Over the past several weeks I have been working with Altiris support on a number of issues that has arisen within our infrastructure surrounding the duplication of data for various resources.
There has been a consistent issue with duplication of data across the Altiris infrastructure which can cause a number of issues in relation to data resolution within Altiris especially when reporting against this data.
There are several known instances where data can be duplicated and can cause data mismatches and reporting to become incorrect as well as cause reconciliation efforts to fail. The presence of this data can have severe impacts on internal and external processing when using other solutions such as the Connector Solution.
The duplication of data can be across two different solutions in Altiris, the Inventory Solution and the Asset Management Solution or internally to each solution. Because data for these is gathered separately, but related using internal processes (Asset to Inventory Sync), it is necessary to understand how the data between the two solutions is gathered, applied and referenced by a single asset resource.
The purpose of this article is to help outline where these instances occur, provide background on how they occur and provide some remediation efforts to help resolve these instances.
In our environment we have several client-facing Notification Servers which we forward data up to 2 reporting Notificatin Servers. The issues discussed below may or may not exist in your environment depending on your internal business processes and infrastructure design. Some of these are process related and some are product related.
A following scenarios in which data can be duplicated and will discussed are as follows:
- Duplicate Computer Names
- With Name With Same Domain Suffix
- With Name With Different Domain Suffix
- Duplicate Serial Numbers
- More than one computer reporting the same serial number through Inventory
- More than one record for a computer with the same serial number in Asset
- More than one computer reporting the same serial number in Asset but does not match the correct serial number in Inventory
Duplicate Data Instances
Duplicate Computer Names (Same FQDN)
Cause - Duplicate computer names can be caused when the Altiris Agent is reinstalled on a device or the device is reimaged and given the same computer name that was previously assigned. This causes a new record to be created in the database with the same computer name as the previous record. This will create identical records within the Inventory Solution when the inventory data is received. This can occur on a single NS or across different NSs if the Altiris Agent is parented differently than the original computer. This can also occur at the top level reporting servers as well.
Resolution 1 - There is a built-in report in Altiris that will list all the computers that have the same name as another computer. Once run, it provides the ability to merge the records using the computer with the more recent information as the primary resource.
Resolution 2 - There is a related SQL script that is can be scheduled to run on a daily basis which performs the same functions as the manual report.
Resolution 3 - Clean up duplicate computers across the lower level NSs before forwarding occurs. This will alleviate any duplicates at the top level occurring with different GUIDs.
Resolution 4 - Implement a process for re-parenting computers and enable the old computer account to be removed immediately when re-parenting. Currently this is a manual effort and must require delete privledges on the NS to remove the old computer record.
Duplicate Computer Names (Different FQDN)
Cause - Duplicate computer names can be caused when the Altiris Agent is reinstalled on a device or the device is reimaged and given the same computer name that was previously assigned.
Normally the computer name will have the same name and domain. However, if the computer had been migrated or created from one domain to another, migrated from a workgroup to a domain, or migrated from a domain to a workgroup, a duplicate will occur when using the FQDN.
Altiris utilizes the computer name and domain name (computername.domain) as the name of the asset. This is seen as a duplicate record when writing reports through the use of just the computer name. This causes a new record to be created in the database with the same computer name as the previous record. This will create identical records within the Inventory Solution when the inventory data is received. This can occur on a single NS or across different NSs if the Altiris Agent is parented differently than the original computer. This can also occur at the top level reporting servers as well.
Resolution - There is script provided by Altiris that will list all the computers that have the same name as another computer regardless of the domain. This report will merge the duplicate computer names using the computer with the more recent date as the primary resource. This is provided without official Altiris support since it using an undefined method to identify an asset.
Duplicate Serial Numbers Reported Through Inventory
Cause - There are instances in the environment where the Inventory information collected from several similar assets will result in the same serial number being gathered. The root cause of this is currently unknown but can be duplicated in a production environment. Tests have shown that removing the file produced by the serial number scan process (snplus.nsi) and letting it create it again will result in the serial number being recaptured. Comparing this to other assets the serial number is again the same.
Resolution - Currently there is no resolution to this issue and it will require a deeper dive into how the serial number is being recorded and what information is being gathered during this process to produce the same serial number. There are instances where a WMI query will result in the same information being gathered through the inventory methods. Altiris provides a method to retain all the data returned by the SNPlus scan which can help in troubleshooting these instances. There are other known instances where hardware was replaced and the serial number information was not updated properly. Also, BIOS corruption has been known to also cause this to occur.
Duplicate Serial Numbers Reported Through Asset
Cause - There are instances in the environment where the Asset information collected from different assets has resulted in the same serial number being recorded. This can occur if a computer is built, reports inventory and is synched with the asset solution and the serial number is recorded. The same computer is rebuilt, sends inventory information and records the same serial number is Asset. Because it has a different computer name the other merge script will not affect these assets.
Resolution - There is a built in script that will report on all duplicates serial numbers reported in Asset and allow them to be merged based upon the asset with the newest recorded time/date stamp. This report looks ONLY at the serial number of the asset. Because of the issue stated previously, you may be merging unique assets that happen to be reporting the same serial number because of some other issue!
Duplicate Serial Numbers Reported Through Asset With Different Serial Numbers Reported From Inventory
Cause - There are instances in the environment where the serial number from the Inventory Solution does not match the serial number in the Asset solution. This can be caused by a series of events for computers reporting inventory, synchronizing with Asset and then being replaced by a secondary computer with the same name and therefore reporting different serial numbers between Inventory and Asset.
Once the Inventory to Asset Sync has taken place and information already exists within the Asset tables, even if the information changes from what Inventory reports, this data is never updated within the Asset Solution.
Resolution 1 - Altiris recommends a process change to remove old computer accounts before rebuilding the computer with the same name. They also recommend removing the old computer accounts before re-parenting the assets. Altiris views the Asset data as a trusted source of information and prohibits this information from being automatically updated by an internal process. However, this data can be adjusted using Connector Solution, SQL scripts or manually updating the asset record.
Resolution 2 - Although Altiris recommends that Asset data is a source of truth and that asset data should not be manipulated once configured by any other external source other than an asset process we can implement a SQL script that will overwrite the Asset data with information from Inventory if the data does not match.
Duplication of Data... AKA Bad juju. - Index of Articles
Data Remediation Part I: Duplicate Computer Names with Same Domain