A GUID is shared when two or more Symantec Management Platform (SMP) agents are using the GUID at the same time. This can cause some fairly odd behavior, see:
  What are the effects of having duplicate GUID's?
  http://www.symantec.com/docs/TECH133462

Background

In order for the SMP Server (Server) to properly manage each SMP Agent (Agent), the Server must be able to unique identify each Agent. This is done by the Server giving each Agent a GUID (Global Unique Identifier), and the Agent using that GUID in all subsequent communication with the Server.

When the Agent is installed it does not have an GUID until the Agent requests and receives a GUID from the Server.

When the Agent requests a GUID, the Agent supplies several identifying key values, including the computer’s "name.domain" value. Then the Server checks whether a GUID has been associated with the values supplied by the Agent, if so, then the Server returns that pre-existing GUID to the Agent, otherwise the Server creates a new GUID, associates the new GUID with the key values supplied by the Agent and returns the new GUID to the Agent.

Note: in order for the SMP system to work properly,

• each Agent must have one and only one name.domain value, and
• each name.domain value can be associated with one and only one Agent

Note: Unix, Linux and Macintosh agents are handled in a similar but slightly different manner.

Preventing Shared GUIDs

To ensure that each SMP agent receives a unique GUID, we suggest the following:

• Run an AD import periodically on your NS, and deploy Symantec Management agents only to computers which the NS learned about first via the AD import. In this way, only new GUID's are created during AD import and given to managed computers when requested.
   
• When setting up a managed computer, first change the computer's name and joined the computer to the domain; and then install the SMP Agent. Then when the computer requests it’s GUID, it will send the correct "name.domain" value to the SMP Server, and thus get a unique GUID.

Detecting Shared GUIDs

To check for shared GUIDs, run the attached SQL query, and review the results.

This query looks back over the last 7 days and identifies any GUID's whose "name.domain" value is set (i.e. added or modified) more than once.  The query shows for each identified GUID, the associated name.domain values, how often the value was set, and the first and last time the values was set (during the time period). (in a user-friendly format).

Limitations on of this query:

This query will not detect issues with computers that have not checked in with the SMP Server in the last 7 days. Under normal conditions, we expect that managed computers to check in at least once every business day, and probably more often.

This query will report when a GUID's "name.domain" value changes, including when a computer’s name legitimately changes, such as when it joins the domain. In these cases, the query will typically show that the name was changed one time.

To confirm whether two or more computers are using the same (shared) GUID, connect those computers and check the SMP agent's GUID. This can be done using the SMP Agent UI, or using the Remote Altiris Agent Diagnostic (RAAD) tool, see:
   Remote Altiris Agent Diagnostics (RAAD) 2.0,
   http://www.symantec.com/docs/HOWTO21449

Query results details:

While the query will only show recent changes (within the last 7 days, by default), the Date Range field can show whether the changes occurred all at one time, over multiple days, and whether the issue is still recurring.

Correcting Shared GUIDs

To address multiple managed computers with a shared GUID, do the following:

1. Delete the computer resource in the Symantec Management Console (SMC)
   • One way to do this is to locate the computer resource on a report or filter then right-click on the resource and select Delete,
      
   • Deleting the computer resource will delete the inventory data related to that computer resource. In this case this fine because the inventory is a mish-mash of data from several computers
      
2. Reset the GUID on each computer with a shared GUID
   • You can reset GUID's with the more general-purpose Remote Altiris Agent Diagnostics (RAAD) tool: 
     Remote Altiris Agent Diagnostics (RAAD) 2.0, http://www.symantec.com/docs/HOWTO21449
      
   • Resetting the GUID on a computer which doesn’t need to have its GUID reset will not cause an issue (under normal conditions).

Final comments

This query looks back over the past 7 days. Thus, if you run the query on Monday and correct a number of shared GUIDs, and the run this query again on Tuesday then most of the agents which you correct on Monday will still be listed.  So a best practice is to run the query once a week.