Macs showing offline

Hello Matt,

so the Macs just moved from the group they were in before (which one?) to the correct synced group and turned unmanaged? Don't have Macs in AD so can't say how sync behaves with Macs, but I don't think that the move should break communications.

For a start, you could open the file ReportData.xml (use Spotlight or look in MacHD/Library/Logs/SophosMessageRouter/NetworkReport) in Safari and check for errors.

Christian

Hi,  The actual container in the console never changed so in theory the Macs were never moved in the console to a new location.

I basically had a folder with the macs in, right clicked and synced with the mac folder in AD and they became un-managed.

I will try and jump on a mac when I get 2mins and see if I can find that report.

Thanks

Hello Matt,

you've probably checked that they don't "also" appear elsewhere (i.e. the Unassigned group)? BTW - which console version?

in theory the Macs were never moved in the console to a new location

:smileyhappy: that's why theories are called theories. Note that if you Synchronize with AD the syncpoint is not "applied" to the group but you are "just" taken to a selection dialog with the group pre-selected (IMO the behaviour is somewhat dangerous but more about this another time). Everything in the existing group is then "kicked out" (i.e. moved to the Unassigned group) and then the structure and computers are imported. In case the computers were already protected the newly imported computers should then be matched and merged with their kicked-out incarnations (this, let me put it this way, didn't work perfectly at the time AD Sync was introduced and the logic has been changed several times - that's why I asked about the SEC version).

Christian 

Hi,

They are def not in unassigned, although there is on mac machine in unassigned and thats working with no problems.

We are using SEC 4.7.0.13 - its a little old but it was working with no problems

Cheers

I have managed to jump on a mac anc check the reportdata.xml and that says there are no errors to report :(

Hello Matt,

so the management server is shown under Current parent address? Somewhat strange that the clients don't show in the console. Well, I'd take a look at the client's router logs (in the parent directory of NetworkReport) - they should show the exchange between client and server. The corresponding logs on the server are in %ProgramData%\Sophos\Remote Management System\3\Router\Logs, also the Msgn logs in %ProgramData%\Sophos\Sophos Endpoint Management\4.7\log give a compact view of the messages passed from/to the clients - if there is no trace of the Macs then communication is likely the problem (i.e. the management server does not receive the status). 

Christian

There seems to only be one mac that is showing up in the logs but even that mac is showing as unmanaged in the SEC...

Hello Matt,

one mac that is showing up in the logs

The Msgn logs or the Router logs? At least the Mac in Unassigned should show (if it is actually listed with current details).

As said, I'd start at the clients. Apart from looking at the logs you can verify that the clients can contact the server (they have done so before and sync shouldn't break it but it's worth checking). Open a Terminal window and telnet <server> 8192. <server> should be the Current parent address from ReportData.xml (if there is one) or any of the Parent addresses. You should get a response starting with IOR:.

Another thought - what happens if you remove the synchronization?

Christian