cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Just inherited a mess, 925 systems with high sequence errors.

Well guess the title says it all, inherited a deployment with a lot of GUID issues

Initial thought is to use SCCM to force redeploy the agent 5.0.5 but this poses a few questions that concern me


1. If host has drive encryption deployed will this still work after a new GUID has been generated.

2. after a new GUID has been generated will the host within ePO stay in it's current located within the systems tree or will it effectively become a new host and get placed in the lost & found.

Anything else to look out for.

TIA

5 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 6

Re: Just inherited a mess, 925 systems with high sequence errors.

Hi,

If your encrypted systems are currently connected to ePO, you can upgrade the current Agent to version 5.0.5.

This way you will have a control of the systems so that they do not move of container in the tree of systems.

I hope it helps.

regards

Re: Just inherited a mess, 925 systems with high sequence errors.

So the encrypted systems will not care if the GUID changes.

I was under the impression an upgrade preserves the GUID and only a full reinstall or forceinstall would generate new GUIDs

Re: Just inherited a mess, 925 systems with high sequence errors.

This snippet from McAfee Corporate KB - How to install McAfee Agent 4.x to systems using the "Force Install" command K... had me concerned

"NOTE: If you have Endpoint Encryption for PC (EEPC) installed on your systems, contact Technical Support before using this option. Using this option can lead to duplicate entries and result in EEPC users unable to log on to Preboot (Unknown users). This issue can happen if MAC address check is disabled (or excluded)."

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 6

Re: Just inherited a mess, 925 systems with high sequence errors.

You can perform a McAfee Agent update from ePO with an installation task.

In order for you to be sure that this works, first test on a test system.

The correct steps for it to work perfect, first would be to decrypt the systems, second install new agent and third to re-encrypt.

regards

jappell
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

Re: Just inherited a mess, 925 systems with high sequence errors.

Hello TIA,

               You asked a few questions of your own and I will pose the questions you indirectly referred to.

So lets look at each of them.

1. Just inherited a mess, 925 systems with high sequence errors.

>> Sequence errors can be seen when virtual machines are used and snapshots are reinstated. Every system that is managed by ePO must be unique in terms of it's GUID. Much like your Social Security Number is unique to you and nobody else. The ePO versions of today allow you address sequence errors in a few ways. When you run a query pertaining to sequence errors it reports on those systems that may be experiencing issues.

You can remedy the sequence error counts by using Clear Agent GUID Sequence Error Count from the menu shown below. You should determine when the sequence errors occurred as they may have been months ago. If that is the case you can clear them out or create a new line in the sand going forward. The second part is you can instruct the system to "Move GUID to Duplicate list....". That will remove the system from your system tree and tell the remote system to regenerate its GUID. When it has completed the client will have a brand new GUID and typically remedies the situation. The system is not likely to return to the original tree location and may be relocated to lost and found. Depending on your AD sync or sorting schedule should return them to their locations if configured correctly to begin with.

Note: If your system is not communicating well or has any trouble, or is in transit and is talking then off the wire you may not see that system again so go slow and be deliberate. I do not like deleting systems out of ePO unless I have a good process for getting them back if need be.

2. If host has drive encryption deployed will this still work after a new GUID has been generated.

<< You are working with the McAfee Agent GUID not the MDE keys.

3. After a new GUID has been generated will the host within ePO stay in it's current located within the systems tree or will it effectively become a new host and get placed in the lost & found.

>> If you use the Move GUID... approach probably not. If you attempt a new agent install it probably will. You could try a new agent install over the previous and measure if the sequence errors go away. In this way, you are more likely to have it remain in the same location and become updated. Look for duplicate systems as well before you start.

You could always consult support if your are unsure and have them take a look at it.

Jay

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community