Database connection error when opening an encryption-related dialog in the console

  • Article ID: 117086
  • Updated: 25 Nov 2013


After migrating the Sophos Management server the console displays the following error when attempting to access any encryption-related dialog:

It was not possible to complete the last operation.

When clicking 'Advanced...' in the message box you will see in the first line of the stack trace:

AuthenticateOfficerTempStore failed: Certificate not found.

First seen in
Enterprise Console 5.1.0


The application server has been migrated to a different computer without following the migration process described in the migration guide.

Possibly the migration process for Enterprise Console v5.0 has been followed instead of the v5.1 process.

What To Do

We have created a Visual Basic script (VBS) file that allows you to manually register the Sophos Management server in the encryption database to resolve this situation.  You need to download the script on the computer hosting the Sophos databases and run it with the credentials for both the account running the 'Sophos Management Host' service and the Master Security Officer (MSO) account.

Warning:  We recommend you make a full backup of all the Sophos databases before following the steps below.

  1. On the SQL server download the script (right-click the link and choose 'Save Link As...' to save the file to your computer): registerserver.vbs.txt
  2. Rename the file extension from .vbs.txt to .vbs
  3. Open and command prompt (Start | Run | Type: cmd.exe | Press return).
  4. Change directory (cd) to the location of the script.
  5. To run the script type:
    cscript.exe registerserver.vbs /password:yourServiceAccountPassword [/msoP12:c:\mso.p12 /msoPassword:yourMSOPassword]

    /password is the password of Sophos Management Host service account.
    /msoP12 is the path to the MSO certificate file (optional).
    /msoPassword is the password used to protect the MSO certificate file (optional).

Technical Information

By design the encryption database has a binding to a single application server installation that can read/write data to it. Normally the re-binding is done by the installer during the server installation. However, in some cases the system may end up with a database that needs to be re-bound to an existing server installation.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent