After installing Enterprise Console 5.1 on the same computer as SafeGuard Enterprise Server, existing managed SafeGuard Enterprise Clients fail to synchronize with the SafeGuard Enterprise Server.
After installing Enterprise Console 5.1 on the same computer as the SafeGuard Web Help Desk machine, a logon to Web Help Desk is no longer possible and the following error message will be displayed: "
The application has generated an error and was unable to continue. If this error persists, contact your system administrator."
First seen in
SafeGuard Web Helpdesk
SafeGuard Enterprise Server
Enterprise Console 5.1.0
The Enterprise Console 5.1 installer modifies security permissions on the following objects:
Windows 2003/2003 R2:
"C:\Documents and Settings\All Users\Application Data\Utimaco\SafeGuard Enterprise\LocalCache\"
Windows 2008/2008 R2:
such that only the following users and groups have access:
- Sophos Console Service Users
Depending on the identity the SafeGuard application pools are running in - e.g. 'SGNSRV-Pool' / 'SGNWHD-Pool', which by default is 'Network Service' on IIS6 or 'ApplicationPoolIdentity' on IIS7 - the identity may no longer have access rights to the LocalCache folder / MachCert registry key, causing the above issue.
What To Do
- Confirm the issue is that covered in this article. To do so run the "Invoke Test" utility on the SafeGuard Enterprise Server by browsing locally in a web browser to 'HTTP://[ServerName]/SGNSRV.
- When running the test, if you get the message:
<string xmlns="http://tempuri.org/"><Dataroot><WebService>OK</WebService> <DBAuth>failed</DBAuth> <Error> Missing Server Configuration</Error></string>continue with the steps below. If you do not get this message, contact Support for more help.
- Having confirmed the issue, navigate to the objects mentioned above and revert the previous entry of "Everyone" having full permissions by adding Everyone to the permissions on both the registry key and the directory.
IMPORTANT: Re-running '\sec_51\ServerInstaller\setup.exe' to modify the install of Enterprise Console will revert the permissions on the directory and registry key. For that reason you will need to re-apply the change post modify or add the Identity used by the SafeGuard application pool to the group 'Sophos Console Service Users'. This will ensure the required rights are persisted.
- From a command prompt run the command:
- Re-run the above test in Step 1 and confirm that SafeGuard Enterprise Clients can syncronise with the SafeGuard Enterprise Server