Navigating Sophos Central: A Guide to Known Issues and Workarounds

Sophos Central provides a unified platform for managing various security solutions. However, like any complex system, it experiences occasional glitches. This article compiles a list of known issues within Sophos Central, along with detailed descriptions and temporary workarounds, helping you stay informed and minimize disruptions. This article particularly focuses on the issues within the Central Platform (last updated June 10, 2024).

Central - Platform Issues

Let's dive into the specific issues affecting the Central Platform, their impact, and available solutions.

1. Central/Enterprise/Partner Dashboards: Remote Assistance Timeframe Display (CPLAT-56563)

Affected Versions: CPG 2024.21
Issue: The "Remote Assistance" timeframe drop-down always defaults to '7 days,' regardless of the previously selected duration.
Description: When you revisit the setting to view or update the Remote Access timeframe, the drop-down menu incorrectly displays ‘7 days.’ However, the actual expiration date for Remote Access remains correct based on the previous selection.
Workaround: Note the expiration date shown below the drop-down. Refer to the audit log entry when Remote Access was enabled to confirm the initially chosen timeframe.

2. Partner Dashboard: Flex License Customer Creation (CPLAT-55319)

Affected Versions: CPG 2024.15
Fix Version: CPG 2024.24
Issue: Partner Super Administrators cannot select Aruba, Bonaire, or Curacao from the country drop-down when creating a new MSP Flex licensed customer.
Description: When creating a new Flex license customer in the Partner Dashboard, the countries Aruba, Bonaire, and Curacao are missing from the country selection list.
Workaround: Select a different country temporarily, then contact the Sophos Partner/Customer Care team to correct it.

3. Enterprise and Central Dashboards: Inaccurate License Usage Display (CPLAT-52441)

Fix Version: CPG 2024.24
Issue: License usage displayed on the License page may be inaccurate after upgrading or downgrading the same license type.
Description: For Term or Master Licensed customers, upgrading or downgrading a license on the Central License page can lead to incorrect usage displays between the old and new licenses. This can include uneven distribution of usage (overage on one, underutilization on another) or duplicated usage. Flex licenses are not affected.
Workaround: Ignore the license usage discrepancy between the old and new licenses. The original license will be automatically removed from the License page 30 days after expiration.

Affected Versions: CPG 2024.21
Issue: The error "Incorrect pattern for [PIN]" appears when using TOTP MFA with Chrome Password Manager.
Description: When using Chrome Password Manager, users may encounter an "Incorrect pattern for [PIN]" error after entering the TOTP MFA code.
Workaround: Manually click the ‘continue’ button on the page after entering the TOTP code instead of pressing the ‘enter’ key.

5. Central Dashboard: Scheduled Reports Section Not Loading (CPUI-10876)

Affected Versions: CPG 2024.21
Issue: The list of scheduled reports may fail to load if the "Reports" page link is selected from within another product page.
Description: Navigating to the "Reports" page from within a Sophos product section (e.g., Central Email, Central Endpoint) may prevent the scheduled reports section from loading initially.
Workaround: Refreshing the webpage will load the scheduled reports section.

6. Partner Dashboard - PSA Ticketing Integration: Duplicate Tickets (CPLAT-55906)

Issue: Duplicate tickets may be created for the same endpoint detection event in the Partner Dashboard PSA ticketing integration.
Description: Partners using PSA ticketing may observe duplicate tickets and alerts for the same endpoint detection event. This often occurs when multiple detections originate from different locations within an archive file.
Workaround: Coordinate ticket handling depending on the organization's remediation strategy. If the archive file is to be removed, resolving one ticket is sufficient. If the archive must remain, then each detection path needs individual resolution.

7. Partner Dashboard > Create New Customer or Trial Form: Country/State Drop-Down Issue (CPLAT-55773)

Affected Versions: CPG 2024.18
Issue: Selecting the 'Country' using only the keyboard might result in the display of States/Provinces from other countries in the 'State/Province' drop-down.
Description: When creating a new customer or trial, using keyboard navigation to select the country may cause the 'State/Province' drop-down to display options from multiple countries.
Workaround: Use the mouse to select the country from the drop-down menu.

