Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4318 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Full Disk encryption

kitty_hawk

hi,

i just change the my SOphos endpoint license from Advance to with disk encryption. after downloaded the binaries i am seeing an error from my console on the encryption policy tab:

Sophos.UIController.Extension.UIControllerException:  Access to the encryption database failed!
   at Sophos.Encryption.UI.EncryptionPolicyHandler.Edit(IntPtr parent, String name, String contentTag, IPolicyCallback policyCallback)
   at Sophos.UIController.Product.Policy.<>c__DisplayClass7.<EditPolicy>b__6()
   at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
   at Sophos.UIController.Product.Policy.EditPolicy(IntPtr parent, String name, String contentTag, IPolicyCallback policyCallback)

----- [outer exception] -----
   -- error: 0x80040503
   -- facility: Custom (Defined by the interface)

   at void __thiscall PolicyDialogViewer::ShowPolicy(struct ISMT_Policy *,class ATL::CWindow,const class bl::UIPermissions &,unsigned long,const class ProductReleaseData &,const class TranslationService &)
   at __w64 long __thiscall CPolicyTreeCtrl::OnEditPolicy(unsigned int,__w64 unsigned int,__w64 long,int &)

any help is appreciated.

thanks

:28687


This thread was automatically locked due to age.
  • 0

    As a test, if you make the "database" user a memeber of the administrators group, does it then work?

    If so I would then see why the database account doesn't have access to the database by being a member of "Sophos DB Admins".

    Is it something like the mappings are off, similar to: http://www.sophos.com/en-us/support/knowledgebase/111898.aspx#Cannot_open_50

    Regards,

    Jak

    :28695
  • 0

    i took your advice but doesnt solve the problem. heres a screenshot of the error when i edit encryption policy.

    :28721
  • 0

    Hello Hopper,

    I didn't go through all combinations during install thus I can't say how SEC/SUM behaves if you've omitted a step during setup. I get it that your SOPHOSENC51 database is there and you've exported the certificates? I'd expect that permission errors or general issues (like database not available) would result in a different error. Thus I'd suggest to call Support - unless Jak as another idea I fear we can't be of much more help. 

    Do you get the same error if you try to open Tools->Manage Encryption->...?

    Christian

    :28723
  • 0

    I assume that the Adcanced message is still "access denied".

    As a test, if you do a 'run as' for the account the sophos encryption business logic service is running as (i.e. the database account), e.g.

    In a command prompt run:

    runas /user:domain\account cmd

    In that new CMD window running as the account, run

    sqlcmd -E -S .\sophos -d sophosenc51 -Q "select * from SEC_OFFICER" 

    Does that return records or error?

    Otherwise, the log of interest for this problem are in:

    C:\ProgramData\Sophos\ManagementServer\log\

    You could have a look through those.

    Regards,

    Jak

    :28745