Duplicate client records on Symantec Endpoint Protection clients (14.3 RU6 and above)
search cancel

Duplicate client records on Symantec Endpoint Protection clients (14.3 RU6 and above)

book

Article ID: 261326

calendar_today

Updated On:

Products

Endpoint Security Complete Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection Manager (SEPM) database or the Symantec endpoint security(SES) console dashboard contains multiple Hardware IDs that are duplicates.
This situation arises when deploying multiple Windows computers, whether physical or virtual, by cloning a base hard drive image that has a Symantec Endpoint Protection (SEP) or Symantec endpoint security (SES) client installed.

One common symptom: clients show as offline in the console and active (successfully connected and working) when viewing from the client user interface (ui). Further investigation shows a duplicate record in an unexpected group, typically the default group.

Environment

Microsoft Windows
Release : 14.3 RU6 and Above

Cause

Not following best practices to prepare SEP clients for cloning or composing a VDI golden image leads to problems with cloned clients. These problems are caused by duplicate Hardware ID's, which affect management and reporting accuracy.  
For more information regarding the preparation of Endpoint Protection Client for cloning, see

 How to prepare an Endpoint Protection client for cloning.

Resolution

Windows Client version 14.3 RU6 and later can automatically correct duplicate Hardware IDs by unenrolling and enrolling again the Symantec agent using the SMC.exe as explained below.

Repairing clients using SMC.exe (14.3 Ru6 and above)

  1. 1- Run "smc -image" which unenrolls the Symantec Agent .  When you have a password set in the System Policy.  The command needs to include -p password "smc -p password -image"
    NOTE: The /IMAGE command does not remove enrollment information if the agent includes Secure Connection feature.
  2. 2- Run " smc -start" to start the SES/SEP services and generate a new hardware ID.
  3. 3- Once completed , enroll the unmanaged devices.

After the SES agent starts with a new hardware ID, it becomes unmanaged and loses connection to SES console dashboard. As a result, it cannot be administered through the console.
SEP client should reconnect to the SEPM after starting the services.

To enroll the SES unmanaged device see the below:

For Symantec endpoint security : Enrolling unmanaged devices

 

 




Powered by Wolken Software