401 errors following the deletion of a computer in Sophos Cloud

  • Artikel-ID: 120281
  • Aktualisiert: 14 Mrz 2014

Issue

A Sophos Cloud managed endpoint that has been deleted by the administrator in Sophos Cloud goes on to show 401 errors in the McsClient.log file.  The example log file below shows a client that was successfully communicating (response code 200) before being deleted; after which the client receives a 401.

[Timestamp] [Thread] INFO HttpServerImpl::SendRequest The HTTP request was initiated successfully.
[Timestamp] [Thread] INFO HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 200.
[Timestamp] [Thread] INFO CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 200.
[Timestamp] [Thread] INFO CommandHandler::AcknowledgeCommands The command handler is about to acknowledge commands.
[Timestamp] [Thread] INFO CommandHandler::AcknowledgeCommands There are no commands to acknowledge.
[Timestamp] [Thread] INFO CommandHandler::GetCommands The command handler is about to get commands from the server.
[Timestamp] [Thread] INFO PersistentList::Load About to load items from persistent storage in C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\Adapters.
[Timestamp] [Thread] WARN HttpServerImpl::GetAutomaticProxies Failed to get the automatic proxy configuration. The error code was 0.
[Timestamp] [Thread] INFO CommandHandler::GetCommands About to send the request to the server.
[Timestamp] [Thread] INFO HttpServerImpl::SendRequest The HTTP request was initiated successfully.
[Timestamp] [Thread] INFO HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 401.
[Timestamp] [Thread] INFO CommandHandler::HttpCallback The HTTP callback was called with the HTTP result code 401.
[Timestamp] [Thread] INFO EndpointIdentity::Unauthorized An HTTP status 401, unauthorized, response has been received.
[Timestamp] [Thread] WARN EndpointIdentity::Unauthorized The server has instructed the client to reregister.
[Timestamp] [Thread] INFO EndpointIdentity::LoadRegistrationToken The registration token could not be loaded, or is invalid.
[Timestamp] [Thread] INFO EndpointIdentity::Register The endpoint identity manager is about to register with the server.
[Timestamp] [Thread] WARN HttpServerImpl::GetAutomaticProxies Failed to get the automatic proxy configuration. The error code was 0.
[Timestamp] [Thread] INFO EndpointIdentity::Register About to send the request to the server.
[Timestamp] [Thread] INFO HttpServerImpl::SendRequest The HTTP request was initiated successfully.
[Timestamp] [Thread] INFO HttpServerImpl::HttpEventInstanceCallback The HTTP request completed with status 401.
[Timestamp] [Thread] INFO EndpointIdentity::HttpCallback The HTTP callback was called with the HTTP result code 401.
[Timestamp] [Thread] ERROR EndpointIdentity::HttpCallback 2034: Failed to register with the server. The request was rejected.

You will also see in the Windows Application event log, event IDs 8006 and 8007 reported from the source 'Sophos Management Communications System'.  The text of these messages is as follows:

  • Event ID 8006 (Error):
    The Sophos Management Communications System client service failed to register with the server. The client service will wait until a new registration token is available before attempting to register again.
  • Event ID 8007 (Warning):
    The Sophos Management Communications System client service has been told by the server that it must register again. The client service might have to wait for a new registration token.

First seen in

Sophos Cloud

Cause

This is expected behavior based on deleting a client in Sophos Cloud. 

What To Do

If you wish to restore management of the computer you will need to re-run the appropriate SophosInstall.exe on the computer.  

If you are no longer looking to manage this computer by Sophos Cloud it is recommended that you uninstall Sophos client software from the computer.

Note: To perform an uninstall you may need to obtain the Tamper Protection password from your administrator in order to disable tamper protection in Sophos Anti-Virus before uninstalling.



 
Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend

Anmerkungen