Good morning to all,
we recently implemented Sophos Intercept X Advanced Server. One of our windows server 2012 r2 system has a problem where it can not communicate with Sophos Central. The installation went without a problem. After the reboot i get the error message in the sophos self help client:
Unable to determine management communication status. Does the MCS client log exist/is it accessible at 'C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\MCSClient.log'?
I checked the MCSClient.log and was located in the correct folder and the write permission are also the same as on our other systems.
The log itself show no entrys after the installation date.
please see the attached log.
2022-05-25T09:53:29.632Z [11276: 8596] A ----------------------------------------------------------------------------------------------------
2022-05-25T09:53:29.633Z [11276: 8596] A Starting version 4.15.79.0 of the Sophos MCS Client service.
2022-05-25T09:53:29.634Z [11276: 8596] A ----------------------------------------------------------------------------------------------------
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'statusRegulationDelay' set to 60.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'maximumStatusRegulationDelay' set to 300.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'statusTimeToLive' set to 43200.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'responseRegulationDelay' set to 1.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'maximumResponseRegulationDelay' set to 1.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'errorCountTimeout' set to 300.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'eventRegulationDelay' set to 1.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'maximumEventRegulationDelay' set to 5.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'maximumAggregatedEvents' set to 32.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'commandPollingInterval' set to 20.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'flagsPollingInterval' set to 14400.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'policyPollingInterval' set to 300.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'policyTimeToLive' set to 345600.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'maximumBackoffCount' set to 10.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'maximumBackoffSeconds' set to 7200.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'randomSkewFactor' set to 1.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'httpConnectTimeout' set to 30.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'httpSendTimeout' set to 30.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'httpReceiveTimeout' set to 30.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'statusCacheDuration' set to 604800.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'useSystemProxy' set to 1.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'useAutomaticProxy' set to 1.
2022-05-25T09:53:29.652Z [11276: 7700] I Config: setting 'useDirect' set to 1.
2022-05-25T09:53:29.653Z [11276: 7700] I Config: setting 'diagnosticTrailLocation' set to C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail.
2022-05-25T09:53:29.653Z [11276: 7700] I Config: setting 'pushPollRegulationDelayMilliseconds' set to 1.
2022-05-25T09:53:29.653Z [11276: 7700] I Config: setting 'pushMaximumPollRegulationDelayMilliseconds' set to 1.
2022-05-25T09:53:29.653Z [11276: 7700] I Config: setting 'pushPingTimeout' set to 90.
2022-05-25T09:53:29.653Z [11276: 7700] I Config: setting 'pushFallbackPollInterval' set to 300.
2022-05-25T09:53:29.653Z [11276: 8188] I The configuration monitor thread was started.
2022-05-25T09:53:29.655Z [11276: 7700] I Periodic evaluation interval configured for every 86400 seconds
2022-05-25T09:53:29.656Z [11276: 7700] I IsWow64Process2 not available on older platforms
2022-05-25T09:53:29.657Z [11276: 8856] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming
2022-05-25T09:53:29.657Z [11276: 2632] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming
2022-05-25T09:53:29.657Z [11276:10092] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming
2022-05-25T09:53:29.657Z [11276: 7224] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming
2022-05-25T09:53:29.658Z [11276:11636] I Starting directory change monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming
2022-05-25T09:53:29.658Z [11276: 2352] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming
2022-05-25T09:53:29.658Z [11276: 7700] I The Windows event log has been initialized.
