Duplicate PC names in enterprise console

[Disclaimer: the following is my personal view; the information was gathered by snooping around(*) in the database; the conclusions are mine. (*) No electrons have been harmed in this process]

Not quite the speedy patch release I'd been hoping for, we'll just have to wait 6 or so months for it.

It's not as simple as one might assume (or wish). 

When SEC was introduced several design decisions were made. One was to make it as "universal" as possible, so it has its own communication infrastructure and doesn't make (m)any assumptions about the underlying network (physical and logical). Another one was to make it as "plain" as possible, so computers are identified by only one of their "names" - and the NetBIOS one was an obvious choice.

Over time SEC has evolved, parts have been honed, features added - and problems identified. Identical names are one problem. It is perfectly valid and reasonable to have several computers with the same NetBIOS name within an organization, SEC has to have some means to tell them apart though. A computer might have the same name when booted with one of two OSs. Of course if a computer is simply renamed you want it to stay in the group where it has been and keep it's history. AD sync brought some more problems with it. Do not forget that it has to be "fault-tolerant" (that's why "deleted" computers aren't removed from the database but only flagged and invisible). If a computer is moved out of a synced group it must not totally "disappear" from SEC along with it's history. And as it is perhaps active it contacts the server anyway. It might still be a member of the domain or it might not. There are many ways to administer IT and AD, and not all of them give optimal or even useful results. Computers are removed from the domain, renamed and joined to again and no one deletes the old computer object. So SEC detects the computer with the new name (via RMS) and and both the new and the old name in AD. As you see this is convoluted (and I've left out some other interesting cases). And so is the code which evolved over time. It was heavily modified with SEC3.0 (when AD sync was introduced) and again with 4.0 (to correct a number of issues) but it seems for 4.5 it was more or less left alone (but you see the consequences of the "less" :smileywink:). 

I think this part needs a major rewrite and this takes time. And as not only code in SEC but also tables and stored procedures are involved it's not possible to release "just a patch". This is no isolated bug - fix only this issue and at least another will pop up.    

I wonder what happens if one or both computers are deleted from the database (and why it hasn't been suggested). I have not yet found an article for this issue (the 4.5 "Known issues" only talk about actually identical-named computers and says may fail to differentiate). I must admit that I haven't tested AD sync during the Beta. OTOH I can't imagine that none of the testers did. So I think that this is not general behaviour but might sooner or later surface. It seems to be beyond repair at the moment - as painful as this is for those encountering the problem.

Christian      

Grrrrr. Count me in with this exact problem too!

Whatever the weather it's a defect, it's causing issues with endpoint protection not running effectively, and 6 months is just not good enough!

On an all too frequent basis I am now finding defects with the products and on a re-occurring basis the time to fix is far too long. Why can't patches be released, much like what happens with the Utimaco products!?

I understand that some defects are quite detailed and have knock on effects but from my knowledge Sophos (apart from Utimaco) never release patches.

EDITIED 17/08/2010 - The paragraph above is not quite true. - Seeing as updates are released through SUM etc,

I have two other defects awaiting resolution at the moment, make this a third. Sometimes I wish Sophos would stop with the shiny and new products and spend their resources on fixing the current ones. All I hear about it new products and a shortened development lifecycle with a faster release to market timescale. Don't get me wrong, new usable features are great and often a god send, but this new Sophos seems to be having a negative impact on current products defects. Being a Sophos customer for over 7 years I've seen and felt the changes.

Rant over!!!

I whole heartedly agree with QC. - Why hasn't a workaround been suggested in the DB? Albeit one obviously has to be careful.

Thanks,

John

---

QC wrote:

I wonder what happens if one or both computers are deleted from the database (and why it hasn't been suggested).

---

We have also raised a support ticket (#2443343) and have been advised of a "possible" workaround. Not surprisingly it means DB editing...

---

Sophos support wrote:

Possible workaround (Needs Dev investigation) :-

1. Edit the computer details on the un-managed PCs in the DB so that the Domain value is populated (Must match the managed PC equivalent).

2. In SEC, delete the original and duplicate PC.

3. Restart the agent on the affected PC so it reports back.
(When they report back it must trigger some form of stored procedure to clean up the duplicate hostname/domain combo as the duplicates vanish from computersanddeletedcomputers)

4. Perform a sync to check if the duplicate appears, I’’’’ve found they don’’’’t come back.

Once we get the syntax of the stored procedure I'll give it a whirl and post the results in this thread.  However I won't post the actual SQL info as I believe this should come from Sophos support directly.

Regards,

John

Hi

Here we go – this script creates a temp table, copies the relevant duplicate pc ids into it, and then deletes them from the primary table (note you have to specify ID1 and ID2 so in other words you have to run the delete part of the script twice with the ID1 and ID2). THIS WORKED FOR ME BUT I TAKE NO RESPONSIBILTY FOR IT NOT WORKING FOR YOU. I've sent this to Sophos Support and am waiting for feedback  ..... you have to run parts of the script not the whole script at once. Run the pieces between the --

--Drop temp_sav table and populate with duplicate names and relevant IDs

drop table temp_sav

select n1.id as id1 ,n2.id as id2, n1.name as name1

into temp_sav

from computersanddeletedcomputers n1,computersanddeletedcomputers n2

where n1.id < n2.id

and n1.name = n2.name

order by n1.id

--query to make sure that your temp data and live data is the same amount

--NOTE !! You have to run it twice with ID1 and ID2

select name from computersanddeletedcomputers

where exists (select name1 from temp_sav where id=temp_sav.id1)

--delete query: NOTE !! You have to run it twice with ID1 and ID2

delete from computersanddeletedcomputers

where exists (select name1 from temp_sav where id=temp_sav.id2)

--the affected row count should match the query above the delete statement

--drop temp_sav table from DB - ONLY RUN ONCE YOU ARE DONE !!!

drop table temp_sav

Hi,

Thanks for the SQL workaround supplied from the community, but to be on the safe side I'd rather get something official from Sophos.

The latest news is that Sophos are working on a fix with the hope it will be released soon. To quote Sophos support "I do believe that a workaround for this is very near though".

In the meantime I would suggest that any other customers experiencing this problem should contact Sophos technical support and get a case raised. - With more awareness of  it being a larger scale problem hopefully the fix will be sooner rather then later.

Regards, 

John

Sophos support sent me the same resolution as John (RL), but when I asked for some more info on editing the database they couldn't give me anything as the workaround was unsupported at this moment in time.

Hi CDC.

I believe that Sophos sales are actively monitoring this thread. Please post your support ticket number for this case onto this thread.

My ticket number is #2435774

Hi all,

There is now an official workaround for this available from Sophos GES.

If you are experiencing this problem then I suggest you contact Sophos support and ask them to help with the workaround.

Regards,

John

Got the same issue here with EC 4.5 and Endpoint 9.5

Case ref #2454950

This is a really messy issue when using virtual desktops (VMware View or Citrix XenDesktop) where desktops can be deleted and purged from AD automatically and then reprovisioned into AD with the same name a few minutes later

Endpoint 9.5 is appears not to be ready for a heavily virtualised environment