Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3752 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory Sync pulling old computer names?

wjohnson2k1

Hey guys, we currently are running Sophos Endpoint 9.7 Sync'ed up with Active directory. Right before we did the upgrade from 9.5 this issue started popping up.  We are currently in the midst of replacing older computers, during the replacement old computers are renamed to (computername_temp) while we process and finish setting up a replacement, we then name the replacement (computername) and put the temp in the outgoing pile. Well about 1/5 times Sophos will not delete the (computername_temp) and no matter what we do it continues to show up in the enterprise console and the new computer (computername) will not show up or install. 

Does that make sense? Any ideas what could be causing this? 

Things I've tried-

Deleting Sync with AD and recreating

Checked AD to ensure computername_temp no longer exists

Manually insall on new (computername) works fine.

Thanks!

-Wayne  

:14943


This thread was automatically locked due to age.
Parents
  • 0

    Hello Wayne,

    are you using sync with or without automatic protection (will not show up or install - suggests the former)?

    When you rename the old to _temp - is this change correctly reflected in SEC (does it still show in the correct group) and AD? Or do you unjoin it during rename? What's you synchronization interval? When are the _temp computers switched off "forever"?

    Keep in mind that SEC will not re-protect a "known" computer - this said, I haven't tested how SEC deals with a rename

    It seems to be a timing issue - don't have the time right now to dig into the details but it looks like follows:

    If the name change is reflected to AD and picked up by sync before the client re-connects to SEC after reboot that name change for the (in database terms) ComputerID is correctly performed in the database. If the client happens to report to SEC with its new name before the change in AD is seen a second entry is created belonging to the Unassigned group. The name later detected in AD results in a new ID to be created. Guess some more testing is required here ...

    Christian

    :14953
Reply
  • 0

    Hello Wayne,

    are you using sync with or without automatic protection (will not show up or install - suggests the former)?

    When you rename the old to _temp - is this change correctly reflected in SEC (does it still show in the correct group) and AD? Or do you unjoin it during rename? What's you synchronization interval? When are the _temp computers switched off "forever"?

    Keep in mind that SEC will not re-protect a "known" computer - this said, I haven't tested how SEC deals with a rename

    It seems to be a timing issue - don't have the time right now to dig into the details but it looks like follows:

    If the name change is reflected to AD and picked up by sync before the client re-connects to SEC after reboot that name change for the (in database terms) ComputerID is correctly performed in the database. If the client happens to report to SEC with its new name before the change in AD is seen a second entry is created belonging to the Unassigned group. The name later detected in AD results in a new ID to be created. Guess some more testing is required here ...

    Christian

    :14953
Children
No Data