Device Encryption Service randomly not starting/stopping on multiple endpoints since last week's outages?

Hello all.

Since last week's outage debacle, I've seen multiple random endpoints suddenly report that the device encryption service is not starting.

There seems to be no rhyme or reason to the timing (not when starting up, after restart, etc.).  Seems possibly related to policy push issues.

Sophos support asked me to remove policies from affected devices, remove endpoints, reinstall endpoints, reapply policies. I have not opted to do this as it is not a viable solution and really wouldn't not solve underlying issues with the central cloud services not pushing out policies in the first place.

Generally I've used PSEXEC to remotely start the service and the affected clients don't seem to be popping back up again after that, but still it's getting annoying.

Have any of you encountered this as of late? Any particular data points/extrapolation you've found (patterns like time of day, etc.)?

Lastly, is this all going to be a continuing issue with Sophos. I am in charge of maintaining Sophos on multiple endpoints, and trying to deploy policies, reinstall Cloud Web Gateway...I thought this product was designed to assist with reducing management loads for endpoints, not increase them?

  • I've been dealing with these issues for some time, too.  The only solution I've received is to uninstall the client and do a reinstall.  That means that I gotta kick the user off for about an hour.  The uninstall/reinstall is a pain as it will fail at multiple points on both the uninstall and the reinstall.  Does anybody know of an easier way to do the uninstall/reinstall?

  • In reply to Gowtham Mani:

    Are you still working on the issue? Or should this be resolved by now?

  • In reply to LRB:

    Hi everyone,

    The Fix for the reported issue with the Device encryption service start is currently being rolled out and is in progress. The rollout of Sophos Central Device Encryption version 1.4.103 is expected to get completed by next weekend(Tentative).

  • In reply to Gowtham Mani:

    Thanks for the update.  Is there any way to pull the update manually or do we have to wait for it to hit us?

  • In reply to Gowtham Mani:

    Has the change been to the software to change the "Sophos Device Encryption Service" service to delayed start?  Is this evidence of the update?  Is 1.4.103 the version of this update?

    Regards,
    Jak

  • In reply to jak:

    I really hope that isn't the 'fix'. 

    I have done this on machines where it hasn't worked and this is not on 'low end' spec'd machines as was indicated the cause of the problem.

  • In reply to jak:

    Hi jak,

    Yes, the change in start type is one of the improvements in the new release. 

  • In reply to LRB:

    Hi LRB,

    The rollout of Sophos Central Device Encryption version for Windows is still in progress. Please confirm if you have received the latest version and If yes, please contact our support for further investigation.

  • In reply to RBGE:

    RBGE

    It's been pretty much the same here.  It looks like a lot of the original cases were due to the service timing out, so increasing the timeout has 'fixed' the problem, but there are still a few machines where the service is still failing to start.  I've not tried extending the timeout even further, but if it's taking longer than 1 minute to start I think there's an extra problem.

    Confusing, as the timeout was clearly an issue for some machines, but not all of them.

     

    I'm curious if you're still having issues with services not starting.  I've had the issue now on almost 10 machines where a lot of services are randomly not starting.  The ones I've noticed are Windows Audio, WLAN, Print Spooler, and multiple Sophos services.  I'm not sure if these issues are related to Sophos or if they're all symptoms of something else.  There aren't any recently installed Windows Updates so........ I'm pulling my hair out over here.  lol

  • In reply to James Aggrey:

    James Aggrey

     

     
    RBGE

    It's been pretty much the same here.  It looks like a lot of the original cases were due to the service timing out, so increasing the timeout has 'fixed' the problem, but there are still a few machines where the service is still failing to start.  I've not tried extending the timeout even further, but if it's taking longer than 1 minute to start I think there's an extra problem.

    Confusing, as the timeout was clearly an issue for some machines, but not all of them.

