Wrong Credential for Sophos Safeguard Provided - Local Logon is Disabled

Hi All.

I was wondering if you find an error like the below and can help me to find the solution:

We started to deploy Sophos Safeguard 8.10 on Windows 10 version 1903 and we are encountering the following error: On some users (not all ) after the setup of the software with a local admin account as usualy  we restart the machine and  we logon with the user to whom we have to assign the machine: The pc start to exchange data with Sophos Safeguard Console;

The pc does not receive the policy of safeguard, so we are not prompted to set pin (TPM+PIN policy) and the pc becomes unresponsive, RunAS command hang, search bar is blocked;

Checking services, safeguard authentication service is not started, even it is set to start automatically. If we Start the service “safeguard authentication service” from a remote pc, then the pc receives the policy I am prompted to set pin and to click Restart and Encrypt. Once  restarted the machine, and I try to login with the user I receive the following error:

Wrong Credential for Sophos Safeguard Provided and once I click on ok, Local Logon is Disabled, I can then only login using windows authentication.

If I logon with the same user on a different pc (same model, and same OS) with version of Sophos Safeguard 8.005, instead I Can login without any issue, So what does it change between the 2 version?

Thanks in advance

Pietro

 

 

 

  • Hmmm.... This doesn't too good!

    Can you confirm the exact version of the client you're using on the workstation, and also what's your backend running - 8.1 too? Could we have the full version of this too please?

    Can you also confirm what version of the File Engine you're using too?

    It does sound like a incompatibility between the client and OS.

    1903 needs 8.00.6.2 or 8.10.2.55 or 8.20.0.83. Can you confirm you're using one of those versions with 1903?

    There is a known issue with July patches - Are all the machines on the same version and updates as each other?

    https://community.sophos.com/kb/en-us/124771

     

  • In reply to MichaelMcLannahan:

    Hi Michael

    Please find below details:

     

    Sophos Safeguard Management Center is 8.10.0.323

    Sophos Safeguard Client 8.10.2.55

    Sophos Safeguard Configuration 8.10.0.323

    Sophos Safeguard Preinstall 8.10.323

     

    Hotfix Rollup 1901 for Safeguard 8.10.0.321 is present in view installed Update (Windows)

    Microsoft Windows Version is 1903 (OS Build 18362.418)

     

    Machines clients are not all of the same version, and not all with the same Operative system vesrsion as you can see below from info of the Console, but the issue is specific for the details above:

    Native Device Encryption 8.10.2.55 - Windows 10 1903

    Native Device Encryption 8.00.6.2 with Data Exchange 8.00.6.2; Windows 10 1808

    Native Device Encryption 8.00.5.19 and Data Exchange 8.00.5.19, Windows 10 1808

    Data Exchange 8.00.5.16 and Device Encryption 8.00.5.16-  Windows 10

    Data Exchange 7.00.3.11 and Device Encryption 7.00.3.11 - Windows7

     

    Thanks

    Pietro

  • In reply to Pietro Guzzetti:

    Hi  

    Would you please confirm your machine settings policy has below setting for the Secure Wake on LAN?

    If yes, Would you please configure the 'Default Machine Settings | Power On Authentication (POA) | Secure Wake on LAN (WOL) | Allow local logon during WOL' to 'Yes' and apply the change to the SafeGuard Client.

    Then try to login to the machine.

  • In reply to Jasmin:

    Thanks for the answer I'maasking to the Team if they can make this change for me as I unfortunately I'm not allowed to; Is there a way to set it directly on the client using the registry of Windows? Thanks

    Pietro

  • In reply to Pietro Guzzetti:

    Hi Pietro,

    Unfortunately not as it is a policy change and client always be in synchronization with Server, so if we haven't changed policy on the Safeguard Management console, it can revert the changes on the client.