Endpoint Encryption

The issue I have is with the Computers in this container - Symantec Endpoint Encryption Users and Computers - Symantec Endpoint Encryption Managed Computers - Deleted Computers -

I have Active Directory Synch enabled - The machines in this Container - are not filtering out of the console as advised by Symantec Support

--- The PCs in question were removed from AD or they had the client software re-installed - SO only in the Encryption Manager does this show two entries - 1 a fully working device in the normal AD Computers OU - and the non-working one in the Deleted Computers container.

Symantec Engineer - You can remove the machines from deleted objects by going to 

SEE Configuration Manager > click on Directory Sync Service Status tab > click Stop button under Active Directory > click Rebuild Table button > click Start button > open services.msc > restart SEE Active Directory service > wait for 24 hours >

While it does remove the PCs removed from Active Directory that are not dupolicates as mentioned above  - the duplicated devices remain -

I need to remove those Devices from the Management DB -

Has anyone had an issue like that before?

So to clarify, you started with multiple entries for some systems?  

For example, say there are two entries for ComputerA and only one entry for ComputerB.  You then delete the computers from AD, and the following happens:
ComputerA moves one entry to Deleted, and the other remains in the normal AD Computers spot in the SEE Management Console.
ComputerB moves properly to Deleted.

Is that scenario accurate?  If so, was ComputerA at some point reimaged, or was SEE decrypted and uninstalled, then reinstalled/re-encrypted?  If that is the case, it would have two entries in the database, as the UUID generated for each installation/encryption would be different, even though the system is the same name.  It would not link those two entries together.  You would need to manually remove the old entry from the management console.

Mike that would be correct - here is the example

Symantec Endpoint Encryption Management Agent - SEE MGMT

Symantec Endpoint Encryption Drive Encryption - SEE DE

We only use AD synch -

PC in question - TRAIN1 - installed the MGMT Agent of SEE ver 11 - rebooted - never completed the install of SEE DE.

Client Service Tech - goes to device TRAIN1 - removes old MGMT Agent - reboots system - reinstalls SEE MGMT and SEE DE - reboots system -

PC now shows up in Deleted Computers and in AD Computers - same Name - one working and fully set up and synching hourly the other last check in was the day the old MGMT was removed.

Downside there is no removal of the computers listed in Deleted Computers on SEE ver 11 MP3 - for the managment console  --

Right click on DELETED COMPUTERS - REFRESH - VIEW - NEW WINDOW - HELP

Right click on the computer in that group in question - choices - RESTORE - REFRESH - HELP -

I have tried to Restore them all from the GROUP and individually - they leave  but show back up within a day.

Also - I do not see an UUID in the console for the devices in Deleted Computers - so going after them manually in the DB is problematic at best.

So just to be clear - in the original post -

The Symantec Fix works for any computer that is removed from Active Directory - however it is not a 100% effective if the client software was removed and re-installed or the PC name has to be preserved or re-used.

Greetings InfoSecHealthCare,

Thank you for giving us the oppurtunity to assit you. Looking at the description, and the explaination, we would need to manually delete these machines from the SQL DB, if you do provide me with some contact details, i would be able to contact you and provide you with this.

However if you have a valid suport entitlement we as Tech Support would be able to provide you that officially

Do let me know, your views.

Thanks