One or more clients persistently report to Enterprise Console 'Awaiting policy transfer' for the Device Control policy

  • Article ID: 65502
  • Rating:
  • 7 customers rated this article 1.7 out of 6
  • Updated: 19 Jun 2012

Issue
This can happen in the following scenarios:

  1. A new Device Control policy is created and endpoints are currently using the 'Default' Device Control policy.
  2. An Enterprise Console group ('Group1') is assigned a device control policy ('PolicyA'). 'PolicyA' is then duplicated in Enterprise Console resulting in all computers in 'Group1' showing as 'Awaiting policy transfer'.

This has been logged as DEF49953.

Known to affect the following Sophos products and versions 

Enterprise Console 4.0.0

What to do

Short Term workaround

In Enterprise Console you can manually make the client computers comply with the Device Control policy. However, if the scenarios mentioned above reoccur then the same problem will arise again.

Long Term

  1. Create a copy of the ‘Default’ Device Control policy and duplicate new Device Control policies from that.
  2. Do not use the 'Default' Device Control policy if you intend creating multiple Device Control policies.
  3. Do not duplicate from policies that are in use.
Technical Details

Whenever a device control policy is copied, the revision id of the original policy is updated and becomes mismatched with the revision id the endpoint is reporting. This results in Enterprise Console displaying 'Awaiting policy transfer'. The bug is in Sophos.Management.DeviceControl.dll and was fixed in Enterprise Console version 4.5.The problem experience in Scenario 1 mentioned above occurs because new policy is copied from 'Default' policy.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments