Showing results for 
Show  only  | Search instead for 
Did you mean: 

AutoDomain driving us AutoCrazy

We cant nail down when this started happening, and seem to be hard pressed to duplicated it here in the lab, but it is happening all over the field... where the local IT staff is hard pressed to get us log files, etc... their Doctors just need the machines ASAP... and since we are still in a deployment phase... Mgt is allowing them to just remove / bypass SafeBoot, for now.

Thats point of frustration one.. grin now let me get into the problem we are having.

We have created a Machine group in EEMC called Integration.
A package just for that group has been created.
The package is stored in a SafeBoot folder under c:\drivers, and is called right after Sysprep finishes, and reboots once with auto local admin privs.
Actually, it goes like like this -
Autologin as Local admin
Altiris A and NS clients are installed
Integration.exe (package) runs / installs
McAfee 8.5 and patches install
Framework installs
About here you get the MS pop up in the upper Left corner something about EEPC Wizzard
it finishes and the machine reboots.

We now have a machine created and working in EEMC.
Machine synch, reboot, and gets the SafeBoot login screen.
The way we are configured, new user puts in BYPASS and PASSWORD at login screen...
Brings them to a Windows login... they log in - and within a few seconds get the SafeBoot provisioning screen asking them to put in their domain password 2x.
This works... except when you check the EEMC console... the machine (say ID 121) is now in the recycle bin, a new machine with the same name is in the Integration folder (id is now 122) and that entry will not synch, but has the user provisioned. If you pull the original machine out the reycyle - it will synch, but doesnt have the user provisioned. If you manually add the user to the recently deleted machine and synch - all is good... until the next new user logs in and tries to provision.

This is not on all machines, so we are at a loss for the cause.
Thought it was version, so we upgraded from 5.2.1 (had to upgrade here from 5.19 as KB wasnt working in dock) to 5.2.2 ... and it still seems to happen.

Server : 5.2.2
Package : 5.2.2
AutoDomain : 5.19 (provided by McAfee folks who came out to assist in setup, but now wont answer our emails)

Here is the AutoDomain.ini we are using:
;For information on these parameters, please view the autodomain script itself.




SkipUsers= |Administrator|,|LocalService|,|All Users|,|Default User|,|NetworkService|,|Guest|,|systemprofile|,|emanager|,|$autoboot$|,|login|,|imgadjoin|,|images|,|pxeboot|,|altrstx001|,|altrstx002|,|altrstx007|,|VENDTXCOMARK|
DefaultUserGroupName=SafeBoot Users
TemplateUserGroup=SafeBoot Users




Any thoughts / suggestions / hey dumba$$ - can fix it HERE -->:eek: / would be greatly appreciated.

Houston, Texas

---Additionally- What is shown in response to forced synchs to the "bogus" machines that are created are 0xdb0200000 : "Attribute not Found"
6 Replies

RE: AutoDomain driving us AutoCrazy

Your problem is in this setting: MachineExistsMode=Recycle

RE: AutoDomain driving us AutoCrazy

Interesting... the "savior" is also the cause happy ... By that I mean when the machine dels / recreates, its only because its in the recycle that we can still comunicate with the machine and attempt a removal if we cant fix the issue.

So - Delete settings is probably out... leaving ClearKey - is that what your reccomending?

Thanks in advance
Houston, Texas

RE: AutoDomain driving us AutoCrazy

I'd check with your McAfee rep.

RE: AutoDomain driving us AutoCrazy

Part of the issue may be the CreateMachines setting as well. If the SafeBoot Client isn't active, the CreateMachine setting will kick in and attempt to create a new machine object. If there is an existing machine object (which there is), then the MachineExistsMode setting comes into play. In my experience, AutoDomain took a lot of testing to setup correctly. Many settings are connected to other settings, and it takes a lot of testing to get things to work like you want them to.
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

RE: AutoDomain driving us AutoCrazy

use clearkey if you are sure you'll never get two machines with the same name, then AD will reuse the existing machine.

RE: AutoDomain driving us AutoCrazy

Have you tried MoveMachinesToGroup=False? If they're being created from Integration there should be no need to move them.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community