7 Replies Latest reply on Jun 10, 2011 7:07 AM by JoeBidgood

    Reuse McAfee Agent GUID on existing machine

    kink80

      If I re-image a client machine that has the McAfee Agent installed ; is there a way to have the newly imaged machine use the existing McAfee ePO record? I want to do this because I manually tag some machines for certain tasks and policy settings (i.e. EEPC 6 installation). It would also be nice to reuse the existing record because of EEPC user assignments. Thanks.

       

      ePO 4.5.4 HF 1 Build 1093

      McAfee Agent 4.5.0.1810

      Windows XP SP3

        • 1. Re: Reuse McAfee Agent GUID on existing machine
          JoeBidgood

          As long as it's the same physical machine - i.e. as long as its MAC address stays the same - then strictly speaking you don't need to preserve the GUID: when the machine communicates with ePO for the first time, ePO will realise the GUID is new, but will locate the machine's entry by its MAC address and simply update it with the new GUID.

           

          HTH -

           

          Joe

          • 2. Re: Reuse McAfee Agent GUID on existing machine
            kink80

            Hi Joe,

             

            I contacted McAfee support (Teir I in consultation with Teir II) and was told if the Agent GUID's do not match then there will be a new instance created nothing was said about the MAC address. Upon further investigation I saw that most of the machines that were creating new duplicate entries within ePO were laptops. This led me down the path you refered to as the MAC address being the second means of Agent ID. This makes sense as most of our laptops are connected to a wireless connection when in use and reporting to ePO but when we re-image a machine we connect them to a wired Ethernet connection which would change the MAC address that McAfee agent reports to the Ethernet connection. This does create a problem on laptops that have Endpoint Encryption installed on them and are in need of re-imaging. Once they are re-imaged they now report that their McAfee Agent GUID and MAC address are different from what ePO has on record and a new instance is created. This wipes out any manually applied tags and as a result tasks and policies are not put back in place. I would like to see a way to also match on System Name and/or Domain so that my tags are still intact after a re-image process. Thank you for your insight.

            • 3. Re: Reuse McAfee Agent GUID on existing machine
              JoeBidgood

              Ah, OK. You're definitely going to hit problems there, as you describe: since you're changing both pieces of information that ePO uses to uniquely identify a machine, ePO has no choice but to treat it as a brand new machine

               

              The only approach I can think of that might work would be a change to the reimaging process, something like this:

               

              a) Machine comes in to the IT department for reimaging.

              b) Machine is connected to a wired LAN connection, and a collect / send properties is done. This will set the MAC address in the ePO db to be the MAC address of the wired connection.

              c) Machine is then reimaged.

              d) Machine is brought on line, still in the IT department. On restart, the agent will now have a new GUID, but the MAC will be the same as before.

              e) ePO will now be able to link the new machine with its existing database entry.

               

              I realise this may not be feasible, and doesn't address the scenario where the machine is dead - i.e. can't be connected to ePO for step (b) - but it might be a starting point?

               

              Regards -

               

              Joe

              • 4. Re: Reuse McAfee Agent GUID on existing machine
                kink80

                I had thought of changing the procedure for the re-imaging process and that may be the only way to go at this point. But as you said that doesn't help with machines that are unresponsive. I will just have to address those situation individually as they arise. Right now EEPC is in a pilot phase for us right now and these are easy to overcome however we plan on deploying EEPC to 1,000+ machines in the near future and I hope this problem does not grow out of hand. Would it work to export the Agent GUID, say from SQL, and then put that Agent GUID value in the registry  during the re-imaging process? Again I thank you for your response to my questions!

                 

                Message was edited by: kink80 on 6/8/11 9:27:17 AM GMT-06:00
                • 5. Re: Reuse McAfee Agent GUID on existing machine
                  JoeBidgood

                  In theory exporting the guid and then inserting it into the client machine's registry would work, but I haven't had a chance to test it. I have one small worry in that the new machine would have a new agent key, but the old GUID: I'm not sure how the server would react to that - there's a possibility that because the GUID is the same, the server will reject the communication because the key is wrong.

                  Also you'd need to either reset the sequence number for that machine in the db, or turn off sequence number enforcement on the server, otherwise the agent comms will be rejected again because the sequence number from the new machine will be lower than the value in the db.

                   

                  HTH -

                   

                  Joe

                  • 6. Re: Reuse McAfee Agent GUID on existing machine
                    ravedj

                    Joe,

                     

                    What happens if the MAC address is the same but client name changes?  During our re-imaging, the purpose is migration to a new OS and a new naming schema.

                     

                    I thought I'd read that the re-linking to the existing object uses a combination of system name and MAC address but I can't find it.

                     

                    Cheers,

                    Dave

                    • 7. Re: Reuse McAfee Agent GUID on existing machine
                      JoeBidgood

                      As long as the MAC address is the same, ePO will find the previous entry  - so in this case the existing entry would be updated with the new GUID and machine name. ePO doesn't use the machine name to identify it at this point.

                       

                      HTH -

                       

                      Joe