2022-05-25T09:53:29.929Z [11276: 7700] E Authentication token file is invalid, error: No such node (features)
2022-05-25T09:53:29.935Z [11276: 7700] I IsWow64Process2 not available on older platforms
2022-05-25T09:53:30.251Z [11276:11148] I Features have changed
2022-05-25T09:53:30.322Z [11276:11148] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T09:53:30.322Z [11276:11148] I [connect] trying direct connection without a proxy
2022-05-25T09:53:30.322Z [11276:11148] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T09:53:30.367Z [11276:11148] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T09:53:30.368Z [11276:11148] W [connect] no configured servers working; no fallback server
2022-05-25T09:53:30.369Z [11276:11148] W [connect] no working servers
2022-05-25T09:53:30.370Z [11276:11148] I [backoff] waiting 77s (40s + 37s skew) after failures: 1
2022-05-25T09:53:30.719Z [11276:11148] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:53:30.720Z [11276:11148] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:53:30.724Z [11276:11148] I The telemetry data is: {"mcs":{"agent":{"cloudPlatform":""},"flags":{"amsi.available":true,"amsi.block-and-clean.enabled":true,"amsi.fastregex.available":true,"behavioral-blocking.available":true,"behavioral-silent.available":true,"behavioral.bms.enabled":true,"boot.modernweb.available":false,"boot.modernweb.block_by_scan":false,"boot.modernweb.block_by_url":false,"boot.modernweb.can_decrypt":false,"boot.sed.runtimeiocsjournal.available":true,"boot.ssp-clean.available":false,"boot.sting20.c2c3detections.enabled":false,"boot.sting20.datalossprevention.enabled":false,"boot.sting20.devicecontrol.enabled":false,"boot.sting20.downloadrepscanning.enabled":false,"boot.sting20.ondemandscanning.enabled":false,"boot.sting20.pejitscanning.enabled":false,"boot.sting20.realtimescanning.enabled":false,"boot.sting20.sscm.enabled":false,"boot.sting20.webcontrol.enabled":false,"boot.sting20.webprotection.enabled":false,"health.threat-services.enabled":true,"hmpa.amsiguard.enforce":true,"hmpa.amsiguard.silent":true,"hmpa.apisetguard.enforce":false,"hmpa.apisetguard.silent":true,"hmpa.branchtracing.enforce":false,"hmpa.branchtracing.silent":true,"hmpa.can-terminate-system-process.available":true,"hmpa.cookieguard.enforce":false,"hmpa.cookieguard.silent":false,"hmpa.credguard.v2.enforce":false,"hmpa.credguard.v2.silent":true,"hmpa.credguardsamreg.enforce":true,"hmpa.credguardsamreg.silent":true,"hmpa.cryptoguard.v5.enforce":true,"hmpa.cryptoguardefs.enforce":true,"hmpa.cryptoguardefs.silent":true,"hmpa.ctfguard.enforce":true,"hmpa.ctfguard.silent":true,"hmpa.heapheaphooray.enforce":true,"hmpa.heapheaphooray.silent":true,"hmpa.heapheaphooray.v2.enforce":true,"hmpa.heapheaphooray.v2.silent":true,"hmpa.ignore-attested.available":false,"hmpa.lockdownautorun.v2.enforce":false,"hmpa.lockdownmemory.v2.enforce":false,"hmpa.lockdownmemory.v2.silent":false,"hmpa.stackpivot.enforce":false,"ips.available":false,"ips.available_win7":false,"ips.filter.inbound":false,"ips.filter.outbound":false,"livequery.network-tables.available":true,"mlwindowsdir.available":true,"pinnedglobalreplocal.available":true,"pinnedglobalrepnetwork.available":true,"repair.available":false,"sav.hips.disabled":true,"scheduled_queries.next":false,"sdds3.ready":false,"sed.multithreaded-hashing.enabled":false,"sed.pseudohandle-events.enabled":false,"sed.stricter-sophos-event-filtering.enabled":false,"sed.tp2020-denyfilelocks-win10.available":true,"sed.tp2020-denyfilelocks-win7-win8.available":true,"sed.tp2020-forcefilesharing-win10.available":true,"sed.tp2020-forcefilesharing-win7-win8.available":true,"sed.tp2020-oplocks-win10.available":true,"sed.tp2020-oplocks-win7-win8.available":false,"sed.tp2020-process-win10.available":true,"sed.tp2020-process-win7.available":true,"sed.tp2020-process-win8.available":true,"sed.tp2021-log-win10.available":true,"sed.tp2021-log-win7-win8.available":true,"sed.tpsafeboot.available":true,"ssp-clean.enabled":false,"ssp.appc.reporting.available":false,"ssp.clear-historian-db-file.enabled":false,"ssp.instant-core-clean-items.available":true,"ssp.multiplefilesubmission.available":true,"ssp.static.postanalysis.available":true,"ssp.submitfilemetadata.available":true,"sting20-pe.enabled":false,"su-setup.available":true,"vdldetections.available":true},"preferredServer":{"server":"","viaProxy":false,"viaMessageRelay":false,"authScheme":0},"pushServer":{"server":"","isConnected":false},"remapper":{}}}
