This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PC device missing from sophos Endpoint console

I have a PC missing from the Sophos control panel - yet the PC has Sophos installed and working.

it's getting updates but has not have a profile pushed to it for quite some time.

it's Tamper protected so is there a way to add the device manually to the cloud console so I can disable tamper?



This thread was automatically locked due to age.
  • Hi There,

    Thank you for reaching us, When you mentioned cloud console. was the installed endpoint on this machine is also a cloud version? It’s possible to re-register a device on a different dashboard or reregistered to the existing dashboard when it's no longer shown using the "--registeronly" switch via command prompt. However you need to have the tamper protection password first to proceed. If you are no longer able to retrieve the tamper protection password, you may need to manually turn off the tamper protection password by following this knowledge base article. Once Disabled, you can either proceed with uninstalling the endpoint or reregister the endpoint to your desired dashboard where you wish to manage the device. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I would first check the values in the files:

    • C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\CustomerIdentifier.txt
    • C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt

    The GUID in the file CustomerIdentifier.txt should match other computers from the same Central account.  This will confirm the correct installer was run on it and it's not just pointing at a different Central account.

    Then you can check the EndpointIdentity.txt.for the endpoint ID. 

    For example, if the value in the file is 9526263c-c31f-f433-5bda-ce50d1520b3d, then the direct link to the computer in Central for a endpoint (not server) would be:

    https://cloud.sophos.com/manage/endpoint/devices/computers/9526263c-c31f-f433-5bda-ce50d1520b3d

    If it was a server:

    https://cloud.sophos.com/manage/server/devices/servers/9526263c-c31f-f433-5bda-ce50d1520b3d 

    So given the endpoint guid you can form the direct link to the computer record in Central which takes out the name as being a problem?

    If you get:

    Then the Central account has no current record for the endpoint by that GUID.

    Otherwise, check the MCSClient.log file for errors:

    C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log

    When did it last get a 200 for example?