So it appears there is a chance that I have several duplicate HWID on my network.  What I am trying to find is an easy way to determine which machines are impacted.  And more importantly an easy way to follow up on these machines to make sure they are no longer using duplicate HWID.

I found a SQL Query that looks like it might work.  The only problem at the moment I am having is comprehending the query.  When I look at it I see the following fields: CURRENT_LOGIN_USER, IP Address, Machine Name, COMPUTER_ID, HARDWARE_KEY, Time Stamp

The Machine Name field, Computer ID, and Hardware Key fields are a bit confusing me.  Specifically the Machine name field.  I would expect no machine to show up more than once.  Instead I would expect alot of different machine names and some identifier(either the Computer ID or Hardware Key) matching among several machines.

Below is the SQL Query I am using:

DECLARE @TimeZoneDiff int   
SELECT @TimeZoneDiff = datediff(minute, getutcdate(), getdate())

SELECT UPPER([COMPUTER_NAME])
   , [COMPUTER_ID]
   , [HARDWARE_KEY]
   ,[CURRENT_LOGIN_USER]
   , dateadd(minute, @TimeZoneDiff, dateadd(second, [TIME_STAMP]/1000, '01/01/1970')) as [Time Stamp]
   ,[IP_ADDR1_TEXT]
FROM [V_SEM_COMPUTER]
WHERE [COMPUTER_NAME] in
   (
      SELECT [COMPUTER_NAME]
      FROM [V_SEM_COMPUTER]
      WHERE [DELETED] = 0
      GROUP BY [COMPUTER_NAME]
      HAVING COUNT([COMPUTER_NAME]) >1
   )
ORDER BY [COMPUTER_NAME]
   , [Time Stamp] DESC

here is the article

http://www.symantec.com/connect/articles/how-find-duplicated-hardware-ids-database

How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients

http://www.symantec.com/business/support/index?page=content&id=TECH163349

Thank you Rafeeq.  I think that first article answers what I was looking for.  I'm going to review it and if I have more questions I'll drop another post.

HTH , let us know how it goes :) Good day

So I'm continuing to dig into this problem and I'm finding more stuff I am confused about.  For instance, I looked at the sephwid.xml file on several of my problem machines and I see the following.  Can someone explain to me what the "HardwareID" and "OldHardwareID" mean?  The majority of the machines show the same "OldHardwareID".  I'm guessing the "OldHardwareID" is the original SEP Hardware ID ((the one that the Windows Image has) and the "HardwareID" is the SEP Hardware ID that machine has been changed too.  This would all make sense except for the one issue with how are these getting changed if I am not running the RepairClonedImage.exe or manually removing the sephwid.xml?

<?xml version='1.0' encoding='UTF-8' ?>
<HardwareKeyConfig Version="1">
<HardwareID ID="F8C41DD5C482CC20E49AC5E3772404FB" CreationTime="1410795283" LastUsedTime="1413744605"/>

<OldHardwareIDList>
<OldHardwareID ID="E2E02FBDDE7574787EAA12E26B702A72" CreationTime="1409128495" LastUsedTime="1409134168"/>
</OldHardwareIDList>

<SystemIDList>
<SystemID ID="051546742353" Type="4" LastReferenceCount="0" LastUsedTime="1413744605" CreationTime="1410795694"/>
<SystemID ID="30:59:B7:0C:17:4E" Type="2" LastReferenceCount="0" LastUsedTime="1413744605" CreationTime="1410795694"/>
<SystemID ID="S1F1NYAF515127" Type="1" LastReferenceCount="1" LastUsedTime="1413744604" CreationTime="1410795283"/>
<SystemID ID="fqdn:ABC123.efg.com" Type="5" LastReferenceCount="0" LastUsedTime="1413744605" CreationTime="1410795694"/>
<SystemID ID="hdvol:2229828695" Type="7" LastReferenceCount="0" LastUsedTime="1413744605" CreationTime="1410795283"/>
<SystemID ID="osversion:6.3.9600" Type="6" LastReferenceCount="0" LastUsedTime="1413744605" CreationTime="1409128495"/>
</SystemIDList>
</HardwareKeyConfig>

in the first instance it would create HWID it would not change that, it will keep referencing the same HwID, wehnever there a hardware change it might change the IDs but still be using the first one.may be in future release they will automate this process where SEPM can take the changes directly within the DB