Client Machines are sending same UniqueID during Basic Inventory

book

Article ID: 210118

calendar_today

Updated On:

Products

Deployment Solution Management Platform (Formerly known as Notification Server)

Issue/Introduction

The customer started to notice that some newer imaged machines are getting the same computer GUID. 

The customer tried to add this duplicate GUID to the AgentBlackList table but still the issue persisted.  The NS logs showed messages like this one:
Host Resource 0480bd38-0229-4465-9d61-446e8529e558 shares guid with another machine: FCG72584J1.DOMAIN.COM. The resource must change its guid
-----------------------------------------------------------------------------------------------------

While looking at the ResourceKeyChanged table we could see that usually the same machines were swapping around the same GUID.

The customer used as well "aexagentutil.exe /ResetGuid" switch but still the machines were getting the same machine GUID. We deleted those machines from the database but as soon as they came back, the same GUID was provided, even when the GUID was already in the AgentBlackList table.

The customer could also see in the agent logs from those machines that the GUID was reset but it got the same one back from the SMP.

Cause

The machines were improperly prepared for imaging capture. There were references of DSUniqueID. For some reason the image with DSUniqueID written was used to image all those machines.

Environment

ITMS 8.5

Resolution

Try the following:

1. Check under the "ResourceKey" table and see if you notice a similar keyvalue been used between these machines. 

2. Capture some NSEs when sending basic inventory (KB 180102 "Trapping NSEs on a Windows client") and check if there is a "UniqueID" that is the same between these machines:

Example 1:

<resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="F90VK252"><resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="F90VK252"> <key name="fqdn" value="F90VK252.domain.com"/> <key name="name.domain" value="F90VK252.DOMAIN"/> <key name="name.domain" value="F90VK252.domain.com"/> <key name="uniqueid" value="34695159-a56d-4b82-bbb0-0d0983980963"/> <key name="uniqueid" value="dm48o2Lm0uKo/ATISfE/Ww=="/> <key name="uniqueid" value="gejEU1C/W38BThNjmmhIpw=="/> <key name="uniqueid" value="mYmhJUH3Pw330gioaN/yTg=="/> <key name="uniqueid" value="O9JOrrHMOuXpKMA/V9ly0Q=="/> </resource>

 

Example 2:

<resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="FF2CTPNS" ref="1"><resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="FF2CTPNS" ref="1"> <key name="fqdn" value="FF2CTPNS.domain.com"/> <key name="name.domain" value="FF2CTPNS.DOMAIN"/> <key name="name.domain" value="FF2CTPNS.domain.com"/> <key name="uniqueid" value="1V42HpOCg4svGeXbY3UbFw=="/> <key name="uniqueid" value="34695159-a56d-4b82-bbb0-0d0983980963"/> <key name="uniqueid" value="3M/XYx8uBf6H9DNh8p7t/Q=="/> <key name="uniqueid" value="f9ACt/xhyBEifgS0aQS8JA=="/> <key name="uniqueid" value="xtq6zQ8iPWFddB0TllW9jg=="/> </resource>

3. If so, if there is one that has the same "UniqueID" key, copy the smatool.exe (under ...\Program Files\Altiris\Notification Server\Tools") and save it in on one of those client machines.
Run the following command from the command prompt:
SMATool.exe /AGENT DUMP RESOURCEKEYS

Do the same on another client machine. Compare both outputs and if both returned that "uniqueid" value.
Example of the output results:

C:\>smatool.exe /AGENT DUMP RESOURCEKEYS

Keys:

         fqdn: F90VK252.domain.com

         name.domain: F90VK252.DOMAIN

         name.domain: F90VK252.domain.com

         uniqueid: 34695159-a56d-4b82-bbb0-0d0983980963

         uniqueid: dm48o2Lm0uKo/ATISfE/Ww==

         uniqueid: gejEU1C/W38BThNjmmhIpw==

         uniqueid: mYmhJUH3Pw330gioaN/yTg==

         uniqueid: O9JOrrHMOuXpKMA/V9ly0Q==

 

Keys source data:

         UUID: 2BCBB34C-2242-11B2-A85C-87516FE90E31

         Motherboard Serial: W1KS86S10V0

         Board BIOS Serial: R90VK252

         NIC 1: Name: Intel(R) Ethernet Connection (4) I219-V

        NIC 1: Instance ID: {3F0BCC64-93AC-457F-B3D8-7574CBD36588}

         NIC1 :PnPDevNodeID: PCI\VEN_8086&DEV_15D8&SUBSYS_225A17AA&REV_21\3&11583659&0&FE

         NIC1 :MAC(permanent): 48-2A-E3-09-23-2E

         NIC1 :Fingerprintstring: 2BCBB34C-2242-11B2-A85C-87516FE90E31W1KS86S10V048-2A-E3-09-23-2E

         NIC2 :Name: Intel(R)DualBandWireless-AC8265

         NIC2 :InstanceID: {E9944BE4-97F0-46C7-B094-0DBD3D4D45FC}

         NIC2 :PnPDevNodeID: PCI\VEN_8086&DEV_24FD&SUBSYS_00108086&REV_78\D4D252FFFF799E1500

         NIC2 :MAC(permanent): D4-D2-52-79-9E-15

         NIC2 :Fingerprintstring: 2BCBB34C-2242-11B2-A85C-87516FE90E31W1KS86S10V0D4-D2-52-79-9E-15

In this particular example, uniqueid: 34695159-a56d-4b82-bbb0-0d0983980963 refers to "DSUniqueID" value generated when the initial image was taken. For some reason the image with DSUniqueID written was used to image all those machines.

4. Look for the following values:

Depending on the SMP version, this "DSUniqueID" can be found either in "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent" and/or in "aexnsagent.ini" located in "C:\windows" or "C:\windows\system32".

Check both places on these affected machines and remove IDs from there. You can remove the whole "aexnsagent.ini" file and any registry value starting with "DSUniqueID".

After that, let make sure the duplicate GUID is in the AgentBlackList table and let the client machines to check in and get a new GUID.


5. As well, you need to do remove references of "DSUniqueID" and "MachineGUID" regkeys and delete "aexnsagent.ini" file from the image if you continue imaging from it.

Note:
In order to avoid this issue, make sure you properly sysprep your imaging machine, especially making sure the 'Prepare for image capture' task has ran (KB 161011 "Preparing Windows 10 to run a 'Prepare for Image Capture' (sysprep) task using Deployment Solution 7.x/8.x" ).