Shared Guid Diagnostics Guide NS 6 (aka Duplicate Guid Kit)

Article:HOWTO8090  |  Created: 2005-11-10  |  Updated: 2014-01-06  |  Article URL http://www.symantec.com/docs/HOWTO8090
Article Type
How To



This article applies to Altiris 6. For a current Altiris 7.1 best practice see:
   Shared GUID cleanup script
  
http://www.symantec.com/docs/TECH212345

Question

 

What is a shared agent guid, and how can I correct the problem?

Answer
 

Definition

A Shared Altiris Agent Guid is a configuration problem that causes mismatched inventory data, and prevents accurate management and event-message storage of managed computers by the Altiris Notification Server.  The Altiris Agent Guid is the primary mechanism by which the Altiris Notification Server uniquely identifies each resource record in the NS database.  In this situation, we are concerned with computer resource records.  There are several potential causes of shared guids.  They all originate from circumvention of the normal agent deployment process, or external changes to the agent's configuration.  The end result is that two or more managed computers each claim to be the sole owner of the Agent Guid (which is supposed to be globally unique). 

Known causes

OS Imaging:  By default, the Notification Server will generate a new Guid upon the first request from a brand new Altiris Agent.  The Altiris Agent then stores its assigned Guid in the registry for Windows, and on the file-system for the Linux, Unix and Macintosh platforms.  Shared Guids can be caused by imaging a workstation that already has an Altiris Agent installed.  Each restored copy of the workstation will have the same assigned Guid.  This issue exists in all imaging solutions, with the exception of Deployment Server (DS) version 6.5 or better.  The best solution is to schedule the Altiris Agent to install immediately after restoring an image  (This can be done as a DS job).  An alternate solution is to always remember to delete the guid from the workstation prior to imaging (error prone).

Software Packaging: This cause is less likely to occur, but simple software repackaging tools will include the Altiris Agent's registry or file location of the guid as part of the software package.  Activity by the Altiris Agent can fool the packaging tool into thinking that the Guid belongs to the package.  Deploying the bad software package overwrites the good guid with the one from the capture station.  To avoid this problem, don't install the Altiris Agent on the workstation used for snapshoting the original software installation job. 

 

Resolution

The purpose of this document is to demonstrate how to use the Notification Server’s shared GUID diagnostics kit to successfully identify and remove computers within the Notification Server database. The attached MS Word document contains screenshots for additional clarity (it is now considered out-of-date, and is merely provided for historical reference).

Note: For a SMP 7.0 version, see TECH142625 "Shared GUID toolkit for NS 7.0"

Installation
 

You can install the diagnostics kit by following the steps below. This utility contains several collections, a report, a package to remove the shared guids, and platform specific tasks. These items are all created in a Shared Guid Diagnostics v6.04 folder that is created by the import.
 

Note: Altiris NS Agent version 1508 or later is required for this to work.

  1. Download the xml file attached to this article and save it to a location on  the Notification Server
  2. Find a location to install this utility. For this example we will create a folder called “Diagnostics” within the Tasks folder.
  3. Highlight the folder that you created. Right-click and choose Import.
  4. You will be prompted to choose the file to import. Choose the Shared Guid Diagnostics v6.07.xml file.
  5. Once the file has been imported into the Notification Server database, you should see the following structure:
     
  6. Enable each applicable Reset Guid Task.  It's only neccessary to enable the task for platforms that exist in your environment.


Possible Duplicate Guids
 

  • These collections will query the Notification Server database for all computers that have reported a change in their GUID in the past seven days. Computers in this collection are used by the associated task to reset the Guid on the client computers.

    Note: After fixing shared GUIDs in the database, there is a possibility that some computers will still show up here. This collection is checking to see if the computer record has been changed in the last seven days, not if it has been fixed. To retrieve an accurate report, use the GUIDs Shared between 2 or more computers report or view the Machines that have run the Reset Guid Task collection.
     

Machines that have run the Reset Guid Task.

  • This collection will display any computers that have run a reset guid task, giving you a report of the machines that have completed the fix.  Keep in mind that this report can not be 100% accurate due to the problem that is being addressed by the reset guid tasks.

