHOS52 now up and running with Encryption policies.

    ... now all we have go to do is encrypt something :)

    :38633