I thought the purpose of the three entries was to prevent the need to run the repaircloneimage each time. I do have the option enabled ...
scm.duplicatedhwkey.fix.enabled=true
scm.duplicatedhwkey.fix.client.csnreset.count=3
scm.duplicatedhwkey.fix.client.csnreset.time.range=43200000 (=12hours)
https://support.symantec.com/en_US/article.TECH163349.html
SEP manager and clients version 14 MP1 and newer can automatically correct duplicate IDs using optional conf.properties parameters:
Steps to add an appropriate line in conf.properties file.
1. Stop the SEPM service.
2. Go to this location:
"C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc"
3. Edit the file "conf.properties".
4. Add these lines to the file:
scm.duplicatedhwkey.fix.enabled=True
scm.duplicatedhwkey.fix.client.csnreset.count=3
scm.duplicatedhwkey.fix.client.csnreset.time.range=86400000
5. Close and save the conf.properties file
6. Start the SEPM service.
Explanation:
The duplicate hardware ID (HWID) detection mechanism in SEP 14 MP1 and newer is enabled by adding "scm.duplicatedhwkey.fix.enabled=true" to conf.properties at the SEPM. The defaults are count=3 and range=86400000 (24 hours in milliseconds) -- i.e. if a SEPM response code 468 is triggered 3 times within 24 hours for a specific client, then that client would be considered a duplicate and would be sent a 470 response code. Upon receiving a 470 response code, the client (if version 14 MP1 and newer) would automatically re-generate its ID before re-attempting registration with the SEPM.
In older versions of SEP there are three high-level steps to repair duplicate client IDs (the steps below are unnecessary in SEP 14 MP1 and newer, as described above):
- Identify the clients
- Repair the clients
- Clean up the client view in Symantec Endpoint Protection Manager