This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forcing agent check-in when the agent is no longer in the portal

Greetings,

I am running in to an issue where there are a few dozen remote endpoints which are active but not present on the portal. I need to get the clients checking back in, but everything I have found which should readily work either requires physical interaction with an advanced startup or will require the tamper protection, which I do not have as the endpoints are not in the portal.

I have confirmed I am looking at the correct tenant for each endpoint, so they're not sitting in the wrong locations. It's possible to get on-site for these devices, but it would be a much better use of time to be able to get them to check in remotely. Remote access to the endpoints is not an issue.

Thank you for any potential insight into this.

Andrew



This thread was automatically locked due to age.
Parents
  • Hi Andrew,

    Thanks for reaching out.

    I'd suggest checking if you can find the affected devices listed under "Logs & Reports > Recover Tamper Protection passwords". 

    There is also an additional drop-down menu in Sophos Central which will state "Recently online" by default. If you change this to "All" do you see the devices in the list?

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Kushal,

    Thanks for the response.

    I had checked the tamper protection recovery. Unfortunately, it looks like the agents are outside the 90-day window. I also had the "all computers" filter enabled, so there was nothing keeping them from showing up if they were on the account.

    I also verified the client ID on the affected devices to verify they are configured to be in the correct tenant, as well as pulled their endpoint IDs and tried manually navigating to them by replacing the ID of an existing endpoint in the tenant portal. This, unfortunately, did not work.

    Andrew

  • The checks you've performed here are the same ones I would have suggested. If the devices are outside of the 90 day period Sophos Central retains data for, Tamper Recovery may be the only option. 

    Once the recovery process is complete, you can instead run "SophosSetup.exe --registeronly" as opposed to doing a full uninstall and re-install, which may help speed things up to some degree.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Kushal,

    Can this be done entirely remotely? It's my understanding the tamper recovery requires booting into advanced startup for part of it which I would love to avoid since that would mean either user interaction or my being on-site.

    Andrew

Reply Children