If you are experiencing issues with duplicate machine IDs, consider the following troubleshooting steps:

1. Identify Duplicate Resource Keys

• Check the "ResourceKey" table: Look for similar key-value pairs used across the affected machines.
• Capture NSEs: When sending basic inventory (refer to KB 180102 for "Trapping NSEs on a Windows client"), examine the NSEs for a "UniqueID" that is identical between machines.

Example 1:

<resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer">

    <resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer1">

        <key name="fqdn" value="Computer2.example.com"/>

        <key name="name.domain" value="Computer2.EXAMPLE"/>

        <key name="name.domain" value="Computer2.example.com"/>

        <key name="uniqueid" value="######-a56d-4b82-bbb0-0d0983980963"/>

        <key name="uniqueid" value="dm48o2Lm0uKo/ATISfE/Ww=="/>

        <key name="uniqueid" value="gejEU1C/W38BThNjmmhIpw=="/>

        <key name="uniqueid" value="mYmhJUH3Pw330gioaN/yTg=="/>

        <key name="uniqueid" value="O9JOrrHMOuXpKMA/V9ly0Q=="/>

    </resource>

Example 2:

<resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer" ref="1">

    <resource typeGuid="{493435F7-3B17-4C4C-B07F-C23E7AB7781F}" guid="{0480BD38-0229-4465-9D61-446E8529E558}" name="Computer" ref="1">

        <key name="fqdn" value="Computer.example.com"/>

        <key name="name.domain" value="Computer.EXAMPLE"/>

        <key name="name.domain" value="Computer.example.com"/>

        <key name="uniqueid" value="1V42HpOCg4svGeXbY3UbFw=="/>

        <key name="uniqueid" value="######-a56d-4b82-bbb0-0d0983980963"/>

        <key name="uniqueid" value="3M/XYx8uBf6H9DNh8p7t/Q=="/>

        <key name="uniqueid" value="f9ACt/xhyBEifgS0aQS8JA=="/>

        <key name="uniqueid" value="xtq6zQ8iPWFddB0TllW9jg=="/>

    </resource>

• Use SMATool.exe: If a "UniqueID" key is duplicated, copy smatool.exe (found in ...\\Program Files\\Altiris\\Notification Server\\Tools) to one of the client machines.
• Run SMATool.exe /AGENT DUMP RESOURCEKEYS from the command prompt.
• Repeat this on another client machine and compare the outputs. Look for the shared "uniqueid" value.

Example Output:

C:\>smatool.exe /AGENT DUMP RESOURCEKEYS

 

Keys:

         fqdn: Computer.example.com

         name.domain: Computer.EXAMPLE

         name.domain: Computer.example.com

         uniqueid: ######-a56d-4b82-bbb0-0d0983980963

         uniqueid: dm48o2Lm0uKo/ATISfE/Ww==

         uniqueid: gejEU1C/W38BThNjmmhIpw==

         uniqueid: mYmhJUH3Pw330gioaN/yTg==

         uniqueid: O9JOrrHMOuXpKMA/V9ly0Q==

Understanding the Problem:

A common cause of duplicate uniqueid values (especially those resembling GUIDs like ######-a56d-4b82-bbb0-0d0983980963) is the "DSUniqueID" value, which is generated during the initial imaging process. If an image with this DSUniqueID is used to deploy multiple machines, they will all share the same resource key. Since this key is a merging key, agents will continuously re-register with the same GUID from the perspective of the SMP (Symantec Management Platform). This leads to agents being blacklisted or merged into a single entry, causing registration and policy retrieval failures.

Note: The only key named "uniqueid" that contains a plain GUID is a DS (Deployment Solution) key.

