Video Screencast Help

Users and Computers not accurate

Created: 20 Sep 2012 • Updated: 21 Sep 2012 | 9 comments

Symantec Endpoint Encryption Users and Computers does not accurately relfect my Domain Users and Computers.  Is there a way to force a refresh or a setting to check?

Comments 9 CommentsJump to latest comment

kodehunt's picture

That article is a bit different than what I'm experiencing.  I do see almost all of my machines is the SEE Users and Computers.  My issue is it's not entirely accurate when comparing to my Domain Users and Computers. I'm not sure if something is broke or I just need to refresh somehow.  I have hit the refresh button but that did not work.

Ashish-Sharma's picture


Check this two comments.

Jeremy Dundon Symantec Employee Accredited

 With AD sync computers will not show up under SEE Managed computers at all if they exist in AD.

SEE Managed Computers is only for computers that are not in your Active Directory Domain.

Vaibhav Tiwari

 A domain client machine will not appear in SEE Manager --- here the workgroup machines will come up -- let me know if this answers your question

Thanks In Advance

Ashish Sharma

kodehunt's picture

I guess I'm not explianing this well.  SEE Manager does show my Active Directory computers.  But, for example I changed the name of a machine and that name change is not reflected in SEE Manager.  All the other computers are there but that name change is not coming through.  Then I noticed some old computers that I deleted out of AD are still showing in SEE Manager.  Somehow it shows some changes but not others and I'm not sure why.

SMLatCST's picture

It sounds as if the AD Sync table within the SEEMSDb has become a little confused.  Have you tried running the "SEEMS Configuration Manager"  and clicking the "Rebuild Table" button for the AD section under the "Directory Sync Service Status" tab?

You can also take the opportunity to determine if the service is running correctly and when it last sync'ed.

kodehunt's picture

Thanks for pointing me to where I needed to fo.  When I went to the Directory Sync Services Status tab it showed running but had a sync date of 8/17/2012.  I went ahead and restarted the services successfully and then rebuilt the table.  The message said it would take a few minutes, I gave it a few hours but still no change in the sync date and incorrect SEE Users and Computers.  I then went to the Directory Sync Services Configuration tab and double checked the sync settings and retyped the account password.  It reported that I had successfully saved the changes.  I tried typing an incorrect password and got a failure message so then went back to the correct password getting a success message feeling like the domain info is correct.  I then went back to the Directory Sync Services Status tab, restarted the service successfully, rebuilt table, waited quite a while still old date and incorrect SEE Users and Computers.  Any additional thoughts?  One other note.  I moved this server in early August from a physical server to a virtual server (of a new name and IP address) by installing new and moving the database.  Perhaps somewhere in the move is the issue.  Thanks again for your help.

SMLatCST's picture

I've seen this happen before, and it seems to be a bit hit and miss sometimes, but I'd suggest the below:

Can you advise under what credentials the "AD Sync Service" is running under (usually the SYSTEM account)?  I have encountered problems whereby this service sometimes has problems masquerading as the account you give it via the "SEE Configuration Manager".

When I hit this issue, the only way round it was to open up services.msc, locate the "AD Sync Service" and change it to run as the service account you gave it in the "SEE Configuration Manager".  That is to say, double-click the service, click on the "Log on" tab, switch it to the "This account" radio button, and enter in the credentials for syncing with AD.  Restart the service again afterwards and give it a go.

As always, it's appreciated if you could mark any posts you find useful with a "Thumbs Up" or as the Solution wink

kodehunt's picture

Changing the service account definately helped.  The sync date did update to today.  Unfortunately the SEE Users and Computers are still incorrect.  I rebooted and rebuilt the table several times.  Any other thoughts?

SMLatCST's picture

The last thing I believe would be worth a try is to disable the AD Sync (from the "Directory Sync Services Configuration" tab in the SEE Configuration Manager).

What this does is clear out the sync'ed directory structure from the DB, after which you can try re-enabling it.  I'd recommend taking a backup of the DB beforehand!