Error 0x80131604 shown when the console fails to open

  • ID dell'articolo: 118219
  • Aggiornato: 18 set 2013

Issue

The console (local or remote) fails to open and in the 'Advanced' section you see the following error mentioned:

----- [outer exception] -----
-- error: 0x80131604
-- facility: C#/.NET

First seen in

Enterprise Console 5.1.0

Cause

'0x80131604' is a generic error and there are a number of reasons for the error to be shown.

The precise cause can be determined by checking the associated error text in the 'Advanced' window.

What To Do

The 'Advanced' window will contain a long message which is the 'stack trace' output.  You need to read the first parts of the message and use the table below to identify the cause and resolution of the problem.

Note:

  • Most (if not all) of the stack trace outputs begin with the same text...
    System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. --->
    ...and hence this has been removed from the error field of the tables to avoid confusion.
  • In the examples below:
    • The name of the Sophos Management Server is called 'Win2008srv64' and has an IP address of 192.168.233.128.
    • The name of the domain is called 'sophos64.virtual'.
    • The port set during the installation of the Sophos Management Server (for Sophos Patch communication) was port 80 - the default.  See article 114182 for more information.
    • The account 'sophosUpdateaccount' is used for updating and not associated with any databases functions.  The correct account for database communication is called 'sophosDBaccount'. See article 113954 for more information.
    Substitute any mention of this information for your particular environment information when comparing errors.
  • It is recommended that you use the 'Copy' button to export the full error message and paste it into a text editor (e.g., Notepad.exe) to allow for easier reading.

 

Error Sophos.UIController.Extension.UIControllerException: The remote server returned an error: (503) Server Unavailable.
at Sophos.Encryption.UI.Module..ctor(IExtensionManager extensionManager, IFrontEndProxyFactory factory)

Cause On the management server, the 'Sophos Management Host' service is stopped.
What To Do Ensure that the 'Sophos Management Host' service can start.  If the service fails to start with a logon error, retype the password for the 'database' account in the 'Log On' tab of the service properties and then attempt to start the service. 
Note
: It is also worth ensuring that all Sophos' services running as the same account can be restarted.

Error System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
Cause The time and date of the computers are outside of the Kerberos clock skew limit (by default 5 minutes).
What To Do Ensure that the time and date on the computers are the same or are not outside of the Kerberos clock skew.

  1. The Kerberos Key Distribution Center Service is not started
  2. Your password has expired
Error System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation with 'http://win2008srv64/Sophos/Management/EncryptionFrontEnd' for target 'http://win2008srv64/Sophos/Management/EncryptionFrontEnd' failed. See inner exception for more details. ---> System.ComponentModel.Win32Exception: The Security Support Provider Interface (SSPI) negotiation failed.
Cause
What To Do On your Domain controller, ensure that the Kerberos Key Distribution Center Service is started.

Also make sure your password has not expired.  We recommend you fully log off the computer and then log back on.  You may be prompted to change your password.

Error System.ServiceModel.Security.SecurityNegotiationException: SOAP security negotiation with 'http://win2008srv64/Sophos/Management/EncryptionFrontEnd' for target 'http://win2008srv64/Sophos/Management/EncryptionFrontEnd' failed. See inner exception for more details. ---> System.ComponentModel.Win32Exception: Security Support Provider Interface (SSPI) authentication failed. The server may not be running in an account with identity 'sophosUpdateaccount@sophos64.virtual'. If the server is running in a service account (Network Service for example), specify the account's ServicePrincipalName as the identity in the EndpointAddress for the server. If the server is running in a user account, specify the account's UserPrincipalName as the identity in the EndpointAddress for the server.
Cause The remote console is configured to use the wrong account. For example, when you installed the management server you entered on the database page an account. On the management server the 'Sophos Management Host' service runs as this account. In a domain environment, this same account should be entered when you install a remote console.
For more information on the accounts used see article 113954.
What To Do Re-run the installer on the remote console to modify the install, at the database page, enter the same account as the Sophos Management Server service runs as.


Error System.ServiceModel.EndpointNotFoundException: Could not connect to http://win2008srv64:8080/Sophos/Management/EncryptionFrontEnd. TCP error code 10061: No connection could be made because the target machine actively refused it 192.168.233.128:8080. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 192.168.233.128:8080
Cause In this case, the remote console is configured to point to the wrong port chosen during the server install.
In the above error message, the remote console is trying to connect to port 8080 on win2008srv64, where win2008srv64 is configured to use port 80.
What To Do
  1. Establish the port chosen on the server installer - see article 114182 for more information.
  2. Re-run the Setup.exe for the console installer (by default it is extracted to ‘C:\sec_[Verison]\ServerInstaller\Setup.exe’) and choose the same port as established above.

Error System.ServiceModel.EndpointNotFoundException: Could not connect to http://win2008srv64/Sophos/Management/EncryptionFrontEnd. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.233.128:80. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.233.128:80
Cause The (remote) console is attempting to connect to the main Sophos Management Server on port 80 (in the example above) but a firewall is blocking the connection (most likely the Windows firewall, if enabled).
What To Do Configure an exception in the firewall to allow connections on the required port (confirm the exact port mentioned in the text of the error message).

For more information on allowing remote consoles to connect to the management server see article 49028.  Information on the port, as configured during the installation of the main management server is available in article 114182.

Error System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
Cause The console cannot contact the 'Sophos Encryption Business Logic Service'.
What To Do Ensure that the 'Sophos Encryption Business Logic Service' can start.  If the service is not available or cannot be started contact technical support.

Error System.ServiceModel.Security.MessageSecurityException: The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn)' for the 'http://sophos/Sophos/Management/EncryptionFrontEnd' target endpoint.
Cause The 'database' account has been changed from a domain account to a local account.
What To Do For more information see article 117719.

Error System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Cause The security policy 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' is enabled but the Sophos Management service uses MD5CryptoServiceProvider which is not a FIPS 140 standard algorithm.  Hence there is a conflict.
What To Do Disable the policy mentioned above.  See Microsoft article MS 811833 for further information.

Error System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy' from assembly 'System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
Cause There is a problem with the Microsoft .NET installation on the computer (possibly caused by Windows updates).
What To Do Initially you need to ensure the computer is full up to date with all required Windows updates.  You made notice a problem with missing Windows updates or updates failing to be installed.  Any problems found should be corrected.

Also see the Microsoft article regarding the issue: Could not load type 'System.Security.Authentication...after you install [Windows updates]

 

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti