Machine will not stay enrolled

I have an issue where new machines that I have added to our organization will not stay enrolled with the Endpoint Manager Communication client. I install the client, it shows that it has the latest version and is enrolled, it is in the correct group in the Xcitium platform, and it has the current Security client installed. However, as soon as I reboot the machine, it unenrolls and is suddenly missing from the Xcitium platform. I have tried manually entering in the Host, Port, and Token number and I have tried recreating the enrollment settings ini file located in C:\Program Files (x86)\COMODO\Endpoint Manager

However, after a reboot the file is deleted and the machine is no longer enrolled. I’m not really sure what is happening because I follow the same steps each time I add a machine to our organization and it started happening a few weeks ago.

hi @dyoung20

Apologies for the inconvenience caused. Request you to try Restart ITSM agent once and check the portal whether the enrolled device is reflecting or not.

Also we would like to know how many devices affected, and what is OS running with, also share us the XCS & XCC client version installed on the device. If the client is not showed up in the system tray, then it may be an issue with installation, please try to restart the device and check one more time, if the issue still persist, then you can uninstall the XCS alone and then reinstall it and check the status.

If the device is listed in the portal, EM - Device - Device List, then you can uninstall the Security Client from the portal using the Install or Manage package menu - Uninstall additional package option.

Please find the help article for your reference

Remotely Install and Manage Packages on Windows Devices

If the issue is persisting even after trying the above troubleshooting steps then our team requires CIS Report logs to investigate further regarding the issue ,

If you run the cisreporttool locally on the endpoint, an output file will be stored in the location where you run the tool from.
Please share the cisreporttool logs to our support email address so we can further investigate, typically you can quickly share it via OneDrive. Just be sure to remove any permissions on the shared link.

thank you

That’s funny because I just had what seems like maybe a similar issue but I think it’s because I had virtual machine software rewrite the sector. I guess most people that use Xcitium probably don’t have (or have disabled) virtualization software and don’t have another antivirus/malware/endpoint protection running at the same time.

All the machines that are affected by this are Virtual Machines. We work in a Citrix Environment but its 6 or so machines that this has happened on. However, it seems to happen on almost all new machines that we spool up.

I have restarted the ITSM service and that had no effect. This happened on both the latest stable and latest versions of XCS & XCC. I recently opened up a ticket about this and the support team has already run the Cisreport tool on the machines. However, they were not able to retrieve the log files that were generated. I had to send them back to xcitium support through a File transfer. The files totalled about 3.5 Gbs and couldn’t be sent via email or through the Xcitium ticket portal. They have escalated the ticket and I am waiting to get their response.

I made this post to see if this is a common issue and if anybody had experienced it before.

Hi @dyoung20

Apologies for the inconvenience caused, please do share the ticket number so that I can as well follow up with team to take this investigation further. Regarding logs you can upload in your on drive and share us access to the logs in support ticket which our team will use for investigation