Video Screencast Help

Hardware ID not generating

Created: 16 Aug 2013 | 6 comments

Hello all,

I've come across an issue where, I believe, the clients are not generating hardware IDs. I discovered this after trying to troubleshoot several machines that are not communicating with the SEPM. I directly looked at the data in the embedded database and exported the contents out to a worksheet. When I did anaylsis of each machine that are not communicating with the SEPM, all of these devices shared one thing in common, no hardware IDs.

Does anyone have any insight on this particular issue? I've tried following all knowledge articles about client-server communications (except the reinstalling method) and no luck.

Thank you in advance!

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

What's the exact version of SEP that you're running?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Are these clients imaged / cloned machines?

What OS are you running on the client machines?

What version of SEP are you trying to install on these machines?

Is there any proxy on the environment?

Did you try deploying the package by following the steps provided in the article below:

How to create a client install setting to remove previous logs, policies and reset the client-server communication settings.

http://www.symantec.com/docs/TECH93617

Could you please upload us the sylink.log from the client machines, which are not reporting to the SEPM?

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

You will have HD ID in DB only when they communicate and get registered.

on client which is not communicating enable loggin and post the sylink log here

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

http://www.symantec.com/docs/TECH104758

 

ObfuscationOfYes's picture

Are these clients imaged / cloned machines? We pushed out installation package using SCCM, and I have already address issues with duplicate hardware IDs by running the tool to identify/remove them.

What OS are you running on the client machines? We are running Win7 Ent x64

What version of SEP are you trying to install on these machines? 12.1.2015.2015 already installed and aware of upgrade environment, but it will take some time to upgrade mothership/clients

Is there any proxy on the environment? No proxy

How to create a client install setting to remove previous logs, policies and reset the client-server communication settings. Clarification, does this require us to run a fresh install or will it just remove the communication settings?

Will upload the sylink.log soon.

ObfuscationOfYes's picture

I did not post all of the data from the sylink.log for security purposes. I filtered by what SEP was constantly logging with same data. It is odd to find that I see a HwdID, but I don't see it in the database. And I just noticed the "400 Bad Request" error.

AttachmentSize
sylink_log.pdf 108.64 KB
Mithun Sanghavi's picture

Hello,

You are correct, we see the following errors in the logs - 

08/16 08:10:43.379 [9064] <SendRegistrationRequest:>SMS return=400
08/16 08:10:43.379 [9064] <ParseHTTPStatusCode:>400=>400 Bad Request
08/16 08:10:43.379 [9064] <SendRegistrationRequest:>ERR to query content length
08/16 08:10:43.379 [9064] <SendRegistrationRequest:>Content Lenght => 
08/16 08:10:43.379 [9064] HTTP returns status code=400
08/16 08:10:43.379 [9064] <SendRegistrationRequest:>RECEIVE STAGE COMPLETED
 
In your case, do you have any replication set with another SEPM?
 
Do you have any Firewall which has been set?
 
Could you try providing full permission to Everyone and Authenticated Users for ...\Program Files\Symantec Endpoint Protection Manager directory and then Replacing the sylink file on all client machines following the steps below:

How to deploy/update communication settings from your SEPM to your SEP clients machines with SEP 12.1 RU2

 
Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.