Cortex XDR - Clients can't reconnect to Tenant after long time offline

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR - Clients can't reconnect to Tenant after long time offline

L1 Bithead

We have several Client PCs, Laptops as spare and Client PCs / Laptops on construction sites without internet access  that have Cortex XDR installed.

They can only get online in uneven intervals, sometimes several months so they get removed from the tenent.


I have the older client installer packages still active in the tenant even if they are outdated.


When they have internet access they still cant reconnect and update to the newest cortex xdr version. 

That's very annoying and time consuming to fix that.


Before cortex we had trend micro office scan - it was no big deal at all , did't matter how long a client was offline , as soon as it was back online it updated without any issues.


I have no idea how we could solve this issue. 

Maybe someone can help me and has a suggestions what to do.



1 accepted solution

L5 Sessionator

Hi @MarioStockinger , you can adjust the Agent settings to ensure the license is not revoked. In your case, the Agent Deletion (days) entry should be a high value within your organization's acceptable standard for a host to remain offline and yet retain the license. Once the license is revoked, the agents won't be able to reconnect to the tenant and automatically update to the supported versions (if the Agent Settings profiles are applied to allow automatic upgrades). 




L1 Bithead

We have set 30/180 days , so the second value is responsible that the client will loose the licence and can't reconnect ?

Did i understand that correctly ?

Is it Possible to pin a licence to a client so it will never loose the licence ?

The 30/180 is default. You're right, you'll need to adjust the '180' (Agent Deletion) to a higher value to ensure the licenses are not revoked. Please take a look at the license revocation process here.

No, it is not possible to pin a license to a host/client as per the current license process. You can use the cytool reconnect command from the endpoint to resume connectivity. 

The PSexec command does not return results and leaves the [Process ID and Agent Version] blank.  I asusme that is an environment issue on our end?  Either way, this is a good command to run, but how can we locate these clients that have "Lost Connection" or "Agent Deletion" criteria was met?  Meaning, How can we find the lost clients using PAN tools?  I know that there are Vuln apps or Inventory apps that we can possibly utilize, but this is a manual process and clients can be missed and this is not very easy to perform as a task. 

  • 1 accepted solution
  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!