Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I installed SEC 550 on a Windows Server 2016 VM on a isolated network. At first I was not able to install SEC 550 while connected to the domain with local nor domain accounts, but when I disjoined it from the domain, it installed just fine and Enterprise Console came up with no problems. I rejoined the server to the domain and when I logged in, Sophos Management Service did not start automatically. I tried to start it manually and received the 0x8004005 error with a 8004 ID code in Event logs.
The following is what I have tried and what I know:
- changed Sophos Database account password and also changed it in the Setup.exe installation
- disabled firewall
- checked if databases exists
- checked if databases were online
- checked if SIDs matched
- checked if database account had the correct permissions and in the correct groups.
- checked if GPO's were blocking account.
- uninstalled and reinstalled multiple times with same issue
- changed Sophos Management Service Log on as from Local System Account to database account
What I know:
- Sophos Management Service ONLY starts when NOT joined to domain
- Installed on Windows Server 2016
- Using local accounts
What is weird:
- A few months back, I installed SEC on Windows Server 2016 with the same EXACT settings, in the same OU, same GPOs, and Sophos Management Service starts successfully, so I am confused on that part also.
What's the full details in the application event log when it fails to start?
I figured it out and I don't know why it works this way, but this is what I did to make it work:
1. I had to install SEC without being connected to the domain, creating local users for the Database and Update Manager.
2. When I rejoin the server to the domain, the Sophos Management Service stops working. I have to disable 'Network Access: Do not allow storage of passwords and credentials for network authentication' GPO.
3. Then I rerun the setup.exe file from 'C:\sec_550\ServerInstaller' and modify my database account to a domain user account I created in Active Directory.
4. Once that was complete, I was able to start the service and run the Enterprise Console.
Now I have a new problem. I installed Sophos Client on another test Server 2016 server, I wasn't able to install it remotely from SEC, so I installed in manually from the SAVSCFXP directory. After installing it successfully, it gathered the latest definitions from SEC, but doesn't checkin to SEC saying that it is protected.