Device Encryption Service randomly not starting/stopping on multiple endpoints since last week's outages?

Question

Hello all. 
 Since last week's outage debacle, I've seen multiple random endpoints suddenly report that the device encryption service is not starting. 
 There seems to be no rhyme or reason to the timing (not when starting up, after restart, etc.). Seems possibly related to policy push issues. 
 Sophos support asked me to remove policies from affected devices, remove endpoints, reinstall endpoints, reapply policies. I have not opted to do this as it is not a viable solution and really wouldn't not solve underlying issues with the central cloud services not pushing out policies in the first place. 
 Generally I've used PSEXEC to remotely start the service and the affected clients don't seem to be popping back up again after that, but still it's getting annoying. 
 Have any of you encountered this as of late? Any particular data points/extrapolation you've found (patterns like time of day, etc.)? 
 Lastly, is this all going to be a continuing issue with Sophos. I am in charge of maintaining Sophos on multiple endpoints, and trying to deploy policies, reinstall Cloud Web Gateway...I thought this product was designed to assist with reducing management loads for endpoints, not increase them?

Timothy Mullican · Answer

Just got off the phone with Sophos support. They stated this is a known issue and they are working a patch. Two of my computers are having the same issue. The temporary fix for the issue is to set the "Sophos Device Encryption Service" startup type to "Automatic (Delayed Start)" as @Funkey suggests. Note that we also have a problem with the "Sophos Network Threat Protection" not starting on boot either.

Gowtham Mani · Answer

Hi Everyone, 
 The reported issue with the Device encryption service (CDP-3554) is actively being worked on by the development team. We will have this thread updated periodically with the progress.

Gowtham Mani · Answer

Hi LRB, 
 Thanks for the feedback and I really understand your concern here. Initially, it would take time to confirm if this issue is seen with few customer environments or for multiple customers based on the feedback from our user's. Once the issue is confirmed if it is affecting multiple customers we involve our internal team to investigate it and have a notification / KBA published once enough information is available. Post which we have these issues addressed via several updates. 
 We have multiple Engineers and members of the respective teams are monitoring the community forum for the feedback from our user's. For latest update's with Sophos products please follow us on Twitter (Link available in my signature). You can also PM me with your queries and assistance regarding our product.

Gowtham Mani · Answer

Hi everyone, 
 The Fix for the reported issue with the Device encryption service start is currently being rolled out and is in progress. The rollout of Sophos Central Device Encryption version 1.4.103 is expected to get completed by next weekend(Tentative).

Gowtham Mani · Answer

Hi Everyone, 
 The rollout of Central Device Encryption 1.4.103 for Windows is now complete.

Jeewan Wajiranga · Answer

This Problem caused most of the windows 7 users endpoints.So i think I found the solution.For windows 7 operating systems need to upgrade with service pack 1 and need to install dotnet framework 4.7.1 and restart the pc problem will fix.It would fix for me.