Showing results for 
Search instead for 
Did you mean: 
Level 7

AutoDomain driving us AutoCrazy

We cant nail down when this started happening, and seem to be hard pressed to duplicated it here in the lab, but it is happening all over the field... where the local IT staff is hard pressed to get us log files, etc... their Doctors just need the machines ASAP... and since we are still in a deployment phase... Mgt is allowing them to just remove / bypass SafeBoot, for now.

Thats point of frustration one.. grin now let me get into the problem we are having.

We have created a Machine group in EEMC called Integration.
A package just for that group has been created.
The package is stored in a SafeBoot folder under c:\drivers, and is called right after Sysprep finishes, and reboots once with auto local admin privs.
Actually, it goes like like this -
Autologin as Local admin
Altiris A and NS clients are installed
Integration.exe (package) runs / installs
McAfee 8.5 and patches install
Framework installs
About here you get the MS pop up in the upper Left corner something about EEPC Wizzard
it finishes and the machine reboots.

We now have a machine created and working in EEMC.
Machine synch, reboot, and gets the SafeBoot login screen.
The way we are configured, new user puts in BYPASS and PASSWORD at login screen...
Brings them to a Windows login... they log in - and within a few seconds get the SafeBoot provisioning screen asking them to put in their domain password 2x.
This works... except when you check the EEMC console... the machine (say ID 121) is now in the recycle bin, a new machine with the same name is in the Integration folder (id is now 122) and that entry will not synch, but has the user provisioned. If you pull the original machine out the reycyle - it will synch, but doesnt have the user provisioned. If you manually add the user to the recently deleted machine and synch - all is good... until the next new user logs in and tries to provision.

This is not on all machines, so we are at a loss for the cause.
Thought it was version, so we upgraded from 5.2.1 (had to upgrade here from 5.19 as KB wasnt working in dock) to 5.2.2 ... and it still seems to happen.

Server : 5.2.2
Package : 5.2.2
AutoDomain : 5.19 (provided by McAfee folks who came out to assist in setup, but now wont answer our emails)

Here is the AutoDomain.ini we are using:
;For information on these parameters, please view the autodomain script itself.




SkipUsers= |Administrator|,|LocalService|,|All Users|,|Default User|,|NetworkService|,|Guest|,|systemprofile|,|emanager|,|$autoboot$|,|login|,|imgadjoin|,|images|,|pxeboot|,|altrstx001|,|altrstx002|,|altrstx007|,|VENDTXCOMARK|
DefaultUserGroupName=SafeBoot Users
TemplateUserGroup=SafeBoot Users




Any thoughts / suggestions / hey dumba$$ - can fix it HERE -->:eek: / would be greatly appreciated.

Houston, Texas

---Additionally- What is shown in response to forced synchs to the "bogus" machines that are created are 0xdb0200000 : "Attribute not Found"
0 Kudos
6 Replies
Level 9

RE: AutoDomain driving us AutoCrazy

Your problem is in this setting: MachineExistsMode=Recycle
0 Kudos
Level 7

RE: AutoDomain driving us AutoCrazy

Interesting... the "savior" is also the cause happy ... By that I mean when the machine dels / recreates, its only because its in the recycle that we can still comunicate with the machine and attempt a removal if we cant fix the issue.

So - Delete settings is probably out... leaving ClearKey - is that what your reccomending?

Thanks in advance
Houston, Texas
0 Kudos
Level 9

RE: AutoDomain driving us AutoCrazy

I'd check with your McAfee rep.
0 Kudos
Level 9

RE: AutoDomain driving us AutoCrazy

Part of the issue may be the CreateMachines setting as well. If the SafeBoot Client isn't active, the CreateMachine setting will kick in and attempt to create a new machine object. If there is an existing machine object (which there is), then the MachineExistsMode setting comes into play. In my experience, AutoDomain took a lot of testing to setup correctly. Many settings are connected to other settings, and it takes a lot of testing to get things to work like you want them to.
0 Kudos
Level 21

RE: AutoDomain driving us AutoCrazy

use clearkey if you are sure you'll never get two machines with the same name, then AD will reuse the existing machine.
0 Kudos
Level 7

RE: AutoDomain driving us AutoCrazy

Have you tried MoveMachinesToGroup=False? If they're being created from Integration there should be no need to move them.
0 Kudos