This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non-existent PC reappearing in SEC

I have a new computer which has the same name as a very old computer that has not existed for many years.

I am trying to install Sophos via the Enterprise console but cannot as despite deleting the original computer, when I re-discover computers it somehow picks up the old one, not the new one.

I can tell it is the old one as it is greyed out and the details say it is Windows Vista (the new on is Windows 10).  This old one hasn't existed on AD for at least 10 years.

When we change computers we have regularly re-used names without a problem so I don't know why this one should be different.

I have read some stuff about the SEC keeping hold of info in the database even when computers are deleted and some people said there is a workaround to delete them completely but it was a thread from about 10 years ago and I didn't know if it was still relevant and it wasn't clear what to do.

I know an easy solution would be to give the computer a different name, but would prefer the current name if possible, and would like to understand why SEC does not delete computers when they are no longer in AD, and if there is a way to delete them that could be explained in fairly simple terms. 

 



This thread was automatically locked due to age.
Parents
  • Hello carina,

    thanks for the information. Time to go into details.
    Indeed when you delete a computer from the console its data is kept. A long time ago there was an incarnation of the console that exposed this functionality with hide/unhide. Now there's only the delete which is admittedly misleading. The main reason to just hide the compute from view (and reports) is to prevent accidental data loss. Please note that there's a tool (PurgeDB.exe) to deliberately delete computers and their associated data from the database based on certain criteria.
    when they are no longer in AD
    SEC doesn't assimilate into AD. From SEC's POV AD is just a source of information, namely structures of containers and contained computer objects with some of their attributes. Unless you use Active Directory sync SEC doesn't consider AD. Completely deleting computer objects when they "disappear" from AD is perhaps not ideal -  not all sites use AD in the same manner

    It looks like Discover can't retrieve the operating system version from the computer. It finds a known name and revives (undeletes, unhides) the old entry. As its OS is no longer supported you can't use Protect.

    Although unsupported, the DELETE FROM mentioned in various other threads can still be used to remove specific computers from the database but PurgeDB is the recommended tool.

    Christian

  • I have run the purgedb command as suggested by Christian and it said a number of rows were affected.

    I have now re-added the PC to the Sophos console, this time by IP address so I would be sure of getting the right PC.

    Sophos is still not installing.

    When I open up the details in the Enterprise Console window it now has the correct information for Computer description and Operating System, so it has obviously picked up the new PC, however it has the wrong IP address; it has the ancient IP address of the original computer, so it seems as if purgedb command has purged some information but not the IP address.

  • Hi  

    Is it showing the same error? While using 'Find by IP range' to search for new computers, a Windows username and password are used for the Windows network search. Kindly take a look at this article for more information. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • I have had to resort to renaming the PC to a new name as I could not get Sophos to 'let go' of the old IP address, and can't carry on using my PC any longer without Sophos installed.

    I deleted the PC from Sophos, double-checked it was deleted from AD, was not showing up in the network.

    Tried all means of 'Discover Computers' and each time it brought back the old one.

    I can only conclude that there is still some info left behind in the database that the purgedb did not eliminate.

Reply
  • I have had to resort to renaming the PC to a new name as I could not get Sophos to 'let go' of the old IP address, and can't carry on using my PC any longer without Sophos installed.

    I deleted the PC from Sophos, double-checked it was deleted from AD, was not showing up in the network.

    Tried all means of 'Discover Computers' and each time it brought back the old one.

    I can only conclude that there is still some info left behind in the database that the purgedb did not eliminate.

Children
No Data