Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 15 subscribers
  • Views 2503 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server couldn't protected in Sophos Central with Citrix MCS Maschines

Rene Pauly

Hi guys,

i have a serious problem. I have a Citrix Environment Version 7.15 Server 2008R2 and Sophos Intercept X running on it. Made a golden image with this article:

https://support.sophos.com/support/s/article/KB-000035040

I try the manual and also the script version. My cloned Servers shows up with the right name in Sophos Central, but all shows that the Server couldn't protected in Central.

When i click on the Sophos Client on the guest OS all is green, up and running. 

What i also found is, that on all cloned Servers the registration.txt file is missing in 

C:\ProgramData\Sophos\Management Communications System\Endpoint\Config

When i run the script manual, i see the file is created. After reboot the Server shortly shows the file and after a while the file is deleted automatically.

any idea?

hopefully

rené



This thread was automatically locked due to age.
  • 0

    Hi 

    Have you edited the file registration.txt while preparing a gold image as mentioned in Step 10? If you double click on the endpoint --> About --> Open Endpoint Self help tool--> System Do you see anything under Endpoint ID and Computer Name? 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi Shweta,

    thanks for your reply. Yes, i have to create the registration.txt file and put in the info (mcsclient and tokenid).

    also i see in the info on the server and endpoint ID and computername. 

    i also see the info, that the windows update service is deactivated .. maybe this is the problem? if.. i think its pretty normal on Terminalservers to deactivate the windows update service.

  • FormerMember
    0 FormerMember in reply to Rene Pauly

    Do you have any script running that would touch that file? Perhaps something from your scrubbing the Gold image?

  • 0 in reply to FormerMember

    The only script which is running - is the goldenimageprep script from the article on the top.. as I say.. all clients seems to be ok.. also i can update them from the sophos central portal.. but all clients shows there as they couldn't be protected... 

  • FormerMember
    0 FormerMember in reply to Rene Pauly

    That script does delete that file. To clarify - are you running these servers as temporary instances or are they persistent? If they are persistent, then they shouldn't need that script run on each shutdown. 

  • +1 in reply to FormerMember

    Morning!

    Yes all the servers are temporary, they restart ervery night and get the settings back from the disk from the golden image. 

    but wait.. as i can see now, all the servers were green... OK... maybe it was only a time i have to wait?.. looks good, i will check today and if the green status exists, i wil close the thread. 

    thanks a log!

  • 0

    When a computer goes through the registration or re-registration phase, Central expects to get an update successful message from AutoUpdate within 1 hour.  If not it will show a failed to protect message.

    To guarantee the first update (5 mins after the Sophos AutoUpdate service starts) sends in a success message - assuming the check is successful, in the gold image I would suggest deleting the QWORD registry value named EventStateLastTime under:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\UpdateStatus\Details\

    If you do this prior to sealing the machine up.  The should prevent a failed to protect message.

  • 0 in reply to Sophos User930

    Hey, thanks for that Info. Must i delete this key every time i update the golden image? Maybe its a good idea to add this to the sophos goldenimageprepare script!?

Unfiltered HTML