Knowledge Center

Clients communicating with ePolicy Orchestrator via VPN disappear from the ePolicy Orchestrator tree
Technical Articles ID:   KB52949
Last Modified:  7/9/2018


McAfee Agent (MA) 5.x, 4.x
McAfee ePolicy Orchestrator (ePO) 5.x


If you add a new computer to the ePO tree, another computer disappears.

The common factor is that this happens with computers that connect via a Virtual Private Network (VPN).


You encounter this problem only when the first connection from a client to the ePO server takes place over a VPN connection. If the computer's first connection is via a Local Area Network (LAN), the correct Media Access Control (MAC) address is added to the table.
When a computer communicates with the ePO server via VPN, it uses the VPN virtual computer's MAC address and not its own actual MAC address. This VPN MAC address is usually the same for all computers connecting through the VPN.

This issue is not restricted only to VPN clients. Anything that could cause multiple computers to report the same MAC address can cause this problem. For example, if you clone a virtual machine and do not reset the MAC address, both computers report the same MAC address to ePO.


If the computers have already connected via a VPN, create a new entry in the ePOVirtualMacVendor table with the Organization Unique Identifier (OUI), which is part of the VPN MAC address:
  1. Determine the VPN MAC address to add to the ePO VendorID field:
The best way to obtain the VPN MAC address is to identify a computer that has connected to the ePO server for the first time via VPN and removed the previous computer.
  1. From the client, use the agent Status Monitor to Collect and Send Props.
  2. Log on to the ePO console.
  3. Click Systems.
  4. Click the System Tree.
  5. Locate the computer that has connected via VPN.
  6. Double-click on the computer to view its properties.
  7. To the right of System Information, click More. You see the VPN MAC address collected from the client.
  8. Scroll down and locate the MAC Address. Make a note of the first six digits of this MAC address in the next step (for example, 00123F21ECED).
If you cannot identify a computer using the virtual MAC, you can author a report to identify the computers:
  1. Log on to the ePO console. 
  2. Click Menu, Reporting, Queries.
  3. Click New Query.
  4. Click System Management, Managed Systems and click Next.
  5. Select Single Group Summary Table for Display Results As.
  6. In the Labels Are: drop-down list, select MAC Address under Computer Properties, click Next, and then click Next again.
  7. Click Managed State under Managed Systems, select Equals from the Comparison drop-down list, and select Managed from the Value drop-down list.
  8. Click Run.

You now have a list of MAC addresses with a count of the number of systems reporting that MAC address. Ideally it would be a one-to-one ratio. If you have more than one system sharing the same MAC address, that is probably your issue.

  1. Modify the SQL script to add the computer to the tree:
NOTE: For more information about running SQL scripts provided by Technical Support using OSQL for ePO, see KB67591.

The referenced article is available only to registered ServicePortal users.

To view registered articles:
  1. Log on to the ServicePortal at http://support.mcafee.com.
  2. Type the article ID in the search field on the home page.
  3. Click Search or press Enter.
Use the following SQL command syntax to add the computer to the tree:
INSERT INTO ePOVirtualMacVendor (VendorID) values ('######')

(where: ###### is the first 6 digits of the VPN MAC address collected from the client in all caps)
For a system with 00123F as the first six digits of the MAC address obtained in step 1:
INSERT INTO ePOVirtualMacVendor (VendorID) values ('00123F')

NOTE: After applying the solution, ePO still reports the clients MAC addresses as the Virtual MAC. The solution will prevent ePO from using MAC addresses with the vendor ID as valid matching criteria.

Previous Document ID


Rate this document

Beta Translate with

Select a desired language below to translate this page.


This article is available in the following languages:

English United States

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.