     

     

     

    I'm curious if you're still having issues with services not starting.  I've had the issue now on almost 10 machines where a lot of services are randomly not starting.  The ones I've noticed are Windows Audio, WLAN, Print Spooler, and multiple Sophos services.  I'm not sure if these issues are related to Sophos or if they're all symptoms of something else.  There aren't any recently installed Windows Updates so........ I'm pulling my hair out over here.  lol

     

     

    An update: I uninstalled Sophos on that laptop and all the Windows services started working normally after a reboot.  Friggin Sophos...... now I'm gonna try restarting to see if all the problems come back.

  • In reply to James Aggrey:

    Hi Everyone,

    The rollout of Central Device Encryption 1.4.103 for Windows is now complete.

  • In reply to James Aggrey:

    James Aggrey

     

    James Aggrey

    I'm curious if you're still having issues with services not starting.  I've had the issue now on almost 10 machines where a lot of services are randomly not starting.  The ones I've noticed are Windows Audio, WLAN, Print Spooler, and multiple Sophos services.  I'm not sure if these issues are related to Sophos or if they're all symptoms of something else.  There aren't any recently installed Windows Updates so........ I'm pulling my hair out over here.  lol

    An update: I uninstalled Sophos on that laptop and all the Windows services started working normally after a reboot.  Friggin Sophos...... now I'm gonna try restarting to see if all the problems come back.

     

    Sorry for the delay in responding.  I've been away from work for a few days to commiserate becoming ancient!  I initially noticed this problem on our machines at roughly the same time we installed the Windows 10 1803 update (we'd already tested it with all internal applications, and wanted to install it on our timeframe, not Microsoft's), and as the Windows Audio service started exhibiting the same problem, it looked like the update was just adding a wee bit longer to startup time and services were timing out.  The fact that it was mostly older machines experiencing this problem and most of them were sorted with the ServicesPipeTimeout registry key just helped to reinforce this suspicion.  It's possible that removing Sophos would mean there was enough time left for the other Windows services to start up before timing out, although if this were the case I couldn't really blame Sophos as removing any service from the startup list would have had the same effect.

    In our case though, I've only noticed it with the Windows Audio and Sophos Device Encryption services.  I haven't seen issues with any of the other services you mention.

  • In reply to Gowtham Mani:

    Does this need a reboot? Still not seeing any change to this service not running..

  • In reply to RBGE:

    RBGE

     

     
    James Aggrey

     

    James Aggrey

    I'm curious if you're still having issues with services not starting.  I've had the issue now on almost 10 machines where a lot of services are randomly not starting.  The ones I've noticed are Windows Audio, WLAN, Print Spooler, and multiple Sophos services.  I'm not sure if these issues are related to Sophos or if they're all symptoms of something else.  There aren't any recently installed Windows Updates so........ I'm pulling my hair out over here.  lol

    An update: I uninstalled Sophos on that laptop and all the Windows services started working normally after a reboot.  Friggin Sophos...... now I'm gonna try restarting to see if all the problems come back.

     

     

     

    Sorry for the delay in responding.  I've been away from work for a few days to commiserate becoming ancient!  I initially noticed this problem on our machines at roughly the same time we installed the Windows 10 1803 update (we'd already tested it with all internal applications, and wanted to install it on our timeframe, not Microsoft's), and as the Windows Audio service started exhibiting the same problem, it looked like the update was just adding a wee bit longer to startup time and services were timing out.  The fact that it was mostly older machines experiencing this problem and most of them were sorted with the ServicesPipeTimeout registry key just helped to reinforce this suspicion.  It's possible that removing Sophos would mean there was enough time left for the other Windows services to start up before timing out, although if this were the case I couldn't really blame Sophos as removing any service from the startup list would have had the same effect.

    In our case though, I've only noticed it with the Windows Audio and Sophos Device Encryption services.  I haven't seen issues with any of the other services you mention.

     

    Your theory makes sense.  That would also explain why I haven't seen the issue on any of our newer computers.  I'll do some more experimenting.  Thanks man for your help!

  • In reply to LRB:

    Hi LRB,

    Yes, a reboot is recommended.