Invalid computer kidentification

 Hello Team,

 

 

we have uninstalled the older version 6.1 from the system totally & decry pt the drive also.

 

Then we have installed the new sophos 8.1 client version & after few days ,system is locked .

 

When we try to recover the key showing "Invalid Computer Identification".

 

Kindly suggest for the same at the earliest.

  • Hi  

    Could you please suggest if you have moved the computer from one OU to another OU in the active directory or domain changes with the machine?

    Also when you are searching for this machine in the recovery tool, is it the only one which gets displayed on the tool? 

  • In reply to Jasmin:

    HI Jasmin,

     

    Could you please help us ,how we can identify in the sophos safeguard if client is moved or not.

     

    Also when you are searching for this machine in the recovery tool, is it the only one which gets displayed on the tool?

    -Need some more clarity (Sophos Version 8.0)

  • In reply to paresh palav:

    Hi  

    I am assuming that you want to check the version of the safeguard client on the machine. For that, you can go to the control panel and check the Safeguard component versions installed.

    Also when you had Safeguard 6.1, you might have Windows 7, so I want to confirm whether you have upgraded the OS on the machine and moved the machine from one OU to another OU.

    When you are entering the name of the machine and other details to get the Bitlocker recovery key in the recovery tool, it will show you the machine in the list, is there only one machine with the same name or it displays multiple with the same name.

  • In reply to Jasmin:

    Hello Jasmin,

     

    Thank for the update ..

    Just to update you,

    we have initiated the remote session at the client side & found that the host-name was incorrect,hence recovery not happen.

     

    After recovery once the system is restart/shutdown ,

    the system is locked again & again we need to perform C/R from SGN Center for user/other login on the client side.

     

    Also at our client side two safeguard console is having like 6.1 and 8.1,

    The IT engineer uninstalled the packages as below sequences:

    1.Uninstall Client Configuration

    2.Uninstall client

    3.Uninstall Preinstall Package

    and finally removes  the old 6.1 console certificates.

     

    Then install the new client as below sequence:

    1.Install Preinstall 8.0.251

    2.Client 8.0.251

    3.Configuration 8.10.0.323

    and update the new certificate of 8.1 console.

     

    Client is migrating the old endpoint which is on SGN 6.1 to SGN 8.1 here & feature we uses in the latest is as below:

    Do we need to remove the host entry from the sophos 6.1 console,if yes then share the procedure and how we can cross verify in the old 6.1 SGN console.

    [Note : this issue is reoccur in some system like win 7 Sp1 ,win 10;etc ]

    We need your help in the above scenario & suggest for the same.

    Thanks.

     

    Warmest Regards,

    Paresh.

     

  • In reply to paresh palav:

    Also Just want to confirm from your end ,

    1.What is the major impact ,if user password changes from the AD?

    2.How we can replicate(SGN client to SGN Server) if the user credentials are updated from the AD.

  • In reply to paresh palav:

    Hi  

    If the user's password has been changed from the Active Directory, Safeguard client may ask you about the old password to sync the older user certificates when he tries to log into the system where Safeguard client is installed. In that scenario, please refer this article to get the steps what can be performed when this issue arises.

    Also when you are changing the name of the machine, please make sure that machine client synchronization has been done once before rebooting the computer.

  • In reply to Jasmin:

    Hi Jasmin,

     

    Thanks for the update ,really appreciate of your help.

     

    I just want to confirm if any user changes password via AD or any other system(No Sophos Client Installed) then the user login to his allocated system.

     

    1.Is there any automatic password sync process from the Sophos Client to Sophos Server, because  the most of user is on the field basis?

    (When user comes in the office network then can sophos safeguard client system directly update the change password in the client certificate)

    2.What is the exact uninstall sequence of sophos Safeguard client and decryption process?

    3.Can we decrypt the system if its out of office network with sophos client installation as there is no access given to the remote location due to security issue ?

  • In reply to paresh palav:

    Hi Jasmin,

     

    4.Scenario is if user is changes in other sophos installed system due to some reason like he forget laptop and IT align standby laptop to the user for his work.

