Troubleshoot event ID 771 "Contact by Unrecognized Client"
Event ID 771 Contact by Unrecognized Client appears on Deep Security Manager if a Deep Security Agent tries to connect to the manager, but the computer's name doesn't exist in the list of protected computers on Computers.
Common causes include:
- Cloned VMs or cloud instances if you haven't enabled Reactivate cloned Agents.
- Computers deleted from Computers before deactivating Deep Security Agent, if you haven't enabled Reactivate unknown Agents. The agent software continues to try to periodically connect to its manager, causing the event each time until either it is uninstalled, or you reactivate the computer.
- Interrupted sync of a connector such as vCenter, AWS, or Azure. For example, if a VMware ESXi host is not shut down gracefully due to a power failure, then the VM's information may not be correctly synchronized.
Solutions vary by the cause.
Uninstall Deep Security Agent
If you don't want to protect the unrecognized computer, you can prevent these events by deactivating or uninstalling the Deep Security Agent software. See Uninstall Deep Security.
Reactivate the computer or clone
If you want to protect the computer, activate it with Deep Security Manager. Re-activation re-establishes the agent's certificate so that the manager can authenticate it with the list on Computers, and recognize the computer. See Agent-initiated activation.
Fix interrupted VMware connector synchronization
- On Deep Security Manager, go to Computers.
- Remove the vCenter connector.
On VMware vSphere, reset the Deep Security Virtual Appliance (DSVA).
This will clear the information in:
- Add the vCenter into the Deep Security Manager again.
- Re-activate the VMs.