This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error opening Enterprise Console

Hi

 

We've just installed Sophos Enterprise Console on a domain box and we get an error when opening the console. The error says

 

In order to run the enterprise console you need to be a member of the sophos console administrators group and have dcom access by being a member of the distributed com users group. 

 

The account we're using is a member of the sophos console administrators group and is in the dcom users group. 

I've used process monitor to see that there are access denied errors when enterpriseconsole.exe tries to access;

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM

 

I've given the Sophos Management and Sophos Updater users Domain Admin rights for now, just to remove any issue accessing the server, and they can log on and access an administrative CMD session session for example. 

 

Any ideas what the issue might be?

 

Olly



This thread was automatically locked due to age.
Parents
  • Hello Olly,

    just installed
    the whole SEC or a remote console? If the latter, is it the first remote?

    The ACCESS DENIED for RegCreateKey (a subsequent RegOpenKey should succeed) is normal and not an indication of a problem.

    Christian 

  • This is the whole SEC on the server that will be running as the sophos server here. No remote aspect (yet).

     

    Olly

     

     

  • Hello Olly,

    so you can't open the console at all and never have been able to? The installer prompted you to log off and log on again and after logging in it failed with the error you've posted, and subsequent attempts produce the same error?

    Normally this should work with the user that installed SEC. As you say domain box - this is a member server, the Console Administrators security group is local, the user is a domain user? Guess the logs in %AppData%\Local\Sophos\Sophos Endpoint Management\log\ and %AppData%\Roaming\Sophos\Sophos Endpoint Management\5.5.0\log\ don't have more information.
    A long time ago I have used trace logging for the Management Service, IIRC had to do with sub-estates, dunno if it'd help in your case.

    Christian

Reply
  • Hello Olly,

    so you can't open the console at all and never have been able to? The installer prompted you to log off and log on again and after logging in it failed with the error you've posted, and subsequent attempts produce the same error?

    Normally this should work with the user that installed SEC. As you say domain box - this is a member server, the Console Administrators security group is local, the user is a domain user? Guess the logs in %AppData%\Local\Sophos\Sophos Endpoint Management\log\ and %AppData%\Roaming\Sophos\Sophos Endpoint Management\5.5.0\log\ don't have more information.
    A long time ago I have used trace logging for the Management Service, IIRC had to do with sub-estates, dunno if it'd help in your case.

    Christian

Children
No Data