Showing results for 
Search instead for 
Did you mean: 
Level 7

Machine ID change?

So, what can cause a machine ID change?

I'm working through an issue where users are being removed from their systems. These users have been manually assigned to the system beforehand (they are domain users). Something is causing them to be removed. I'm noticing this message in the logs:

policyHandler: detected machine ID (old: 33276, new: 33537) change (this will trigger a key-backup to the server).

occurring prior to the user being removed.

I initially thought it might have been new computer certificates (from a new CA), but deleting my certificates and allowing new ones to come down didn't cause this. Has anyone experienced an issue with manually assigned users being removed similar to this? Could the new ID be causing it?

0 Kudos
1 Reply
McAfee Employee

Re: Machine ID change?

Three things can cause a machine LeafNodeID change:

1. The system was deleted from the database and a new LeafNode created. This can occur either from a manual delete or via a server task such as Duplicate GUID cleanup task. Check the ePO Audit log to verify if the system was deleted.

2. The system is affected by the issue outlined in KB52949. If you have not applied the solution in this KB, identify the vendor ID of all VPN appliances and enter them into the ePOVirtualMacVender table in the database.

3. The ePO database was reverted to a backup to a time before the system was added.

0 Kudos