Clients communicating with ePolicy Orchestrator via VPN disappear from the ePolicy Orchestrator tree
Technical Articles ID:
KB52949
Last Modified: 2/6/2020
Last Modified: 2/6/2020
Clients communicating with ePolicy Orchestrator via VPN disappear from the ePolicy Orchestrator tree
Technical Articles ID:
KB52949
Last Modified: 2/6/2020 EnvironmentMcAfee ePolicy Orchestrator (ePO) 5.x.
ProblemIf you add a computer to the ePO tree, another computer disappears.
The common factor is that this issue happens with computers that connect via a Virtual Private Network (VPN). CauseYou encounter this problem only when the first connection from a client to the ePO server takes place over a VPN connection.
NOTE: If the computer's first connection is via a Local Area Network (LAN), the correct Media Access Control (MAC) address is added to the table. When a computer communicates with the ePO server via VPN, it uses the VPN virtual computer's MAC address and not its own actual MAC address. This VPN MAC address is usually the same for all computers connecting through the VPN. This issue is not restricted only to VPN clients. Anything that could cause multiple computers to report the same MAC address can cause this problem. For example, if you clone a virtual machine and do not reset the MAC address, both computers report the same MAC address to ePO. SolutionSteps for ePO 5.9.x:
If the computers have already connected via a VPN, create an entry in the
The best way to obtain the VPN MAC address. Identify a computer that has connected to the ePO Server for the first time via VPN. Then, remove the previous computer.
If you can't identify a computer using the virtual MAC, you can author a report to identify the computers:
You now have a list of MAC addresses with a count of the number of systems that report that particular MAC address. Ideally, it would be a one-to-one ratio. If you have more than one system sharing the MAC address, that is probably your issue.
NOTE: For more information about running SQL scripts using OSQL for ePO, see KB67591.
To view registered articles:
Use the following SQL command syntax to add the computer to the tree:
In the above command, ###### is the first six digits of the VPN MAC address collected from the client, in all caps. Example:
For a system with NOTE: After applying the solution, ePO still reports the clients MAC addresses as the Virtual MAC. The solution prevents ePO from using MAC addresses with the vendor ID as valid matching criteria. Solution
Steps for ePO 5.10: You can enter details such as the name of the organization, the reason to add the vendor, is you can also enter comments. This field does not accept the following special characters: } ; < > ? To add Vendor ID details:
Previous Document ID
615809
Affected ProductsLanguages:Glossary of Technical Terms |
|