"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
One of the following errors is recorded in the latest ClientMRInit.exe (a program used by Sophos' Remote Management System (RMS)) log file (ClientMRInit-DATE-TIME.log) which located in the C:\Windows\Temp\ directory shows the following error:
New and old CA certificates do not match. Upgrading CA certificates is not allowed, uninstall RMS first.
Message Router identity key do not match. Upgrading to new key. Managed Application identity key do not match. Upgrading to new key. Management Agent identity key do not match. Upgrading to new key.
First seen in Sophos Anti-Virus for Windows 2000+
There is a mismatch between the mrinit.conf file, and/or cac.pem and what is currently set in the registry of the computer.
Warning: Only perform the steps below on an endpoint computer. Do not perform them on the computer hosting your Sophos Management Server.
HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Remote Management System\ For 64 bit OS the keys will be under
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.