Server couldn't protected in Sophos Central with Citrix MCS Maschines

Hi guys,

i have a serious problem. I have a Citrix Environment Version 7.15 Server 2008R2 and Sophos Intercept X running on it. Made a golden image with this article:

I try the manual and also the script version. My cloned Servers shows up with the right name in Sophos Central, but all shows that the Server couldn't protected in Central.

When i click on the Sophos Client on the guest OS all is green, up and running. 

What i also found is, that on all cloned Servers the registration.txt file is missing in 

C:\ProgramData\Sophos\Management Communications System\Endpoint\Config

When i run the script manual, i see the file is created. After reboot the Server shortly shows the file and after a while the file is deleted automatically.

any idea?



Add Server and Version Info
[edited by: Rene Pauly at 7:19 AM (GMT -8) on 19 Feb 2021]
  • When a computer goes through the registration or re-registration phase, Central expects to get an update successful message from AutoUpdate within 1 hour.  If not it will show a failed to protect message.

    To guarantee the first update (5 mins after the Sophos AutoUpdate service starts) sends in a success message - assuming the check is successful, in the gold image I would suggest deleting the QWORD registry value named EventStateLastTime under:


    If you do this prior to sealing the machine up.  The should prevent a failed to protect message.

  • Hey, thanks for that Info. Must i delete this key every time i update the golden image? Maybe its a good idea to add this to the sophos goldenimageprepare script!?

Reply Children
No Data