Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 5328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duplicated Computer Name

Tseng

Hi,

I've contacted Sophos support regarding this issue earlier, however, no perfect/acceptable solution was given. Just want to check if anyone here has a similar issue or a solution for this.

The case goes like this:

We've known that if a PC is cloned after they have sophos endpoint installed, will bear the same IdentityTag in ComputersAndDeletedComputers, and thus, will display as only 1 computer in console (even if computer name is changed).

So here, the computers are not cloned, but only with the same computer name. They are displayed as only 1 computer, even when both is online. When there's an event (eg. virus detected), the line of record in ComputersAndDeletedComputers will be updated to that computers. An example, both computer name are PC1, with IP 192.168.10.101 and 192.168.10.102, if .101 gets an event, the line of record changes to .101, and when .102 gets an event, the same line of record updates itself with information of .102.

I tried the ComputerNameOverride method stated in KB 110550, as well as regeneration of IdentityTag in KB 116635.

Both doesn't work, and it seems like console is taking computer name (hostname) as priority. And the only solution that work now is to rename the computers manually, and followed by a restart, everything is fine.

Sounds simple to rename, however, two of our clients are facing this issue, each with slightly more than 100 pcs facing this issue. And these 100 pcs are scattered across the nation, each location with only 1-2 pc. So, it's pretty impossible for us to put the effort in going down to each of the location to rename their computers.

What I'm looking for is actually to do it on the console end without renaming at the user end. Any possible solution?

Best Regards,

Tseng

:35891


This thread was automatically locked due to age.
  • 0

    Hello Tseng,

    first of all, which SEC and SESC versions are involved?

    When you say clients, are these independent installations (each with their own console)? If so, where did they get the idea from to use identical computer and domain/workgroup names :smileyhappy:? And even if it would work with SEC as desired it'd be rather a pain to manage (even assuming the IP addresses are unique).

    Anyway, how many computers are "missing" (in other words, their name is an n-plicate)? AFAIK same computername and same domain/workgroup (and same OS) as an existing entry results in a match (i.e. it is considered to be the same computer) resulting in only one entry. I expect though that the machines showing as one have the same machine_ID.txt.

    it seems like console is taking computer name (hostname) as priority

    Tests suggest that using the actions in both articles together result in creation of a new entry - but using ComputerDescriptionOverride seems not to be sufficient, I had to use ComputerNameOverride (didn't check with ...Domain..). Whatever you do along this line will be a crutch at best though and in the long run using unique names is the better way. BTW - how are these PCs supported and managed (apart from SEC)?

    do it on the console end

    While I think it could be done from the console end I wouldn't recommend it. There's much room for error and many things you could mess up.

    going down to each of the location

    Don't say that almost all locations are affected - as this would mean there are only a handful of computers in SEC and on each site there's a PC1. Is Sophos already installed on all of them? How was the install done? And how come the problem hasn't been identified at an early stage of the roll-out?

    Christian

    :35901
  • 0

    Hi Christian,

    First of all, Thanks for the reply.

    And let's clear the situation, the SEC version involved is 5.1, and SESC version is 10.0. When I mean clients, as in customers, and yes, they are independent installations.

    As for the idea of identical computer and domain/workgroup names, I've consulted their person in-charge, he says the involved machines are actually point-of-sales machines at their retail locations, installed by their POS vendor. The technician probably had it all pre-setup in office before installing them at the required location, and due to different install location, there is no duplicated computer name prompt in Windows during installation. The other customer's situation have been solved by manually renaming the PC, as they're machines located in one single location.

    And for troubleshooting, I haven't got the chance to check the machine_ID.txt, tests are done locally in my environment only.

    Lastly, about fixing it at the console end, we want to do it at the console end, because there are about 70+ of them with duplicated names, and scattered in more than 30 locations nation wide. Going to each location to rename is not really a good idea, costs involved, and neither their vendor or them is willing to do this FOC as well. That's the problem here, costs.

    However, the client is understanding enough that it's an external vendor practice issue, thus not pursuing this duplicated issue for now. Just trying to find a possible solution to solve this.

    :35953