Client Machines are sending same UniqueID during Basic Inventory
search cancel

Client Machines are sending same UniqueID during Basic Inventory

book

Article ID: 210118

calendar_today

Updated On:

Products

Deployment Solution IT Management Suite

Issue/Introduction

The customer started to notice that some newer imaged machines are getting the same computer GUID. 

The customer tried to add this duplicate GUID to the AgentBlackList table but still the issue persisted.  The NS logs showed messages like this one:

Host Resource 0480bd38-0229-4465-9d61-446e8529e558 shares guid with another machine: <Computer1>.EXAMPLE.COM. The resource must change its guid

While looking at the ResourceKeyChanged table we could see that usually the same machines were swapping around the same GUID.

The customer also used the "aexagentutil.exe /ResetGuid" switch but the machines were still getting the same machine GUID. We deleted those machines from the database but they came back with the same GUID, even though the GUID was already in the AgentBlackList table.

The customer could also see in the agent logs from those machines that the GUID was reset and they were getting the same GUID back from the SMP.

Environment

ITMS 8.5, 8.6

Cause

The machines were improperly prepared for imaging capture. There were references of the DSUniqueID. For some reason the image with the DSUniqueID was used to image all those machines.

Resolution

Try the following:

1. Check under the "ResourceKey" table and see if you notice a similar keyvalue being used between these machines. 

2. Capture some NSEs when sending basic inventory (KB 180102 "Trapping NSEs on a Windows client") and check if there is a "UniqueID" that is the same between these machines:

Example 1:

<resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer"><resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer1"> <key name="fqdn" value="Computer2.example.com"/> <key name="name.domain" value="Computer2.EXAMPLE"/> <key name="name.domain" value="Computer2.example.com"/> <key name="uniqueid" value="######-a56d-4b82-bbb0-0d0983980963"/> <key name="uniqueid" value="dm48o2Lm0uKo/ATISfE/Ww=="/> <key name="uniqueid" value="gejEU1C/W38BThNjmmhIpw=="/> <key name="uniqueid" value="mYmhJUH3Pw330gioaN/yTg=="/> <key name="uniqueid" value="O9JOrrHMOuXpKMA/V9ly0Q=="/> </resource>

Example 2:

<resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer" ref="1"><resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer" ref="1"> <key name="fqdn" value="Computer.example.com"/> <key name="name.domain" value="Computer.EXAMPLE"/> <key name="name.domain" value="Computer.example.com"/> <key name="uniqueid" value="1V42HpOCg4svGeXbY3UbFw=="/> <key name="uniqueid" value="######-a56d-4b82-bbb0-0d0983980963"/> <key name="uniqueid" value="3M/XYx8uBf6H9DNh8p7t/Q=="/> <key name="uniqueid" value="f9ACt/xhyBEifgS0aQS8JA=="/> <key name="uniqueid" value="xtq6zQ8iPWFddB0TllW9jg=="/> </resource>

3. I there is one that has the same "UniqueID" key, copy the smatool.exe (found under ...\Program Files\Altiris\Notification Server\Tools) and save it in on one of those client machines.

Run the following command from the command prompt: SMATool.exe /AGENT DUMP RESOURCEKEYS

Do the same on another client machine. Compare both outputs and if both returned that "uniqueid" value.  

Example of the output results:

C:\>smatool.exe /AGENT DUMP RESOURCEKEYS

Keys:

         fqdn: Computer.example.com

         name.domain: Computer.EXAMPLE

         name.domain: Computer.example.com

         uniqueid: ######-a56d-4b82-bbb0-0d0983980963

         uniqueid: dm48o2Lm0uKo/ATISfE/Ww==

         uniqueid: gejEU1C/W38BThNjmmhIpw==

         uniqueid: mYmhJUH3Pw330gioaN/yTg==

         uniqueid: O9JOrrHMOuXpKMA/V9ly0Q==

 

Keys source data:

         UUID: ########-####-####-####-############

         Motherboard Serial: ########

         Board BIOS Serial: ########

         NIC 1: Name: Intel(R) Ethernet Connection (4) I219-V

        NIC 1: Instance ID: {3F0BCC64-93AC-457F-B3D8-7574CBD36588}

         NIC1 :PnPDevNodeID: PCI\VEN_8086&DEV_15D8&SUBSYS_225A17AA&REV_21\3&11583659&0&FE

         NIC1 :MAC(permanent): XX-XX-XX-XX-XX-XX

         NIC1 :Fingerprintstring: 2BCBB34C-2242-11B2-A85C-87516FE90E31W1KS86S10V048-2A-E3-09-23-2E

         NIC2 :Name: Intel(R)DualBandWireless-AC8265

         NIC2 :InstanceID: {E9944BE4-97F0-46C7-B094-0DBD3D4D45FC}

         NIC2 :PnPDevNodeID: PCI\VEN_8086&DEV_24FD&SUBSYS_00108086&REV_78\D4D252FFFF799E1500

         NIC2 :MAC(permanent): XX-XX-XX-XX-XX-XX

         NIC2 :Fingerprintstring: 2BCBB34C-2242-11B2-A85C-87516FE90E31W1KS86S10V0D4-D2-52-79-9E-15

In this particular example, uniqueid: ######-a56d-4b82-bbb0-0d0983980963 refers to "DSUniqueID" value generated when the initial image was taken. For some reason the image with DSUniqueID was used to image all those machines.

The problem is that all these computers share the same deployment defined resource key. So, since this key is a merging key, agents keep re-registering with the same GUID from SMP point of view - it is only one agent, causing to blacklist the others or merge them as one. Each agent registration overwrites other agent registrations so they are registering and failing to post events\obtain policies in circle.

4. Look for the following values:

Depending on the SMP version, this "DSUniqueID" can be found either in "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent" and/or in "aexnsagent.ini" located in "C:\windows" or "C:\windows\system32".

Check both places on these affected machines and remove IDs from there. You can remove the whole "aexnsagent.ini" file and any registry value starting with "DSUniqueID".

Note 1: These values could get into an image if the image was created from the OS deployed by DS right after the deployment. These values get removed automatically after one day after the deployment. Also images deployed this way are not designed to be used as a source for another image.

Note 2: If the mentioned duplicate uniqueID (in this case starting with ######-a56d-4b82-bbb0-0d0983980963) looks like a GUID then this is coming from DSUniqeueID. aexnsagent.INI file gets into Windows system folder after the imaging or SOI task. With our ITMS 8.7.1 or 8.7 RTM releases, Deployment Solution has a fix where INI file is deleted when DS task is finished.
Also, there is a new feature in ITMS 8.7.1 - we use machine TPM 2.0 encryption keys to generate one of our unique IDs. This ID is named "tpmid".
When VM machines are being cloned, the TPM keys for the new machines should be changed because VMWare cloning process copies everything including TPM keys.

5. After that, let make sure the duplicate GUID is in the AgentBlackList table and let the client machines check in and get a new GUID.


5. You also will need to do remove references of the "DSUniqueID" and "MachineGUID" regkeys and delete the "aexnsagent.ini" file from the image if you need to continue using it.

Note:
In order to avoid this issue, make sure you properly sysprep your imaging machine, especially making sure the 'Prepare for image capture' task has run (KB 161011 "Preparing Windows 10 to run a 'Prepare for Image Capture' (sysprep) task using Deployment Solution 7.x/8.x" ).

Additional Information

240039 "Agent revocation after Deploying an image with agent included"