Reconnect disconnected XDR Clients remotely an easy way

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Reconnect disconnected XDR Clients remotely an easy way

Hello,

We had an issue of some computers getting disconnected status in XDR. In Lansweeper the status of  XDR was disabled. After a long discussion with local support we came out with a nice procedure that allows to reconnect those client without reinstallation.

 

Assume we have a laptop lt00666 with a XDR client installed but disconnected from XDR console.

 

Open a command line to swclt00666 using Sysinternaltools tool psexec64

Psexec64.exe \\swclt00666 cmd

 

Move to XDR client dir

cd c:\Program Files\Palo Alto Networks\Traps

 

Get XDR client info

 

c:\Program Files\Palo Alto Networks\Traps>cytool.exe enum

Process ID      Agent Version

1072            7.2.1.2718

 

Go to your XDR console and display Agent Installations

 

Miroslaw_Iwanowski_0-1618474809063.png

Make sure you have package ID enabled in default view

Miroslaw_Iwanowski_1-1618474819314.png

 

Copy ID for XDR version of the disconnected station - it will be long alphanumeric string (it is good to have it prepared for most common version you use so you do not have to look up at the console)

 

Issue a command to reconnect device to our XDR server (this is one line)

c:\Program Files\Palo Alto Networks\Traps>cytool reconnect force 1d7b234343434343444cc

 

There will be no prompt displayed and you have to enter (paste) uninstallation password. After you enter it and press enter the device will display:

 

Enter supervisor password:

 

c:\Program Files\Palo Alto Networks\Traps>

 

The laptop should already be visible in console. Upgrade to latest version and it is finished.

 

Procedure works very nice for us and I hope that it will save some time for the community also.

2 REPLIES 2

L4 Transporter

@Miroslaw_Iwanowski wrote:

Hello,

We had an issue of some computers getting disconnected status in XDR. In Lansweeper the status of  XDR was disabled. After a long discussion with local support we came out with a nice procedure that allows to reconnect those client without reinstallation.

 

Assume we have a laptop lt00666 with a XDR client installed but disconnected from XDR console.

 

Open a command line to swclt00666 using Sysinternaltools tool psexec64

Psexec64.exe \\swclt00666 cmd

 

Move to XDR client dir

cd c:\Program Files\Palo Alto Networks\Traps

 

Get XDR client info

 

c:\Program Files\Palo Alto Networks\Traps>cytool.exe enum

Process ID      Agent Version

1072            7.2.1.2718

 

Go to your XDR console and display Agent Installations

 

Miroslaw_Iwanowski_0-1618474809063.png

Make sure you have package ID enabled in default view

Miroslaw_Iwanowski_1-1618474819314.png

 

Copy ID for XDR version of the disconnected station - it will be long alphanumeric string (it is good to have it prepared for most common version you use so you do not have to look up at the console)

 

Issue a command to reconnect device to our XDR server (this is one line)

c:\Program Files\Palo Alto Networks\Traps>cytool reconnect force [omitted]

 

There will be no prompt displayed and you have to enter (paste) uninstallation password. After you enter it and press enter the device will display:

 

Enter supervisor password:

 

c:\Program Files\Palo Alto Networks\Traps>

 

The laptop should already be visible in console. Upgrade to latest version and it is finished.

 

Procedure works very nice for us and I hope that it will save some time for the community also.


Hi @Miroslaw_Iwanowski ,

 

Thank you for posting your clever reconnection solution using psexec!

 

If I were to make a recommendation, I would omit the trailing tenant ID mentioned after the "cytool reconnect force" command as it is sensitive information unique to your XDR tenant.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner: https://live.paloaltonetworks.com/t5/cortex-xdr-customer-corner/ct-p/Cortex_XDR_Customer_Corner

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]: https://paloaltonetworks.zoom.us/webinar/register/3316669859020/WN_yMpAB-aBTt6xk2h-gsra4w
*Cortex XDR Office Hours [EMEA/APAC]: https://paloaltonetworks.zoom.us/webinar/register/4116709604301/WN_CZuFE5CHQbG9LUEqugsIOw

L0 Member
hello. what is the supervisor password? I'm admin and my password doesn't work. thanks
  • 12106 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!