The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When opening the Enterprise Console the following error is seen.
GetObjectSetfailed for Sophos.Management.RBAC.Core.User ----- [outer exception] ----- -- error: 0x80131500 -- facility: C#/.NET at class ATL::CComPtr __thiscall bl::CReusingManagementServiceClientBroker::logIn(void) at int __cdecl Run(int,enum bl::ConsoleType::Type) at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)
To confirm the issue, check the Windows event viewer (Start | Run | Type: eventvwr.msc | Press return). The event viewer shows (around the time the console was launched):
Initialization failed. Step: Creating a database connection Error: std::runtime_error Data: createAccessToken: LogonUser failed
The Sophos Management Service service terminated with the following error: %%-2147467259
An account failed to log on. Failure Information: Failure Reason: Unknown user name or bad password. Process Information: Caller Process Name: C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
Note: The Sophos Message Router service (process name 'RouterNT.exe') may use high CPU percentage while this issue is occurring.
First seen in Enterprise Console 4.0.0
The password for the account used by the Sophos management service has expired.
The error has been seen on a management server when the administrator's account (used by the 'Sophos Management Host' service; 'Sophos Patch Endpoint Communicator' service; 'Sophos Patch Endpoint Orchestrator' service; 'Sophos Patch Server Communicator' service; and set in the 'DatabaseUser' key in the registry and hence used by the 'Sophos Management Service') has naturally expired, while the account is logged on.
On the next log on the user would be prompted for a new password, however this has not happened yet
If the server's resources are being used excessively, first locate the process and stop the related service temporarily. Then continue with the steps below.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.