Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 12 subscribers
  • Views 9015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forcing agent check-in when the agent is no longer in the portal

Andrew Caples

Greetings,

I am running in to an issue where there are a few dozen remote endpoints which are active but not present on the portal. I need to get the clients checking back in, but everything I have found which should readily work either requires physical interaction with an advanced startup or will require the tamper protection, which I do not have as the endpoints are not in the portal.

I have confirmed I am looking at the correct tenant for each endpoint, so they're not sitting in the wrong locations. It's possible to get on-site for these devices, but it would be a much better use of time to be able to get them to check in remotely. Remote access to the endpoints is not an issue.

Thank you for any potential insight into this.

Andrew



This thread was automatically locked due to age.
Parents
  • 0

    Hi Andrew,

    Thanks for reaching out.

    I'd suggest checking if you can find the affected devices listed under "Logs & Reports > Recover Tamper Protection passwords". 

    There is also an additional drop-down menu in Sophos Central which will state "Recently online" by default. If you change this to "All" do you see the devices in the list?

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Kushal,

    Thanks for the response.

    I had checked the tamper protection recovery. Unfortunately, it looks like the agents are outside the 90-day window. I also had the "all computers" filter enabled, so there was nothing keeping them from showing up if they were on the account.

    I also verified the client ID on the affected devices to verify they are configured to be in the correct tenant, as well as pulled their endpoint IDs and tried manually navigating to them by replacing the ID of an existing endpoint in the tenant portal. This, unfortunately, did not work.

    Andrew

  • +1 in reply to Andrew Caples

    The checks you've performed here are the same ones I would have suggested. If the devices are outside of the 90 day period Sophos Central retains data for, Tamper Recovery may be the only option. 

    Once the recovery process is complete, you can instead run "SophosSetup.exe --registeronly" as opposed to doing a full uninstall and re-install, which may help speed things up to some degree.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply Children
Unfiltered HTML