Enterprise Console error won't open

Hello Amadeus,

did it work before, and if so - could it be that something has been changed since it worked last? Please give a few details about your installation (SEC and OS versions, local or remote Console ...). 

Looks like the Encryption FrontEnd Service is involved so perhaps the EncryptionFEService.log in %ProgramData%\Sophos\ManagementServer\log\ has some additional information. I'd also check the Event Logs for potentially related entries.

Christian

Hello,

A few years later but we have EXACT the same error.

One of our administrators changed his login name in AD but kept the same profile etc.

Since he changed his login name he cannot open SEC and gets this error.

In the error log you mention we see this:

2018-03-29 09:55:31,253 [19] [(null)] ERROR {SophosManagementSecurity.CheckAccess} ==> Session token verification failed: token=`EF776403-6C9E-4E11-8A1E-D5D88995C4F8;732;7832979576A1F1E2374B8E30F0C5FB0B986802C5;`, name=`DOMAIN\new_user_name`, sid=`S-1-5-21-1292428093-879983540-839522115-6209`

Hello Systeembeheer Fokus,

please see item 6 in this article.

Christian

Hello Christian,

Thank you for your answer.

Unfortunataly that is a different error, but Sophos answered my support call and that fixed the issue.

See below for the fix:

To resolve this error take the following steps.

First Step.

Back up database before making any changes..! 


Run the following SQL command in an elevated command prompt:

osql -E -S .\sophos -d sophossecurity -Q "select * from users" > C:\users.txt

This will create C:\users.txt

Open this to see the old admin account & the new one.

So you should be seeing something like the output below.

The example I am using is OldAdmin & NewAdmin.

010500000000000515000000B1042A2F6774B045AD1A8F71D0240000               
                                                          
2015-05-11 17:05:27.703 
           6 
DOMAIN\OldAdmin                                                       
                                                                   
                                                                       
                                            
S-1-5-21-791282865-1169192039-1905203885-9983                          
                                                          
2017-12-19 14:53:43.990 
           4 
DOMAIN\rmiller                                                        
                                                                       
                                                                       
                                            
S-1-5-21-791282865-1169192039-1905203885-9950                          
                                                          
2015-08-20 15:09:53.930 
           5 
DOMAIN\NewAdmin                                                
                                                                       
                                                                       
                                            
S-1-5-21-791282865-1169192039-1905203885-9983                          
                                                          
2015-10-12 14:43:07.410 
(4 rows affected)

Above each login name is a number.
Make note of the number above the old login name.

You will need that number to edit the below query

DISABLE TRIGGER [dbo].[Users_InsteadOf_Update] ON dbo.Users;

UPDATE dbo.Users SET Sid=Sid+N'_' WHERE ID = 5;

ENABLE TRIGGER [dbo].[Users_InsteadOf_Update] ON dbo.Users;

Edit the query above with the number of the old login at WHERE ID = 5 (change this number)

Save the query C:\sql.sql

Open a command prompt as Administrator
Run the following command:

sqlcmd.exe -S .\SOPHOS -d SophosSecurity -i C:\sql.sql

This should resolve your issue, let me know if it does not.