Invalid computer kidentification

Hi paresh palav 

Could you please suggest if you have moved the computer from one OU to another OU in the active directory or domain changes with the machine?

Also when you are searching for this machine in the recovery tool, is it the only one which gets displayed on the tool? 

HI Jasmin,

Could you please help us ,how we can identify in the sophos safeguard if client is moved or not.

Also when you are searching for this machine in the recovery tool, is it the only one which gets displayed on the tool?

-Need some more clarity (Sophos Version 8.0)

Hi paresh palav 

If the user's password has been changed from the Active Directory, Safeguard client may ask you about the old password to sync the older user certificates when he tries to log into the system where Safeguard client is installed. In that scenario, please refer this article to get the steps what can be performed when this issue arises.

Also when you are changing the name of the machine, please make sure that machine client synchronization has been done once before rebooting the computer.

Hi Jasmin,

Thanks for the update ,really appreciate of your help.

I just want to confirm if any user changes password via AD or any other system(No Sophos Client Installed) then the user login to his allocated system.

1.Is there any automatic password sync process from the Sophos Client to Sophos Server, because  the most of user is on the field basis?

(When user comes in the office network then can sophos safeguard client system directly update the change password in the client certificate)

2.What is the exact uninstall sequence of sophos Safeguard client and decryption process?

3.Can we decrypt the system if its out of office network with sophos client installation as there is no access given to the remote location due to security issue ?

Hi Jasmin,

4.Scenario is if user is changes in other sophos installed system due to some reason like he forget laptop and IT align standby laptop to the user for his work.

After user comes with his own laptop with new changed credentials then he prompt the old user or not in his laptop.

In that scenario,

sophos client is directly updated the password in his system certificate or not? 

Can we update the user password via sophos center or not ,without deleting the current system certificate.

Hi paresh palav 

Safeguard synchronizes the new password to the current login of the user but it needs the old password for the first time to synchronize users keys, certificates as those needs authentication of the older one and from next time onwards, it will be authenticated on the new password.

You can decrypt the systems manually but not through the Safeguard as your user machines will not be able to synchronize to the policies you have created in the management center to decrypt the drives. Please find the uninstallation and decryption process: 

1. First, decrypt the client machine by setting up a Device Protection policy. Set User may decrypt volume to Yes then set Media Encryption Mode to No Encryption.
2. Set up a Machine Settings policy with Uninstallation allowed set to Yes and Enable Sophos tamper protection set to No.
3. Sync the client to make sure it picks up these policies. If the machine is standalone you will need to create a new configuration package by going to Tools > Configuration Package Tool in the Management Centre / Policy Editor.
4. Right-click on the drive you want to decrypt and decrypt it. If using Full Disk Encryption this may take some time (typically 8-12 hours). Make sure the machine doesn’t sleep or hibernate by setting all applicable power settings.
5. Uninstall the SafeGuard Configuration package (do not reboot).
6. Uninstall the SafeGuard Client (do not reboot).
7. Uninstall the SafeGuard Preinstall.
8. Reboot the machine.

Hello Jasmin,

Could you please check the above scenario & suggest the same.

We have two console at client side : SGN 6.1 & SGN 8.1

Currently the client wants to decommission the SGN6.1 totally ,but before that they are moving to the all existing client from 6.1 to 8.1 & user is spread across India,US & Other remote location.

Once we decrypt & remove SGN 6.1 client (Preinstall,Client,Client Configuration & 6.1 Certificate ) from the client systen then do we need to remove machine entry from the SGN 6.1 console or not?

If its necessary to remove the client  system & users from SGN 6.1 then share the necessary steps.

[Note : Here , client are synchronize with the AD account in SGN 6.1 & SGN 8.1 as well. ]

Hi paresh palav 

You have two different Safeguard management centres on two different servers, so they'll be having two different databases.

You don't need to remove the entry of the machine from 6.1 management centre as it will be there even after deletion because your active directory is synchronized with it. Once you have uninstalled all the modules of Safeguard from the clients, it will clear the inventory of the machine in the database and any information about the machine will not be available apart from its name.

Once all the modules are installed, you can directly install the modules of Safeguard 8.1 which will generate the inventory in 8.1 management centre.

Hi Jasmin,

Thanks for your kind mail.

New  client  as below sequence (MAnaged SGN 8.1):

1.Install Preinstall 8.0.251

2.Client 8.0.251

3.Configuration 8.10.0.323

and update the new certificate of 8.1 console.

Client is migrating the old endpoint which is on SGN 6.1 to SGN 8.1 here & feature we uses in the latest is as below:

We are using the above 3 modules .

After installing these above 3 modules ,

when the system is restart / shutdown ,the user is unable to login & showing the error :"Failed Logon reported ! Please Wait"

We are confirmed from client end " this user password is not changes from the AD"(Affeted SYstem is WIn 7SP1 , Win 10;etc).

Kindly suggest what we can do here in this scenario.

How we can generate the new SGN 8.1 certificates(Sophos Client) from the SGB 8.1 center?

Kindly share the article if you have or process.

Hi paresh palav 

Please confirm if you are talking about SSL certificate for clients and the server. 

For logon failure issue, please create a case with support as it needs more troubleshooting.

Hi Jasmin,

Yes ,we are talking about SSL

Hi Jasmin,

Yes ,we are talking about SSL

Hi paresh palav 

We do have an article on how to implement SSL client-server communication. Please refer to this article.