Starting Enterprise Console displays: MessageSecurityException: The identity check failed for the outgoing message.

  • ID dell'articolo: 117719
  • Aggiornato il: 23 nov 2013

Issue

When opening Enterprise Console you see the following error message:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ServiceModel.Security.MessageSecurityException: The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)' for the 'http://sophos/Sophos/Management/EncryptionFrontEnd' target endpoint.

The full error message is in the 'Technical information' section below.

First seen in

Enterprise Console 5.0.0

Cause

Changing the 'database' account from a domain account to a local account.

During the modification the following configuration files were modified:

\Program files [(x86)]\sophos\enterprise console\plugins\EncryptionFEService\Sophos.Encryption.FrontEnd.dll.config
\Program files [(x86)]\sophos\enterprise console\plugins\WebControl\Sophos.WebControl.FrontEnd.Logging.config
\Program files [(x86)]\sophos\enterprise console\EnterpriseConsole.exe.config

When configured to use a domain account, under the \client\endpoint\ sections in each of the configuration files there are the following identity tags, specifying the UPN form of the 'database' account, i.e.:

<identity>
   <userPrincipalName value="[UPN form of database account]"/>
</identity>

When changing the account to be a local account these 'userPrincipalName' values are left with an empty value.  In this scenario where a local account is used, these identity sections are not required and can be commented out.

What To Do

If you wish to keep using a local account, follow the steps below, otherwise the other option is to re-run the installer and revert back to using a domain account as detailed in article 113954.

To fix the installation to use the local account: 

  1. Close down any open Console.
  2. Stop the service: "Sophos Management Host". (Start | Run and type: Services.msc hit Enter)
  3. Make a copy of each of the following files:
    \Program files [(x86)]\sophos\enterprise console\plugins\EncryptionFEService\Sophos.Encryption.FrontEnd.dll.config
    \Program files [(x86)]\sophos\enterprise console\plugins\WebControl\Sophos.WebControl.FrontEnd.dll.config
    \Program files [(x86)]\sophos\enterprise console\EnterpriseConsole.exe.config
  4. Open the original of each file in a text editor, E.g., Notepad and search for the text:
    <identity>
  5. Where found, comment out the section from <identity> to </identity>.  
    To comment out the section you can enter the text: <!-- before and the text --> after to read as follows:
    <!--<identity>
      <userPrincipalName value="databaseaccount@yourdomain.domain"/>
    </identity>-->
  6. Restart the service "Sophos Management Host" service.
  7. Restart the Console to confirm the issue has been resolved.

Technical information

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ServiceModel.Security.MessageSecurityException: The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)' for the 'http://sophos/Sophos/Management/EncryptionFrontEnd' target endpoint.

Server stack trace:
 at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
 at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
 at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
 at System.ServiceModel.Channels.ServiceChannelProxy.InvokeEndService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
 at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
 at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
 at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
 at Sophos.Encryption.FrontEnd.Interfaces.IEncryptionFEServiceAsync.EndIsEncryptionInstalled(IAsyncResult result)
 at Sophos.Encryption.UI.Module.<>c__DisplayClass4.<.ctor>b__2(IEncryptionFEServiceAsync s)
 at Sophos.Encryption.FrontEnd.Interfaces.ClientChannelWrapper`1.EndInvoke[TResult](Func`2 function)
 at Sophos.Encryption.UI.Module..ctor(IExtensionManager extensionManager, IFrontEndProxyFactory factory)
 --- End of inner exception stack trace ---
 at System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
 at System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType)
 at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
 at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
 at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)  at Sophos.UIController.UIControl.b__a()
 at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
 at Sophos.UIController.UIControl.Initialize()

----- [outer exception] -----
 -- error: 0 x 80131 604
 -- facility: C#/.NET
 at 6
 at 5
 at 4
 at 3
 at 2
 at 1
 at class ATL::CComPtr __cdecl createUIController(struct IDispatch *,const wchar_t *)
 at __w64 long __thiscall CMainFrame::OnCreate(struct tagCREATESTRUCTW *)
 at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)
 at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti