Why am I getting "Unrecognized Client" events?

The Unrecognized Client event message appears when the Deep Security Manager is contacted by a Deep Security Agent that it doesn't recognize.

The most common reason is that an instance has been manually deleted from the Computers page in Deep Security Manager before deactivating the agent on that instance.

The Deep Security Agent on the instance will continue to try to connect to the Deep Security Manager periodically, generating the Contact by Unrecognized Client event message.

In order to bring the deleted computer back into the list of computers in Deep Security Manager, you need to do the following:

  1. Go to Administration > System Settings > Agents > Agent-Initiated Activation and select Reactivate unknown Agents. With this setting enabled, previously activated computers (computers, VMware virtual machines, AWS instances, or Azure VMs) that have been removed from their cloud environment and deleted from the Deep Security Manager can be reactivated if they are added back to the inventory of computers. Deep Security Manager will recognize a valid certificate on the computer and allow it to be reactivated. No policies or rules that may have been in place on the original computer will be assigned to the new one. It will be handled just like a newly-activated computer.
  2. If you no longer want to protect this computer, use the Computer > Actions menu to deactivate the agent.
After the agent has been deactivated, then you can manually delete the computer from the Computers list in the Deep Security Manager.