Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot run SEC 5.2.1 as Domain User

tomerb

Hi,

we're running SEC 5.2.1 in a Samba 4 Domain environment on a Windows 2008 R2 server, which is a domain member. I installed SEC using the <Domain>\Administrator account using <Domain>\SophosManagement and <Domain>\SophosUpdateMgr accounts. Installation worked just fine as usual.

After installation the only account that I can use to actually run SEC is the _local_ Administrator. (Haven't tried with another local account that's member of the local Administrator's group, though...) When I try to use the <Domain>\Administrator account or any other domain account, that's member of Domain Administrators which in turn is member of the local Administrators group, I get an "unexpected error".

The error details are as follows:

Sophos.UIController.Extension.UIControllerException: Cannot retrieve session token after 8 retries. Please check that the Sophos Management Host service is running, otherwise see KBA 118513.
   bei Sophos.UIController.IdentityServiceAbstracter.EndRetrieveSessionToken()
   bei Sophos.UIController.UIControl.InitializeModulesDependencies()
   bei Sophos.UIController.UIControl.<Initialize>b__b()
   bei Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
   bei Sophos.UIController.UIControl.Initialize()

----- [outer exception] -----
   -- error: 0x80004005 (Unknown error)
   -- facility: Generic (System)
   -- source:   Sophos.UIController

   at class ATL::CComBSTR __thiscall UIControl::initialize(class ATL::CComPtr<struct IDispatch>)
   at class ATL::CComPtr<struct IDispatch> __thiscall bl::CReusingManagementServiceClientBroker::logIn(const struct util::UserName &,class Loki::SmartPtr<class bl::SubEstate,class Loki::RefCountedMTAdj<class Loki::ClassLevelLockable>::RefCountedMT,struct Loki::DisallowConversion,struct util::NoDereferenceNull,class Loki::DefaultSPStorage>,const wchar_t *,class bl::UIControllerBase &)
   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)
   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

Thanks in advance

Thomas

:43453


This thread was automatically locked due to age.
  • 0

    Hello Thomas,

    this is just a guess (I have no idea how all this dotted stuff works <insert appropriate emoticon here/>). As it principally works I think we can rule out service and database issues as well as renamed accounts. It's also not group membership, otherwise you wouldn't get that far. I'd try the step in the Note: at the end of section 3 in 118513, namely  removing the identity tags. Can't say if that makes any difference though. 

    Christian 

    :43461