Hope someone has seen this...

A host system logs into the network whether in office or remote/VPN.  The host is assigned an IP Address (for example 10.10.100.101) via DHCP.  Once the host goes offline, through policy the IP Address is released back into the pool.  In SEPM, I can see the offline host with the IP Address associated to it.  A new host comes online and is assigned the IP Address that the previous host had (in this case 10.10.100.101).  In SEPM I now see the new host with the IP Address and the previous host is no longer listed in SEPM.

The biggest issue with this scenario is that it throws off my compliance count.  Has anyone experience this?

Is there a best practice or recommendation from Symantec on IP Address assignment from DHCP?

Thank you,

Not that I've seen. SEP just reads what IP the client has and reports back to the SEPM that info.

Doesn't the old still show up by hostname?

Again, only if the IP has not been reassigned.  Once the IP has been reassigned the old hostname does not appear until it gets a new IP..

...and what's the exact SEPM version and version of the clients?

By any change are these machines are part of cloned imanges which is affected by duplicate hardware id ? and are clients reporting in user more or computer mode ? what the no of days that you have set for "delete clients that have not connected for specified time" ? 

this is because of duplicate hardware ID, at any point of time only one machine will be online.

follow this document

Repair duplicate IDs on cloned Endpoint Protection 12.1 clients
 

https://support.symantec.com/en_US/article.TECH163349.html

Hi,

There is not any best practice or recommendation except SEPM should have static IP address. Clients can have either static or dynamic.

I can relate it to DHCP configuration. Ideally client should retain IP address for sometime though it goes offline.

Do you see any duplicate IP addresses in the SEPM console?