8. Enterprise Dashboard: Custom Dashboards Reflected in All Subestates (CPLAT-55393)

Affected Versions: CPG 2024.15
Issue: Custom dashboards created, edited, or deleted by an Enterprise Administrator are reflected across all subestates.
*Description: This is expected behavior. Changes to custom dashboards made by an Enterprise Administrator in one subestate propagate to all other subestates within the Enterprise environment.
Workaround: Local administrators can create custom dashboards specific to a single Central account if needed.

9. Central Dashboard: Custom Firewall Reports and Recipient Limitations (CSA-11622)

Affected Versions: CPG 2022.18
Issue: Custom firewall reports can only be sent to local Central Administrators, not Partner or Enterprise administrators.
Description: Partner or Enterprise Administrators cannot be added as recipients for custom firewall reports. Adding them will result in UUIDs being displayed and the reports will not be delivered.
Workaround: Currently, there is no workaround. Only local administrators can receive firewall reports at the Central Dashboard level.

10. Central Dashboard Audit Log: "Anonymous Failed Authentication" Entries (CPLAT-39841)

Affected Versions: CPG 2022.09
Issue: "anonymous failed authentication" entries in the Central Dashboard Audit log are due to expected API Service Principal JWT renewal errors.
Description: These entries occur during normal operation when using API credentials (Service Principals), such as SIEM scripts or ADsync utilities. They are related to JWT token refresh errors.
Workaround: These entries can be ignored as they are part of the expected logging behavior. Refer to Sophos Knowledge Base Article KB-000043845 for more details.

11. Entra AD Directory Sync: Guest User Mailbox Creation (CPERF-8317)

Issue: It is not possible to sync AD users with the userType attribute 'Guest', and also prevent those users from having an associated Central Email mailbox.
Description: If a customer has a Central Email license, any Entra Directory Sync user object that has an email address will have a mailbox created. Prevent Guest userType from having a Central Email mailbox if they are sync’d into Central and are licensed for Central Email.
Workaround: To prevent a Guest userType from creating a mailbox, configure your Sophos Central Entra Directory services sync to filter out/exclude syncing Guest users. See "Filter users and groups - Sophos Central Admin".

12. Enterprise Dashboard: License Allocation Update Delay (CPLAT-53760)

Affected Versions: CPG 2024.06
Issue: Updating license allocation for a subestate may take several minutes to apply.
Description: When updating license allocation, the spinning wheel may appear for up to 5 minutes.
Workaround: This is expected behavior. If an error occurs, contact Technical Support.

13. Partner Dashboard: Incorrect Cloud Optix Trial Icon (CPLAT-41524)

Affected Versions: CPG 2022.21
Issue: A Cloud Optix trial icon may incorrectly appear next to some customers on the Sophos Customers page.
Description: The Partner Dashboard’s “Sophos Customers” page could erroneously display an empty Optix trial icon even for customers who do not have an Optix trial enabled.
Workaround: Ignore the icon.

14. Central Dashboard: Blank Partner Contact Information (CPLAT-52264)

Issue: Partner contact information (Phone/Website) on the Partner Information page within the Central Dashboard may be blank.
Description: Partner contact details are missing.
Workaround: Find partner contact information at the Sophos Partner Directory.

15. Central Dashboard: Reset MFA Option Unavailable (CPLAT-51642)

Affected Versions: CPG 2023.37
Issue: The "Reset MFA" option is unavailable if the account hasn't set up MFA.
Description: This is expected behavior. The user will be prompted to set up MFA upon their next login.
Workaround: N/A - The user will be prompted to set up MFA upon next login.

