The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The following error message is displayed in Enterprise Console:
Failed to send the complete message to mark a key backup session as complete [0x80040324]
First seen in Enterprise Console 5.1.0
The endpoint is unable to complete the exchange of messages which allows the endpoint to be ready to encrypt.
This is caused by the 'Sophos Agent' service on the endpoint being restarted during the exchange of messages; this is most likely caused by a system shutdown or a reboot of the endpoint. Please note that the system will recover from this, and will complete the exchange of messages, permitting the endpoint to commence encryption.
However, once the endpoint has completed encrypting, this message will continue to be displayed in the console.
For the computer displaying the above error, ensure that the key exchange has completed. To do so; right-click on the machine in Enterprise Console and select 'Encryption Recovery'. If this option is enabled, the initial setup has been completed and the error message can be safely ignored. Note: The error will clear in two weeks by default.
If the 'Encryption Recovery' menu option is greyed out, and the machine has the encrypted client installed, you can restart the 'Sophos Agent' service on the client to start another key exchange session. Also ensure that the client is then switched on for a minimum of 20 minutes to guarantee the client receives all messages.
To avoid this error message appearing in the future, ensure, network permitting, that the management server is able to notify the clients that outstanding messages are waiting for them at the management server. This will result in downstream messages arriving at the client in a more timely fashion, rather than relying on the default 15 minute polling interval. This will therefore minimize the chance of this error occurring erroneously. This can be achieved by allowing TCP port 8194 incoming, on the client.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.