FIX: Symantec Clients not reporting into the Symantec Manager console
Overview
There is an issue with the Symantec clients on
imaged PC’s not reporting status back to the Symantec Endpoint Protection manager console. These clients
are receiving signature and policy updates from the console, but the console does not recognize these clients as managed systems. The root cause is a conflict in the Symantec hardware ID’s (lack of uniqueness) on the imaged systems. In order to correct this, the hardware ID must be deleted in 2 locations, then reboot the PC, which forces Symantec to generate a new, unique hardware ID.
Prerequisites:
-
These instructions assume that the Symantec Client is installed. If not, please install the latest SEP client package
-
You must be a local administrator in order to make these changes
-
If performing these updates remotely, the PC must be powered on
The Symantec hardware id is located in 2 places on the PC:
-
C:\Program Files\Common Files\Symantec Shared\HWID\ sephwid.xml
-
Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
You must delete the sephwid.xml file, then clear the
value from the HardwareID registry key. After both references have been deleted, reboot the PC and the Symantec Client on the PC will generate a new, unique key. The sephwid.xml file can be deleted remotely and the registry key value can be cleared remotely, as shown below. If the user is not logged in, you may also reboot the PC remotely. These instructions assume that the updates will be performed remotely, but you may perform these updates while logged onto the PC, using Windows explorer and the regedit utility.
**You may perform these updates remotely while the user is logged on, as the changes will not affect the user experience or become active until the PC has been rebooted.