16. Central Dashboard Audit Logs: Repeated "Access Denied" Entries (CPLAT-48961)

Issue: Repeated "Access Denied" entries for 'alerts:read' and 'endpoint-state:read' in Central Dashboard Audit Logs.
Description: These entries are generated by the Partner's RMM applications using Sophos plugins. The Sophos Plugin polls all of the Partner's Customers, including those not managed by the Partner or currently on Trial/Evaluation licenses. This generate an "Access Denied" entry.
Workaround: If entries occur every 20-30 mins, this is expected behavior If they occur every 6 minutes, an older version of the RMM plugin software is likely being used. The polling will be reduced to average of once every 20 minutes when the Partner updatse this plugin. Contact Sophos Technical Support for questions or concerns, referencing this Known Issue entry.

17. Unreliable SMS Security Codes for MFA (CPLAT-48387)

Issue: Unreliable reception of SMS security codes for Sophos multi-factor authentication in some regions.
Description: Regulatory authorities in certain countries have specific SMS requirements, which may result in some customers not receiving SMS or receiving them as potential spam when signing in.
Affected Countries: Belarus, Egypt, Jordan, Kuwait, Philippines, Qatar, Russia, Saudi Arabia, Sri Lanka, Thailand, Turkey, United Arab Emirates (UAE), Vietnam.
Workaround: Use the Multi-factor Authentication's authenticator app or the email and pin method to complete the sign-in process.

18. Partner Dashboard: Incorrect Trial Icon for Flex Customer (CPLAT-51673)

Affected Versions: CPG 2023.37
Issue: A Flex customer shows a trial icon in the 'Central Firewall Reporting Advanced' column after the license is removed.
Description: After removing a 'Central Firewall Reporting Advanced' license for a flex customer, a trial icon incorrectly appears in the Partner Dashboard.
Workaround: Ignore the icon.

19. Missing API Credential (CPLAT-51647)

Issue: My Sophos API related integration stopped working and/or I cannot find the API credential used.
Description: If the API credential previously used is no longer present within Settings > API Credentials Management; and there is nothing in the Audit log showing it was removed, then the credential has

Staying Informed

This list provides a snapshot of current known issues and workarounds. Sophos regularly updates its knowledge base with new information. Regularly checking the Sophos support pages and community forums will help you stay ahead of potential problems and optimize your Sophos Central experience.

Navigating Sophos Central: A Guide to Known Issues and Workarounds

Central - Platform Issues

Let's dive into the specific issues affecting the Central Platform, their impact, and available solutions.

1. Central/Enterprise/Partner Dashboards: Remote Assistance Timeframe Display (CPLAT-56563)

Affected Versions: CPG 2024.21
Issue: The "Remote Assistance" timeframe drop-down always defaults to '7 days,' regardless of the previously selected duration.
Description: When you revisit the setting to view or update the Remote Access timeframe, the drop-down menu incorrectly displays ‘7 days.’ However, the actual expiration date for Remote Access remains correct based on the previous selection.
Workaround: Note the expiration date shown below the drop-down. Refer to the audit log entry when Remote Access was enabled to confirm the initially chosen timeframe.

2. Partner Dashboard: Flex License Customer Creation (CPLAT-55319)

Affected Versions: CPG 2024.15
Fix Version: CPG 2024.24
Issue: Partner Super Administrators cannot select Aruba, Bonaire, or Curacao from the country drop-down when creating a new MSP Flex licensed customer.
Description: When creating a new Flex license customer in the Partner Dashboard, the countries Aruba, Bonaire, and Curacao are missing from the country selection list.
Workaround: Select a different country temporarily, then contact the Sophos Partner/Customer Care team to correct it.

3. Enterprise and Central Dashboards: Inaccurate License Usage Display (CPLAT-52441)

Fix Version: CPG 2024.24
Issue: License usage displayed on the License page may be inaccurate after upgrading or downgrading the same license type.
Description: For Term or Master Licensed customers, upgrading or downgrading a license on the Central License page can lead to incorrect usage displays between the old and new licenses. This can include uneven distribution of usage (overage on one, underutilization on another) or duplicated usage. Flex licenses are not affected.
Workaround: Ignore the license usage discrepancy between the old and new licenses. The original license will be automatically removed from the License page 30 days after expiration.

