Repair duplicate IDs on Symantec Endpoint Protection clients (14.3 RU6 and above)
search cancel

Repair duplicate IDs on Symantec Endpoint Protection clients (14.3 RU6 and above)


Article ID: 261326


Updated On:


Endpoint Security Complete Endpoint Protection


The Symantec Endpoint Protection Manager (SEPM) database or the Symantec endpoint security(SES) console dashboard contains multiple Hardware IDs that are duplicates.
This situation arises when deploying multiple Windows computers, whether physical or virtual, by cloning a base hard drive image that has a Symantec Endpoint Protection (SEP) or Symantec endpoint security (SES) client installed.


Microsoft Windows
Release : 14.3 RU6 and Above


Not following best practices to prepare SEP clients for cloning or composing a VDI golden image leads to problems with cloned clients. These problems are caused by duplicate Hardware ID's, which affect management and reporting accuracy.  
For more information regarding the preparation of Endpoint Protection Client for cloning, see How to prepare an Endpoint Protection client for cloning.


Windows Client version 14.3 RU6 and later can automatically correct duplicate Hardware IDs by unenrolling and enrolling again the Symantec agent using the SMC.exe as explained below.

 Repairing clients using SMC.exe (14.3 Ru6 and above)

1- Run "smc -image" which unenrolls the Symantec Agent .  When you have a password set in the System Policy.  The command needs to include -p password "smc -p password -image"

NOTE: The /IMAGE command does not remove enrollment information if the agent includes Secure Connection feature.

2- Run " smc -start" to start the SES/SEP services and generate a new hardware ID.

3-  Once completed , enroll the unmanaged devices.
    After the SES agent starts with a new hardware ID, it becomes unmanaged and loses connection to SES console dashboard. As a result, it cannot be administered through the console.
    SEP client should reconnect to the SEPM after starting the services.

To enroll the SES unmanaged device see the below:

For Symantec endpoint security : Enrolling unmanaged devices