This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrade 5.3.1 to 5.5.0 failed on obfuscated password

Hello Support Community,

Half a year ago we followed the following KB 13094, this gave a extra level of security to our user account and password use. 
2 Weeks ago i decided it was high time to upgrade to the latest version of SEC, this has always worked without any problems before, got very used to the process.

To my amazement it failed, and hard. I cannot seem to figure out what the problem is other then the passwords are not accepted, neither the old admin pass or its obfuscated version.

Is there a way to remove the hole ObfuscationUtil.exe and its functionality and revert back to old use so i can upgrade without any problems again.
Or does anybody have a Guide, that also takes in account the fact you have used this utility, for the installation of SEC?



This thread was automatically locked due to age.
Parents
  • Hello Testpilot,

    the mentioned article applies to the password used with setup.exe, this shouldn't interfere with the upgrade.
    At which point does the upgrade fail - where is the passwort not accepted (could you perhaps provide a screenshot)?

    Christian

Reply
  • Hello Testpilot,

    the mentioned article applies to the password used with setup.exe, this shouldn't interfere with the upgrade.
    At which point does the upgrade fail - where is the passwort not accepted (could you perhaps provide a screenshot)?

    Christian

Children
  • The Upgrade doesn't fail, it completes succesfully.

    Unable to start enterprise console.

    On looking in the services i can see the 'Sophos Management Server' is not starting and gives error: '0x80004005' after the upgrade is completed and server rebooted.

     

    This is the second time i try now but got the same error as before. Perhaps i should give support a call for this as i have no idea what to do and the upgrade itself did not give a error.

    I suspected it was because of the obfuscated password as that is the only major change i made after the last upgrade to 5.3.1, and upgrading always went so flawlessly.

    Thanks for having a look.

  • In windows log i get the following error that was posted there during the upgrade process:

     

    Initialization failed.

    Step: Migrating data if necessary
    Error: std::runtime_error. Database upgrade failed. Please see KBA 113946.
    Data: ErrorUnexpected

    Source: Sophos Management Service
    Eventid: 8004

  • Hello Testpilot,

    please give the UpgradeDB.exe tool a try (note the -reset). Even though it is the same tool called during the upgrade of the management server component running it manually is known to help (not in all cases but often enough so that it's worth a try).

    Christian

  • Thank you for your links Christian. I will give that a try today and monitor the logs, will let you know how it go's.
    Like you said it doesn't seem to have anything to do with the obfuscated password issue so it must be the upgrade of the DB that fails on some point.

    Again thanks for the help, its very much appreciated.

  • Status update

    The UpgradeDB.exe didn't seem to fixxing solution but it did show the migration of the SQL data did not finish properly.

    After Making a call and getting support from UK-support i was helped by very skilled technician, he was able to quickly pinpoint the account being used to access the database was the culperit.
    He needed to have SQL studio installed and we didn't have much time after that so he logged the call and i recalled in the morning to pick it up again.

    This is where a new problem started, i was helped by a rather difficult english speaking technician, he not seem to be clear what to do despite the notes form the previous technician. When connecting to the database the Studio it didn't show the database and he didn't know how to connect, i had to enter the database server name and database name to make it connect.

    Later he was running commands to migrate the data and again was forgetting 0 and 5's so the commands would not run, if i didn't assist in showing his errors we would still be busy.
    He did manage to fix the database issue but as soon as the Enterprise console started he was gone and logged the call as closed. When i login and look it does seem like the machines are there but no subscription info has been saved, it doesnt show any sources i can pick and i cant move available subscriptions.

    I am very happy he helped me and made it so i can login again but do you maybe know a way to merge the info from the subscriptions to the new DB to?

    I guess this is the part where the database migration was crashing and gave errors like "SQLFILE 1101 - Failed to instert Exploit prevention permission for admin role". He never seem to have fixed them, just ignored that part and moved the rest, but as i do not have any sources to chooce from i don't know what is going wrong.

  • Hello Testpilot,

    naturally I can't say whether it is sufficiently fixed now.

    info from the subscriptions
    I'm not sure what you mean by this - could you please show some snippets, guess it's faster than describing it. [:)]

    Christian

  • Thanks for you for your response, here are screenshots of the issue.

    Everything is greyed out in policies:

      

    Config Update Manager same and no sources to choose:

    Clients all show as Unknown and are not updating:

    It seems like i can see the database but i cannot write to it.

    Any idea's, i remeber he did something with the user accounts as i got a msg that the non of the accounts where accepted when the finally started the Sophos Management Services on the Enterprise console Server. He did some quick tinkering and then it was able to start but like this. 

  • Hello Testpilot,

    the error you mentioned (failed to insert) refers to the  [SOPHOS550].[dbo].[RolePermissions] table that determines which permissions a Role has. RoleID = 1 (Sophos Full Administrators) should have PermissionIDs 1 to 23 and 30. Other tables involved are UserRoles, Users, and of course Roles and Permissions.
    Either [RolePermissions] doesn't contain the required values or one of the other tables has incomplete or inconsistent data.

    Looking at the [From521] Stored Procedure I see that it was only halfway through when it threw the error. Some (or perhaps A lot of) stuff hasn't been migrated - e.g. the SUM configuration.

    Christian

  • Thank you for the response, it does seem like that portion of the old database didn't migrate completely.

     

    Will try if i can find that location in SQL Studio and perhaps add a value that will authorize me as a full admin again.

    The technician that helped me before also noticed the old db was very very big for a 250 client counting environment, so big change there is something in there that messed this migration up.

    We do not have many policies and with a mornings work i could duplicate settings to a console with a fresh DB.

    Do you think it is worth it to contact them and still migrate data, 

    or more wise to just start over and build upon a fresh database and not bother with contacting them for a migration of the rest of the stuff as it is corrupted anyway?

  • Hello Testpilot,

    as for the size, one of my servers has 300+ endpoints and the SOPHOS550 database is just 100MB.

    If you're not really interested in the historical data and statistics I'd recommend starting from scratch, i.e. running InstallDB.bat to get a clean database.

    Christian