Endpoint Protection

 View Only

  • 1.  Cloning Windows 10 with SEP 14

    Posted Oct 25, 2017 05:45 PM

    Hi There,

     

    I have recently cloned a machine using sysprep with windows 10 OS, customized application and SEP 14 running. I followed the exact process as mention in article "How to prepare a Endpoint Protection client for cloning".

    After that I deployed that customized image on one of our test machine - It worked normally and was having all the customized application installed including SEP 14.

    Just wanted to know, how can check/verify whether the SEP is correct installed or not. What are the things I should look for so that I can identfy if it is creating duplicate IDs or not.

     

    Thanks in advance.

     

    Cheers,

    Inder Jhita

     



  • 2.  RE: Cloning Windows 10 with SEP 14

    Posted Oct 25, 2017 06:01 PM

    Basically, if you see it multiple times in the console it can be an indication.

    With SEP 14 MP1 this can be fixed autmatically, see here:

    http://www.symantec.com/docs/TECH163349



  • 3.  RE: Cloning Windows 10 with SEP 14

    Posted Oct 25, 2017 06:17 PM

    Hi Brian,

     

    Thanks for your reply.

    The article says that "the duplicate hardware ID (HWID) detection mechanism in SEP 14 MP1 and newer is enabled by adding "scm.duplicatedhwkey.fix.enabled=true" to conf.properties at the SEPM" 

    Is this mechanism enabled by default or do we have to enable it? If not, then where can I find conf.properties in the SEPM to enable it?

    Cheers,

    Inder

     



  • 4.  RE: Cloning Windows 10 with SEP 14

    Posted Oct 25, 2017 06:33 PM

    Needs to be enabled manually.

    conf.properties is located in \Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc



  • 5.  RE: Cloning Windows 10 with SEP 14

    Posted Dec 07, 2017 12:00 PM

    I have this enabled but still have duplicates.  I verified the three keys have been added and have waited over 5 days ... no joy ... any ideas?  I am running 14.0 RU1.

     



  • 6.  RE: Cloning Windows 10 with SEP 14

    Posted Dec 07, 2017 02:51 PM

    the new SEPM 14 with option enabled can fix existing duplicate HWID issues by having SEP clients re-generate its HWID, but I believe you will still need to delete the old entry.

    Also, the true fix is to fix the Master Clone Image by running the RepairCloneImage.zip to delete the SEP HWID right before capturing the image, or else it will keep creating duplicates.



  • 7.  RE: Cloning Windows 10 with SEP 14

    Posted Dec 07, 2017 03:13 PM

    I thought the purpose of the three entries was to prevent the need to run the repaircloneimage each time.  I do have the option enabled ...

    scm.duplicatedhwkey.fix.enabled=true
    scm.duplicatedhwkey.fix.client.csnreset.count=3
    scm.duplicatedhwkey.fix.client.csnreset.time.range=43200000 (=12hours)

    https://support.symantec.com/en_US/article.TECH163349.html

    SEP manager and clients version 14 MP1 and newer can automatically correct duplicate IDs using optional conf.properties parameters:

    Steps to add an appropriate line in conf.properties file.

    1. Stop the SEPM service.
    2. Go to this location:
    "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc"
    3. Edit the file "conf.properties".
    4. Add these lines to the file:
    scm.duplicatedhwkey.fix.enabled=True
    scm.duplicatedhwkey.fix.client.csnreset.count=3
    scm.duplicatedhwkey.fix.client.csnreset.time.range=86400000
    5. Close and save the conf.properties file
    6. Start the SEPM service.

    Explanation: 

    The duplicate hardware ID (HWID) detection mechanism in SEP 14 MP1 and newer is enabled by adding "scm.duplicatedhwkey.fix.enabled=true" to conf.properties at the SEPM. The defaults are count=3 and range=86400000 (24 hours in milliseconds) -- i.e. if a SEPM response code 468 is triggered 3 times within 24 hours for a specific client, then that client would be considered a duplicate and would be sent a 470 response code. Upon receiving a 470 response code, the client (if version 14 MP1 and newer) would automatically re-generate its ID before re-attempting registration with the SEPM.

    In older versions of SEP there are three high-level steps to repair duplicate client IDs (the steps below are unnecessary in SEP 14 MP1 and newer, as described above):

    1. Identify the clients
    2. Repair the clients
    3. Clean up the client view in Symantec Endpoint Protection Manager


  • 8.  RE: Cloning Windows 10 with SEP 14

    Posted Dec 07, 2017 04:15 PM

    yes, it prevents need to run the RepairImageClone on existing Cloned clients but your should run the RepairImageClone on the Master Image before you lay down the image to the clients, or else you will still get cloned HWID before it gets fixed.



  • 9.  RE: Cloning Windows 10 with SEP 14

    Posted Dec 07, 2017 04:38 PM

    Please explain further "or else you will stil get cloned HWID before it gets fixed"  ... I guess I am not as clear on what this actually accomplishes as I thought.  I thought the duplicate ID would not be generated therefore would not leave duplicate VM's that are no longer connected to the SEPM upon recompose.  If this is not the purpose, please explain further.  Does this have to just be done after SEPM 14.x is installed and the first time on the master propr to a recompose?



  • 10.  RE: Cloning Windows 10 with SEP 14

    Posted Dec 07, 2017 06:09 PM

    sorry, I just meant for original poster to stop using the image that has a SEP HWID already, to fix the original image/template to remove the SEP HWID before capturing the image so you do not have the duplicate HWID in first place.