Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 2700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some Mac OSX end point devices unmanaged

Andy Anderson

Hi, I have a problem at the moment where some Mac OSX laptops which have Sophos installed from our \\**-**\SophosUpdate\CIDs\S000\ESCOSX location are appearing unmanaged in SEC.

 

I've seen other forum threads re: the same issue but none of the solutions provided have managed to sort my issue. The only way I can find this particular device I need is through "Discover with Active Directory", it doesn't seem to find the devices via IP Range or on the network.

I've un-installed and re-installed numerous times, I've checked the ReportData.xml file against another Mac that I know is working and I've tested to make sure both port 8192 & 8194 are both open on the end point machine and the server hosting Sophos which they are.

 

As you may see from the screenshot, the it-mbp is unmanaged, neither online nor offline and the other macs and fine.

Any hints or tips to have this Mac show up properly on SEC? It installs Sophos no problems and is updating fine, just not managed.

 

Thanks



This thread was automatically locked due to age.
  • 0

    Hello Andy Anderson,

    are appearing unmanaged
    first and foremost a (not so) few words about managed vs. unmanaged and the meaning of connected and disconnected as these states are sometimes misconceived:

    • managed means that an endpoint has at some time successfully registered with the server (it does not imply though that communication between endpoint and server is possible or at least that RMS is still installed)
    • unmanaged means that certain information about a computer object has been obtained from an external source - depending on the method it could mean that a computer and a means of contacting it existed at the time of discovery or it could simply be an arbitrary collection of attributes (e.g. when imported from a file)
    • connected means that there is an active RMS connection from endpoint to server (strictly speaking that one existed at Last message time)
    • disconnected means that a previous connection has orderly been taken down

    Apparently the endpoint has never successfully registered. I've checked the ReportData.xml file against another Mac - and you should have observed that they are different, haven't you? I've tested to make sure both port 8192 & 8194 are both open - how did you test? it doesn't seem to find the devices via IP Range or on the network while discovery doesn't use these two ports it looks like server and endpoint can't reach each other. How did you install - mounting the CID and copying the installer or from a package?

    Please check (or post them if necessary) the Router logs /Library/Logs/SophosMessageRouter/, they should tell why the registration fails.

    Christian

Unfiltered HTML