Failed to load MachineCertificate: SGERROR: UNABLE TO LOAD MESSAGE TEXT(4294967294)

  • Article ID: 118230
  • Updated: 07 Oct 2013

When attempting to open a full disk encryption policy from within the Enterprise Console the following error is displayed in the advanced view:

Sophos.UIController.Extension.UIControllerException: System.ServiceModel.FaultException: ConsoleConfiguration: Failed to load MachineCertificate: SGERROR: UNABLE TO LOAD MESSAGE TEXT(4294967294)

Server stack trace:
   at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Sophos.BLCommunication.Interfaces.IBLCommunication.GenerateFactoryDefaultGlobalPolicy()
   at Sophos.Encryption.FrontEnd.EncryptionFEService.GenerateFactoryDefaultGlobalPolicy(Boolean reset)
   at Sophos.Encryption.UI.EncryptionPolicyHandler.Edit(IntPtr parent, String name, String contentTag, IPolicyCallback policyCallback)
   at Sophos.UIController.Product.Policy.<>c__DisplayClass7.<EditPolicy>b__6()
   at Sophos.UIController.Product.Logging.LogMethod(MemberInfo method, Action func)
   at Sophos.UIController.Product.Policy.EditPolicy(IntPtr parent, String name, String contentTag, IPolicyCallback policyCallback)

----- [outer exception] -----
-- error: 0x80004005 (Unspecified error)
-- facility: Generic (System)
   at void __thiscall PolicyDialogViewer::ShowPolicy(struct ISMT_Policy *,class ATL::CWindow,const class bl::UIPermissions &,unsigned long,const class ProductReleaseData &,const class TranslationService &)
   at __w64 long __thiscall CPolicyTreeCtrl::OnEditPolicy(unsigned int,__w64 unsigned int,__w64 long,int &)
   at int __cdecl Run(int,class bl::CommandLine,enum bl::ConsoleType::Type)
   at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__ *,wchar_t *,int)

First seen in
Enterprise Console 5.1.0

The machine key certificate used by the Enterprise Console to access the encryption database is missing. The registry key in question is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Utimaco\SafeGuard Enterprise\MachCert]

What To Do

The machine certificate keys must be reapplied to the installation. This can be done by reinstalling the Sophos Management Server component:

Before continuing the Master Security Officer (MSO) certificate and password must be present.

  1. Take a full backup of the Sophos Enterprise Console installation using DataBackupRestore.exe
  2. Go to Add\Remove Programs or Programs and Features depending on the operating system used.
  3. Remove the "Sophos Management Server" component
  4. Perform a reboot of the system
  5. Browse to C:\SEC_5x\ServerInstaller - where "x" is the minor version of the Enterprise Console being used
  6. Run setup.exe
  7. Select the "Sophos Management Server" component to be installed
  8. When prompted choose to 'Manage existing encryption' 
  9. Select the MSO certificate and enter the password to unlock it.
  10. Complete the installation

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent