I have recently upgraded from the Sophos Enterprise Console 5.5.0 to 5.5.2 and I got an error Unable to install Sophos Credential Store Service and failed to upgrade to 5.5.2.
The SEC 5.5.0 is still there. The Under Programs and Features I find the Sophos Management Console and Sophos Management Server are still with version 5.5.0.
Could you please let me know how to fix this error and what I will do next to complete an upgrade to 5.5.2
Your assistance on this request would be extremely appreciated.
Are installing on a DC or Members Server?
Sorry are you upgrading SEC on a DC or Members Server?
Hello Accounts Payable1,
how to fix this errorthe Sophos_CredStoremsi ....log in %ProgramData%\Sophos\Management Installer\ should have a more detailed description of this Unable to install.
The most common reason I've heard of this happening here is due to the "Logon as a service" rights being defined within your local or domain security policy. The Credential Store creates a new service account and attempts to start the service using that account as part of the installation process. If the local or domain security policy does not include "NT SERVICES\ALL SERVICES", the Credential Store service may fail to start.
Thank you for your response.
I used Domain Control to install (i.e: Domain Name\Administrator). Because I am working from home, so I used remote desktop to log in to our server to upgrade. Do you think there is any problems with this?
Thank you and look forward to your response.
T Doan (Accounts Payable1)
I also checked the Sophos_CredStoremsi log file as shown below.
MSI (s) (68:9C) [12:31:24:268]: Executing op: ActionStart(Name=StartServices,Description=Starting services,Template=Service: ) Set ACL for 'C:\Program Files (x86)\Sophos\Credential Store\'MSI (s) (68:9C) [12:31:24:268]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000)MSI (s) (68:9C) [12:31:24:268]: Executing op: ServiceControl(,Name=Sophos.Credential.Store.Service,Action=1,Wait=1,)MSI (s) (68:9C) [12:31:54:654]: Note: 1: 2205 2: 3: Error MSI (s) (68:9C) [12:31:54:654]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1920 MSI (s) (68:9C) [12:31:54:654]: Note: 1: 2205 2: 3: Error MSI (s) (68:9C) [12:31:54:654]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709 MSI (s) (68:9C) [12:31:54:654]: Product: Sophos Credential Store -- Error 1920. Service 'Sophos Credential Store' (Sophos.Credential.Store.Service) failed to start. Verify that you have sufficient privileges to start system services.
Please let me know how to fix it and what I can do next to complete an upgrade.
As I couldn't install the Credential Store service while upgrading and it terminated/stopped straight away from there. Please let me know how to fix this and what I can do next to complete an upgrade.
Hello T Doan,
1920 is a rather generic error, the timestamps suggest that the service start command timed out. Perhaps the Windows Event log has more information why the service didn't start.
I assume the installer has performed a rolleback. Has the Sophos Credential Store been removed or is it still there? Dunno to what extent the installer mops up, maybe it left the %ProgramData%\Sophos\Credential Store\ folder and the store.log behind.
Sophos Credential Store
Does NT SERVICE/ALL SERVICES exist if you run the following in an administrative command prompt? What you are looking for in the report is under Settings > Policies > Windows Settings > Security Settings > Local Policies User Rights Assignment > Log on as a service.gpresult /h C:\Windows\Temp\report.htmC:\Windows\Temp\report.htm
If this setting has been specified and NT SERVICE\ALL SERVICES is not listed, you will need to add it in. Open up Group Policy Management on your DC and modify the group policy applied to your SEC server. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Log on as a service. When adding the user, type in NT SERVICE/ALL SERVICES and click "OK", not Browse. Save this policy.
After saving, force the SEC server to retrieve this new policy by running gpupdate /force. Verify that NT SERVICE/ALL SERVICES now exists under the report by running the gpresult command mentioned at the start. If so attempt to run the installer again.
Thank you Christian.
After I got an error I checked the Sophos Credential Store has been removed and also the %ProgramData%\Sophos\Credential Store\ folder and the store.log was empty.