Affected Versions: CPG 2024.21
Issue: The error "Incorrect pattern for [PIN]" appears when using TOTP MFA with Chrome Password Manager.
Description: When using Chrome Password Manager, users may encounter an "Incorrect pattern for [PIN]" error after entering the TOTP MFA code.
Workaround: Manually click the ‘continue’ button on the page after entering the TOTP code instead of pressing the ‘enter’ key.

5. Central Dashboard: Scheduled Reports Section Not Loading (CPUI-10876)

Affected Versions: CPG 2024.21
Issue: The list of scheduled reports may fail to load if the "Reports" page link is selected from within another product page.
Description: Navigating to the "Reports" page from within a Sophos product section (e.g., Central Email, Central Endpoint) may prevent the scheduled reports section from loading initially.
Workaround: Refreshing the webpage will load the scheduled reports section.

6. Partner Dashboard - PSA Ticketing Integration: Duplicate Tickets (CPLAT-55906)

Issue: Duplicate tickets may be created for the same endpoint detection event in the Partner Dashboard PSA ticketing integration.
Description: Partners using PSA ticketing may observe duplicate tickets and alerts for the same endpoint detection event. This often occurs when multiple detections originate from different locations within an archive file.
Workaround: Coordinate ticket handling depending on the organization's remediation strategy. If the archive file is to be removed, resolving one ticket is sufficient. If the archive must remain, then each detection path needs individual resolution.

7. Partner Dashboard > Create New Customer or Trial Form: Country/State Drop-Down Issue (CPLAT-55773)

Affected Versions: CPG 2024.18
Issue: Selecting the 'Country' using only the keyboard might result in the display of States/Provinces from other countries in the 'State/Province' drop-down.
Description: When creating a new customer or trial, using keyboard navigation to select the country may cause the 'State/Province' drop-down to display options from multiple countries.
Workaround: Use the mouse to select the country from the drop-down menu.

8. Enterprise Dashboard: Custom Dashboards Reflected in All Subestates (CPLAT-55393)

Affected Versions: CPG 2024.15
Issue: Custom dashboards created, edited, or deleted by an Enterprise Administrator are reflected across all subestates.
*Description: This is expected behavior. Changes to custom dashboards made by an Enterprise Administrator in one subestate propagate to all other subestates within the Enterprise environment.
Workaround: Local administrators can create custom dashboards specific to a single Central account if needed.

9. Central Dashboard: Custom Firewall Reports and Recipient Limitations (CSA-11622)

Affected Versions: CPG 2022.18
Issue: Custom firewall reports can only be sent to local Central Administrators, not Partner or Enterprise administrators.
Description: Partner or Enterprise Administrators cannot be added as recipients for custom firewall reports. Adding them will result in UUIDs being displayed and the reports will not be delivered.
Workaround: Currently, there is no workaround. Only local administrators can receive firewall reports at the Central Dashboard level.

10. Central Dashboard Audit Log: "Anonymous Failed Authentication" Entries (CPLAT-39841)

Affected Versions: CPG 2022.09
Issue: "anonymous failed authentication" entries in the Central Dashboard Audit log are due to expected API Service Principal JWT renewal errors.
Description: These entries occur during normal operation when using API credentials (Service Principals), such as SIEM scripts or ADsync utilities. They are related to JWT token refresh errors.
Workaround: These entries can be ignored as they are part of the expected logging behavior. Refer to Sophos Knowledge Base Article KB-000043845 for more details.

