I have a really strange problem here.. Or better two really strange problems.
We have an ePO which is managing about 14'000 clients worldwide. There are about 50 departments in 40 countries, each of the departments has his own group in the ePO System Tree.
The groups have AD Synch enabled (import as a flat list). This has worked without any problems for about a year.
The problems started with the VPN solution.. Since the users are connecting to the network via VPN, i've seen really strange things on my ePO:
1. Clients which get the Agent package via VPN (software distribution) completly ignore the AD object in the group. A duplicated object is made in a random group (not in the Lost&Found). Sometimes the client is in the Germany-Group, somtimes a object is made in Bolivia, and so on.. I don't get it why they create the object in different random groups.
How does the client check if a AD object already exists for him in ePO? MAC adress which is known by the AD? This would explain why the client doesn't recognize the AD object as "his" object because the MAC address is not the same when he comes over VPN.
But this doesn't explain why he creates the object in a random group instead of Lost&Found.
2. Seen this the first time today.. A client which was installed in LAN (object was "managed" in the correct group) changed his group as he connected to the network via VPN. Here again the same thing.. He changed to a random group (Bolivia in this case). The big problem here is that we are installing EEPC in some of the groups. I can't reproduce it.. The group change doesn't seem to occur every time when they connect with VPN.
System Tree Sorting is disabled on the clients. There is no Sorting criteria defined on the groups. The only option configured on the groups is AD Synch. I just don't get it why the clients are changing their groups..
Thanks in advance.