Endpoint Protection

I have imported active directory into my manager and right now the sync is set for 3 hours.

The issue I am having is when a client computer is reimaged (ghost imaged) and the computer name is recycled (NOT deleted from Active Directory then recreated) the AD computer account is reset then the system is rejoined to Active directory. Endpoint will not see the active system the computer account stays faded as not connect. I can not delete the account in Endpoint the option is not available I just need endpoint to recognize the system as active.  An anomaly when I log into the system (the computer that has been reimaged) Endpoint shows my user account as running in user mode. All clients are installed as computer mode.

I need to have the ability to rejoin systems in active directory with out messing up Endpoint. I have a large environment that I had to setup the Endpoint protection manager with Microsoft SQL server. Active directory sync is a requirement for our network. 

Any advice in this manner the keeps the setup in Active directory integrated will be of great assistance.

Thank You

Tony
Systems Administrator.

Hi,

Did you try deleting the following registry value:

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID.

NOTE: The registry key HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\SySoftk may also need to be deleted if present.


If you have installed RU5 client on that machine, then you can use the following steps:

RU5 has a new design.

With this new design, the Hardware Key is now stored in %programfiles%\Common Files\Symantec Shared\HWID\sephwid.xml. 

a. Move, rename, or remove the Hardware Key config XML file found in the Symantec common area.
b. Remove the “HardwareID” registry value located in HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink\
c. Restart the client.. New Hardware Key information will be generated in this case.


Please check the following KB articles as well:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d84071c5137d6d318825738a00663b8d?OpenDocument

http://seer.entsupport.symantec.com/docs/330709.htm

http://seer.entsupport.symantec.com/docs/330710.htm

Cheers,
Aniket

I have the same issue. Have you managed with it or there is any a workaround ?. Look below, I have strange account "ntadmin" and I couldn't delete it.



BR
Radek

If you have intergrated your AD ; you will not beable to move or delete the client from the list. Can you please check if you actually have one such user/computer in AD structure... If you still want to delete the client ot user, you can probably run a query...

delete from SEM_CLIENT where compter_name='name_of_client' AND deleted='1'

Note: Please run a select query before you actually delete, just to make sure you delete the stale entry.

Try by running following url in the browser of SEPM
http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=CleanClients
This will delete duplicate cloents from your database.
ref:Beware, AD users. There's

refer this doc also
Duplicate hardware ID results in only one client showing up in the Endpoint Protection Manager for two systems