XEN Virtual Desktop Infrastructure desktop clients register multiple times in the Symantec Endpoint Protection Manager.


Article ID: 178156


Updated On:


Endpoint Protection


XEN Virtual Desktop Infrastructure desktop clients register multiple times in the Symantec Endpoint Protection Manager.

You've installed the SEP client on a "base" client image and prepared the image for cloning, per Symantec instructions:

Deleted HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID

Deleted HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\SySoftk

Deleted C:\Program Files\Common Files\Symantec Shared\HWID\sephwid.xml

When a client is spawned, it is spawned from a base image. All of the settings on the client appear to be stored in a user profile of some sort which is "overlayed" on the base image after it is deployed. Deployment of the client seems to happen every time a client is turned off or restarted. The issue seems to be a bit of a Catch-22. If the SEP HardwareID items don't exist on the base image and a client is deployed, SEP will generate new HardwareID values. If the HardwareID items do exist, SEP will not. In the first case, SEP seems to generate new HardwareID values for every deployment, and the client appears multiple times in the SEPM. In the second case, SEP doesn't generate new HardwareID values, and the client only appears once in the SEPM. It appears that the values, if they are even stored in the "profile" at all, are not being "overlayed" on the deployed client until after the OS and SEP services have already started.

It should be noted that the deployed clients retain the same MAC address for each user, among other unique values. However, this doesn't seem to be enough, or the values are restored to the image too late, to keep the client from behaving in an undesirable way.


The problem arises because of the vDisk mode (virtual disk mode) that is used by default in provisioned desktops. Clients provisioned with "Standard Image Mode" are starting from the same base image after every shutdown or reboot—all changes made in between to that disk are lost. This may not be the best mode for a managed SEP client; not only is the SEPM registration lost, but definition and policy updates are lost as well.


See the Symantec support article below:
How to prepare SEP clients on virtual disks for use with Citrix Provisioning Server



Preparing a Symantec Endpoint Protection Release Update 5 Client for Image redistribution


How to prepare a Symantec Endpoint Protection 12.1 client for cloning