SGN 5.50.8 - Endpoint will not encrypt after (New) install of 5.50.1/5.50.8

Just an update on this issue, we have identified the issue (Persistent CBIStore errors). The issue seemed to be caused by the way we were hardcoding our checkdisk routines after the client install but before the first reboot. The deployment script was originally written for 5.35, upgraded to 5.40 and then to 5.50(.8). 

So, at the end of the client install, SGNClient.msi writes to the BootExecute registry key to specify that the SafeGuard bootloader (The POA screen/kernel/etc.) SGNInstArea.exe is run to finish up the install of the client. as of <=5.40 the location, post install of SGNInstArea.exe was C:\Windows\System32. What we didn't know (And didn't show up in testing immediately) was that as of 5.50, the location of that executable (Among others) was moved to C:\Windows. So after our initial reboot, SGNInstArea.exe was never being run at boot, thus never installing the POA and preventing the CBIStore (Local keystore) from initializing. Since the keystore couldnt be initialized no keys, certs or policies would be utilized from the server no matter how many times we clicked on the icon :smileyhappy: .

We were able to identify these machines as the code that runs BootExecute typically removes it's entries (It's kind of a one time deal) after successful execution. Since SGNInstArea.exe wasn't being executed properly (Or at all in this case) it would remain the CurrentControlSet BootExecute key.

The solution was of course to modify the BootExecute registry key to point to the (new) proper location of SGNInstArea.exe. Once that was done, POA was installed and everything was just duckie. Theres a bit more to this story, but these are the relevant bits. I will be glad to help if someone else is having this same issue.

Thanks!

Just an update on this issue, we have identified the issue (Persistent CBIStore errors). The issue seemed to be caused by the way we were hardcoding our checkdisk routines after the client install but before the first reboot. The deployment script was originally written for 5.35, upgraded to 5.40 and then to 5.50(.8). 

So, at the end of the client install, SGNClient.msi writes to the BootExecute registry key to specify that the SafeGuard bootloader (The POA screen/kernel/etc.) SGNInstArea.exe is run to finish up the install of the client. as of <=5.40 the location, post install of SGNInstArea.exe was C:\Windows\System32. What we didn't know (And didn't show up in testing immediately) was that as of 5.50, the location of that executable (Among others) was moved to C:\Windows. So after our initial reboot, SGNInstArea.exe was never being run at boot, thus never installing the POA and preventing the CBIStore (Local keystore) from initializing. Since the keystore couldnt be initialized no keys, certs or policies would be utilized from the server no matter how many times we clicked on the icon :smileyhappy: .

We were able to identify these machines as the code that runs BootExecute typically removes it's entries (It's kind of a one time deal) after successful execution. Since SGNInstArea.exe wasn't being executed properly (Or at all in this case) it would remain the CurrentControlSet BootExecute key.

The solution was of course to modify the BootExecute registry key to point to the (new) proper location of SGNInstArea.exe. Once that was done, POA was installed and everything was just duckie. Theres a bit more to this story, but these are the relevant bits. I will be glad to help if someone else is having this same issue.

Thanks!