Endpoint Protection

 View Only
  • 1.  Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 07, 2012 10:29 AM

    I'm pulling some reports in SEPM 11 and while doing so I've realized that there are multiple entries within SEP for the same machine name.  Has anyone else experienced this?  If so, do you know why this happens?  And how to resolve it?

     

    Thanks,

    Mike



  • 2.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 07, 2012 10:31 AM

    hi,

    are you using image OS ?

    Duplicate SEP clients appear in the Symantec Endpoint Protection Manager console

    http://www.symantec.com/connect/articles/duplicate-sep-clients-appear-symantec-endpoint-protection-manager-console



  • 3.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Broadcom Employee
    Posted Sep 07, 2012 11:54 AM

    Hi,

    There are few duplicate entries related issues are fixed in recent SEP version. Could you pleaes confirm SEPM version?

    Risk event compression causes duplicate entries in Symantec Endpoint Protection Manager external logging
    Fix ID: 1917948
    Symptom: Compressed alert logs are sent out again following 'Summarized data'.
    Solution: Compressed alert logs are filtered. Only the summary alert will be sent out.
     
    Multiple event reinsertions to Symantec Endpoint Protection Manager database
    Fix ID: 1907365
    Symptom: A client may forward the same local events (scans, virus detections, definition updates, etc.) to the Symantec Endpoint Protection Manager server again, resulting in two or more copies of the same event in the database. These events have the exact same date/time as the original events, but because they are forwarded at a different time, the Database Insert timestamp is different. These duplicate events skew the presentation of logs and reports in the Console, and may cause unnecessary alerts and notifications.
    Solution: Resolved the internal bookkeeping errors that caused clients to forward the same events to Symantec Endpoint Protection Manager repeatedly.
     

    Symantec Endpoint Protection Manager sends old entries to external log server
    Fix ID:
    2392317/2366479
    Symptom: The Symantec Endpoint Protection Manager sends old entries to external log server. This results in duplicate log entries on the external log server.
    Solution: Symantec Endpoint Protection Manager now properly tracks when logs are sent to the external log server to resolve this issue.

    Reference: http://www.symantec.com/business/support/index?page=content&id=TECH103087&key=54619
     
     

     



  • 4.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 07, 2012 12:12 PM

    Another possibility: if you're using User Mode rather than Computer Mode for your clients (common for Active Directory integration), then if several users use the same computer, that hostname will appear more than once.

    sandra



  • 5.  RE: Why do I have multiple instances of the same hostname in SEPM 11?
    Best Answer

    Posted Sep 09, 2012 08:56 AM

    I agree with Ashish. This issue is occuring because of symantec installation running through Image Disk.

    You can delete the same extra entry and for the feature use the image disk but remove the H/W entry before making the IMAGE Disk

    Use the below step

    Click on Start button -> Run -> Smc  –stop     Than Press Enter

    Enter the Password (*****) to stop the Service

    Go to Below Registry path and delete the entry of HardwareID
    Path - HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID.

    Delete the “sephwid.xml” file from below path

    Path - C:\Program Files\Common Files\Symantec Shared\HWID

    NOTE: The registry value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\SySoftk may also need to be deleted if present.

    Once the image is applied to a new system, the client will generate a unique id value, check in with its SEPM and register. During the registration process the SEPM will register all necessary client information into the database.

    This value will regenerate automatically when the next time client loads.

     

     



  • 6.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 20, 2012 12:18 PM

    Hi SEP_FMI,

    Any update on this ?

    If you have received solution please don't forgot mark as solution please comments help you.



  • 7.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 22, 2012 11:27 AM

    What verson of 11.x are you running?



  • 8.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 24, 2012 05:14 PM

    Hi Boss- Your issue has resolve or still pending?



  • 9.  RE: Why do I have multiple instances of the same hostname in SEPM 11?

    Posted Sep 25, 2012 04:42 AM

    Just a quick note: on the latest releases of SEP 12.1 (SEP 12.1 RU1 and above) there are several enhancements that really deal well with multiple Hardware ID's (the cause of duplicate entries in the SEPM).  If you are in the position to upgrade to SEP 12.1, I recommend it!

    Duplicate client entries showing in the SEPM console after cloning an endpoint
    Fix ID: 2436935
    Symptom: After cloning an endpoint, each clone shows in SEPM with two entries. One entry shows the client as offline, and one is online.
    Solution: Resolved by changes to the client recognition logic. The "hardware ID" and "known client ID" values are now handled differently within SEPM to ensure that clients are correctly recognized by the Manager.
     

    How to repair duplicate IDs on cloned Symantec Endpoint Protection 12.1 clients
    http://www.symantec.com/business/support/index?page=content&id=TECH163349