The following error message is displayed in Enterprise Console:
Failed to send the complete message to mark a key backup session as complete [0x80040324]
First seen in
Enterprise Console 5.1.0
The endpoint is unable to complete the exchange of messages which allows the endpoint to be ready to encrypt.
This is caused by the 'Sophos Agent' service on the endpoint being restarted during the exchange of messages; this is most likely caused by a system shutdown or a reboot of the endpoint. Please note that the system will recover from this, and will complete the exchange of messages, permitting the endpoint to commence encryption.
However, once the endpoint has completed encrypting, this message will continue to be displayed in the console.
What To Do
For the computer displaying the above error, ensure that the key exchange has completed. To do so; right-click on the machine in Enterprise Console and select 'Encryption Recovery'. If this option is enabled, the initial setup has been completed and the error message can be safely ignored.
Note: The error will clear in two weeks by default.
If the 'Encryption Recovery' menu option is greyed out, and the machine has the encrypted client installed, you can restart the 'Sophos Agent' service on the client to start another key exchange session. Also ensure that the client is then switched on for a minimum of 20 minutes to guarantee the client receives all messages.
To avoid this error message appearing in the future, ensure, network permitting, that the management server is able to notify the clients that outstanding messages are waiting for them at the management server. This will result in downstream messages arriving at the client in a more timely fashion, rather than relying on the default 15 minute polling interval. This will therefore minimize the chance of this error occurring erroneously. This can be achieved by allowing TCP port 8194 incoming, on the client.