    After user comes with his own laptop with new changed credentials then he prompt the old user or not in his laptop.

    In that scenario,

    sophos client is directly updated the password in his system certificate or not? 

    Can we update the user password via sophos center or not ,without deleting the current system certificate.

  • In reply to paresh palav:

    Hi  

    Safeguard synchronizes the new password to the current login of the user but it needs the old password for the first time to synchronize users keys, certificates as those needs authentication of the older one and from next time onwards, it will be authenticated on the new password.

    You can decrypt the systems manually but not through the Safeguard as your user machines will not be able to synchronize to the policies you have created in the management center to decrypt the drives. Please find the uninstallation and decryption process: 

    1. First, decrypt the client machine by setting up a Device Protection policy. Set User may decrypt volume to Yes then set Media Encryption Mode to No Encryption.
    2. Set up a Machine Settings policy with Uninstallation allowed set to Yes and Enable Sophos tamper protection set to No.
    3. Sync the client to make sure it picks up these policies. If the machine is standalone you will need to create a new configuration package by going to Tools > Configuration Package Tool in the Management Centre / Policy Editor.
    4. Right-click on the drive you want to decrypt and decrypt it. If using Full Disk Encryption this may take some time (typically 8-12 hours). Make sure the machine doesn’t sleep or hibernate by setting all applicable power settings.
    5. Uninstall the SafeGuard Configuration package (do not reboot).
    6. Uninstall the SafeGuard Client (do not reboot).
    7. Uninstall the SafeGuard Preinstall.
    8. Reboot the machine.

  • In reply to paresh palav:

    Hello Jasmin,

     

    Could you please check the above scenario & suggest the same.

    We have two console at client side : SGN 6.1 & SGN 8.1

     

    Currently the client wants to decommission the SGN6.1 totally ,but before that they are moving to the all existing client from 6.1 to 8.1 & user is spread across India,US & Other remote location.

     

    Once we decrypt & remove SGN 6.1 client (Preinstall,Client,Client Configuration & 6.1 Certificate ) from the client systen then do we need to remove machine entry from the SGN 6.1 console or not?

     

    If its necessary to remove the client  system & users from SGN 6.1 then share the necessary steps.

    [Note : Here , client are synchronize with the AD account in SGN 6.1 & SGN 8.1 as well. ]

     

  • In reply to paresh palav:

    Hi  

    You have two different Safeguard management centres on two different servers, so they'll be having two different databases.

    You don't need to remove the entry of the machine from 6.1 management centre as it will be there even after deletion because your active directory is synchronized with it. Once you have uninstalled all the modules of Safeguard from the clients, it will clear the inventory of the machine in the database and any information about the machine will not be available apart from its name.

    Once all the modules are installed, you can directly install the modules of Safeguard 8.1 which will generate the inventory in 8.1 management centre.

  • In reply to Jasmin:

    Hi Jasmin,

     

    Thanks for your kind mail.

     

    New  client  as below sequence (MAnaged SGN 8.1):

    1.Install Preinstall 8.0.251

    2.Client 8.0.251

    3.Configuration 8.10.0.323

    and update the new certificate of 8.1 console.

     

    Client is migrating the old endpoint which is on SGN 6.1 to SGN 8.1 here & feature we uses in the latest is as below:

    We are using the above 3 modules .

    After installing these above 3 modules ,

    when the system is restart / shutdown ,the user is unable to login & showing the error :"Failed Logon reported ! Please Wait"

     

    We are confirmed from client end " this user password is not changes from the AD"(Affeted SYstem is WIn 7SP1 , Win 10;etc).

    Kindly suggest what we can do here in this scenario.

     

     

  • In reply to paresh palav:

    How we can generate the new SGN 8.1 certificates(Sophos Client) from the SGB 8.1 center?

    Kindly share the article if you have or process.

  • In reply to paresh palav:

    Hi  

    Please confirm if you are talking about SSL certificate for clients and the server. 

    For logon failure issue, please create a case with support as it needs more troubleshooting.

  • In reply to Jasmin:

    Hi Jasmin,

     

    Yes ,we are talking about SSL