2022-05-25T09:54:47.927Z [11276:11148] I Features have changed
2022-05-25T09:54:47.933Z [11276:11148] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T09:54:47.933Z [11276:11148] I [connect] trying direct connection without a proxy
2022-05-25T09:54:47.933Z [11276:11148] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T09:54:47.934Z [11276:11148] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T09:54:47.936Z [11276:11148] W [connect] no configured servers working; no fallback server
2022-05-25T09:54:47.937Z [11276:11148] W [connect] no working servers
2022-05-25T09:54:47.937Z [11276:11148] I [backoff] waiting 123s (80s + 43s skew) after failures: 2
2022-05-25T09:54:47.940Z [11276:11148] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:54:47.941Z [11276:11148] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:56:51.258Z [11276:11148] I User sessions changed: -(userDomain=DRENSTEINFURT, userName=Administrator, userPrincipalName=administrator@Drensteinfurt.Local, userSid=S-1-5-21-1034961772-4070965263-2153387828-500, state=0, type=0)
2022-05-25T09:56:51.258Z [11276:11148] I Features have changed
2022-05-25T09:56:51.276Z [11276:11148] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T09:56:51.276Z [11276:11148] I [connect] trying direct connection without a proxy
2022-05-25T09:56:51.276Z [11276:11148] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T09:56:51.279Z [11276:11148] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T09:56:51.280Z [11276:11148] W [connect] no configured servers working; no fallback server
2022-05-25T09:56:51.281Z [11276:11148] W [connect] no working servers
2022-05-25T09:56:51.282Z [11276:11148] I [backoff] waiting 174s (160s + 14s skew) after failures: 3
2022-05-25T09:56:51.288Z [11276:11148] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:56:51.289Z [11276:11148] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:57:26.464Z [11276:11636] I Stopping directory change monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming
2022-05-25T09:57:26.465Z [11276: 8856] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming
2022-05-25T09:57:26.465Z [11276: 2632] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming
2022-05-25T09:57:26.476Z [11276: 2352] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming
2022-05-25T09:57:26.478Z [11276:10092] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming
2022-05-25T09:57:26.479Z [11276: 7224] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming
2022-05-25T09:57:26.493Z [11276: 8596] A The service was stopped.
2022-05-25T09:58:30.286Z [ 2728: 2732] A ----------------------------------------------------------------------------------------------------
2022-05-25T09:58:30.290Z [ 2728: 2732] A Starting version 4.15.79.0 of the Sophos MCS Client service.
2022-05-25T09:58:30.291Z [ 2728: 2732] A ----------------------------------------------------------------------------------------------------
2022-05-25T09:58:30.438Z [ 2728: 2804] I The configuration monitor thread was started.
2022-05-25T09:58:30.438Z [ 2728: 2776] I Config: setting 'statusRegulationDelay' set to 60.
2022-05-25T09:58:30.438Z [ 2728: 2776] I Config: setting 'maximumStatusRegulationDelay' set to 300.
2022-05-25T09:58:30.438Z [ 2728: 2776] I Config: setting 'statusTimeToLive' set to 43200.
2022-05-25T09:58:30.438Z [ 2728: 2776] I Config: setting 'responseRegulationDelay' set to 1.
