XEN Virtual Desktop Infrastructure desktop clients register multiple times in the Symantec Endpoint Protection Manager.

Article:TECH98268  |  Created: 2009-01-23  |  Updated: 2012-08-08  |  Article URL http://www.symantec.com/docs/TECH98268
Article Type
Technical Solution

Product(s)

Issue



XEN Virtual Desktop Infrastructure desktop clients register multiple times in the Symantec Endpoint Protection Manager.

Symptoms
You've installed the SEP client on a "base" client image and prepared the image for cloning, per Symantec instructions:


Deleted HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID

Deleted HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\SySoftk

Deleted C:\Program Files\Common Files\Symantec Shared\HWID\sephwid.xml

When a client is spawned, it is spawned from a base image. All of the settings on the client appear to be stored in a user profile of some sort which is "overlayed" on the base image after it is deployed. Deployment of the client seems to happen every time a client is turned off or restarted. The issue seems to be a bit of a Catch-22. If the SEP HardwareID items don't exist on the base image and a client is deployed, SEP will generate new HardwareID values. If the HardwareID items do exist, SEP will not. In the first case, SEP seems to generate new HardwareID values for every deployment, and the client appears multiple times in the SEPM. In the second case, SEP doesn't generate new HardwareID values, and the client only appears once in the SEPM. It appears that the values, if they are even stored in the "profile" at all, are not being "overlayed" on the deployed client until after the OS and SEP services have already started.

It should be noted that the deployed clients retain the same MAC address for each user, among other unique values. However, this doesn't seem to be enough, or the values are restored to the image too late, to keep the client from behaving in an undesirable way.


Cause



The problem arises because of the vDisk mode (virtual disk mode) that is used by default in provisioned desktops. Clients provisioned with "Standard Image Mode" are starting from the same base image after every shutdown or reboot—all changes made in between to that disk are lost. This may not be the best mode for a managed SEP client; not only is the SEPM registration lost, but definition and policy updates are lost as well.


Solution



See the Symantec support article below:
How to prepare SEP clients on virtual disks for use with Citrix Provisioning Server

http://www.symantec.com/docs/TECH123419


References:


Preparing a Symantec Endpoint Protection Release Update 5 Client for Image redistribution

http://www.symantec.com/docs/TECH96808

How to prepare a Symantec Endpoint Protection 12.1 client for cloning

http://www.symantec.com/docs/HOWTO54706



Legacy ID



2009122314202048


Article URL http://www.symantec.com/docs/TECH98268


Terms of use for this information are found in Legal Notices