Device Encryption Service randomly not starting/stopping on multiple endpoints since last week's outages?

Hello all.

Since last week's outage debacle, I've seen multiple random endpoints suddenly report that the device encryption service is not starting.

There seems to be no rhyme or reason to the timing (not when starting up, after restart, etc.).  Seems possibly related to policy push issues.

Sophos support asked me to remove policies from affected devices, remove endpoints, reinstall endpoints, reapply policies. I have not opted to do this as it is not a viable solution and really wouldn't not solve underlying issues with the central cloud services not pushing out policies in the first place.

Generally I've used PSEXEC to remotely start the service and the affected clients don't seem to be popping back up again after that, but still it's getting annoying.

Have any of you encountered this as of late? Any particular data points/extrapolation you've found (patterns like time of day, etc.)?

Lastly, is this all going to be a continuing issue with Sophos. I am in charge of maintaining Sophos on multiple endpoints, and trying to deploy policies, reinstall Cloud Web Gateway...I thought this product was designed to assist with reducing management loads for endpoints, not increase them?

  • I'm facing the same issue.

    Any news?

  • I have the same issue on some of our endpoints.  Some endpoints show disk encryption service not running.  I can manually start the service at the endpoint but it appears after they shut down or reboot the issue reappears.  The service is set to automatically start but it does not.

  • In reply to Jeffrey Hickman:

    Jeffrey,

    I've made a new custom file and reinstall all my endpoints. It's working now!

  • In reply to Evandro Salvador:

    Since our endpoints don't use disk encryption I turned off the service globally in cloud.sophos.com

    I no longer have any issues!

  • In reply to Jeffrey Hickman:

    I'm having the same issue.  Just signed on with Sophos then started having these issues for the past week or so.

  • We also get this all the time, since we also have synchronized security turned on with our XG Firewall its starting to become a right pain having to manually start these services all the time. Is there a Solution that doesn't involve turning off encryption?

  • In reply to CraigLloyd:

    Hi, have you tried whether it helps to change the startup type of the service to  "Automatic (Delayed Start)"?

    Cheers

    F.

  • Still an issue in April 2018.  I just migrated 600 devices to Sophos Central and have about 6 to 8% at any given time reporting that the service is not started.  I can restart the service manually, but it may not start next time the computer is rebooted.  Systems appear to be random.  It's an annoyance on systems that are not encrypted, but this also happens on systems that are encrypted.  This could result in significant recovery issues since Bitlocker TPM & PIN is being used.

     

    This needs to be fixed.

  • Hi Erich Weihrauch,

    Can you share the currently installed product version details along with the current status of the client services?

    something similar to the below images.

      

  • Just got off the phone with Sophos support. They stated this is a known issue and they are working a patch. Two of my computers are having the same issue. The temporary fix for the issue is to set the "Sophos Device Encryption Service" startup type to "Automatic (Delayed Start)" as @Funkey suggests. Note that we also have a problem with the "Sophos Network Threat Protection" not starting on boot either.

  • In reply to Timothy Mullican:

    I'm getting this randomly for no reason - policy is applied still.. no other changes. 

     

    Related? Something else?

    Why does this product always break :/

  • In reply to LRB:

    I've started getting this just this week also!

  • In reply to James Aggrey:

    Sophos Reps - Any word on this?

    Don't really want to have to go through the agony of raising a ticket with support when clearly there is an issue. 

  • In reply to LRB:

    Does tpm.msc show the TPM is ready for use? Does Sophos Endpoint Self Help show any warnings/errors?

  • In reply to Timothy Mullican:

    I haven't had a chance to look - keep in mind, this is 4 different laptops reporting this issue..