2022-05-25T09:58:30.438Z [ 2728: 2776] I Config: setting 'maximumResponseRegulationDelay' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'errorCountTimeout' set to 300.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'eventRegulationDelay' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'maximumEventRegulationDelay' set to 5.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'maximumAggregatedEvents' set to 32.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'commandPollingInterval' set to 20.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'flagsPollingInterval' set to 14400.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'policyPollingInterval' set to 300.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'policyTimeToLive' set to 345600.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'maximumBackoffCount' set to 10.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'maximumBackoffSeconds' set to 7200.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'randomSkewFactor' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'httpConnectTimeout' set to 30.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'httpSendTimeout' set to 30.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'httpReceiveTimeout' set to 30.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'statusCacheDuration' set to 604800.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'useSystemProxy' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'useAutomaticProxy' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'useDirect' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'diagnosticTrailLocation' set to C:\ProgramData\Sophos\Management Communications System\Endpoint\Trail.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'pushPollRegulationDelayMilliseconds' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'pushMaximumPollRegulationDelayMilliseconds' set to 1.
2022-05-25T09:58:30.439Z [ 2728: 2776] I Config: setting 'pushPingTimeout' set to 90.
2022-05-25T09:58:30.440Z [ 2728: 2776] I Config: setting 'pushFallbackPollInterval' set to 300.
2022-05-25T09:58:30.458Z [ 2728: 2776] I Periodic evaluation interval configured for every 86400 seconds
2022-05-25T09:58:30.459Z [ 2728: 2776] I IsWow64Process2 not available on older platforms
2022-05-25T09:58:30.508Z [ 2728: 2808] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming
2022-05-25T09:58:30.509Z [ 2728: 2816] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming
2022-05-25T09:58:30.509Z [ 2728: 2820] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming
2022-05-25T09:58:30.510Z [ 2728: 2824] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming
2022-05-25T09:58:30.512Z [ 2728: 2812] I Starting Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming
2022-05-25T09:58:30.532Z [ 2728: 2828] I Starting directory change monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming
2022-05-25T09:58:30.534Z [ 2728: 2776] I The Windows event log has been initialized.
2022-05-25T09:58:31.077Z [ 2728: 2776] E Authentication token file is invalid, error: No such node (features)
2022-05-25T09:58:31.081Z [ 2728: 2776] I IsWow64Process2 not available on older platforms
2022-05-25T09:58:31.614Z [ 2728: 2900] I Features have changed
2022-05-25T09:58:31.709Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T09:58:31.710Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T09:58:31.710Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T09:58:31.781Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T09:58:31.783Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T09:58:31.784Z [ 2728: 2900] W [connect] no working servers
2022-05-25T09:58:31.785Z [ 2728: 2900] I [backoff] waiting 61s (40s + 21s skew) after failures: 1
2022-05-25T09:58:38.661Z [ 2728: 2900] E Failed to get the server information from NetServerGetInfo(). Error: 2114
2022-05-25T09:58:38.663Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:58:38.668Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:58:38.687Z [ 2728: 2900] I The telemetry data is: {"mcs":{"agent":{"cloudPlatform":""},"flags":{"amsi.available":true,"amsi.block-and-clean.enabled":true,"amsi.fastregex.available":true,"behavioral-blocking.available":true,"behavioral-silent.available":true,"behavioral.bms.enabled":true,"boot.modernweb.available":false,"boot.modernweb.block_by_scan":false,"boot.modernweb.block_by_url":false,"boot.modernweb.can_decrypt":false,"boot.sed.runtimeiocsjournal.available":true,"boot.ssp-clean.available":false,"boot.sting20.c2c3detections.enabled":false,"boot.sting20.datalossprevention.enabled":false,"boot.sting20.devicecontrol.enabled":false,"boot.sting20.downloadrepscanning.enabled":false,"boot.sting20.ondemandscanning.enabled":false,"boot.sting20.pejitscanning.enabled":false,"boot.sting20.realtimescanning.enabled":false,"boot.sting20.sscm.enabled":false,"boot.sting20.webcontrol.enabled":false,"boot.sting20.webprotection.enabled":false,"health.threat-services.enabled":true,"hmpa.amsiguard.enforce":true,"hmpa.amsiguard.silent":true,"hmpa.apisetguard.enforce":false,"hmpa.apisetguard.silent":true,"hmpa.branchtracing.enforce":false,"hmpa.branchtracing.silent":true,"hmpa.can-terminate-system-process.available":true,"hmpa.cookieguard.enforce":false,"hmpa.cookieguard.silent":false,"hmpa.credguard.v2.enforce":false,"hmpa.credguard.v2.silent":true,"hmpa.credguardsamreg.enforce":true,"hmpa.credguardsamreg.silent":true,"hmpa.cryptoguard.v5.enforce":true,"hmpa.cryptoguardefs.enforce":true,"hmpa.cryptoguardefs.silent":true,"hmpa.ctfguard.enforce":true,"hmpa.ctfguard.silent":true,"hmpa.heapheaphooray.enforce":true,"hmpa.heapheaphooray.silent":true,"hmpa.heapheaphooray.v2.enforce":true,"hmpa.heapheaphooray.v2.silent":true,"hmpa.ignore-attested.available":false,"hmpa.lockdownautorun.v2.enforce":false,"hmpa.lockdownmemory.v2.enforce":false,"hmpa.lockdownmemory.v2.silent":false,"hmpa.stackpivot.enforce":false,"ips.available":false,"ips.available_win7":false,"ips.filter.inbound":false,"ips.filter.outbound":false,"livequery.network-tables.available":true,"mlwindowsdir.available":true,"pinnedglobalreplocal.available":true,"pinnedglobalrepnetwork.available":true,"repair.available":false,"sav.hips.disabled":true,"scheduled_queries.next":false,"sdds3.ready":false,"sed.multithreaded-hashing.enabled":false,"sed.pseudohandle-events.enabled":false,"sed.stricter-sophos-event-filtering.enabled":false,"sed.tp2020-denyfilelocks-win10.available":true,"sed.tp2020-denyfilelocks-win7-win8.available":true,"sed.tp2020-forcefilesharing-win10.available":true,"sed.tp2020-forcefilesharing-win7-win8.available":true,"sed.tp2020-oplocks-win10.available":true,"sed.tp2020-oplocks-win7-win8.available":false,"sed.tp2020-process-win10.available":true,"sed.tp2020-process-win7.available":true,"sed.tp2020-process-win8.available":true,"sed.tp2021-log-win10.available":true,"sed.tp2021-log-win7-win8.available":true,"sed.tpsafeboot.available":true,"ssp-clean.enabled":false,"ssp.appc.reporting.available":false,"ssp.clear-historian-db-file.enabled":false,"ssp.instant-core-clean-items.available":true,"ssp.multiplefilesubmission.available":true,"ssp.static.postanalysis.available":true,"ssp.submitfilemetadata.available":true,"sting20-pe.enabled":false,"su-setup.available":true,"vdldetections.available":true},"preferredServer":{"server":"","viaProxy":false,"viaMessageRelay":false,"authScheme":0},"pushServer":{"server":"","isConnected":false},"remapper":{}}}
2022-05-25T09:59:39.926Z [ 2728: 2900] I The configuration has changed. Reloading settings.
2022-05-25T09:59:39.927Z [ 2728: 2900] I Features have changed
2022-05-25T09:59:39.940Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T09:59:39.940Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T09:59:39.940Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T09:59:39.942Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T09:59:39.952Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T09:59:39.953Z [ 2728: 2900] W [connect] no working servers
2022-05-25T09:59:39.954Z [ 2728: 2900] I [backoff] waiting 131s (80s + 51s skew) after failures: 2
2022-05-25T09:59:39.958Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T09:59:39.959Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:01:51.127Z [ 2728: 2900] I User sessions changed: +(userDomain=DRENSTEINFURT, userName=Administrator, userPrincipalName=administrator@Drensteinfurt.Local, userSid=S-1-5-21-1034961772-4070965263-2153387828-500, state=0, type=0)
2022-05-25T10:01:51.128Z [ 2728: 2900] I Features have changed
2022-05-25T10:01:51.149Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T10:01:51.149Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T10:01:51.149Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T10:01:51.152Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T10:01:51.154Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T10:01:51.155Z [ 2728: 2900] W [connect] no working servers
2022-05-25T10:01:51.156Z [ 2728: 2900] I [backoff] waiting 294s (160s + 134s skew) after failures: 3
2022-05-25T10:01:51.162Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:01:51.164Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:06:45.378Z [ 2728: 2900] I Features have changed
2022-05-25T10:06:45.397Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T10:06:45.397Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T10:06:45.397Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T10:06:45.400Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T10:06:45.402Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T10:06:45.404Z [ 2728: 2900] W [connect] no working servers
