Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 7358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Still getting yellow alert after reinstalling client on win server 2016. Updates are happening regularly. I'm not sure what I'm missing.

CharmingYeti

I have a server (windows server 2016) that is stating it has been "inactive for 2+ months".  It is receiving regular updates.  I have uninstalled and reinstalled the client.  I am still receiving the yellow (!) alert.  I have looked at the logs and don't see anything obvious.  Anyone have any insight??



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I assume this is a Central Managed Endpoint.

    I would start by confirming the endpoint id is correct just to prove that's not out of alignment.  

    When you click on the server in Central to view it's details, the URL will start:

    https://cloud.sophos.com/manage/server/devices/servers/ 

    The next part of the URL is the machine id.  If you look on the client, in either the Endpoint Self Help tool (Can get to it from the About page of the endpoint UI or just search in the Start menu for Endpoint Self...) or open up "C:\programdata\sophos\management communication system\endpoint\persist\endpointidentity.txt", you should find this same GUID.

    Once that is checked out you're checking that the client is sending status messages.  The best source there is the MCSAgent and MCSClient log files of MCS.

    https://community.sophos.com/kb/en-us/119626

    The Endpoint Self Help utility installed on the endpoint will perform some basic checks, but you're really looking for errors in the above logs.

    Regards,

    Jak

     

  • 0 in reply to jak

    Hey Jak,

    Yes, sorry about that.  It's for Sophos Central.  The issue seems to have resolved.  I'm believe it may have been the mismatched machine id. Upon further review, it seems the machine was rebuilt without my knowledge.  Version 1 of the server was never removed from Sophos Central.  I deleted the server out of Sophos Central then manually removed the Sophos components from the server.  Once that was complete, I manually installed the most recent Server install on the server.  It took a bit, but now the machine is reporting back correctly.  Am I misguided in my thought?

  • +1 in reply to CharmingYeti

    When you deploy to the client, the first thing to install is MCS, the initial step is for MCS to register with Central at which point it gets an identity.

    You can see this referenced in the MCS Client log.

    Unless you have the MCS logs from before I'm not sure we can say what might have happened.

    Regards,

    Jak

Reply
  • +1 in reply to CharmingYeti

    When you deploy to the client, the first thing to install is MCS, the initial step is for MCS to register with Central at which point it gets an identity.

    You can see this referenced in the MCS Client log.

    Unless you have the MCS logs from before I'm not sure we can say what might have happened.

    Regards,

    Jak

Children
No Data
Unfiltered HTML