2. Resolve Duplicate DSUniqueID Issues

To resolve issues stemming from a shared DSUniqueID:

• • Check for aexnsagent.ini: Look for the file "aexnsagent.ini" in "c:\windows\aexnsagent.ini" or "C:\windows\system32\aexnsagent.ini". If found, delete it. This may help the machine acquire and retain its own unique Computer GUID.
  • Check for "DSUniqueID" in the Registry: If aexnsagent.ini is absent, check for the "DSUniqueID" registry value under HKLM\\SOFTWARE\\Altiris\\Altiris Agent. If present, remove it from the problematic image's registry or the machine(s) deployed with that image.
  • Remove IDs from affected machines: Delete the aexnsagent.ini file and any registry values starting with "DSUniqueID" on the affected machines.
    • Note 1: These values can be included in an image if it was created from an OS deployed by DS immediately after deployment. They are typically removed automatically one day after deployment. Images created this way are not intended to be used as a source for other images.
    • Note 2: If the duplicate "uniqueid" (e.g., ######-a56d-4b82-bbb0-0d0983980963) appears to be a GUID, it likely originates from DSUniqueID. The aexnsagent.INI file is placed in the Windows system folder after imaging or an SOI task. ITMS 8.7.1 and 8.7 RTM releases of Deployment Solution include a fix that deletes the INI file when the DS task completes.
      
      
  • To prevent this issue: Ensure you properly Sysprep your imaging machine, specifically by running the 'Prepare for image capture' task (refer to KB 161011 for "Preparing Windows 10 to run a 'Prepare for Image Capture' -sysprep- task using Deployment Solution 8.x").
    
    
  • Blacklist the duplicate GUID: After performing the above steps, verify that the duplicate GUID is in the AgentBlackList table. Allow the client machines to check in, which should enable them to acquire new GUIDs.

3. Other Potential Sources of Duplicate UniqueIDs

Scenario 1: "cloudid" Resource Key

With ITMS 8.7.2, a new "CloudID" resource key was introduced. This key uniquely identifies computer and user resources across Azure AD tenants, assisting in merging resources from Azure AD imports and those created by SMA (Symantec Management Agent). The "cloudid" value contains the Azure AD tenant ID and the ID of the Azure AD device or user account. Currently, only computer devices joined to Azure AD are supported; Azure AD registered devices are not. If "cloudid" is present, the machine is joined to Azure AD, and SMA obtains this information from the OS.

Sample "cloudid" keys:

Computer resource key:

<resource typeGuid="{2C3CB3BB-FEE9-48DF-804F-90856198B600}" guid="{5EADDE2C-8244-464E-9D67-0FC84D4E2998}" name="computer_name">

    <key name="cloudid" value="cda05ba8-49ce-4ae9-acf2-15eb38d8b48d.7650B649-D844-4C5D-82EF-3E29C67C5A9C"/>

</resource>

User resource key:

<resource typeGuid="{FD864F19-4437-4A4F-8709-58EB5E3AE0A4}" name="AZUREAD\user_name">

    <key name="cloudid" value="cda05ba8-49ce-4ae9-acf2-15eb38d8b48d.AD5F720C-43BA-4ACE-BD25-40A2CDE664EA"/>

</resource>

• • Troubleshooting "cloudid" duplicates: If the duplicated key is "cloudid," try running the following command on the client machine(s):

dsregcmd.exe /debug /leave

Steps:

1. 1. 1. Open the command prompt as an administrator.
      2. Enter dsregcmd.exe /debug /leave.
      3. Sign out and sign back in to trigger the scheduled task that re-registers the device with Microsoft Entra ID.

Scenario 2: "tpmid" Resource Key

ITMS 8.7.1 introduced a new feature that uses machine TPM 2.0 encryption keys to generate a unique ID called "tpmid."

Example "tpmid" key:

<key name="cloudid" value="xxxxxxxxxxxxxxxx-0f64b6755421.xxxxxxxxxxxxx-9a96723e0680"/>

<key name="fqdn" value="computer.example.com"/>

<key name="name.domain" value="computer.example"/>

<key name="name.domain" value="computer.example.com"/>

<key name="tpmid" value="xxxxxxxxxxxxxxxxxxxxxxxxx+6qbwaY="/>

<key name="uniqueid" value="123456789JdBovg=="/>

<key name="uniqueid" value="987654321KLBxoydnabw=="/>

<key name="wmdm_device_id" value="xxxxxxxxxxxxxxC26C37B9AB"/>

Understanding "tpmid" duplicates: The TPM EK (Endorsement Key), which populates the "tpmid" entry, is designed to be unique. If a duplicate "tpmid" is found, it implies the key was copied from another machine, likely during the cloning of virtual machines. When VMs are cloned, the administrator should ensure that the TPM keys for the new machines are changed, as the VMware cloning process copies all data, including TPM keys.

240039 "Agent revocation after Deploying an image with agent included"