01-10-2019 06:37 AM - edited 02-20-2020 09:07 PM
We are seeing several endpoints not checking in or receiving definition updates after being updated to connector version 6.2.3.10814. There is nothing unique about these machines in our environment.
The last 3 events for these machines are as follows:
endpoint started a product update
endpoint is currently unprotected. A reboot is required to finish the update and restore Connector protection.
endpoint requested a reboot
After rebooting, the machines do not check in and the last seen date is when the connector was updated. Subsequent reboots have no effect. Is there a way to force these machines to check in or force an update?
Thanks
01-10-2019 06:50 AM
Hello phonehome
After the reboot, does it reflects the latest connector version and is the connector status is still showing as connected or disconnected in the endpoint?A diagnostic support file from any of the endpoint would be helpful to verify the definition update logs to know more about the issue. As per my knowledge there is no force way of updating tetra definitions.
Also, can you verify if there is any connection break towards the tetra definition update server based on the cloud that you have registered with? Based on the server address you can even run a wireshark capture and leave it for a day in any of the endpoint client to see if there is any connection break. You can filter the packet capture and it will help you to confirm if the communication is successful or not.
Let me know if you have any queries on same.
Regards
Jetsy
01-10-2019 06:58 AM
Hello phonehome
As a quick step to check the successful communication, you can try running the following from any of the endpoint cmd.
C:\Program Files\Cisco\AMP\X.X.X\connectivitytool.exe
Once you run the script, it will generate a log file which is connectivitytool.exe.log on which you can check the connection status.
But this will not help you if the connection break is happening intermittently.
Regards
Jetsy
01-14-2019 09:26 AM
I've spot checked a few machines and it looks like the AMP service did not start after the update and reboot. The service was set to automatic start up so not sure why this would happen. Any idea?
Thanks
01-14-2019 09:30 AM
We haven't seen any instances of the service not starting after the 6.2.3 upgrade. I would recommend opening a TAC case and uploading logs from those endpoints so one of our Techs can take a look at the details.
Thanks,
Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide