06-29-2026 07:18 AM
Starting later in the day on June 24, we started seeing endpoints show 'No connection to server' when opening the Cortex console on the endpoint. Endpoint tasks like collect firewall logs, pause protection and live terminal all fail.
Some systems shows that they ARE connected to our tenant but trying to live terminal into them fails.
06-29-2026 11:15 AM - edited 06-29-2026 11:17 AM
Hello @G.Stefanov ,
Greetings for the day.
The issue you are describing, where endpoints show as "Connected" in the management console but "No connection to server" on the local agent UI while interactive tasks (Live Terminal, log collection, pausing protection) fail, typically stems from a breakdown in the secure WebSocket (WSS) communication channel or an internal agent Inter-Process Communication (IPC) failure.
Run the following commands from an elevated Command Prompt to isolate the failure point:
cytool runtime query
cytool connectivity_testcytool websocket queryConnected: true
Ensure that all regional Cortex XDR URLs, including wss:// (WebSocket) connections, are excluded from SSL/TLS decryption and Deep Packet Inspection (DPI) on your network security devices.
If network connectivity is confirmed but the agent remains out of sync, force a reconnection using the tenant's Distribution ID: cytool reconnect force [DISTRIBUTION_ID]
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution"
Thanks & Regards,
S. Subashkar Sekar
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
