When you install a new SafeGuard Enterprise Client which has a previously used hostname, under certain circumstances the required key may not be correctly sent to the database.
IMPORTANT: In some cases this may result in you being unable to retrieve data. In order to avoid issues of this sort, you must follow the workaround described below.
Known to apply to the following Sophos product(s) and version(s)
SafeGuard Management Center 220.127.116.11
SafeGuard Device Encryption 18.104.22.168
This issue was fixed with the release of SafeGuard Enterprise 5.50.1.
What To Do
Before installing a SafeGuard Enterprise Client which has a hostname that was in use previously:
- The "old" computer object must be deleted in the SafeGuard Enterprise Management Center.
- The SafeGuard Enterprise Security Officer must ensure that the machine-key (e.g. boot_machinename@DSN) is no longer assigned to any object.
A typical scenario would be that the key was assigned to a SafeGuard Enterprise User to perform recovery tasks.
You must unassign the machine-key immediately after finishing the required actions. The key should then be displayed in the "inactive keys" area of the SafeGuard Enterprise Management Center.
The new machine-key is not stored in the SafeGuard Enterprise Database until the "old" key is completely unassigned.