The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article explains how to troubleshoot the most common problems which can occur with the Sophos Management Communication System used with SophosCloud Managed installer.
Applies to the following Sophos product(s) and version(s) Sophos CloudSophos Cloud Managed Endpoint
Step 1 Checking Internet Connection.
When the Sophos Cloud installer is run on the endpoint at Step 1 of the installation process, a check is made to make sure there is an Internet Connection.
An Internet Connection is required so the endpoint can register and communicate with SophosCloud, then download and update as part of the installation.
If you encountered issues at this stage where no Internet Connection is found, try the following:
Step 5 Registering with the server
At Step 5 of the installation process the endpoint will attempt to register using Sophos Management Communication to the Sophos Cloud broker.
A symptom of the Endpoint failing to register is that primary update location shows no configured address or username/password details (to check open Sophos Endpoint Security and Control and click on 'Configure Updating'). Example:
If there is an issue with the registration, try the following:
Checking Firewall access
Access to Sophos Cloud broker
Open the config.xml with notepad and verify the server address listed. The address will look something like: mcs-amzn-eu-west-1-b844.upe.p.hmr.sophos.com/sophos/management/ep/.) We need to confirm whether the endpoint can access the address listed in the config.xml by checking following:
<?xml version="1.0" ?> <ns:server xmlns:ns="http://www.sophos.com/xml/mcs/server" schemaVersion="1.0" preferredProtocolVersion="1.0" />
Checking Log Files
Symptoms of a communication issue.
If an endpoint is online and connected to the Internet but shows an incorrect 'Online' time within the Sophos Cloud 'Logs & Reports' section for 'Computers' and 'Users', this indicates there is likely to be an issue with Sophos Management Communication System (MCS) communicating to the Sophos Cloud Broker. In this example the endpoint shows it was online 5 days ago, however the endpoint is online and connected to the Internet currently. (Click to enlarge)
If you have an existing installation of the Sophos Cloud Managed endpoint installed, which was working but is now experiencing issues with communication to the Sophos Cloud. try the following:
2013-07-17T15:25:58.929Z [ 2664] INFO CommandHandler::GetCommands About to send the request to the server. 2013-07-17T15:25:58.929Z [ 2664] INFO HttpServerImpl::SendRequest The HTTP request was initiated successfully. 2013-07-17T15:25:58.976Z [ 4072] INFO HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 0. 2013-07-17T15:25:58.976Z [ 4072] INFO CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 0.
2013-07-22T07:32:28.118Z [ 3868] INFO CommandHandler::GetCommands About to send the request to the server. 2013-07-22T07:32:28.118Z [ 3868] INFO HttpServerImpl::SendRequest The HTTP request was initiated successfully. 2013-07-22T07:32:28.212Z [ 1744] INFO HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 200. 2013-07-22T07:32:28.212Z [ 1744] INFO CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 200.
HTTP result code 200
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.