This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safeguard 8.10 agent synchronization status unknown

 Hi All,

Recently we upgrade our SGN from version 6.1 to 8.10 successful after few issue that able to resolve. However we encounter new issue with agent synchronization.

Does anyone encounter same issue?.Currently all newly installed machine will encounter failed to synchronize with SGN server. We have verified connectivity between client and server no issue as per step below.

 Issue scenario:

  1. Fresh installation using hardened image OS.
  2. Disable AV and verify Proxy config.
  3. Login windows using service account and Install Sophos Safeguard with sequence (Preinstall, SGNClient, SGNConfig)
  4. Reboot and initialize service account  & User ID with Sophos Safeguard Window Login Icon.
  5. Disk encryption started (Based on Policy) and synchronization status still unknown
  6. Verify SSL certificate at agent machines.
  7. Run SGNSCC tools with successful no error prompt.
  8. Verify at SGN console machine or user still didn’t report back to console.
  9. Restart Safeguard transport services still failed.
  10. Uninstall and reinstall SGNConfig still having same issue
  11. Reboot SGN Server still failed to synchronize with new machine.

 

      



This thread was automatically locked due to age.
Parents
  • Hi - Thanks for your detailed question.

    My first thought here is that you have a policy within your configuration file. This isn't the recommended route as (I think in the case here) your PC can start to encrypt BEFORE it's talked to the server and potentially backed up the recovery key too. If this/these PC's now go wrong during encryption then you're in a bad place - potentially no recovery key.

    I would first remove this policy from the configuration. This way when the PC does start to encrypt you KNOW it's because it's contacted the server and NOT because it's being forced too by a pre-configured policy. 

     

    That aside - I'm leaning towards blaming the configuration here I think.

    Have you created a "fresh" configuration file Azwan, or is this an old file previously used for v6?

    Can we have a screenshot of the client versions for Sophos SafeGuard within Add/Remove/Programs & Features?

     

    Sorry for the granny-suck-eggs question....But can you also provide a screenshot of the client from the server?

     

Reply
  • Hi - Thanks for your detailed question.

    My first thought here is that you have a policy within your configuration file. This isn't the recommended route as (I think in the case here) your PC can start to encrypt BEFORE it's talked to the server and potentially backed up the recovery key too. If this/these PC's now go wrong during encryption then you're in a bad place - potentially no recovery key.

    I would first remove this policy from the configuration. This way when the PC does start to encrypt you KNOW it's because it's contacted the server and NOT because it's being forced too by a pre-configured policy. 

     

    That aside - I'm leaning towards blaming the configuration here I think.

    Have you created a "fresh" configuration file Azwan, or is this an old file previously used for v6?

    Can we have a screenshot of the client versions for Sophos SafeGuard within Add/Remove/Programs & Features?

     

    Sorry for the granny-suck-eggs question....But can you also provide a screenshot of the client from the server?

     

Children
  • Hi @MichaelMcLannahan

    Appreciate for the prompt feedback and apologies for the late reply, as per last post date I went back to customer places since there is a doubt that the issue related to new machine image (Clone OS) because existing machine is successfully communicate with server without any issue plus supposedly domain synchronization will list all machine based on OU selected with or without Safeguard installed.

    We have check and verified with Safeguard console for the communication issue and found the culprit which is AD synchronization when we try to search and import the machine manually to Safeguard console which is possibly caused by idle/hung/request session due to the environment has multiple dummy console.

    Below is the solution for the issue.

    https://community.sophos.com/kb/en-us/108117

  • Ah, well done for sorting it!

    I rarely see this issue with an import sync failing on the server - but have had to use that reset flag on an occasion. I did see it more frequently when permissions for the import user weren't correct. It would then foul the import routine, causing the database import to need a reset.