11. Entra AD Directory Sync: Guest User Mailbox Creation (CPERF-8317)

Issue: It is not possible to sync AD users with the userType attribute 'Guest', and also prevent those users from having an associated Central Email mailbox.
Description: If a customer has a Central Email license, any Entra Directory Sync user object that has an email address will have a mailbox created. Prevent Guest userType from having a Central Email mailbox if they are sync’d into Central and are licensed for Central Email.
Workaround: To prevent a Guest userType from creating a mailbox, configure your Sophos Central Entra Directory services sync to filter out/exclude syncing Guest users. See "Filter users and groups - Sophos Central Admin".

12. Enterprise Dashboard: License Allocation Update Delay (CPLAT-53760)

Affected Versions: CPG 2024.06
Issue: Updating license allocation for a subestate may take several minutes to apply.
Description: When updating license allocation, the spinning wheel may appear for up to 5 minutes.
Workaround: This is expected behavior. If an error occurs, contact Technical Support.

13. Partner Dashboard: Incorrect Cloud Optix Trial Icon (CPLAT-41524)

Affected Versions: CPG 2022.21
Issue: A Cloud Optix trial icon may incorrectly appear next to some customers on the Sophos Customers page.
Description: The Partner Dashboard’s “Sophos Customers” page could erroneously display an empty Optix trial icon even for customers who do not have an Optix trial enabled.
Workaround: Ignore the icon.

14. Central Dashboard: Blank Partner Contact Information (CPLAT-52264)

Issue: Partner contact information (Phone/Website) on the Partner Information page within the Central Dashboard may be blank.
Description: Partner contact details are missing.
Workaround: Find partner contact information at the Sophos Partner Directory.

15. Central Dashboard: Reset MFA Option Unavailable (CPLAT-51642)

Affected Versions: CPG 2023.37
Issue: The "Reset MFA" option is unavailable if the account hasn't set up MFA.
Description: This is expected behavior. The user will be prompted to set up MFA upon their next login.
Workaround: N/A - The user will be prompted to set up MFA upon next login.

16. Central Dashboard Audit Logs: Repeated "Access Denied" Entries (CPLAT-48961)

Issue: Repeated "Access Denied" entries for 'alerts:read' and 'endpoint-state:read' in Central Dashboard Audit Logs.
Description: These entries are generated by the Partner's RMM applications using Sophos plugins. The Sophos Plugin polls all of the Partner's Customers, including those not managed by the Partner or currently on Trial/Evaluation licenses. This generate an "Access Denied" entry.
Workaround: If entries occur every 20-30 mins, this is expected behavior If they occur every 6 minutes, an older version of the RMM plugin software is likely being used. The polling will be reduced to average of once every 20 minutes when the Partner updatse this plugin. Contact Sophos Technical Support for questions or concerns, referencing this Known Issue entry.

17. Unreliable SMS Security Codes for MFA (CPLAT-48387)

Issue: Unreliable reception of SMS security codes for Sophos multi-factor authentication in some regions.
Description: Regulatory authorities in certain countries have specific SMS requirements, which may result in some customers not receiving SMS or receiving them as potential spam when signing in.
Affected Countries: Belarus, Egypt, Jordan, Kuwait, Philippines, Qatar, Russia, Saudi Arabia, Sri Lanka, Thailand, Turkey, United Arab Emirates (UAE), Vietnam.
Workaround: Use the Multi-factor Authentication's authenticator app or the email and pin method to complete the sign-in process.

18. Partner Dashboard: Incorrect Trial Icon for Flex Customer (CPLAT-51673)

Affected Versions: CPG 2023.37
Issue: A Flex customer shows a trial icon in the 'Central Firewall Reporting Advanced' column after the license is removed.
Description: After removing a 'Central Firewall Reporting Advanced' license for a flex customer, a trial icon incorrectly appears in the Partner Dashboard.
Workaround: Ignore the icon.

19. Missing API Credential (CPLAT-51647)

Issue: My Sophos API related integration stopped working and/or I cannot find the API credential used.
Description: If the API credential previously used is no longer present within Settings > API Credentials Management; and there is nothing in the Audit log showing it was removed, then the credential has

Navigating Sophos Central: A Guide to Known Issues and Workarounds

Central - Platform Issues

1. Central/Enterprise/Partner Dashboards: Remote Assistance Timeframe Display (CPLAT-56563)

2. Partner Dashboard: Flex License Customer Creation (CPLAT-55319)

3. Enterprise and Central Dashboards: Inaccurate License Usage Display (CPLAT-52441)

4. Central Login MFA: "Incorrect Pattern for [PIN]" Error (CPLAT-56381)

5. Central Dashboard: Scheduled Reports Section Not Loading (CPUI-10876)

6. Partner Dashboard - PSA Ticketing Integration: Duplicate Tickets (CPLAT-55906)

7. Partner Dashboard > Create New Customer or Trial Form: Country/State Drop-Down Issue (CPLAT-55773)

8. Enterprise Dashboard: Custom Dashboards Reflected in All Subestates (CPLAT-55393)

9. Central Dashboard: Custom Firewall Reports and Recipient Limitations (CSA-11622)

10. Central Dashboard Audit Log: "Anonymous Failed Authentication" Entries (CPLAT-39841)

11. Entra AD Directory Sync: Guest User Mailbox Creation (CPERF-8317)

12. Enterprise Dashboard: License Allocation Update Delay (CPLAT-53760)

13. Partner Dashboard: Incorrect Cloud Optix Trial Icon (CPLAT-41524)

14. Central Dashboard: Blank Partner Contact Information (CPLAT-52264)

15. Central Dashboard: Reset MFA Option Unavailable (CPLAT-51642)

16. Central Dashboard Audit Logs: Repeated "Access Denied" Entries (CPLAT-48961)

17. Unreliable SMS Security Codes for MFA (CPLAT-48387)

18. Partner Dashboard: Incorrect Trial Icon for Flex Customer (CPLAT-51673)

19. Missing API Credential (CPLAT-51647)

Staying Informed

Navigating Sophos Central: A Guide to Known Issues and Workarounds

Central - Platform Issues

1. Central/Enterprise/Partner Dashboards: Remote Assistance Timeframe Display (CPLAT-56563)

2. Partner Dashboard: Flex License Customer Creation (CPLAT-55319)

3. Enterprise and Central Dashboards: Inaccurate License Usage Display (CPLAT-52441)

4. Central Login MFA: "Incorrect Pattern for [PIN]" Error (CPLAT-56381)

5. Central Dashboard: Scheduled Reports Section Not Loading (CPUI-10876)

6. Partner Dashboard - PSA Ticketing Integration: Duplicate Tickets (CPLAT-55906)

7. Partner Dashboard > Create New Customer or Trial Form: Country/State Drop-Down Issue (CPLAT-55773)

8. Enterprise Dashboard: Custom Dashboards Reflected in All Subestates (CPLAT-55393)

9. Central Dashboard: Custom Firewall Reports and Recipient Limitations (CSA-11622)

10. Central Dashboard Audit Log: "Anonymous Failed Authentication" Entries (CPLAT-39841)

11. Entra AD Directory Sync: Guest User Mailbox Creation (CPERF-8317)

12. Enterprise Dashboard: License Allocation Update Delay (CPLAT-53760)

13. Partner Dashboard: Incorrect Cloud Optix Trial Icon (CPLAT-41524)

14. Central Dashboard: Blank Partner Contact Information (CPLAT-52264)

15. Central Dashboard: Reset MFA Option Unavailable (CPLAT-51642)

16. Central Dashboard Audit Logs: Repeated "Access Denied" Entries (CPLAT-48961)

17. Unreliable SMS Security Codes for MFA (CPLAT-48387)

18. Partner Dashboard: Incorrect Trial Icon for Flex Customer (CPLAT-51673)

19. Missing API Credential (CPLAT-51647)

Staying Informed

Related Posts