Endpoint Protection Manager - Only one SEP client reports as "online" in the Manager when every clients show as "connected" in Help Troubleshooting menu.

book

Article ID: 178090

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  1. Two systems report the same Hardware ID to the Symantec Endpoint Protection Manager (SEPM).
  2. There is only one client showing in SEPM that represents both of the clients.
  3. Only one of the two clients show a green dot at a time.
  4. Clients are showing a green dot, receiving definitions and policy updates, but cannot be found in the SEPM console.

Cause

Because the clients have the same Hardware ID, they appear to be the same system to the SEPM.  This can happen when a operating system (OS) image is applied to multiple machines without walking through the best practices for deploying an OS image with SEP pre installed within the image.

Resolution

If clients are exhibiting this behavior please follow these steps on affected systems:

1.  Stop SMC on both of the affected client computers by clicking Start> Run, type smc -stop then click OK.
2.  On the SEPM console, delete the client entry that the two computers have been sharing. This will prevent the client duplication that would otherwise occur due to the following steps.
3.  On each of the affected computers, go to registry location: 
     HKLM\Software\Symantec\Symantec Endpoint Protection\SMC\Sylink\Sylink
4.  Clear the value for "Hardware ID." (make it blank)
5.  Disable Tamper Protection if you are unable to edit the value.
6.  On each of the affected computers, navigate to the following directory location:
     SEP 11 Location:   
        C:\Program Files\Common Files\Symantec Shared\HWID
     SEP 12.1 Location:  
        Windows XP/2003: C:\Documents and Settings\All Users\Application Data\Symantec\Persisted Data 
        Windows Vista/7/2008: C:\Program Data\Symantec\Symantec Endpoint Protection\Persisted Data
7.  Find file "sephwid.xml". Rename it to "sephwid.xml.bak".
8.  Start SMC on each computer by clicking Start> Run, type smc -start then click OK.
9.  Check the SEPM console for the new SEP client 
     When the clients check in they should have unique hardware IDs.