2022-05-25T10:06:45.405Z [ 2728: 2900] I [backoff] waiting 371s (320s + 51s skew) after failures: 4
2022-05-25T10:06:45.411Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:06:45.412Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:12:56.815Z [ 2728: 2900] I Features have changed
2022-05-25T10:12:56.833Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T10:12:56.833Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T10:12:56.833Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T10:12:56.836Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T10:12:56.837Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T10:12:56.838Z [ 2728: 2900] W [connect] no working servers
2022-05-25T10:12:56.840Z [ 2728: 2900] I [backoff] waiting 1016s (640s + 376s skew) after failures: 5
2022-05-25T10:12:56.845Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:12:56.847Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:29:53.355Z [ 2728: 2900] I Features have changed
2022-05-25T10:29:53.397Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T10:29:53.397Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T10:29:53.397Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T10:29:53.398Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T10:29:53.414Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T10:29:53.415Z [ 2728: 2900] W [connect] no working servers
2022-05-25T10:29:53.431Z [ 2728: 2900] I [backoff] waiting 2007s (1280s + 727s skew) after failures: 6
2022-05-25T10:29:53.518Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T10:29:53.519Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T11:03:21.233Z [ 2728: 2900] I Features have changed
2022-05-25T11:03:21.252Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T11:03:21.252Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T11:03:21.252Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T11:03:21.254Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T11:03:21.257Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T11:03:21.258Z [ 2728: 2900] W [connect] no working servers
2022-05-25T11:03:21.259Z [ 2728: 2900] I [backoff] waiting 2585s (2560s + 25s skew) after failures: 7
2022-05-25T11:03:21.265Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T11:03:21.267Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T11:46:27.218Z [ 2728: 2900] I Features have changed
2022-05-25T11:46:27.237Z [ 2728: 2900] I [connect] trying server mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com/.../ep
2022-05-25T11:46:27.237Z [ 2728: 2900] I [connect] trying direct connection without a proxy
2022-05-25T11:46:27.237Z [ 2728: 2900] I GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../ep
2022-05-25T11:46:27.240Z [ 2728: 2900] E Request failed: WinHttpSendRequest failed: Die Serververbindung konnte nicht hergestellt werden. (12029)
2022-05-25T11:46:27.242Z [ 2728: 2900] W [connect] no configured servers working; no fallback server
2022-05-25T11:46:27.243Z [ 2728: 2900] W [connect] no working servers
2022-05-25T11:46:27.244Z [ 2728: 2900] I [backoff] waiting 8123s (5120s + 3003s skew) after failures: 8
2022-05-25T11:46:27.250Z [ 2728: 2900] W Retrieving the 'Authority' policy 'deviceId' value failed with error: Failed to retrieve size of registry value deviceId: Das System kann die angegebene Datei nicht finden.
2022-05-25T11:46:27.251Z [ 2728: 2900] W Retrieving the 'Authority' policy 'tenantId' value failed with error: Failed to retrieve size of registry value tenantId: Das System kann die angegebene Datei nicht finden.
2022-05-25T12:39:28.496Z [ 2728: 2828] I Stopping directory change monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\LiveQueryScheduled\Incoming
2022-05-25T12:39:28.498Z [ 2728: 2808] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\APPWL\Incoming
2022-05-25T12:39:28.499Z [ 2728: 2812] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\EDR\Incoming
2022-05-25T12:39:28.500Z [ 2728: 2816] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\FIM\Incoming
2022-05-25T12:39:28.500Z [ 2728: 2820] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\ForensicSnapshot\Incoming
2022-05-25T12:39:28.501Z [ 2728: 2824] I Stopping Channel monitor for: C:\ProgramData\Sophos\Management Communications System\Endpoint\Channels\RCA\Incoming
2022-05-25T12:39:28.598Z [ 2728: 2732] A The service was stopped.
The initial registration in Sophos Central works. I can see said system in the Cloud Management Interface.
The Firewall Rules on our local Firewall allows the client to accesss all Sophos URLs. Also i can resolve all URLs stated in the log from said system.
Any help would be appriciated.
Thanks
This thread was automatically locked due to age.