Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 15 subscribers
  • Views 4343 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to force Windows Agent to check in with SophosCentral

Russell Zeygerman

Hi,

We have a typical scenario when local Windows agents stop talking to Sophos Central. I am trying to figure out a way to re-establish this communication by running some sort of a command in command-line on the  machine to force it to check-in with Sophos Central.

We have tried the /register switch on the installer, but that adds missing machines only.

Thank you for your help

-  RZ



This thread was automatically locked due to age.
  • 0

    What does "C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\MCSClient.log" have in it?

    Is it sufficient to restart the Sophos MCS Client service?
    You will need to disable Tamper Protection to do this.
    You might have to run 
    SedCcli.exe -tpoff <pass>
    to do it if MCS is not working at all.

  • 0 in reply to Sophos User930

    In addition to this, were there any recent changes on your network set-up recently. this will also cause communication issues. to further check, you may send the logs with us. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Hi, so these machines are remote. The policy seems to state for them to check in with the Sophos cache server that is on site at 4am. We know with high degree of confidence that the machines are not on VPN at 4am as of the pendamic. So they can not reach the cache server. Does the agent check in on a cycle or maybe looks to sophos in the cloud when it can not reach the cache server?

  • 0 in reply to Russell Zeygerman

    Yes, you are right about it. If Updating through the Cache server fails the endpoint will automatically redirect it to updating through the internet. Provided that the network where the machine is connected has open access to Sophos domains and ports or either it uses open internet then the endpoint should be able to communicate to central. 
    Can you share with us the logs from those machines which is failing? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    Hi, so these machines are remote. The policy seems to state for them to check in with the Sophos cache server that is on site at 4am. We know with high degree of confidence that the machines are not on VPN at 4am as of the pendamic. So they can not reach the cache server. Does the agent check in on a cycle or maybe looks to sophos in the cloud when it can not reach the cache server?

  • 0 in reply to Russell Zeygerman

    It would be better if you can share the MCS logs which can be found on C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\MCSClient.log.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML