The procedure to use to remove a Cisco Umbrella roaming client from the dashboard depends on the scenario:
- Broken State—If the Umbrella roaming client is showing as being in a broken state, an offline state, or missing from the dashboard, re-install the Umbrella roaming client using a new download of from the Umbrella dashboard. For the Windows OS, it must be uninstalled before reinstalling. This ensures that the Umbrella roaming client doesn't accidentally lose policy or interrupt the user.
- Remove Entirely—To remove the Umbrella roaming client from a computer, uninstall the Umbrella roaming client first. When uninstalled, in the Umbrella dashboard, remove the Umbrella roaming client from the list by clicking the red X. Instructions to uninstall the Umbrella roaming client are here: https://support.umbrella.com/hc/en-us/articles/230901028-Umbrella-Roaming-Client-Uninstalling
Deleting Umbrella roaming clients from the dashboard when the software is installed locally
When an Umbrella roaming client is still installed on a local machine and operating as normal, we do not recommend that you delete it from the Umbrella dashboard until after it has been removed from workstations. If you delete the Umbrella roaming client from the dashboard when that same Umbrella roaming client attempts to sync with our API it will no longer have a policy or organization to sync with.
As a result:
- Data from the Umbrella roaming client is no longer synced with our API and logging will not occur
- The internal domain list that allows the Umbrella roaming client to determine which resources are local will stop working as expected. This may cause internal DNS to any internal domain but *.local to completely fail)
- Policy will no longer be applied and any destination lists or security blocks will no longer be applied; effectively, the Umbrella roaming client acts as a plain encrypted DNS forwarder to 18.104.22.168.
The Umbrella roaming client will never reappear in the Umbrella dashboard until the client software is re-installed locally.
To verify if a machine is in this state (note, verification would require the machine to be on an IP that is not registered to the dashboard), run the command:
nslookup -type=txt debug.opendns.com
In the results if the field "originid" is set to 0 is present, the Umbrella roaming client has been deleted from the dashboard (or is not in the dashboard in some other way). An example return from an Umbrella roaming client that has been deleted in the dashboard would be:
debug.opendns.com. 0 IN TXT "device 0101C3539CB8D7C8"
debug.opendns.com. 0 IN TXT "originid 0"