How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients

Article:TECH163349  |  Created: 2011-06-27  |  Updated: 2013-05-17  |  Article URL http://www.symantec.com/docs/TECH163349
Article Type
Technical Solution


Issue



You deploy multiple Windows computers, virtual or physical, by cloning a base hard drive image that includes a Symantec Endpoint Protection (SEP) 12.1 client, and now you have duplicate client IDs in the Symantec Endpoint Protection Manager's (SEPM) database. The cloned computers are reporting as the same client to the SEPM.


Environment



Symantec Endpoint Protection 12.1.x


Cause



Duplicate Endpoint Protection client IDs occur if the base image was not prepared for cloning. For more information, read the article How to prepare a Symantec Endpoint Protection 12.1 client for cloning.


Solution



There are three high-level steps to repair duplicate Symantec Endpoint Protection client IDs.

  1. Identify the clients
  2. Repair the clients
  3. Clean up the client view in Symantec Endpoint Protection Manager
     

Step 1: Identify the clients

If you already know the IP addresses or names of the systems affected by this issue you can skip to the next section. If you have multiple SEPMs, disable any replication relationships between them and perform the steps below on each SEPM. You should do this process on all servers before re-enabling replication.

  1. Stop the Symantec Endpoint Protection Manager service and the Symantec Endpoint Protection Manager Webserver service. When these services are stopped, delete the client connection log file: <Symantec Endpoint Protection Manager install folder>\data\inbox\log\ersecreg.log.  Restart the services after the log file has been deleted.
  2. Wait 1 heartbeat period so clients can reconnect to the SEPM.  If your communication settings have a 30 minute heartbeat, then wait for at least 30 minutes. In the Symantec Endpoint Protection Manager, the heartbeat settings are under Clients > Policies > Communication settings.
  3. Run the SEPM Repair Tool located at the bottom of the page, using the instructions provided in ReadMe.txt.  The output file from the SEPM Repair Tool is the list of clients affected by the duplicate ID issue.  Save this file.
     

Step 2: Repair the clients

In the first steps below, you disable SMC password protection for the affected clients.  If you do not have SMC password protection enabled, skip to step 4 of this section. 

  1. Using the output list from the SEPM Repair Tool, find the affected clients in Symantec Endpoint Protection Manager and move them to a new temporary group.
  2. In Clients > Policies > General Settings > Security Settings, disable SMC password protection.
  3. Wait for one heartbeat interval to make sure the policy is updated for each client.
  4. Copy RepairClonedImage.exe to the computer that runs Symantec Endpoint Protection Manager.
  5. Rename RepairClonedImage.exe to Setup.exe.
  6. In the Client Deployment Wizard, deploy the renamed tool to the affected computers, using the output file from the SEPM Repair Tool as the list of clients.

    If you do not wish to use the Client Deployment Wizard, you may use any software deployment method of your choice, or you can run the tool manually on the target computers.  If you do not use the Client Deployment Wizard, administrator rights will be required when running the tool

    By default, the RepairClonedImage tool will run silently, with no response to the user for success or failure. You may specify the -v Command line option to show notification on success or failure.
  7. After the tool has been deployed, the clients should show up as online in the SEPM console.

    If you moved the clients to a temporary group, you may now move all of the online clients from the temporary group back to their original group.
     

Step 3: Clean up the client view in Symantec Endpoint Protection Manager

Resetting the client IDs will result in invalid offline clients being left in the client view in Symantec Endpoint Protection Manager. This could affect licensing and reporting. There are two options for removing the clients:

  1. Let the clients time out according to the Symantec Endpoint Protection Manager site's aging criteria. This is 30 days by default.
  2. Manually delete the offline clients from the client view page.

 


Attachments

Repair Cloned Image
RepairClonedImage.zip (92 kBytes)
SEPM Repair
SEPMRepairTool.zip (11 kBytes)


Supplemental Materials

SourceETrack
Value2420387



Article URL http://www.symantec.com/docs/TECH163349


Terms of use for this information are found in Legal Notices