This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't install client on a PC (Shown Twice?)

Hi all,

I am running the Sophos EC version 5.2.1 R2 on Server 2008.  Overall, everything is running like a top, but I did stumble on a weird issue this morning.  There is one client, a laptop, that did not have the client installed on it.  So I had the EC discover computers through AD and to my surprise, it did NOT appear in the Unassigned area.

So I looked in the regular list and what I see is odd.  I see this:


That's it, shown twice, and grayed out.  I haven't yet tried simply right-clicking on it to start the installation wizrd because the duplication weirds me out.  Any thoughts, all?

Thanks!

CB



This thread was automatically locked due to age.
  • Hello CB,

    which option of Discover (Import or Discover with AD) did you use? The latter should indeed put the computer in the Unassigned group. Apparently this computer appeared in some other group(s) - which ones, and what are the details (Computer description, Operating system, Domain/workgroup)? As both are unmanaged there should be some difference.

    Christian

  • Hi Christian,


    I always and only use "Discover with Active Directory".  It's always worked beautifully.  Oddly enough, suddenly this issue resolved itse;f.  One of the grayed-out items has simply vanished.  I ran the installation wizard on the remaining one and it installed perfectly.  Weird.


    But I do have a new issue, though, similar to this.  Now, in "Unassigned", after running the "Discover with Active Directory", I am seeing this:

    Computer named "COA-HEALTHCOMM1" appears twice.  Now, there WAS a PC of this name in AD.  But never in Sophos.  I deleted that from AD days before running this.  This new PC has the same name as the old one.  I assume that has something to do with why this is displaying it twice, but as I said the older one was removed from AD days ago.  Why is Sophos seeing two?  How can I resolve this?  Thanks!

    CB

  • Hello CB,

    tricky one - I never use Discover. Anyway - Discover only adds computers and never deletes them. Furthermore, if you delete a computer from SEC it isn't deleted, only the Deleted flag is set, the other attributes remain. As (implicitly) said in my previous post, the (database column) Name is neither a key  nor unique, thus the Name alone doesn't identify a unique Computer in terms of SEC (therefore your screenshots don't tell enough and just depict that some name is seen more than once) . A simple example: PC01 is in AD with Windows 7 as OS. Discover puts it into Unassigned. The endpoint is not protected. Later Windows 8.1 is installed. As the OS differs the next Discover will cause another computer with the same to be put in Unassigned
    This doesn't explain the two-and -then-one-vanished. Hard to say what happened to the alleged "twins" without knowing their details (and ideally the contents of the database which would also show Deleted computers). Protect uses the OS to determine which CID and options to use and resolves the name thus in case of almost identical unmanaged computers it doesn't matter which one you chose to protect (or delete).

    Christian

  • OK, thanks.  Well, regarding the "COA-HealthComm1" PC, while in "Unassigned", I right-clicked  each one ans selected "View Computer Details".  On was blank in the Domain/Workgroup field and one actually displayed my domain.  So I selected that one for installation and it worked fine.  I deleted the other one.  Will it return in future discoveries?  I assume so, which is irritating, but not the end of the world.  Perhaps one day it'll magically vanish, too.  Like the other one did.

  • Hello CB,

    I right-clicked  ... and selected "View Computer Details"
    I prefer the Computer Details tab in the Endpoints view for comparison of two or more computers. BTW - as View is the default action double-clicking will also open the Details. Will it return in future discoveries? Domain/workgroup is one of the distinctive attributes  Now, the logic of Discover with AD isn't as clear as one might think (or wish). It works as long as the database is kept "clean" (i.e. duplication of names is avoided), e.g. computers are never deleted (from the console), a name is not "reused" when a different OS version is installed. There are some actions or workflows which can cause duplicate names (though one might be "deleted", i.e. hidden from the view but nevertheless in the database. Once there is more than one incarnation of a name you'll get "weird" results.

    Purgedb.exe might help to get rid of (at least some of) the unwanted entries, please see Using Purgedb ... and Purging old ... for details.

    Christian

  • Good stuff that I will keep on hand.  Seems as though that second PC has now disappeared as well.  Perhaps Sophos just needed to give AD some time to think about it in the corner...  LOL!