3 Replies Latest reply on Aug 8, 2013 10:36 AM by JoeBidgood

    Duplicate entries after system re-install.

    aerialjibe

      Duplicate entries after system re-install.

      We have the following situation: 

      We use WDS to install new systems or re-install existing systems. TheAgent gets installed via a script at the end of the WDS install. After theAgent contact the ePO server all appropriate software will be installed. Thisworks great for new systems. Some Developer users have the ability tore-install their systems.

      • -         ePO 4.6
      • -         McAfee Agent 4.6.0.3122
      • -         VSE 8.8
      • -         EEPC 7.0
      • -         We don’t use rogue system detection

       

      Problem:

      If users re-install their system and use WLAN instead of LAN forre-installation, the system is added as a new system. We also make use of EEPCso this results in encryption and logon problems. The newly added systemdoesn’t have the correct users added (the existing entry does).

       

      We did uncheck the MAC attribute for Matching Managed Systems and only matchon Hostname/Domain (pair) so the system should use the already existing systementry?

       

      I have the following questions:

      1.        Why is the systemstill seen as a new system and not matched on the existing managed system?
      2.        How should we set thesystem matching settings to match the systems the correct way so that it doesn’tmatter if the system is being reinstalled via another interface?
        • 1. Re: Duplicate entries after system re-install.
          JoeBidgood

          Hi...

           

          This sounds like a tricky situation

          Firstly, we can ignore the system matching settings - these are only applicable to Rogue System Detection, which is not in use.

          What's happening here is all down to how ePO treats the first connection from the client machine - if both the agent GUID and the MAC address have changed since the last communication, then unfortunately you're going to get a new entry. (These are the only two checks that ePO does when an agent communicates.)  From what you describe, this is what's happening - the machine is being reinstalled, which means the agent is reinstalled and so is getting a new GUID, and the connection is made via a different network adapter so the MAC address is different as well.

           

          However there is a new feature in MA 4.8 and ePO 5 which might help: it's not designed for exactly this situation but in theory it should work. If you install MA 4.8 in VDI mode, this should hopefully be able to survive the reinstall/change of mac address, and reconnect with the existing entry in ePO. I haven't tried this as yet - if I get a chance I will test it. If anyone else has tried this I'd be interested to hear your results.

           

          HTH -

           

          Joe

          1 of 1 people found this helpful
          • 2. Re: Duplicate entries after system re-install.
            aerialjibe

            Hi Joe,

             

            This was unclear to me. I thought that the "Matching Detected Systems" where applicable on detected rogue systems and "Matching Managed Systems" applicable to other managed or  new systems (added by Agent install). 

            Maybe some extra information in the McAfee epo_product_guide would be helpfull.

             

            It is than still not clear what's the difference than between:

             

            Detecting System Matching -> Matching Detected Systems

             

            and

             

            Detecting System Matching -> Matching Managed Systems

             

             

            Jacques

             

            Message was edited by: jacques.denissen on 8/8/13 3:12:45 AM CDT
            • 3. Re: Duplicate entries after system re-install.
              JoeBidgood

              Apologies for the confusion - I agree this could be better documented.

               

              The difference here is this: a detected system is one that has been previously detected by a sensor, and a managed system is one that is already in the ePO database. So for example imagine a machine with two network cards that is not controlled by ePO: the first card would be detected, and when the second card was detected the Matching Detected Systems settings allow RSD to determine that this is the same machine.

              Matching Managed Systems on the other hand allows RSD to determine if a detected system is already in the ePO database. Most people have the settings for the two sections the same, but you don't have to.

               

              HTH -

               

              Joe