Sophos has released a patch for the issue described below which has been found in SafeGuard Enterprise 22.214.171.124 Management Center/ Server.
It is recommended that you apply this patch as soon as possible when you do automated synchronization using the API functions of SafeGuard Enterprise.
Important: If you do not apply the hotfix and the error occurs on your system, you will need to contact Sophos Technical Support for help in fixing this issue. The hotfix will not fix the error once it has occurred.
The fix will be included in the upcoming SafeGuard Enterprise 5.50.1 Service Release.
Under certain circumstances when synchronizing the Active Directory structure using the SafeGuard Enterprise API functions, a wrong domain netbios name "<POA>" is entered in the domain table of the SGN database. This causes SafeGuard Enterprise Clients to be moved from their correct position in the structure to the auto.registered section in the SafeGuard Enterprise Management Center. As a side effect, affected clients may require a Challenge/Response. Sophos product and version
SafeGuard Enterprise 126.96.36.199 Management Center
SafeGuard Enterprise 188.8.131.52 Server Operating system
All supported versions
What to do
Install the available Patch, this will prevent issues arising after a Synchronization using the API.
You will need to implement the updated Utimaco.SafeGuard.DirectoryService.dll on all SafeGuard Enterprise Management Center computers and SafeGuard Enterprise Servers that are used to perform automated synchronization tasks with the Active Directory, via API script.
To implement the fix:
- From the Sophos website download the file SGN5.50APISYNCPATCH.zip
- Extract the file Utimaco.SafeGuard.DirectoryService.dll.
- Copy the file Utimaco.SafeGuard.DirectoryService.dll locally to the SafeGuard Enterprise Server / Management Center computer that is used for the automated synchronization.
- Open the Microsoft Windows Global Assembly Cache (usual location is C:\Windows\Assembly).
- Use drag and drop to copy Utimaco.SafeGuard.DirectoryService.dll to C:\Windows\Assembly.
Note that copying files to the Windows Global Assembly Cache does not give any visual feedback, also there is no context menu available. To make sure that the file has been copied to the assembly cache, check the ‘Last Modified’ property of Utimaco.SafeGuard.DirectoryService.dll. It should reflect the current date.
In the event that it is not possible to copy the DLL directly to the Global Assembly Cache using drag and drop, a batch file is available, which you can get via Knowledgebase article 111338. This unloads the DLL if it is in use.
As an alternative, you can use the Global Assembly Cache tool (Gacutil.exe), a developer tool provided by the .NET Framework SDK, to copy Utimaco.SafeGuard.DirectoryService.dll to C:\Windows\Assembly. More details can be found in the above mentioned knowledgebase article.
If you have any questions regarding the patch or issues implementing it, or if you have already experienced this issue, please open a support request via firstname.lastname@example.org.