When opening the Enterprise Console the following error is seen.
GetObjectSetfailed for Sophos.Management.RBAC.Core.User
----- [outer exception] -----
-- error: 0x80131500
-- facility: C#/.NET
at class ATL::CComPtr __thiscall
at int __cdecl Run(int,enum bl::ConsoleType::Type)
at int __stdcall wWinMain(struct HINSTANCE__ *,struct HINSTANCE__
To confirm the issue, check the Windows event viewer (Start | Run | Type:
eventvwr.msc | Press return). The event viewer shows (around the time the console was launched):
- Application log:
Step: Creating a database connection
Data: createAccessToken: LogonUser failed
- System log:
The Sophos Management Service service terminated with the following error:
- Security log (extracts due to length):
An account failed to log on.
Failure Reason: Unknown user name or bad password.
Caller Process Name: C:\Program Files (x86)\Sophos\Enterprise Console\MgntSvc.exe
Note: The Sophos Message Router service (process name 'RouterNT.exe') may use high CPU percentage while this issue is occurring.
First seen in
Enterprise Console 4.0.0
The password for the account used by the Sophos management service has expired.
The error has been seen on a management server when the administrator's account (used by the 'Sophos Management Host' service; 'Sophos Patch Endpoint Communicator' service; 'Sophos Patch Endpoint Orchestrator' service; 'Sophos Patch Server Communicator' service; and set in the 'DatabaseUser' key in the registry and hence used by the 'Sophos Management Service') has naturally expired, while the account is logged on.
On the next log on the user would be prompted for a new password, however this has not happened yet
What To Do
If the server's resources are being used excessively, first locate the process and stop the related service temporarily. Then continue with the steps below.
- Log off from the server and log back on. If required, renew the account's password during the log on process.
- For Enterprise Console v5.0 and above (go to point three below for older console versions): From the Windows services list (Start | Run | Type: If any of the services listed above fail to start you will need to open the Properties of each service and update the password of the account set in the 'Log On As'.
services.msc | Press return) check the following services are started (if present) and attempt to re-start them:
- Sophos Management Host
- Sophos Patch Endpoint Communicator
- Sophos Patch Endpoint Orchestrator
- Sophos Patch Server Communicator
- Restart the 'Sophos Management Service'. Note: This service logs on as 'Local System' and does not need to be set to 'Log On As' a particular user account.
If this service fails to start you will need to check the password of the account set in the 'DatabaseUser' registry key is set correctly. For further information see article 113954 and, if the password needs to be re-obfuscated, article 13094.