A Windows API call returned error 1332

Hello,

we installed a new server as DC. We also installed Sophos Endpoint Software on it. But the DC get no Updates from our Sophos Server.

We allways get the Error:

Serververbindung konnte nicht hergestellt werden. Details: Cannot get security identifier for account .\SophosSAUXXXXaaa, perhaps it does not exist A Windows API call returned error 1332.

For our other DC´s exist such a user in Active Directory. How can i solve this problem?

Many thanks for help

  • Hi,

    The account you mention is created at install (Sophos AutoUpdate MSI) and later referenced in the registry.

    You can create the account before installing as per: https://community.sophos.com/kb/en-us/48910.  

    So you have a few options:

    1. Uninstall re-install should do it could double check the above referenced key has been removed.   A re-protect uninstalls and re-installs Sophos AutoUpdate, which is the component that uses the account.

    2. Manually create a domain account, give it a password and reference it in the registry as per the above article.

    Regards,

    Jak

  • In reply to jak:

    Many thanks for your help.

    Your answer works fine. But now i have a last question. I gave the SophosSAUXXX User the same password as the SophosUpdateMgr. Is this OK, or should these passwords are differently?

    After this action i can see the password in the registry unencrypted. Does it helps if i set the registry-key "ObfuscatedPassword" to "1"?

    Can i change the password for the user SophosSAUXXX in the Active Directory and then in the registry?

    Many Tanks

    Gerhard

  • In reply to GerhardLocke:

    Hi,

    They can be different, those accounts are not related.

    I'm not aware of a tool to generate an obfuscated form of that password so without re-installing you'll have to stick with ObfuscatedPassword  = 0.  

    If necessary, you can change the permissions on the key such that only SYSTEM can read the values.  That user only needs to be a local user.  You could also set the security policy to prevent log on locally which is usually set by the installer.


    If you change the password in AD, you would need to just update the registry.

    Regards,

    Jak

  • In reply to jak:

    Hi,

    really those accounts are not related?


    normaly, Sophos creates a local user (e.g. SophosSAUXXX0) at the installation. But, I think my collegue has installed the server and before installing Sophos Antivirus he installed the komponents for the AD to make it to a domain controller. After this action it´s not possible for Sophos to create the SophosSAUXXX0 as local user. So I get the Error for a missing user-account.

    With your help I could resolve this problem and in the future we install Sophos before we make the server to a domain controller.

    Many thanks for your help.

    Regards,

    Gerhard