cancel
Showing results for 
Search instead for 
Did you mean: 

RE: Duplicate GUID's

McLovin,
I can tell you on my ePO4.5 Beta 3 server, there is an option to select a machine and 'Move GUID to Duplicate List and Delete System'. Hopefully, if it maintains a list of duplicate GUID's it will instruct the machine to generate a new GUID the next time it calls in to re-register. That would seem to make sense to me anyway.

RE: Duplicate GUID's

I just did a quick test on my own PC. I added my own PC to the duplicate GUID's list and deleted it from the directory. Then I told it to Collect and Send Props. In the agent log there are these entries:

GUID is already existing in ePO. So regenerating.
Generating Agent ID.....


I also verified that I now have a different GUID.
wongf
Level 7
Report Inappropriate Content
Message 13 of 21

need little guidance here

I am using EPO 4.0 and i did save the query into txtfile with extention sql file. asd inditcated in https://kc.mcafee.com/corporate/index?page=content&id=KB51708&actp=search&searchid=1242844017224
but when i try to import it into EPO queries i keep getting wrong format or corrupted.. what am i doing wrong??
McAfee Employee tb_ng
McAfee Employee
Report Inappropriate Content
Message 14 of 21

RE: need little guidance here



If I'm not mistaken, ePO 4 is looking for it to be in xml format. I posted previously to see if anyone had it in that format. If you export a query, you'll see what it should look like.
wongf
Level 7
Report Inappropriate Content
Message 15 of 21

RE: need little guidance here

thnkx tb_ng..

it was pretty confusing.. i guess the queries provided on KB51708 need to be executed using OSQL.. there must be a better way.

RE: need little guidance here

These are actually SQL queries that need to be run against the SQL database. You can use either OSQL or one of the management tools (whether SQL2000 or 2005) in order to run them.

j

RE: Duplicate GUID's



Does anyone have the SQL query above for ePO 4.0? I have reviewed KB51708 with the ePO 4.0 table names, but I do not have enough SQL knowledge to write the correct query. I have requested the ePO 4.0 query from McAfee tech support and sales engineers without success.
tonyb99
Level 13
Report Inappropriate Content
Message 18 of 21

RE: Duplicate GUID's

you mean to run against the db.... as you cant run sql queries in epo4 itself. thats why mcafee already have their own ways monitoring for showing dup GUID for epo 4.0 ( search the KB for GUID and epo 4)
McAfee Employee tb_ng
McAfee Employee
Report Inappropriate Content
Message 19 of 21

ePO 4

ePO 4.0 patch 5 creates a new table (dbo.EPOAgentSequenceErrorLog) that will contain entries for all the guids that receive a sequence error -- caused largely by duplicate guids. The other parts of this is that you have to turn off sequence error checking (done in the server INI file), and you need to get a superdat from McAfee support that will delete the guids (provided by you from the table listed above).

Alternatively, you can get the guids from the ePO server (server.log) and parse that for the sequence errors. Under ePO 4.0, forcing a new agent installation over an old agent will NOT create a new guid; so it's definitely more difficult to deal with these than it was under 3.6.

I think this is has additional info: https://kc.mcafee.com/corporate/index?page=content&id=KB60776

Hope this helps.

ePO 4.0 duplicate GUID database queries

I received this from McAfee's tech support after three months of inquiries and many escalations. It has not been posted to McAfee's KB.

How to identify which agent GUIDs are duplicates within an ePO 4.0 environment


Environment
McAfee Common Management Agent
McAfee ePolicy Orchestrator 4.0
Microsoft Windows

Summary

Client computers are not visible in the ePolicy Orchestrator (ePO) 4.0 console even though the ePO agent communicates successfully to the server. This is typically caused by the same agent Global Unique Identifier (GUID) being used by multiple computers. Customers can only see a current snapshot of existing computers within the ePO console, not which agent GUIDs are duplicate within their environment.

Solution 1
To identify which agent GUIDs are affected, a query can be run against the ePO server database which uses the update events from the last 24 hours.

NOTE: Paste each of the scripts below into separate Notepad files and save each with a .SQL extension.

See KB56429 for information on running SQL scripts using OSQL.

Solution 2
Query 1 - The following SQL query lists all agent GUIDs which have more than one agent reporting on the same agent GUID:

SELECT DISTINCT ePOEvents.AgentGUID
FROM ePOEvents, ePOEvents as EE2
WHERE
(ePOEvents.AgentGUID = EE2.AgentGUID)
AND (ePOEvents.TargetHostName <> EE2.TargetHostName)
AND (ePOEvents.DetectedUTC > dateadd (day, -1, GetDate()))
AND (EE2.DetectedUTC > dateadd (day, -1, GetDate()))

Solution 3
Query 2 - The following SQL query lists all computer names and their agent GUID which have an agent GUID being used by more than one computer:

NOTE: This may help to determine if a specific client is affected by this issue. Additionally it provides a set of computer names which require the agent GUID to be changed. You will also receive an estimated number of computers using the same agent GUID.

SELECT DISTINCT EPOEvents.AgentGUID, EPOEvents.TargetHostName
FROM ePOEvents, EPOEvents AS EE2
WHERE
EPOEvents.detectedutc > dateadd (day, -1, GetDate()) AND
EE2.detectedutc > dateadd (day, -1, GetDate()) AND
ePOEvents.AgentGUID = EE2.AgentGUID AND
ePOEvents.TargetHostName <> EE2.TargetHostName
ORDER BY EPOEvents.AgentGUID, EPOEvents.TargetHostName

Solution 4
Query 3 - The following SQL query lists the number of events per affected agent GUID from the last 24 hours:

NOTE: This provides an estimate on which GUIDs have the most impact on the behavior seen in the environment. The higher the number behind the agent GUID, the more clients may share the same agent GUID.

SELECT DISTINCT ePOEvents.AgentGUID, Count(ePOEvents.TargetHostName)
FROM ePOEvents, ePOEvents as EE2
WHERE
(ePOEvents.AgentGUID = EE2.AgentGUID)
AND (ePOEvents.TargetHostName <> EE2.TargetHostName)
AND (ePOEvents.DetectedUTC > dateadd (day, -1, GetDate()))
AND (EE2.DetectedUTC > dateadd (day, -1, GetDate()))
GROUP BY ePOEvents.AgentGUID

IMPORTANT: Receiving zero results from the queries is not necessarily a sign that no duplicate agent GUIDs exist in the environment. There may be event filters which prevent events sent from the ePO agents from being populated in the ePO database. This will result in not enough data for these queries to be successful. Check the ePO product documentation for how to properly configure event filtering.
More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.