This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The key store is not initialized. Please re-login!

Hi Guys,

I have problem with a user account that will not work user ID is 1st time login to the new PC

Although the user is syncronizing with safeguard, it does not recieve a new key or certificate Policy, contact with server is ok.

Ive tried several times to log the same user ID, logout and log in with the user account, I get into windows, and it says its s

User logged on after first logging in and out with Domain account:

Error message when trying to display key ring:"The key store is not initialized. Please re-login!"

Sophos

Safeguard version 6 with DX & CP with enable Enable registration of SGN Windows users.

This is a user that has been using safeguard before and the user is connected to other pc, and syncronized in management center

I hope someone could assist on solution or troubleshooting guide. Thanks

This thread was automatically locked due to age.

Parents

0 ABCR-TRP over 10 years ago
The first line of the Event Viewer error I did not have with me last night is:
"Configuration Protection client detected a possible tampering event. Description [File not verified]."
The answers to your other questions are:
- When your remote users that are affected by the issue login to Windows, do they use the SafeGuard Credential Provider? ((If they use something else then the SafeGuard Credential Provider, User initialization might not complete correctly.))
- When the users are on the desktop, what does the SafeGuard Client Status say in regards to the User status? (SafeGuard Tray Icon -> Status -> SGN User Status?)
- and how did you specify the SafeGuard Policy setting "Specific Machine Settings | Allow registration of new SGN users for" ?
1). Do they use the SafeGuard Credential Provider? - - Yes, as far as I know. Please remember this is brand new software for me and even the other Technicians working in our center are not Sophos "experts" by any means. The start-up appears to be normal and I am seeing the prompt for an Old Password to be entered, but we do not believe the remote End User has changed their password in any way during the past week (the time we have been preparing this replacement computer using their Domain credentials here in our work center). Log-on occurs, and shows, the POA as expected...
2). What does the "Status" show? - - I know it shows Synchronized and that no new data is available to download. I do not know the "SGN user state:" of the local Admin profile because I am not logged in to it at the moment. Since these PCs now appear to be working, we will likely be shipping them out today without any further delay. - - It would be fantastic to know if there is something we can do to avoid this (what amounts to..) trememdous delay for our team and we are supposed to have a turn-around time of 3 business days, not 6!!
3). What are the Policy settings? - - I do not know the answer to this third question. I have no involvement in the setup of Policies for these machines. Our team is tasked with installing the software and verifying everything happened correctly. If you believe I should escalate this issue "internally" to the Sophos Administrators or Leads, I can bring that point to my team leader, but beyond this I am not sure what else I can do. Each machine typically has only one single End User, so there are no multiple Users in 95%+ of the cases. We act as both the End User (..with temporarily elevated local Admin privileges) and the local Admin during install of the software and all "extra" privileges are removed from the End User's Domain account before the PCs ship to the User's physical location. - - Ideally, when we encounter an "issue" the best, fastest, easiest solution is the one we want. Internal escalation(s) and questions are MORE likely to cause people to question the choice of this software solution in my opinion (as a 19 year support Tech veteran).
I hope these answers help you understand our situation.
Suddenly, I am told that last night a FINAL reboot attempt caused the missing local Admin "Key Ring"(s) to appear! This is quite surprising to me and I have to wonder if it was simply a matter of time (timing) for the Sophos server to see the clients and push the Key Rings to them. If this is the case, I still wonder why it took more than 72 hours and 8 to 10 reboots (warm, cold) to get things to happen.
Respectfully,
~ Dennis C., Refresh Project Contractor
:50602
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ABCR-TRP over 10 years ago
The first line of the Event Viewer error I did not have with me last night is:
"Configuration Protection client detected a possible tampering event. Description [File not verified]."
The answers to your other questions are:
- When your remote users that are affected by the issue login to Windows, do they use the SafeGuard Credential Provider? ((If they use something else then the SafeGuard Credential Provider, User initialization might not complete correctly.))
- When the users are on the desktop, what does the SafeGuard Client Status say in regards to the User status? (SafeGuard Tray Icon -> Status -> SGN User Status?)
- and how did you specify the SafeGuard Policy setting "Specific Machine Settings | Allow registration of new SGN users for" ?
1). Do they use the SafeGuard Credential Provider? - - Yes, as far as I know. Please remember this is brand new software for me and even the other Technicians working in our center are not Sophos "experts" by any means. The start-up appears to be normal and I am seeing the prompt for an Old Password to be entered, but we do not believe the remote End User has changed their password in any way during the past week (the time we have been preparing this replacement computer using their Domain credentials here in our work center). Log-on occurs, and shows, the POA as expected...
2). What does the "Status" show? - - I know it shows Synchronized and that no new data is available to download. I do not know the "SGN user state:" of the local Admin profile because I am not logged in to it at the moment. Since these PCs now appear to be working, we will likely be shipping them out today without any further delay. - - It would be fantastic to know if there is something we can do to avoid this (what amounts to..) trememdous delay for our team and we are supposed to have a turn-around time of 3 business days, not 6!!
3). What are the Policy settings? - - I do not know the answer to this third question. I have no involvement in the setup of Policies for these machines. Our team is tasked with installing the software and verifying everything happened correctly. If you believe I should escalate this issue "internally" to the Sophos Administrators or Leads, I can bring that point to my team leader, but beyond this I am not sure what else I can do. Each machine typically has only one single End User, so there are no multiple Users in 95%+ of the cases. We act as both the End User (..with temporarily elevated local Admin privileges) and the local Admin during install of the software and all "extra" privileges are removed from the End User's Domain account before the PCs ship to the User's physical location. - - Ideally, when we encounter an "issue" the best, fastest, easiest solution is the one we want. Internal escalation(s) and questions are MORE likely to cause people to question the choice of this software solution in my opinion (as a 19 year support Tech veteran).
I hope these answers help you understand our situation.
Suddenly, I am told that last night a FINAL reboot attempt caused the missing local Admin "Key Ring"(s) to appear! This is quite surprising to me and I have to wonder if it was simply a matter of time (timing) for the Sophos server to see the clients and push the Key Rings to them. If this is the case, I still wonder why it took more than 72 hours and 8 to 10 reboots (warm, cold) to get things to happen.
Respectfully,
~ Dennis C., Refresh Project Contractor
:50602
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data