GUIDs Shared between 2 or more computers.

  • Analyzes computers that have been sharing the same GUID, this is recognized when frequent name changes are occuring on a specific NS computer record. Once the duplicate GUID has been cleaned up, you will see the results in this report.  This report doesn't distinguish by platform, and will also include un-managed computer records.  By design, collections can not include unmanaged computers. 

Reset Guid Tasks

  • These packages are responsible for running the appropriate task on the computers that are sharing the guid.  On the Windows platform, it will use a built-in utility to strip out the Altiris Agent's guid from the registry.  There are multiple places that the guid can be stored, depending upon if the DS Aclient is also present, and or older versions of the Altiris Agent have ever been used.
    •  For the Windows platform, the following command is used:  AeXAgentUtil.exe /resetguid For Unix, Linux, and Macintosh computers, the file containing the guid is deleted, and the Altiris Agent is restarted as a background process.  The agent restart is neccessary to flush the GUID from memory.
    •  
  • A new Guid is created by the Notification Server after the Altiris Agent sends the computer name and domain to the Notification Server. For each shared guid, one of the computers will retain ownership of the computer resource record, the remaining computers will be assigned new guids (and thus new NS computer resource records).
     

Permissions

By default, when this package in imported, the owner of the folder and items will be null. The administrative role will have access to this utility, but if permissions are to be set, you should set the ownership by doing the following:

  1. Right-click on the main folder
  2. Choose Properties
  3. Choose the Security Tab
  4. Choose the Take Ownership button.


Uninstall

To completely remove the Duplicate Diagnostic utility from your system, you should follow the steps below. Delete the following objects through the NS console (right-click > Delete).
1. Reset Guid tasks (3).
2. Possible Shared Guid collections (3)
3. Machines that have run the Reset Guid task collection
4. Guids shared between 2 or more computers report
5. The Reset Guid Agent Package.  (You must first delete each "program" by clicking the delete button on the Programs tab of the package).

 


Version Notes

  • 6.04 -> 6.05:  Updated the accuracy of the report to avoid false positives to match the upgraded collections.  Now both the report and the collections must have at least 3 name/domain changes in 7 days before being considering suspect.  This facilities the standard practice of changing the computer name and attaching to a domain.

    Corrected the software advertisement guids used in the "Computers that have run the Reset Guid task".  
  • 6.07:  Verified functionality against case sensitive database instances and updated case sensitive syntax where required.

 






Troubleshooting

 


Problem: After running this tool, computers have been removed from my static collections

Answer:
The attached report "Computers with Duplicate GUIDs and their old collection memberships.xml" can be used to help identify what collections were affected. Altiris Administrators will have to add the computers back to the collections they were removed from. Thank you to Altiris customer Vince Fanelli for creating this report.
 


Problem:
My collection is not updating with any computers, and I know there are shared GUIDs in the database.

Answer:
By default, the Collection will update on the automatic schedule for collections. You can change the time the update will happen by changing the “Automatic Collection Updating”.
 


Problem:
My collection still shows a list of computers after the scheduled task has had time to run. Why are there still computers in the Possible Duplicate GUIDs collection?

Answer:
This collection will report a list of computers that have changed their GUIDs in the last month. If the task has run successfully on these computers, then these computers should not update the GUID again. You will have to wait for a month before the computers will be removed from this collection. To accurately determine if there are any remaining computers that are reporting a duplicate, the report GUIDs shared between 2 or more computers should be used.
 


Problem:
I have run the Reset Guid task for all computers. Now the GUIDs shared between 2 or more computers report is showing a number of computers if the Number of days to report on is set to a high number like 100. Are there still sahred GUIDs in the database?

Answer:
  No. This report will check the database for computers that have shared this GUID at some point in time (default setting is seven days). You will need to watch the results of this report to ensure there no new activity. You will see machines show up in this report if they report back to the Notification server with a GUID used by another computer. The computer will then take over the GUID and the next time the other computer checks in, it will repeat the process.




Legacy ID



3848


Article URL http://www.symantec.com/docs/HOWTO8090


Terms of use for this information are found in Legal Notices