BUG REPORT: Missing or malformed MACHINEGUID Value in Windows Registry Causes Blank, Duplicate hostname, and Bogus UUID data with Symantec Drive Encryption 10.3.0

book

Article ID: 157746

calendar_today

Updated On:

Products

Drive Encryption Encryption Management Server

Issue/Introduction

Symantec Encryption Desktop (previously PGP Desktop) includes a registry value called MACHINEGUID. This is a unique value generated by the client to identify the Device ID with the Symantec Encryption Management Server (previously PGP Universal Server).

This value needs to be a unique identifier for each computer and if the value is either missing or malformed, invalid data can then be sent to the Symantec Encryption Management Server.

  • On Symantec Encryption Desktop before 10.3.2, this unique MACHINEGUID value is created during installation.  This is why PGP could not be included in a system image as this would assign the same MACHINEGUID value to each system the image is deployed to.
  • Symantec Encryption Desktop 10.3.2 introduced the ability to include PGP in a Corporate image, and so the MACHINEGUID value was changed to generate during enrollment.  See article TECH214364 for more information on including Symantec Encryption Desktop in a system image.

Examples of this invalid data include the following:

  • Garbled hostname information associated to the server.
  • Blank hostname data sent to the server.
  • Duplicate hostname data, including duplicate blank hostnames sent to the server.
  • Machine ID values for machines will appear abnormal, such as the following samples:
     

00000002-0000-0000-3001-000000000000
00000002-0000-0000-3001-00000009e305
00000002-0000-0000-3001-00000011df04
00000002-0000-0000-3001-000000194f05

or

00000003-0000-0000-3001-000000000000
00000003-0000-0000-3001-00000001f209
00000003-0000-0000-3001-000000028505
00000003-0000-0000-3001-00000003d405
 

TIP: A normal MACHINEGUID value, or Machine ID\Device ID value does not start with "00000003" or "00000002", and looks similar to the following example:

{54CC7DE3-1432-4947-B88C-366ED5B3D931}

An example of this invalid data can be seen in the following screenshot where there are multiple Blank hostname Computers listed:

 Although the screenshot does not display the "00000003" value, upon clicking a blank hostname, this value can then be seen.

 

"The administrative server is not available for storing the Whole Disk
Recovery Token. Disk encryption cannot continue."

"Error sending logging configuration data to the server: corrupt data (-11976)"

 

Cause

This issue can occur when the MACHINEGUID value is either missing or malformed.  In other words, if the entry is missing, then the issue can be caused.  In one scenario, text, other than the proper MACHINEGUID value was entered, and also causes the issue and can create this Bogus UUID machine data.

 

Resolution

Symantec Encryption Desktop 10.3.0 MP3 and above correct this issue.  As one of the symptoms of this issue is the invalid MACHINEGUID values, database cleanup will be needed.  Please contact support in order to work out a resolution strategy and to correct this situation.  Although this issue was fixed in 10.3.0 MP3, in order to prevent the invalid machine data from being sent to the server, please update to the latest version of Symantec Drive Encryption 10.3.2.

Once the client is updated to Symantec Encryption Desktop 10.3.2, delete the invalid machines from the server, and then stop and restart the PGPtray services, then update policy.  Confirm the invalid data is no longer sent to the server.

 

Checking to see if systems deployed in the environment are affected by this issue:

1. Login to Symantec Encryption Management Server via SSH (for more information on how to login to the server using SSH, see article TECH149673):

2. Run the following commands:

psql oviddb ovidr -c "select count(*) from client_machine where machine_id ilike '%00000002-0000-0000-%';"
psql oviddb ovidr -c "select count(*) from client_machine where machine_id ilike '%00000003-0000-0000-%';"
psql oviddb ovidr -c "select count(*) from client_machine where hostname ='';"

 

If either of these result in something other than "0", then most likely the server has invalid data and needs to be corrected.  Please contact a member of Symantec Support in order to obtain assistance in resolving this issue.
 

Check the machines for the MACHINEGUID value:


Windows 32-bit Systems with Symantec Encryption Desktop before version 10.3.2:
HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP

Windows 64-bit Systems with Symantec Encryption Desktop before version 10.3.2:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\PGP

 

Windows 32-bit Systems with Symantec Encryption Desktop version 10.3.2 and above:
HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP\Common\AllUsers\MACHINEGUID

Windows 64-bit Systems with Symantec Encryption Desktop version 10.3.2 and above:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PGP Corporation\Common\AllUsers\MACHINEGUID
 

NOTE: If systems are missing this MACHINEGUID value from the registry, the systems may be affected and could be sending invalid data to the server.  Any incorrect entry could cause this issue.  If the MACHINEGUID entry is there, then check the value data to ensure a value similar to "{54CC7DE3-1432-4947-B88C-366ED5B3D931}" is also listed.  If not, the system may be sending invalid data to the server.  The screenshot below is an example of a properly formatted MACHINEGUID value for a system prior to Symantec Encryption Desktop 10.3.2:

 

Attachments