Symptoms of duplicate device IDs in the Carbon Black Cloud Console

• Carbon Black Cloud Console: Current Versions

Indications of duplicate device ID's are as follows:

• On the Investigate page, searching for a device name shows events for multiple devices
• When an endpoint is uninstalled, placed in bypass, or managed from the endpoints page, the changes are implemented on multiple endpoints other than the selected endpoints.
• The sensor is installed and the endpoint appears to be checking in based on the sensor logs; however, it does not show in the Carbon Black Cloud console

• Cause of duplicate device IDs is generally either incorrectly configured VDI clones, or incorrectly configured physical image deployment
• Upon detection of  a duplicate device issue the case should be marked as a P0 critical. Duplicate devices cause impacts to the PSC back end that can affect all consoles in the production environment.
• Because of the potential impacts, it is important to follow up with the customer to ensure this issue is resolved as quickly as possible
• If repcli authentication is not enabled, the only solution is to uninstall and reinstall the duplicated sensors.  This needs to be accomplished as quickly as possible.
• Development is working on a solution to prevent duplicate device registration which will be implemented in future sensor versions.