Event ID 771 Contact by Unrecognized Client appears on Deep Security Manager if a Deep Security Agent tries to connect to the
manager, but the computer's name doesn't exist in the list of protected computers
on Computers.
-
Computer's name doesn't exist in the list of protected computers on Computers
-
Secure connection could not be established (and therefore the computer's name couldn't be verified)
Common causes include:
-
Cloned VMs or cloud instances if you haven't enabled Reactivate cloned Agents.
-
Computers deleted from Computers before deactivating Deep Security Agent, if you haven't enabled Reactivate unknown Agents. The agent software continues to try to periodically connect to its manager, causing the event each time until either it is uninstalled, or you reactivate the computer.
-
Interrupted sync of a connector such as vCenter, AWS, or Azure. For example, if a VMware ESXi host is not shut down gracefully due to a power failure, then the VM's information may not be correctly synchronized.
Solutions vary by the cause.
Uninstall Deep Security Agent
If you don't want to protect the unrecognized computer, you can prevent these events
by deactivating or uninstalling the Deep Security Agent software. See Uninstall Deep Security.
Reactivate the computer or clone
If you want to protect the computer, activate it with Deep Security Manager. Re-activation
re-establishes the agent's certificate so that the manager can authenticate it with
the list on Computers, and recognize the computer. See Agent-Initiated Activation.
Fix interrupted VMware connector synchronization
-
On Deep Security Manager, go to Computers.
-
Remove the vCenter connector.
-
On VMware vSphere, reset the Deep Security Virtual Appliance (DSVA).This will clear the information in:
/var/opt/ds_agent/guests
-
Add the vCenter into the Deep Security Manager again.
-
Re-activate the VMs.