SES clients show as Not initialized and not managed after attempting to Remotely Deploy
search cancel

SES clients show as Not initialized and not managed after attempting to Remotely Deploy

book

Article ID: 279145

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

After Pushing new Symantec Endpoint Security (SES) clients, you use the Viewing push enrollment status Guide to see the status. Some clients may show in "Not Initiated" Status for a long time.   

It should be confirmed that the SES client is running and able to connect to the SES console properly. 
You can confirm the duplicate device ID by comparing them to the other clients.
To check the device ID open Regedit.msc and look at the following registry value: 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
String = HardwareID

Environment

Windows SES Client, possibly started from a cloned image. 

Cause

Duplicate hardware IDs are being used on the client. The SES/ICDM console is reading this hardware ID and treating the client as a duplicate machine. 

Resolution

Manually clear the hardware ID on all clients experiencing the issue. 
To do this, follow these steps: 

  1. Confirm Tamper Protection is disabled. You can do this by opening the SES client > go to "Change Settings" > Select "Configure Settings" next to "Client Management" > Select the "Tamper Protection" tab in the new window. 
    Confirm that "Protect Symantec security software from being tampered with or shut down" is unchecked.
    If this is checked, follow the Disable Tamper Protection KB. 
  2. Close the SES client window.
  3. Run smc -stop
  4. Delete all instances of sephwid.xml and communicator.dat on the file system. Possible locations:
    1. C:\
    2. C:\Program Files\Common Files\Symantec Shared\HWID\
    3. C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData\
    4. C:\Users\All Users\Symantec\Symantec Endpoint Protection\PersistedData
    5. C:\Windows\Temp\
    6. C:\Users\*\AppData\Local\Temp\
  5. Delete the following registry values:
    1. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ForceHardwareKey
    2. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
    3. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID
  6. Run smc -start
  7. Re-enroll the client through the SES/ICDM console. 

 

Powered by Wolken Software