Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 296 replies
  • Subscribers 48 subscribers
  • Views 727527 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

Bianson

**Update 9** Root cause analysis KBA has been published: see knowledge base article for the latest.

**Update 8** As part of a routine database maintenance task customers may notice a few intermittent install and policy rendering failures. Please retry before contacting support. 7/17/2017 8:00 AM PST

**UPDATE 7** Some customers may notice a few intermittent install failures, please retry before contacting Sophos Support. 7/14/2017 2:00 PM PST

**UPDATE 6** Installations are being processed normally, service is restored. Please re-download installer from Central. 7/14/2017 9:00 AM PST

**UPDATE 5** Installations are now working as of July 13, 2017 19:00 UTC-5. See knowledge base article for the latest.

**UPDATE 4** New installs likely to still fail. http://centralstatus.sophos.com/#!/ has latest update. 

**UPDATE 3** System is now processing backlogs. Please see last updates here.

**UPDATE 2** Issue is ongoing, apologies. Impacts all areas within Central that rely on MCS communication between client and Central. 7/13/2017 8:00 AM PST

**UPDATE** Development has identified root cause and is working on a fix. 

Hello,

We are seeing delays with policy changes and enforcement in Sophos Central (US-West region) as well as installation failures due to inability of new endpoint installations to initially register. Our engineers are working to restore latency. Please note your endpoints remain protected. Updates will be provided on this thread.

KBA: https://community.sophos.com/kb/en-us/126477

Thank you,

Bob



This thread was automatically locked due to age.
Parents

  • Why am I seeing the "One or more Sophos services are missing or not running" error message so often now?  I would really like a reason for this. 

    Is this message accurate? and if so, why are these services 'missing or not running'? I've checked on occasion and services 'appear' to be running.

     

     

     

  • in reply to LRB

    Lance, if you go into services on your Windows machine, you will probably find that the Sophos Antivirus service has disappeared (90% of this issue) - or that all the Sophos services have been set to disabled , but you can't set them to manual or automatic (you get a denied message) even if you are an admin on the box. You can't uninstall as tamper protection is enabled but you can't update the machines policy to disable tamper protection because it won't connect to the cloud to update the policies, which don't work all the well even when all the services are enabled and not missing

  • in reply to Howiedog

    Howiedog - we had this same issue happen to us earlier this week.  Support did not even know it was happening and had no explanation.  After a day and a half it fixed itself, but like the RCA, we will probably never be given any real details on why these things keep happening.  Hopefully it clears up for you soon.

  • in reply to K_M

    Ok..this AM I can again manage my endpoints, so whatever the issue was seems to be good today.

    I have another question for us all: Laptops. For us,  these are often "off line" for periods of time. (eg:2 weeks >>)

    Granted its an Event, but is there a way to remove the BIG YELLOW exclamation mark because of inactivity??

    Its just annoying to log into console and see all these road signs glaring at you day in day out.

     

  • in reply to K_M

    Same question.....can I stop these Yield Signs for appearing for devices that are purposely OFF-LINE for periods of time?? These are NOT ERRORs, it's only a state.

     

    One more thing. If I get one more email about services not running or missing I am going to scream.

    Can I turn this email alert OFF. I want these gone out of my INBOX NOW!! 

  • in reply to Howiedog

    I agree with   This is insane Sophos - why is it so hard to get your alerting working correctly?

  • in reply to Sure Win

    Sure Win,

    I asked 6 days ago with no reply still. In the KB that explained this issue it was said: "We have conducted a detailed review of the incident and have created a plan to improve operations and prevent this kind of issue in the future." Can you detail out to us the plan to improve your operations and how you're going to prevent this kind of issue in the future?

  • in reply to Karlos

    Karlos,

     

    Please review the questions in this thread. We need things to stop happening.....NOW!

  • in reply to Trevor Karppi

    Hi  We are going to have Chris Patel respond to this request on what plan is created to improve operations. It'll likely be posted in the other thread.  https://community.sophos.com/products/sophos-central/f/sophos-central/96889/rca-for-sophos-central-incident---late-july-early-august 

  • in reply to Howiedog

    Hey  

    Unfortunately there is no way to remove yield signs from appearing besides devices that are intentionally off. You can simply mark those devices as acknowledged so they no longer appear on your Alerts list.

    Also, at this time, email alerts on Central can not be disabled. But you can submit a vote for this feature request here.

    Regarding the notification about services not running or missing, are they actually missing/not running? If the services are recovered, the issue is a cosmetic one and there is a plan to release a fix in mid-November to suppress these alerts & emails being sent out. 

    If they are actually missing/not running, please have a read at our KB article: Sophos Endpoint Self Help - Services

    Thanks,
    Karlos

  • in reply to Karlos

    Re: Services running / not running - honestly I get so many now, I would just checking all day long to see if services are running or not. 

     

    Yesterday I found a Intercept X (HMPro) service not running on a couple computers - Why? Who knows. This leaves me unprotected and its not good enough. 

Reply
  • in reply to Karlos

    Re: Services running / not running - honestly I get so many now, I would just checking all day long to see if services are running or not. 

     

    Yesterday I found a Intercept X (HMPro) service not running on a couple computers - Why? Who knows. This leaves me unprotected and its not good enough. 

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?