When you attempt to open Enterprise Console, you receive an error message which resembles one of the following:
- If you have just started or restarted the computer, and logged on:
0x80070534, No mapping between account names and security IDs was done.
- If the computer was already running and you logged on:
Only members of the Sophos Console Administrators group on <server or domain name> are allowed to run the Sophos Enterprise Console.
First seen in Cause
Often caused when promoting or demoting a domain controller that has the main Enterprise Console installation. This will cause the security groups to be removed.
What To Do
- At the taskbar, click Start|Settings|Control Panel.
- Double-click 'Administrative Tools', then select 'Active Directory Users and Computers'.
- Check to see if the following groups exist:
- Sophos Console Administrators
- Sophos Full Administrators
- Sophos Console Service Users
- If the groups are present, continue with step 5 of this procedure. However, if they are missing, you must recreate them:
- You must use one space between each word in the name, and exactly the same capitalization as is used here.
- Add to the group the names of the users who need to be able to open Enterprise Console:
- Sophos Console Administrators - Users who should be able to open the Console
- Sophos Full Administrators - Users who should have full administrative rights in the Console
- Sophos Console Service Users - Account used for the Sophos services and database connection
- Go to Windows services and restart the Sophos Management Service.
- Log off and log on again.
The error message "
0x80070534, No mapping between account names and security IDs was done." indicates that the 'Sophos Console Administrators' group is missing. This can happen, for example, if you installed a second console on another computer. For a user account to be able to open Enterprise Console, they must be a member of this group.
The second error listed above can occur because of a security identifier (SID) mismatch. Restarting the service corrects this.