This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Management communication issue

Hello guys, 

A few of my server machines are showing medium/high alerts due to an issue with Management communication. 

In the Endpoint Self Help tool I get this warning: 

"Unable to determine management communication status. Does the MCS client log exist/is it accessible at 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\MCSClient.log'?" 

The log exists and I have posted it below. 

Based on the log it seems to be an issue with Authentication with the HTTP server, or I suspect maybe the server I'm trying to connect to is incorrect. 

If any of these are true, how would I go about a resolution? 

2022-04-10T23:59:42.783Z [ 4664: 5888] I IsWow64Process2 not available on older platforms
2022-04-10T23:59:42.784Z [ 4664: 3508] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming
2022-04-10T23:59:42.784Z [ 4664: 3712] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming
2022-04-10T23:59:42.784Z [ 4664: 4520] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming
2022-04-10T23:59:42.784Z [ 4664: 6148] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming
2022-04-10T23:59:42.784Z [ 4664: 6152] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming
2022-04-10T23:59:42.784Z [ 4664: 6156] I Starting directory change monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming
2022-04-10T23:59:42.785Z [ 4664: 5888] I The Windows event log has been initialized.
2022-04-10T23:59:42.972Z [ 4664: 5888] E Authentication token file is invalid, error: No such node (features)
2022-04-10T23:59:42.975Z [ 4664: 5888] I IsWow64Process2 not available on older platforms
2022-04-10T23:59:43.172Z [ 4664: 6196] I Features have changed
2022-04-10T23:59:45.439Z [ 4664: 6196] I [connect] trying server https://mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com/sophos/management/ep
2022-04-10T23:59:45.439Z [ 4664: 6196] I [connect] trying direct connection without a proxy
2022-04-10T23:59:45.439Z [ 4664: 6196] I GET https://mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com:443/sophos/management/ep
2022-04-10T23:59:45.447Z [ 4664: 6196] E Request failed: WinHttpSendRequest failed: A connection with the server could not be established (12029)
2022-04-10T23:59:45.450Z [ 4664: 6196] W [connect] no configured servers working; no fallback server
2022-04-10T23:59:45.454Z [ 4664: 6196] W [connect] no working servers
2022-04-10T23:59:45.583Z [ 4664: 6196] I [backoff] waiting 67s (40s + 27s skew) after failures: 1
2022-04-10T23:59:45.790Z [ 4664: 6196] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: The system cannot find the file specified.
2022-04-10T23:59:45.809Z [ 4664: 6196] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: The system cannot find the file specified.

	



This thread was automatically locked due to age.
Parents Reply Children
No Data