After upgrading to EPO 3.5 I am noticing multiple duplicate entries for machines. There are 2, 3 and even 4 entries of the SAME machine. The agents appear to have different GUID's but are at the same version. Sometimes the MAC's are different and sometimes teh OS OEM ID is different. The duplicates have different last update times. Anyone else seen this?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Duplicate EPO Entries
- Thread starter addus5
- Start date
The duplicate weirdness I have seen has to do with the Rogue detectors. They will report machines as Rogue's that are already in Epo. If I then add those Rogues to the directory, I will have the same machine twice...one with props, and one without. Very odd.
Since the Rogue detectors work off of the MAC address, could this be an issue of a box has dual NICs?
Since the Rogue detectors work off of the MAC address, could this be an issue of a box has dual NICs?
theboyhope
IS-IT--Management
I'm getting duplicate weirdness, too, but I'm not using any rogue detectors.
I'm only getting it for machines that have been formatted/reinstalled, which makes sense of a sort I suppose.
I'm only getting it for machines that have been formatted/reinstalled, which makes sense of a sort I suppose.
paulhthomas
Technical User
as above, the system works off the clients mac address.
you could add a pc to the network with the same name as another one, and also has the same IP as the lasty known IP another machine had (if that makes sense), but because the mac address is different, EPO will add it to the directory.
you could add a pc to the network with the same name as another one, and also has the same IP as the lasty known IP another machine had (if that makes sense), but because the mac address is different, EPO will add it to the directory.
theboyhope
IS-IT--Management
But the mac address in the cases I'm seeing is the same. It's the same machine turning up twice when it's reinstalled.
Different generated unique ID I suppose.
Different generated unique ID I suppose.
paulhthomas
Technical User
Ok, this is what mcafee say:
Cause of this Problem...........
When a new machine has the agent installed it creates a unique GUID (PGP key) based on the MAC address and machine name of the box. That agent will then randomize it self with in 10 minutes to check back into the ePolicy Orchestrator (ePO) server. When it does, it will check the following (establishing a search order) to see if it has already been populated into the ePO console tree.
Without IP rules:
Agent GUID
Domain Name
Machine Name
IP address
With IP rules:
Agent GUID
IP address
Domain Name
Machine Name
If it finds an entry that is listed with in the search order it will populate under the correct group. If it does not find any of the above, it would then populate under the lost and found.
With this in mind, duplicate machines can be created when a new MAC address and/or machine name is introduced to the machine. Because that machine is creating a new GUID base upon the two MAC addresses or new machine, it will then try to check in, and would no longer be found in the console tree. This would then cause the machine to show under the Lost & Found, causing a duplicate.
Solution......... (but I guess you've done this anyway)
In order to remove these duplicates you would need to remove the older of the two machines, based on last update time in the console GUI:
Open the ePolicy Orchestrator (ePO) console.
Login as an ePO global administrator.
Right-click on 'Directory' and select 'Search'.
Browse the list until you have selected "Search for Duplicate Machine Names".
Start the search.
Compare the last update date of the machines and delete the older of the two.
Right-click on the remaining machine and select 'Move'.
Move the machine to the appropriate Group in the ePO Directory.
Cause of this Problem...........
When a new machine has the agent installed it creates a unique GUID (PGP key) based on the MAC address and machine name of the box. That agent will then randomize it self with in 10 minutes to check back into the ePolicy Orchestrator (ePO) server. When it does, it will check the following (establishing a search order) to see if it has already been populated into the ePO console tree.
Without IP rules:
Agent GUID
Domain Name
Machine Name
IP address
With IP rules:
Agent GUID
IP address
Domain Name
Machine Name
If it finds an entry that is listed with in the search order it will populate under the correct group. If it does not find any of the above, it would then populate under the lost and found.
With this in mind, duplicate machines can be created when a new MAC address and/or machine name is introduced to the machine. Because that machine is creating a new GUID base upon the two MAC addresses or new machine, it will then try to check in, and would no longer be found in the console tree. This would then cause the machine to show under the Lost & Found, causing a duplicate.
Solution......... (but I guess you've done this anyway)
In order to remove these duplicates you would need to remove the older of the two machines, based on last update time in the console GUI:
Open the ePolicy Orchestrator (ePO) console.
Login as an ePO global administrator.
Right-click on 'Directory' and select 'Search'.
Browse the list until you have selected "Search for Duplicate Machine Names".
Start the search.
Compare the last update date of the machines and delete the older of the two.
Right-click on the remaining machine and select 'Move'.
Move the machine to the appropriate Group in the ePO Directory.
theboyhope
IS-IT--Management
Well McAfee should know, after all, but duplicates can clearly be created even without a new MAC or hostname. And mine aren't going into Lost & Found, but into the same domain/group as their predecessors.
It's not really a problem; it's just weird.
It's not really a problem; it's just weird.
- Status
Similar threads
- Locked
- Question
- Locked
- Question