Sophos NDR "bootlooping"

Question

Hello Community, 
 
 i have two NDR VMs active at two locations. 
 Now one of them works just fine, capturing packets from our network switches and uploading them to Sophos Central. 
 
 The other one also captures packets just fine, but doesn't want to start after a reboot. 
 Booting into the Ubuntu OS work fine but the VA fails to start, showing the startup checklist, trying to reinstall the Machine Learning and NDR detection Pod and jumping back to the Ubuntu startup screen, only to get back to the startup checklist and doing it all over again. 
 
 I left it running for 30 minutes but it keeps running in circles. 
 This already happened with a previous iteration of the VM, after which i deleted and rebuild the NDR integration for that site. 
 
 I doubt its a Hardware problem, as both sites' VMs are running on the same Hardware configuration on VMware ESXi 6.7.0 Hosts

Qoosh · Accepted Answer

Hi Thorben , 
 Thanks for reaching out to the Sophos Community Forum. I've moved your post over to the NDR Community channel as it is a better fit for your question. 
 I suggest checking the logs at " podLogs/cloud-agent-<container id>.txt ". Let me know if there are any authentication errors present. 
 You can also try verifying that the following protocols are not being blocked on the system/network. - DHCP (if this was selected in Central when creating the VM) - NTP - DNS - HTTP - HTTPS 
 Please also ensure that web filtering is not being performed on the following domains. a. sophos.com b. archive.ubuntu.com c. ntp.ubuntu.com d. baltocdn.com e. sophossecops.jfrog.io f. docker.io g. amazon.com , amazonaws.com

Sophos NDR "bootlooping"

Top Replies