+ Post New Thread
Results 1 to 4 of 4
Enterprise Software Thread, Symantec Endpoint Protection duplicate client hardware ID in Technical; I was hit with this issue using Endpoint Protection 12.1 this past week. I guess there is a bug in ...
  1. #1
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    859
    Thank Post
    88
    Thanked 154 Times in 124 Posts
    Blog Entries
    8
    Rep Power
    35

    Symantec Endpoint Protection duplicate client hardware ID

    I was hit with this issue using Endpoint Protection 12.1 this past week. I guess there is a bug in the client where it will not generate a new unique hardware ID from a cloned image. As a result, after imaging about 100 machines with Windows 7 and SEP 12.1, they all had the same ID and the Endpoint server console believed them all to be the same system. Of course this created all sorts of issues that needed to be fixed before we returned from break. Nothing like having to work remotely over a major holiday... Anyways, I wrote a script to fix the issue and thought I should share it to help anyone else having the same issue. The support article detailing the problem can be read here. Enterprise Support - Symantec Corp. - Duplicate Hardware IDs result in only one client showing up in the Symantec Endpoint Protection Manager for multiple systems

    Code:
    Const HKEY_LOCAL_MACHINE = &H80000002
    
    strBlank = ""
    strHWKeypath = "SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink"
    strHWValueName = "HardwareID"
    strVersionKeyPath = "SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion"
    strVersionValueName = "PRODUCTVERSION"
    
    Set objRegistry = GetObject("winmgmts:\\" & "." & "\root\default:StdRegProv")
    objRegistry.GetStringValue HKEY_LOCAL_MACHINE,strHWKeypath,strHWValueName,strHardWareID
    
    If strHardWareID = "2A1807A13128598D89F43A0A625D18DF" Then
    
    	'Get OS Version
    	Set objWMI = GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem")
    
    	For Each OSItem In objWMI
    			strOSVersion = OSItem.Version
    			strOSVersion = Left(strOSVersion, 1)
    	Next
    	
    	'Get SEP Version
    	objRegistry.GetStringValue HKEY_LOCAL_MACHINE,strVersionKeyPath,strVersionValueName,strVersion
    	strVersion = Left(strVersion, 2)
    
    	'Deduce Path
    	If strVersion = "11" Then
    		strpath = "C:\Program Files\Common Files\Symantec Shared\HWID"
    	ElseIf strVersion = "12" Then
    		If strOSVersion = "5" Then
    			strPath = "C:\Documents and Settings\All Users\Application Data\Symantec\PersistedData"
    		ElseIf strOSVersion = "6" Then
    			strPath = "C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData"
    		End If	
    	End If
    	
    	'Blank the hardware id reg key
    	objRegistry.SetStringValue HKEY_LOCAL_MACHINE,strHWKeypath,strHWValueName,strBlank
    	
    	'Delete the file
    	Set objFSO = CreateObject("Scripting.FileSystemObject")
    	objFSO.DeleteFile(strpath & "\sephwid.xml")
    	
    End If
    Replace the hardware ID in the strHardWareID string with whatever your duplicate hardware ID is and set the script up in GPO as a start-up or shutdown script. I hope this helps someone out there.

  2. Thanks to Duke5A from:

    jdoldridge (10th April 2012)

  3. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,373
    Thank Post
    906
    Thanked 1,811 Times in 1,559 Posts
    Blog Entries
    12
    Rep Power
    468
    Well done dont use SEP but others will find it handy. Maybe its something for the blog?

  4. Thanks to FN-GM from:

    SYNACK (10th April 2012)

  5. #3
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    893
    Thank Post
    70
    Thanked 85 Times in 70 Posts
    Rep Power
    33
    Quote Originally Posted by Duke5A View Post
    I was hit with this issue using Endpoint Protection 12.1 this past week. I guess there is a bug in the client where it will not generate a new unique hardware ID from a cloned image. As a result, after imaging about 100 machines with Windows 7 and SEP 12.1, they all had the same ID and the Endpoint server console believed them all to be the same system.
    Did you run ClientSideClonePrepTool before sysprep? This tool will generalise the SEP install and avoid these duplicate ID issues. www.symantec.com/business/support/index?page=content&id=HOWTO54706

  6. Thanks to meastaugh1 from:

    SYNACK (10th April 2012)

  7. #4
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    859
    Thank Post
    88
    Thanked 154 Times in 124 Posts
    Blog Entries
    8
    Rep Power
    35
    Quote Originally Posted by meastaugh1 View Post
    Did you run ClientSideClonePrepTool before sysprep? This tool will generalise the SEP install and avoid these duplicate ID issues. Enterprise Support - Symantec Corp. - How to prepare a Symantec Endpoint Protection 12.1 client for cloning
    No I didn't, but I will in the future. The script was written more to fix existing machines that had duplicate hardware IDs. What really throws me for a loop is we never had this issue with the 11.x versions we ran, and I at least never noticed it for short time we ran 12.0. Live and learn....



SHARE:
+ Post New Thread

Similar Threads

  1. Impero 3 and Symantec EndPoint Protection
    By robknowles in forum Network and Classroom Management
    Replies: 1
    Last Post: 14th February 2011, 06:46 PM
  2. Symantec Ghost 11.5 Duplicating Clients
    By rowed in forum Windows
    Replies: 3
    Last Post: 12th May 2010, 12:32 PM
  3. Symantec Endpoint Protection 11
    By Chuckster in forum Windows
    Replies: 6
    Last Post: 16th October 2009, 11:55 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •