Issue A SafeGuard client is locked in the Power-On Authentication (POA) directly after installation of the SafeGuard kernel. There is no user known to the POA, and the client hasn't reported to the SafeGuard server yet. Therefore you cannot perform a Challenge/Response.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Device Encryption
Please note the following before you start:
This procedure only applies if:
We recommend you unplug the computer from the network to prevent an accidental policy distribution, e.g. uninstallation protection.
To recover the client, you can perform either of the following procedures:
Procedure 1. Attempt to rollback the installation using the SGNRollback tool, which can be found on the installation medium or in the downloaded files in the folder "Tools\SGNRollback tool".
Related KBA: How to use SGNRollback.exe to repair a failed SafeGuard Enterprise Device Encryption installation.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.