McLovin, I can tell you on my ePO4.5 Beta 3 server, there is an option to select a machine and 'Move GUID to Duplicate List and Delete System'. Hopefully, if it maintains a list of duplicate GUID's it will instruct the machine to generate a new GUID the next time it calls in to re-register. That would seem to make sense to me anyway.
I just did a quick test on my own PC. I added my own PC to the duplicate GUID's list and deleted it from the directory. Then I told it to Collect and Send Props. In the agent log there are these entries:
GUID is already existing in ePO. So regenerating. Generating Agent ID.....
Does anyone have the SQL query above for ePO 4.0? I have reviewed KB51708 with the ePO 4.0 table names, but I do not have enough SQL knowledge to write the correct query. I have requested the ePO 4.0 query from McAfee tech support and sales engineers without success.
you mean to run against the db.... as you cant run sql queries in epo4 itself. thats why mcafee already have their own ways monitoring for showing dup GUID for epo 4.0 ( search the KB for GUID and epo 4)
ePO 4.0 patch 5 creates a new table (dbo.EPOAgentSequenceErrorLog) that will contain entries for all the guids that receive a sequence error -- caused largely by duplicate guids. The other parts of this is that you have to turn off sequence error checking (done in the server INI file), and you need to get a superdat from McAfee support that will delete the guids (provided by you from the table listed above).
Alternatively, you can get the guids from the ePO server (server.log) and parse that for the sequence errors. Under ePO 4.0, forcing a new agent installation over an old agent will NOT create a new guid; so it's definitely more difficult to deal with these than it was under 3.6.
I received this from McAfee's tech support after three months of inquiries and many escalations. It has not been posted to McAfee's KB.
How to identify which agent GUIDs are duplicates within an ePO 4.0 environment
Environment McAfee Common Management Agent McAfee ePolicy Orchestrator 4.0 Microsoft Windows Summary Client computers are not visible in the ePolicy Orchestrator (ePO) 4.0 console even though the ePO agent communicates successfully to the server. This is typically caused by the same agent Global Unique Identifier (GUID) being used by multiple computers. Customers can only see a current snapshot of existing computers within the ePO console, not which agent GUIDs are duplicate within their environment.
Solution 1 To identify which agent GUIDs are affected, a query can be run against the ePO server database which uses the update events from the last 24 hours.
NOTE: Paste each of the scripts below into separate Notepad files and save each with a .SQL extension.
See KB56429 for information on running SQL scripts using OSQL.
Solution 2 Query 1 - The following SQL query lists all agent GUIDs which have more than one agent reporting on the same agent GUID:
SELECT DISTINCT ePOEvents.AgentGUID FROM ePOEvents, ePOEvents as EE2 WHERE (ePOEvents.AgentGUID = EE2.AgentGUID) AND (ePOEvents.TargetHostName <> EE2.TargetHostName) AND (ePOEvents.DetectedUTC > dateadd (day, -1, GetDate())) AND (EE2.DetectedUTC > dateadd (day, -1, GetDate()))
Solution 3 Query 2 - The following SQL query lists all computer names and their agent GUID which have an agent GUID being used by more than one computer:
NOTE: This may help to determine if a specific client is affected by this issue. Additionally it provides a set of computer names which require the agent GUID to be changed. You will also receive an estimated number of computers using the same agent GUID.
SELECT DISTINCT EPOEvents.AgentGUID, EPOEvents.TargetHostName FROM ePOEvents, EPOEvents AS EE2 WHERE EPOEvents.detectedutc > dateadd (day, -1, GetDate()) AND EE2.detectedutc > dateadd (day, -1, GetDate()) AND ePOEvents.AgentGUID = EE2.AgentGUID AND ePOEvents.TargetHostName <> EE2.TargetHostName ORDER BY EPOEvents.AgentGUID, EPOEvents.TargetHostName
Solution 4 Query 3 - The following SQL query lists the number of events per affected agent GUID from the last 24 hours:
NOTE: This provides an estimate on which GUIDs have the most impact on the behavior seen in the environment. The higher the number behind the agent GUID, the more clients may share the same agent GUID.
SELECT DISTINCT ePOEvents.AgentGUID, Count(ePOEvents.TargetHostName) FROM ePOEvents, ePOEvents as EE2 WHERE (ePOEvents.AgentGUID = EE2.AgentGUID) AND (ePOEvents.TargetHostName <> EE2.TargetHostName) AND (ePOEvents.DetectedUTC > dateadd (day, -1, GetDate())) AND (EE2.DetectedUTC > dateadd (day, -1, GetDate())) GROUP BY ePOEvents.AgentGUID
IMPORTANT: Receiving zero results from the queries is not necessarily a sign that no duplicate agent GUIDs exist in the environment. There may be event filters which prevent events sent from the ePO agents from being populated in the ePO database. This will result in not enough data for these queries to be successful. Check the ePO product documentation for how to properly configure event filtering.