Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5088
Views
10
Helpful
8
Replies

Cisco AMP Endpoint not showing in console frequently

JoshuaWisniewski44279
Level 1
Level 1

‎10-29-2020 12:00 PM

Hey all,

 

I was wondering if I could get some assistance with an issue I'm encountering. I have a few servers setup that have the endpoint installed, but these servers frequently go missing when checking the console. Sometimes a restart helps, but I have no idea what is going on. Proper ports are open, and when they connect it works fine. It's disappearing at randoms times.

 

I'm wondering if it might have something to do with microsoft cluster services, or because these machines have two NICs installed?

 

The services on the PCs themselves are always running. I have also tried uninstalling and reinstalling the software.

 

Any help is appreciated!

3 people had this problem
0 Helpful
8 Replies 8

Jbuttle
Level 1
Level 1

‎10-30-2020 10:17 AM

When you say "missing" are the endpoints actually being removed from the list or are they showing up as not having checked in for awhile?

0 Helpful

JoshuaWisniewski44279
Level 1
Level 1
In response to Jbuttle

‎10-30-2020 10:49 AM

They are completely missing.
0 Helpful

Jbuttle
Level 1
Level 1
In response to JoshuaWisniewski44279

‎10-30-2020 01:41 PM

Cisco did just release a new connector version. Perhaps try updating that on the affected servers and see if anything improves, assuming you haven't done so. The latest is 7.3.5.20068.

It does seem odd that they would be removed from the list entirely.

0 Helpful

ITandCoffee
Level 1
Level 1

‎11-11-2021 11:53 AM

We're seeing this issue as well in our environment. Any ideas? Active endpoints with the latest connector version are disappearing from the console entirely.

Thanks.

0 Helpful

Scott Holden
Level 1
Level 1

‎11-12-2021 11:31 AM

I'm seeing this as well. A few random Windows endpoints have the latest connector (7.4.5.20701) but are missing from the console entirely. The service is running, the client shows as Connected, but isn't shown in the console. They were on 7.4.3 earlier this week, I have email alerts for these same machines when the Connector Update started and completed, and now they're gone.

ITandCoffee
Level 1
Level 1
In response to Scott Holden

‎11-15-2021 10:25 AM

Same thing I'm seeing in our environment - ever figure out a resolution by chance?

Thanks.

0 Helpful

Scott Holden
Level 1
Level 1
In response to ITandCoffee

‎01-12-2022 10:32 AM - edited ‎01-12-2022 10:38 AM

I finally got around to opening a TAC case on this. It turned out to be duplicate UUIDs on the Windows 10 endpoints. I actually had several different duplicate UUIDs, so we apparently have laptop images that were captured incorrectly (after AMP services started and registered).

 

You can pull the UUID from this file on the endpoint:

C:\Program Files\Cisco\AMP\local.xml

 

You can then search for that UUID in your AMP/CSE console and see what machine is currently registered with it. The fix is to uninstall (select the option that says no future installations will be done on this device) and reinstall on the impacted machines. And fix the image.

soup_dragon
Level 1
Level 1
In response to Scott Holden

‎01-13-2022 12:32 AM

Had a similar issue a few years ago when we started to deploy image with AMP installed on the image. Wasn't aware there was a switch when installing AMP on the image to stop it generating a GUID. That way when the image is deployed AMP installs with a new GUID each time. 

0 Helpful
Customers Also Viewed These Support Documents