Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 7455 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Secondary credentials - password gets erased

Sladey

Hi,

We are running Spohos Administration Console V4.7.0.13.

We have a secondary update server of Sophos configured and all the various updating policies have the username and password configured.

When Sophos is pushed out to clients, the username field is populated however the password field is not. This has the effect of not permitting machines to update if they are not connected to our internal network.

I have tried creating a new update policy and pushing that out instead of the existing policies but to no avail.

Any suggestions welcomed.

Sladey

:37215


This thread was automatically locked due to age.
  • 0

    Hello Sladey,

    don't think I have heard of or seen this.

    Do I understand you correctly that there's no password for the secondary location (no matter what you enter for username or password)?

    Question is where the password seemingly "disappears". I'd start with exporting one of the "offending" policies and check the resultant XML file. Also please have a look at iconn.cfg (from the \AutoUpdate\Config\ folder) on one of the clients. If a password has been set in SEC (even if it is just a single space) then "something" should be set in these files (and the clients should show the placeholder dots).

    Christian

    :37221
  • 0

    Hi Christian,

    iconn.cfg has no entry for the password field whatsoever (for the Sophos login)

    The XML export shows EncUserPassword=""

    I know this sounds like I have not put anything in the password field of the updating policy but please be assured that I have, man times!

    :37225
  • 0

    Hello Sladey,

    I did not doubt that you did enter a password. SEC4.7 is long gone from my systems, dunno if the GUI has changed since then. Can't say what the problem could be. First, editing the policy in SEC - does the password "stick"? I.e. if you check the Specify secondary server details for the first time, the Password: field gets enabled and is blank. If you enter a password dots appear which should be there after saving and opening again the policy. From now on you can't write into the field directly but have to click Change. Is this the case?

    Don't think there were significant changes in the GUI between 4.7 and 5.x - the dialog seems pretty watertight, at least I've found no sequence of actions which could produce unexpected results, e.g. due to a missing warning. And I don't think it does behave like the SUM configuration and checks the credentials (and if, I'd expect a warning).

    Christian

    :37231
  • 0

    Hi Christian,

    When I enter the password, the box displays the usual circles and the passwrod does "stick"

    Could this be some kind of DB corruption? Is there a way to check / repair?

    Cheers,

    Sladey

    :37291
  • 0

    Hello Sladey,

    sounds strange. If I interpret your description correctly the policy (and the password) is written to the database and SEC "is aware" that one is there. It's missing though when it is "exported" to an XML file. The address is Sophos, the credentials don't contain any "funny" characters - I have no idea why it should fail.  You say the (exported) policies are correct except for the missing password?

    Do you have the SQL Management Studio?

    To narrow down where the error could occur I'd run some short tests:

    • If you are using a standard Primary update location set it also as Secondary (the credentials should automatically be populated)
    • Specify an arbitrary secondary update location (perhaps tr both UNC and HTTP) with arbitrary credentials
    • Use Sophos but enter arbitrary credentials

    Assign the changed policy and check the results on a test client, also export the policy. I assume you have to contact Support (unless the tests bring some insight) but details could speed up things.

    Christian 

    :37293