8 Replies Latest reply on May 8, 2011 11:12 PM by Sailendra Pamidi

    Deleting duplicate GUID's in logon script

      I have about 100 machines with the same GUID due to a deployment error.  I'd like to delete the GUID, MAC and IP addreses within the context of our domain logon script.  However, Access Protection get in the way here, obviously.  Does anyone know of a definitive way to work around this?  I went as far as to find the registry values that need to be flipped in order to uncheck "Enable access protection" and "Prevent McAfee services from being stopped", but I can't even modify those.  I am running epo 4.0.0 build 1333, by the way.  The clients are all VSE 8.7.

       

       

      Message was edited by: weinigeo on 5/20/10 12:03:28 PM CDT
        • 1. Re: Deleting duplicate GUID's in logon script
          HupSkiDup

          How about force installing new agents, which will recreate the GUID?

          Either in EPO, or in a script framepkg.exe /forceinstall

          test and verify in the registry that the guid value has changed.

          • 2. Re: Deleting duplicate GUID's in logon script

            Two possible solutions.

            1.  If you are runnng the McAfee 4.5 agent, simply mark the GUID as duplicate from the workstation object in EPO.  That will send a message to client to recreate the GUID.

             

            2.  If running prior to McAFee 4.5,  just delete the registry key and force a reboot.  I have a vbs script that I routinely copy to workstations and run to delete the reg key.  Because of Access Protection I can not stop Framework Services but it has always let me delete the key.  I am remoted into the boxes with Admin rights.  So either I assign a policy that temporarily turns off Access Protection so I can restart framework services; or,more commonly,  I simply reboot the machine.  

            • 3. Re: Deleting duplicate GUID's in logon script
              PhilR

              There is a way of doing it from within ePO...

               

              From the ePO 4.0 Patch 6 readme:

               

              "Issue:

              Identification and remediation of duplicate McAfee Agent  GUIDs through ePolicy Orchestrator was difficult. (Reference: 494753)

              Resolution: ePolicy Orchestrator now has preconfigured  queries, actions, and server tasks to assist in managing the resolution of  duplicate McAfee Agent GUIDs.

              Note: McAfee Agent versions 4.5 and  4.0 Patch 3 introduce support of the duplicated GUID regeneration request."

              You can select all your boxes, then "Move GUID to duplicate list and delete system".

               

              Next time they call home, they'll generate a new GUID.

               

              The real problem is the whole GUID idea anyhow...  Crazy, what were McAfee thinking when they came up with that one?

               

              Hint to McAfee:  There may be occasions where a GUID could be useful, but, if your uniqueness key was Domain/machine name you'd rarely get any duplicates at all.

               

               

              Message was edited by: PhilR on 21/05/10 07:46:26 CDT
              1 of 1 people found this helpful
              • 4. Re: Deleting duplicate GUID's in logon script

                Thanks for all the helpful replies.  For what I'm doing, the /forceinstall switch is ideal; I totally forgot that it regenerates the GUID.  These are machines that I'm finding when doing an NT domain sync, and they all share the same duplicate GUID. None have a functioning agent.  As part of the sync, I can just select all of them and deploy the agent with "Force installation over existing version" checked.  Just tested this and it seems to be working perfectly.

                 

                Thanks again!

                • 5. Re: Deleting duplicate GUID's in logon script

                  My issue was that my machines never showed in the EPO console, so I didn't even know the machines were having a problem until I manually tried updating one and it said agent cannot connect to server. So I added a bit to the server.ini on my epo box to allow the connections and did the above suggestion to allow those connections to talk and get all of my client tasks. Funny part was they would still get DAT file updates just nothing else.

                  • 6. Re: Deleting duplicate GUID's in logon script
                    Sailendra Pamidi

                    RickIA wrote:

                     

                    My issue was that my machines never showed in the EPO console, so I didn't even know the machines were having a problem until I manually tried updating one and it said agent cannot connect to server. So I added a bit to the server.ini on my epo box to allow the connections and did the above suggestion to allow those connections to talk and get all of my client tasks. Funny part was they would still get DAT file updates just nothing else.


                    Sequence check feature was introduced in MA 4.5 and was meant as a security feature (to prevent replay attacks).  Agent GUID is the primary mechanism by which ePO identifies whether an agent is already listed in the system tree. The sequence number is incremented on each communication and the next expected sequence number is recorded in the Database. If more than one machine happens to have the same guid (mostly because of cloned machines), this sequence check goes out of sync and causes the communication to be rejected.

                     

                    That means none of the other duplicate guid systems would show up in the system tree at all. You can still see a list of all these failed communication systems by querying the EPOAgentSequenceErrorLog table in the ePO Database.

                     

                    The DAT update does not rely on the Agent Server Communication for the update mechanism to work - so there is no impact to it.

                    • 7. Re: Deleting duplicate GUID's in logon script

                      I ran the SQl query and added those bad sequence machines to the duplicates table, and now all of the machines that attempt to checkin with the invalid GUID's are repopulating. Already had almost 200 machines show up so that is a VERY GOOD sign. I also added a stich in the server.ini to allow the machines with invalid guids to communicate, is it safe for me to remove that, or do you think I need to leave them in place to keep machines talking?

                      • 8. Re: Deleting duplicate GUID's in logon script
                        Sailendra Pamidi

                        RickIA wrote:

                         

                        I also added a stich in the server.ini to allow the machines with invalid guids to communicate, is it safe for me to remove that, or do you think I need to leave them in place to keep machines talking?

                        You can remove the option in server.ini - the agents which have regenerated their GUID would no longer have the sequence check problem - so should communicate. You are however better off in fixing the master image by deleting th AgentGUID key from the registry before cloning or imaging the systems to prevent duplicate guids altogether.