Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 4 subscribers
  • Views 17696 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC Not running on client

roblenz

When trying to install/run SEC on my workstation for accessing the console as a client I get the following error I have checked KB 118513 anyone have any ideas?

Sophos.UIController.Extension.UIControllerException: Cannot retrieve session token after 8 retries. Please check that the Sophos Management Host service is running, otherwise see KBA 118513.
   at Sophos.UIController.IdentityServiceAbstracter.EndRetrieveSessionToken()
   at Sophos.UIController.UIControl.InitializeModulesDependencies()
   at Sophos.UIController.UIControl.<Initialize>b__b()
   at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
   at Sophos.UIController.UIControl.Initialize()

----- [outer exception] -----
   -- error: 0x80004005 (Unspecified error)
   -- facility: Generic (System)
   -- source:   Sophos.UIController

   at class ATL::CComBSTR __thiscall UIControl::initialize(class ATL::CComPtr<struct IDispatch>)
   at class ATL::CComPtr<struct IDispatch> __thiscall bl::CReusingManagementServiceClientBroker::logIn(const struct util::UserName &,class Loki::SmartPtr<class bl::SubEstate,class Loki::RefCountedMTAdj<class Loki::ClassLevelLockable>::RefCountedMT,struct Loki::DisallowConversion,struct util::NoDereferenceNull,class Loki::DefaultSPStorage>,const wchar_t *,class bl::UIControllerBase &)
   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)
   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)



This thread was automatically locked due to age.
Parents
  • 0

    The same error. Only one user on two different computers. On the operating system Windows 7 32 bit comes on the operating system Windows 7 64 bit does not go. Tell me what to see?

  • 0 in reply to Alexey Gayun

    Hello Alexey Gayun,

    it works on one of the computers so your setup is in principle correct. The bitness of the OS shouldn't make a difference.
    Both consoles have been recently installed and the one never worked? Has the database user name been put in correctly during install? Otherwise, hm, it'd be strange if just the console on the 64bit couldn't connect to the Management Host service. Could there be other differences?

    Christian

Reply
  • 0 in reply to Alexey Gayun

    Hello Alexey Gayun,

    it works on one of the computers so your setup is in principle correct. The bitness of the OS shouldn't make a difference.
    Both consoles have been recently installed and the one never worked? Has the database user name been put in correctly during install? Otherwise, hm, it'd be strange if just the console on the 64bit couldn't connect to the Management Host service. Could there be other differences?

    Christian

Children
  • 0 in reply to QC

    At first glance there are no other differences. Both computers in the domain and have installed all the patches. Services in the system are configured identically. Critical logs in the system-no. In the same LAN. The user alone. On the server is recorded in the log the inputs and outputs without blocking.

    Tried today on another computer under control of win 7 64 bit - new install, same error.

  • 0 in reply to Alexey Gayun

    Hello Alexey Gayun,

    new install [on 64bit], same error
    hm, ... same flavour (e.g. Enterprise) of Win7 except for bitness? I assume same GPOs linked for the 32bit and 64bit?
    All my (few) remote consoles are on Win7 Enterprise 64bit so it's supposed to work. The error is exactly the one from the original post a slightly different? Could you post the relevant section from the user's AppData\Local\Sophos\Sophos Endpoint Management\log\sophos-ui-framework.log? Otherwise I have no idea where and how to get additional information for this .NET stuff - I mean: useful information.

    Christian

  • 0 in reply to QC

    2016-10-13 15:35:39,687 [1] WARN  {Sophos.UIController.UIControl.EndRetrieveSessionToken} ==> Error whilst retrieving session token. Exception Details: System.ServiceModel.Security.SecurityNegotiationException: Сбой согласования режима безопасности SOAP с "048-xx-xx/.../WSTrustService" для целевого объекта "048-gpb-xx/.../WSTrustService". Подробнее см. внутреннее исключение. ---> System.ComponentModel.Win32Exception: Сбой проверки подлинности интерфейса поставщика поддержки безопасности (SSPI). Возможно, сервер не запущен в контексте учетной записи с удостоверением "f048_xx@xx.xx.local". Если на сервере используется учетная запись некоторой службы (например сетевой службы), укажите имя ServicePrincipalName (SPN) этой учетной записи в качестве удостоверения в параметре EndpointAddress сервера. Если на сервере используется учетная запись пользователя, укажите имя UserPrincipalName этой учетной записи в качестве удостоверения в параметре EndpointAddress сервера.
       в System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
       в System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
       в System.ServiceModel.Security.IssuanceTokenProviderBase`1.GetNextOutgoingMessage(Message incomingMessage, T negotiationState)
       в System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       --- Конец трассировки внутреннего стека исключений ---

    Server stack trace:
       в System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
       в System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       в System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
       в System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       в System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       в System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
       в System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
       в System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
       в System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       в System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
       в System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       в System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
       в System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
       в System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       в System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       в System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       в System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       в System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       в Sophos.Management.Identity.Interfaces.IWSTrust.Issue(ClientAscribe clientAscribe)
       в Sophos.UIController.IdentityServiceAdapter.GetSessionToken(ClientAscribe clientAscribe)
       в Sophos.UIController.IdentityServiceAbstracter.RetrieveSessionTokenFromService(Object clientAscribe)
       в System.Threading.Tasks.Task`1.InnerInvoke()
       в System.Threading.Tasks.Task.Execute()
    2016-10-13 15:35:49,702 [1] ERROR {Sophos.UIController.UIControl.EndRetrieveSessionToken} ==> Cannot retrieve session token after 8 retries. Please check that the Sophos Management Host service is running, otherwise see KBA 118513.
    2016-10-13 15:35:49,702 [1] ERROR {Sophos.UIController.Product.Logging.LogMethod} ==> Exception caught :
    Sophos.UIController.Extension.UIControllerException: Cannot retrieve session token after 8 retries. Please check that the Sophos Management Host service is running, otherwise see KBA 118513.
       в Sophos.UIController.IdentityServiceAbstracter.EndRetrieveSessionToken()
       в Sophos.UIController.UIControl.InitializeModulesDependencies()
       в Sophos.UIController.UIControl.<Initialize>b__b()
       в Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
    2016-10-13 15:35:49,702 [1] INFO  {Sophos.UIController.Product.Logging.LogMethod} ==> Exiting : Sophos.UIController.UIControl.Initialize
    [End]

  • 0 in reply to Alexey Gayun

    Hello Alexey Gayun,

    thanks. Trying (as my Russian isn't rusty - in fact it never really existed) to figure out what it's trying to tell us.
    Looks like it has something to do with the service account. If I interpret the log correctly it tries to bind with the f048_xx@xx.xx.local account (you should find it in the UserPrincipalName tag in EnterpriseConsole.exe.config on the workstation). Is this f048_xx (the forum apparently inserts the xx to "anonymize" potentially sensitive data) the account under which the Sophos Management Host service is running on the server? Normally this uses Kerberos, can't say if 32bit vs. 64bit makes a difference here, could you try the troubleshooting step 4 in 118513 (if you haven't already done so)?

    Christian

  • 0 in reply to QC

    Thank you! more or less sorted out. Link good help. It is not the bitness of Windows! According to the logs it became clear that the case of Kerberos and SPN

Unfiltered HTML