6 Replies Latest reply: Jul 23, 2013 1:15 PM by rmetzger RSS

    Automating the removal of duplicate systems

    rothman

      After some searching, I couldn't find another topic like this on the community, but please point me in the right direction if there is.

       

      Problem:

      We reimage machines on a daily basis (with our images configured to be sure we do not create duplicate GUIDs) and the standard procedure is to rename the newly imaged machine the same name as it was prior to reimaging.  Due to this, we get dozens of duplicate machines in our ePO daily.

       

      Desired Solution:

      A query, set of queries or whatever it would take to automate the discovery of duplicate machines and removing the duplicate(s) which have an older 'Last Communication' time than the last one to check in to the ePO (with the assumption that the one which last communicated is the valid GUID).

       

      Known tools:

      For the automated part of this, I've already created a system task to run on a weekly basis.

       

      For the query part of this, I know about the pre-built duplicate query and have been trying to tweak that / add nested queries / use tags to try and segregate the duplicate machines which actually need to be removed.

       

      Results:

      So far, no real luck (obviously, else I wouldn't be here ).  The problem I keep running into is that there is no good method to segregate the old ones, due to the fact that the machine with the valid GUID may have a last communiation time which meets the filter of 'if not communicated within (x) days' --- that's a whole other problem, but I also do not want to begin, possibly, ophaning machines which have a corrupt Agent or have simply been offline for a long time.

       

      So, overall:

      Does anyone know if there is a method to get the below pseudo code done?

       

      if system_name is duplicated AND the last communication time of system_name(a) is older than last communication time of system_name(b)

         (

          Delete system_name(a)

         )

       

      Added duplicate tag on 7/23/13 11:07:26 AM CDT
        • 1. Re: Automating the removal of duplicate systems
          JoeBidgood

          Problem:

          We reimage machines on a daily basis (with our images configured to be sure we do not create duplicate GUIDs) and the standard procedure is to rename the newly imaged machine the same name as it was prior to reimaging.  Due to this, we get dozens of duplicate machines in our ePO daily.

           

           

          Are the machines being reimaged on the same hardware? Generally speaking reimaging a machine should not give you a duplicate, as long as the MAC address stays the same. Can you explain the reimaging process in a bit more detail?

           

          Thanks -

           

          Joe

          • 2. Re: Automating the removal of duplicate systems
            rothman

            Good point Joe, didn't consider that until your reply.

             

            In the environment I inherited (still new to the company) all of the machines showing up as duplicates, I believe, are thin-clients.  That said, the MAC address is different on each one.

            • 3. Re: Automating the removal of duplicate systems
              rmetzger

              Hi rothman,

               

              Welcome to the forums.

              rothman wrote:

               

              After some searching, I couldn't find another topic like this on the community, but please point me in the right direction if there is.

               

              Problem:

              We reimage machines on a daily basis (with our images configured to be sure we do not create duplicate GUIDs) and the standard procedure is to rename the newly imaged machine the same name as it was prior to reimaging.  Due to this, we get dozens of duplicate machines in our ePO daily.

              I would Consider clearing both the GUID and MacAdress from the master image prior to 'closing' the image. Either that or clear the GUID and MacAdress at first boot, as you are changing the Machine Name. Either way, this should eliminate the duplicates that are created when re-imaging systems.

               

              Here are the entries I would clear:

                  REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /F

                  REG delete "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /F

               

                  REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v AgentGUID /f

                  REG delete "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent" /v MacAddress /f

               

              Of course, to delete these entries, VSE's self-protection needs to be temporarily disabled.

               

              A really good discussion and explaination of this issue by Rackroyd:

              https://community.mcafee.com/message/116343#116343

               

              Based on your initial post, you did not inform us of the version of ePO you are using or the version of the Agent you are deploying within the image. I believe using the newer versions of both help to eliminate some of these issues.

               

              A good source of info might be: McAfee Agent 4.8.0 >  MA_480_ProductGuide.pdf  > pg. 41 Include the agent on an image

               

              Hope this helps,

               

              Ron Metzger

              • 4. Re: Automating the removal of duplicate systems
                rothman

                rmetzger wrote:

                 

                I would Consider clearing both the GUID and MacAdress from the master image prior to 'closing' the image. Either that or clear the GUID and MacAdress at first boot, as you are changing the Machine Name. Either way, this should eliminate the duplicates that are created when re-imaging systems.

                 

                 

                I'm almost 100% sure we're already doing this.  If we weren't then we wouldn't be having a problem with duplicate names, instead we would have machines appearing and disappearing from the ePO system tree, since they would all have the same GUID.

                 

                The problem isn't with the imaging of our machines (not to mention there is very little I could do to influence that process), it's a matter of the ePO, by default, only having the option to delete all machines which show up as duplicate and then it assuming that those machines which are the true GUID to pop back into the console once they check back in on their normal ASCI schedule.  Unfortunately for us all, this isn't the case in the real world and this is a sure fire way of losing machines to the void if their Agent is not functioning correctly or if the Agent communication to the ePO is getting blocked somehow.

                • 5. Re: Automating the removal of duplicate systems
                  JoeBidgood

                  OK. If you can clarify the exact process that it would be helpful. If the same user gets the same machine back again after reimaging, with the same name (and presumably MAC address as these are physical) then we should be OK.

                  If the machine gets reimaged and given to a different user, or given a different name, then there could be a problem.

                   

                  Thanks -

                   

                  Joe

                  • 6. Re: Automating the removal of duplicate systems
                    rmetzger

                    OK, it was just a thought.

                     

                    [quote]

                    In the environment I inherited (still new to the company) all of the machines showing up as duplicates, I believe, are thin-clients.  That said, the MAC address is different on each one.[/quote]

                     

                    So, deleting the MacAddress during the re-image process wouldn't help?

                     

                    Are you restoring the image to the same machine as the embedded image MacAddress? As a 'thin-client' I would surmise that they each have a different MAC address, but the image will use the same one for each restoration if only one Master image was created.

                     

                    Is there unique image for each thin-client machine (one image to every MAC address)? Are you restoring the image in a one-to-one way?

                    What version of ePO and McAfee Agent are you using?

                     

                    Ron Metzger