Hardware change causes a RE-REGISTRATION which generates MULTIPLE entries for SEP clients in the SEPM Database
Updated: 05 Oct 2009 | 12 comments
Hardware change causes a RE-REGISTRATION which generates MULTIPLE entries for SEP clients in the SEPM Database
It found after groups synchronized with Active Directory, that multiple entries are found in the clients tab for added OUs.
This causes:
Communication Issues: SEP client will show the green dot for a few seconds and then it disappears. IIS shows 200's and sylink/secars logs show error 500 with an invalid group id.
Reporting Issues: Security Status Details on the Home page showing Attention Needed OR Duplicate clients appear in the Symantec Endpoint Protection Manager.
This issue is found both in deployments with:
1. USER MODE
2. COMPUTER MODE
This issue is resolved with SEP 11 RU5. However, incase if you are still working on MR4 or any version below the samethe following URL mentioned in the “Symantec Endpoint Protection README.TXT Date: August 2009 “ should help
To fix the issue, enter the following URL in a browser on the computer running Symantec Endpoint Protection Manager:
Entering the URL runs a program that deletes all duplicate clients from the Default group and sets the hardware keys of the clients in the OU group to NULL so they automatically re-register to their former Active Directory groups.
Hardware change causes a “RE-REGISTRATION” which is the root cause of this issue to occur.
Lets look at WHAT IS A HARDWARE CHANGE ?
Change or addition of Hardwarwe like RAM, HDD, NIC, etc., Change in Enabled NIC’s MAC-addresses OR any related configuration, switching between wireless/wired connection on the system, connection mode changed to VPN, docking/undocking of the System
All the above mentioned Hardware change triggers a “RE-REGISTRATION” of clients in SEPM. This is commonly seen where laptop client computers are in groups synchronized with Active Directory
Reference:
Symantec Endpoint Protection README.TXT Date: August 2009
Thanks :-)
article Filed Under:
Comments
Good to know..
Good to know..
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Is this issue going to impact
Is this issue going to impact any clients that do not sync with AD?
Good one....... I have one
Good one.......
I have one question.. Is it possible to get duplicate client logs....
Regards,
Srinivas H.P.
HCL Infosystems Ltd
Is this issue going to impact any clients that do not sync with
Just checked these question as was on leave and away...
Is this issue going to impact any clients that do not sync with AD?
Yes this issue migh occur with clients that do not sync with AD
Is it possible to get duplicate client logs....
Yes this does affect client logs and reporting
Thanks :-)
Kedar Mohile http://kedarmohile.blogspot.com
Awesome. We could have used
Awesome. We could have used this a few months ago.
Is there somewhere that lists what servlets are available to us and what they do?
update available?
Has there been any progress made on this issue with clients that do not sync with Active Directory?
I've had this issue occur with MR4 and RU5.
good information
good information
I tried it shows below
I tried it shows below message
<?xml version="1.0" encoding="UTF-8" ?>
No fix on RU5
We also run RU5 and that does not seem to fix the problems for us. we get hte same results as netsaran.
Netsaran, AFAIK there is no easy way to find duplicates from the SEP console. Either search for a computer name that you suspect is duplicated or increase your display filter to show 500+ clients on a page, sort by name and manually scroll down.
Alternatively, use Excel 2007 or above to do a data connection to your SEPM database and pull out the info from the SEM_COMPUTER view, then use conditional formatting to highlight duplicate values.
If your SQL is any good or you have access to a DBA, maybe you can do it directly in the DB.
This will extract all computer names for you, but you still need to manually find trhe duplicates.
Best I can do for you.
Will this work
WIll this work on Ru6 mp3?
ThaveshinP, do you mean the
ThaveshinP, do you mean the SQL query?
Yes, that will still work. To me it didn't llok like the DB schema updated. To understand what is stored in the DB and which fields to work with, have a look at the database schema reference manual available from http://www.symantec.com/docs/DOC2411.
Have a look here too: http://www.symantec.com/docs/TECH102544.
Will test and let you know
Will test and let you know
Would you like to reply?
Login or Register to post your comment.