Forcing agent check-in when the agent is no longer in the portal

Hi Andrew,

Thanks for reaching out.

I'd suggest checking if you can find the affected devices listed under "Logs & Reports > Recover Tamper Protection passwords". 

There is also an additional drop-down menu in Sophos Central which will state "Recently online" by default. If you change this to "All" do you see the devices in the list?

Kushal,

Thanks for the response.

I had checked the tamper protection recovery. Unfortunately, it looks like the agents are outside the 90-day window. I also had the "all computers" filter enabled, so there was nothing keeping them from showing up if they were on the account.

I also verified the client ID on the affected devices to verify they are configured to be in the correct tenant, as well as pulled their endpoint IDs and tried manually navigating to them by replacing the ID of an existing endpoint in the tenant portal. This, unfortunately, did not work.

Andrew

The checks you've performed here are the same ones I would have suggested. If the devices are outside of the 90 day period Sophos Central retains data for, Tamper Recovery may be the only option. 

Once the recovery process is complete, you can instead run "SophosSetup.exe --registeronly" as opposed to doing a full uninstall and re-install, which may help speed things up to some degree.

Kushal,

Can this be done entirely remotely? It's my understanding the tamper recovery requires booting into advanced startup for part of it which I would love to avoid since that would mean either user interaction or my being on-site.

Andrew

Accessing a device when booted into advanced startup is not possible without a KVM or similar solution. 

Accessing a device when booted into advanced startup is not possible without a KVM or similar solution. 

Unfortunate. Well, there's my answer, I guess. Thanks for the clarification!