Endpoint Protection

 View Only

  • 1.  Duplicate client in SEPM (Hardware id problem)

    Posted Oct 15, 2010 01:01 AM

     

     

    We are using the ghost image method of deploying SEP clients along with the windows xp rolling out for production.

    Sometimes it happens same hardware keys are being copied into number of clients.Which prevents the client from appearing in the SEPM console properly.

    Since all the systems will have the same hardware ID, as they check in it will replace the previous system that checked in. The clients will still receive updates, but the console will not allow us to track all the clients.

    To fix the problem we have generated new hardware ID for Symantec clients and keeping H/W id blank in newer ghost image itself

    still this hardware key is conflicting with other clients.

    my problem is how to track those disappeared client.is there any key exist in SEPM for the clients those who are still getting updated their definitions.



    Is it reflecting a bug in SEPM

     

    We are using symantec Endpoint manager version 11.0.6100.645 on windows server 2003



  • 2.  RE: Duplicate client in SEPM (Hardware id problem)

    Posted Oct 15, 2010 01:03 AM

    Please follow this kb and delete the hardware id

     Configuring Symantec Endpoint Protection client for deployment as part of a drive image

    http://www.symantec.com/business/support/index?page=content&id=TECH102815&locale=en_US

    Releases RU5 and later work differently

    With this new design, the Hardware Key is now stored in %programfiles%\Common Files\Symantec Shared\HWID\sephwid.xml. This allows for easier remediation in the following situations:

    1) A client is generating new Hardware Keys on startup which could potentially conflict with another SEP client or for preparing a machine
    a. Move, rename, or remove the Hardware Key config XML file found in the Symantec common area.
    b. Remove the “HardwareID” registry value located in HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink\
    c. Restart the client.. New Hardware Key information will be generated in this case.


    2) Every time I install the client on a clean VM or Ghost image using the same hardware, the Hardware Key is different.
    a. Since the new algorithm generates random IDs, any install on a clean machine will result in a new ID being generated. However, if the client is uninstalled and reinstalled, the ID should not change, since it is persisted in an XML file located in the Symantec Common area. i.e %programfiles%\Common Files\Symantec Shared.


          • In order to maintain the same ID when an image is restored, the customer should install SEP first before taking the image. Alternatively, the customer may also drop a saved sephwid.xml file and force that Hardware Key to be used by setting HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink\ForceHardwareKey in the registry to 1 (true).


    How to fix RU5 (and later) clients that have been misconfigured and already rolled out to production (For each client:)

    1. Delete %programfiles%\Common Files\Symantec Shared\HWID\sephwid.xml
    2. Open the registry and navigate to HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylnk
    3. Edit the "HardwareID" value data to be blank
    4. Restart the Symantec Management Client (SMC) service in the services snap-in.


    Clients should now generate unique HardwareID's and sephwid.xml's.
     



  • 3.  RE: Duplicate client in SEPM (Hardware id problem)

    Posted Oct 15, 2010 01:37 AM

    "my problem is how to track those disappeared client"

    You can try this query in your SEPM DB

    SELECT * FROM SEM_CLIENT WHERE HARDWARE_KEY IN ( SELECT HARDWARE_KEY FROM SEM_CLIENT GROUP BY HARDWARE_KEY HAVING COUNT(HARDWARE_KEY) > 1) AND HARDWARE_KEY != '' ORDER BY HARDWARE_KEY;

    Ref:Hello, if you clone machines



  • 4.  RE: Duplicate client in SEPM (Hardware id problem)

    Broadcom Employee
    Posted Oct 15, 2010 01:43 AM

    hi,

    see if this URL helps to resolve your problem

    http://www.symantec.com/business/support/index?page=content&id=TECH96808&locale=en_US



  • 5.  RE: Duplicate client in SEPM (Hardware id problem)

    Posted Oct 19, 2010 02:46 AM

    What is the difference between deletion a client from SEPM and deletion client from sql database.

    Will deletion from SEPM will reflect in Database



  • 6.  RE: Duplicate client in SEPM (Hardware id problem)

    Broadcom Employee
    Posted Oct 19, 2010 03:50 AM

    deletion of client from SEPM will make the client to disappear till it again communicates back with SEPM. The entry will be still there(in DB) till data sweeping task takes place.

     

    Deleting from SQL will have no entry of client information in the DB.



  • 7.  RE: Duplicate client in SEPM (Hardware id problem)

    Posted Oct 19, 2010 04:01 AM

    create report for clients being offline; the disappeared will be offline any way :)



  • 8.  RE: Duplicate client in SEPM (Hardware id problem)
    Best Answer

    Posted Oct 19, 2010 04:02 AM

    When we delete a  client from SEPM the client will disappear from the SEPM for the timebeing.Next time when the client hearbeats to the SEPM it will repair.In simple words when the client is deleted from the SEPM it is not deleted from the database

     

    When we delete the entry from the SQL, the client is deleted from the database.

    Deletion from SEPM will only reflect in the database if we are purging the database from SEPM ( Delete cleints when the cleints have not connected since X days..option)