Why do I have multiple instances of the same hostname in SEPM 11?
Created: 07 Sep 2012 | Updated: 26 Sep 2012 | 8 comments
This issue has been solved. See solution.
I'm pulling some reports in SEPM 11 and while doing so I've realized that there are multiple entries within SEP for the same machine name. Has anyone else experienced this? If so, do you know why this happens? And how to resolve it?
Thanks,
Mike
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
hi,
are you using image OS ?
Duplicate SEP clients appear in the Symantec Endpoint Protection Manager console
http://www.symantec.com/connect/articles/duplicate-sep-clients-appear-symantec-endpoint-protection-manager-console
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi,
There are few duplicate entries related issues are fixed in recent SEP version. Could you pleaes confirm SEPM version?
Symantec Endpoint Protection Manager sends old entries to external log server
Fix ID: 2392317/2366479
Symptom: The Symantec Endpoint Protection Manager sends old entries to external log server. This results in duplicate log entries on the external log server.
Solution: Symantec Endpoint Protection Manager now properly tracks when logs are sent to the external log server to resolve this issue.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Another possibility: if you're using User Mode rather than Computer Mode for your clients (common for Active Directory integration), then if several users use the same computer, that hostname will appear more than once.
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
I agree with Ashish. This issue is occuring because of symantec installation running through Image Disk.
You can delete the same extra entry and for the feature use the image disk but remove the H/W entry before making the IMAGE Disk
Use the below step
Click on Start button -> Run -> Smc –stop Than Press Enter
Enter the Password (*****) to stop the Service
Go to Below Registry path and delete the entry of “HardwareID”
Path - HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID.
Delete the “sephwid.xml” file from below path
Path - C:\Program Files\Common Files\Symantec Shared\HWID
NOTE: The registry value HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\SySoftk may also need to be deleted if present.
Once the image is applied to a new system, the client will generate a unique id value, check in with its SEPM and register. During the registration process the SEPM will register all necessary client information into the database.
This value will regenerate automatically when the next time client loads.
Hi SEP_FMI,
Any update on this ?
If you have received solution please don't forgot mark as solution please comments help you.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
What verson of 11.x are you running?
SEP Knowledge Base
Endpoint SWAT
Hi Boss- Your issue has resolve or still pending?
Just a quick note: on the latest releases of SEP 12.1 (SEP 12.1 RU1 and above) there are several enhancements that really deal well with multiple Hardware ID's (the cause of duplicate entries in the SEPM). If you are in the position to upgrade to SEP 12.1, I recommend it!
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.