You may have noticed that multiple Microsoft Hyper-V Virtual Desktop Infrastructure (VDI) machines—both persistent and non-persistent—are receiving the same Resource GUID from the Symantec Management Platform (SMP) Server. This behavior causes the machines to overwrite each other in the SMP Console, preventing you from managing multiple VDI instances simultaneously.

IT Management Suite (ITMS) 8.7.3 and higher

The primary reason for duplicate GUIDs in a Hyper-V VDI environment is the duplication of the Trusted Platform Module (TPM) ID. When VDI machines are cloned from a "generalized" sysprep template on a Hyper-V host, they often inherit and share the same virtual TPM (vTPM) identity. Because the Symantec Management Agent (SMA) uses hardware-bound identifiers like the TPM ID to generate a unique Resource GUID, identical TPM IDs lead to identical GUIDs.

The issue stems from a non-unique Virtual TPM (vTPM) ID assigned to cloned virtual machines:

• TPM Sharing: You might notice that VDI machines share the TPM module from the host, resulting in identical keys.

• GUID Generation: The SMA incorporates the tpmid value into the algorithm used for machine identity.

• Cloning Limitations: While manual VM creation on Hyper-V typically results in unique IDs, automated VDI cloning from a generalized template does not always reset the TPM identity.

To successfully manage Hyper-V VDI machines, each instance must have a unique identity. Follow the guidelines below to ensure proper communication with the SMP Server.

1. Support Requirements for VDI

To manage Hyper-V VDI with ITMS 8.7.3 and later, you must ensure one of the following conditions is met:

• Unique vTPM IDs: Each VDI machine must have a unique vTPM ID

• Disabled TPM: If unique vTPM IDs cannot be generated, you must disable the TPM on the machines to allow the SMA to work successfully with the SMP.

   

2. Creating the Gold Image (Template)

1. Starting with ITMS 8.7.3 and later, the Symantec Management Agent and solution plug-ins can be installed on Hyper-V VDI systems (both persistent and non-persistent), allowing those VDIs to be managed by ITMS.

2. A gold VDI image can be created with the Symantec Management Agent and required solution plug-ins already installed. Any persistent or non-persistent VDI machines created from this image will come up with the agent and plug-ins in place and automatically connect to the appropriate ITMS server when they are powered on.
   
   
   
   
   
   

Notes:

1. ITMS supports persistent and non-persistent VDI systems as managed clients only when each VDI has a unique TPM ID. If multiple VDIs share the same TPM ID, they will overwrite each other in ITMS because they end up with the same Resource GUID.

2. Multiple persistent or non-persistent VDIs can be managed at the same time if TPM is not enabled on those machines.

3. Verification & Validation

To confirm that the machines will receive unique GUIDs:

1. Check TPM ID: On two different VDI instances, check the agent configuration for the tpmid value.

   • Example entry: <key name="tpmid" value="UcBJGlgW+..." />

2. Monitor SMP Console: Ensure both machines appear as distinct resources under Manage > Computers.

3. Agent Logs: Review logs in C:\ProgramData\Symantec\SMP\Logs (e.g., aXX.log) for registration events to ensure no identity collisions are occurring.

Support of Symantec Management Agent installations on VDI non-persistent endpoints