cancel
Showing results for 
Search instead for 
Did you mean: 

Deleting duplicate GUID's in logon script

Jump to solution

I have about 100 machines with the same GUID due to a deployment error.  I'd like to delete the GUID, MAC and IP addreses within the context of our domain logon script.  However, Access Protection get in the way here, obviously.  Does anyone know of a definitive way to work around this?  I went as far as to find the registry values that need to be flipped in order to uncheck "Enable access protection" and "Prevent McAfee services from being stopped", but I can't even modify those.  I am running epo 4.0.0 build 1333, by the way.  The clients are all VSE 8.7.

Message was edited by: weinigeo on 5/20/10 12:03:28 PM CDT
1 Solution

Accepted Solutions
Highlighted

Re: Deleting duplicate GUID's in logon script

Jump to solution

How about force installing new agents, which will recreate the GUID?

Either in EPO, or in a script framepkg.exe /forceinstall

test and verify in the registry that the guid value has changed.

8 Replies
Highlighted

Re: Deleting duplicate GUID's in logon script

Jump to solution

How about force installing new agents, which will recreate the GUID?

Either in EPO, or in a script framepkg.exe /forceinstall

test and verify in the registry that the guid value has changed.

Re: Deleting duplicate GUID's in logon script

Jump to solution

Two possible solutions.

1.  If you are runnng the McAfee 4.5 agent, simply mark the GUID as duplicate from the workstation object in EPO.  That will send a message to client to recreate the GUID.

2.  If running prior to McAFee 4.5,  just delete the registry key and force a reboot.  I have a vbs script that I routinely copy to workstations and run to delete the reg key.  Because of Access Protection I can not stop Framework Services but it has always let me delete the key.  I am remoted into the boxes with Admin rights.  So either I assign a policy that temporarily turns off Access Protection so I can restart framework services; or,more commonly,  I simply reboot the machine.  

PhilR
Level 12
Report Inappropriate Content
Message 4 of 9

Re: Deleting duplicate GUID's in logon script

Jump to solution

There is a way of doing it from within ePO...

From the ePO 4.0 Patch 6 readme:

"Issue:

Identification and remediation of duplicate McAfee Agent  GUIDs through ePolicy Orchestrator was difficult. (Reference: 494753)

Resolution: ePolicy Orchestrator now has preconfigured  queries, actions, and server tasks to assist in managing the resolution of  duplicate McAfee Agent GUIDs.

Note: McAfee Agent versions 4.5 and  4.0 Patch 3 introduce support of the duplicated GUID regeneration request."

You can select all your boxes, then "Move GUID to duplicate list and delete system".

Next time they call home, they'll generate a new GUID.

The real problem is the whole GUID idea anyhow...  Crazy, what were McAfee thinking when they came up with that one?

Hint to McAfee:  There may be occasions where a GUID could be useful, but, if your uniqueness key was Domain/machine name you'd rarely get any duplicates at all.

Message was edited by: PhilR on 21/05/10 07:46:26 CDT

Re: Deleting duplicate GUID's in logon script

Jump to solution

Thanks for all the helpful replies.  For what I'm doing, the /forceinstall switch is ideal; I totally forgot that it regenerates the GUID.  These are machines that I'm finding when doing an NT domain sync, and they all share the same duplicate GUID. None have a functioning agent.  As part of the sync, I can just select all of them and deploy the agent with "Force installation over existing version" checked.  Just tested this and it seems to be working perfectly.

Thanks again!

RickIA
Level 9
Report Inappropriate Content
Message 6 of 9

Re: Deleting duplicate GUID's in logon script

Jump to solution

My issue was that my machines never showed in the EPO console, so I didn't even know the machines were having a problem until I manually tried updating one and it said agent cannot connect to server. So I added a bit to the server.ini on my epo box to allow the connections and did the above suggestion to allow those connections to talk and get all of my client tasks. Funny part was they would still get DAT file updates just nothing else.

McAfee Employee spamidi
McAfee Employee
Report Inappropriate Content
Message 7 of 9

Re: Deleting duplicate GUID's in logon script

Jump to solution

RickIA wrote:

My issue was that my machines never showed in the EPO console, so I didn't even know the machines were having a problem until I manually tried updating one and it said agent cannot connect to server. So I added a bit to the server.ini on my epo box to allow the connections and did the above suggestion to allow those connections to talk and get all of my client tasks. Funny part was they would still get DAT file updates just nothing else.


Sequence check feature was introduced in MA 4.5 and was meant as a security feature (to prevent replay attacks).  Agent GUID is the primary mechanism by which ePO identifies whether an agent is already listed in the system tree. The sequence number is incremented on each communication and the next expected sequence number is recorded in the Database. If more than one machine happens to have the same guid (mostly because of cloned machines), this sequence check goes out of sync and causes the communication to be rejected.

That means none of the other duplicate guid systems would show up in the system tree at all. You can still see a list of all these failed communication systems by querying the EPOAgentSequenceErrorLog table in the ePO Database.

The DAT update does not rely on the Agent Server Communication for the update mechanism to work - so there is no impact to it.

RickIA
Level 9
Report Inappropriate Content
Message 8 of 9

Re: Deleting duplicate GUID's in logon script

Jump to solution

I ran the SQl query and added those bad sequence machines to the duplicates table, and now all of the machines that attempt to checkin with the invalid GUID's are repopulating. Already had almost 200 machines show up so that is a VERY GOOD sign. I also added a stich in the server.ini to allow the machines with invalid guids to communicate, is it safe for me to remove that, or do you think I need to leave them in place to keep machines talking?

McAfee Employee spamidi
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Deleting duplicate GUID's in logon script

Jump to solution

RickIA wrote:

I also added a stich in the server.ini to allow the machines with invalid guids to communicate, is it safe for me to remove that, or do you think I need to leave them in place to keep machines talking?

You can remove the option in server.ini - the agents which have regenerated their GUID would no longer have the sequence check problem - so should communicate. You are however better off in fixing the master image by deleting th AgentGUID key from the registry before cloning or imaging the systems to prevent duplicate guids altogether.

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community