Client Reporting Issue in SEP V12.1
I am having a major dilema with SEP V12.1 clients properly reporting to the SEPM V12.1 server after they are upgraded to Windows 7, 64-Bit OS. Our organization upgrades client PCs with pre-configured disk images. I had a problem similar to this when we deployed the disk image for Vista with SEP 11x in that all of the deployed image had the same SEPHWID. Several wonderful people who review and read this forum provided me with a solution on how to remove the SEPHWID from the image before it is deployed so that when it is deployed it will check in and get a unique HWID from SEPM. This worked great and I thank you.
Well now we are deploying Windows 7, 64-Bit OS on a pre-configured disk image. Similar issues were occurring, in that the clients all had the same HWID. I thought that I could just followed the steps that I received for fixing the SEP V11 clients, however the SEPHWID.xml file is not stored in the same location that it was stored in under Vista 32-Bit OS. With SEP V11 on Vista/32, SEPHWID.xml was stored under C:\Program Files\Common Files\Symantec Shared\HWID, but when I looked at this location on Windows 7/64 (actually it is in Program Files (x86), that folder was empty. After much searching, I found the location of the sephwid.xml under C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData. So on my pre-configured image, I removed the sephwid.xml file and removed the Hardware ID data value from the Hardware ID data item in the registry located at HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\Sylink. Then I syspreped my image for deployment. When the image is deployed, I did check a few of the clients and they all had different HWID's, but on some I had to remove the file and the value from the registry and then stop and restart the SMC service to fix it. But this doesn't always work either.
Well I thought that everything was working and for many of the deployed clients it is working OK. But I have approximately 22 recently deployed clients that initially report to the server and show the small computer icon with the green dot meaning that it is actively reporting and up to date, then a few minutes later it will how as offline and the Antvirus Status disabled. I checked each one of these clients and they all have different HWID's. So I contact the client to let me log onto their machine so I can check the configuration and when I log on with my Admin account, the status of the client goes back to being online and active and everything looks OK. Then sometimes another strange thing is occurring in that the name of the logged on user is not the correct user for that specific machine. For example, machine Sue_PC is assigned to user Sue Jones, but the client list show that George Smith is the logged on user but George Smith's machine is George_PC.
At this time the ONLY way I know to how to fix this is to log onto the client machine and go into Programs/Features and uninstall the SEP client. However when I do this, halfway through the uninstall it pops up a box stating that it can't find the Sep64.msi. When this appears I browse to my network drive to the location where I initially downloaded the program to do the initial deployment. Then the uninstall continues and I restart the PC. Once the PC is restarted, I go into SEPM Home and choose the option to Install protection client to computers. I say I want to do a New Package Deployment, set my install features, select Remote Push, map to the machine and push the package to the client. Once it installs, the client then reports to the SEPM correctly and doesn't loose its settings.
Sorry for the long explanation, but I wanted to outline what was happeing and what I have tried to resolve this issue. Having said all of that, is there something I am doing wrong to remove the IDs on the pre-configured image so that the client reports properly when the image is deployed? And when the client does not report properly, is there quicker way to fix the problem without having to remove and reinstall the client?
Thanks you very much in advance for any help anyone can provide.