To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Duplicate IDs after Ghost install - Client 9.31

KG-Admin
KG-Admin Posts: 6 Security Scout
in Business Suite

Hi again,

 

A seperate issue: I have installed 5 new pcs from Ghost with CS9.3 installed. Only one client has reported in to the PM server.

 

On checking the machines, it seems that all 5 have the same entity ID in F-secure and I am having trouble resetting them. Any suggestions?

 

 

Comments

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    There is a choice of "unique" ID generation when installing F-Secure ( SMBIOS UID or randomly generated GUID).

     

    You need to choose the other method and them collisions will hopefully go away.

     

    Also, read the below quoted knowledge base article to see the proper flow of procedure to prevent duplicates!

     

    Sincerely: Tamas Feher from Hungary.

     

    *******************************

     

    http://www.f-secure.com/en/web/business_global/support/article/kba/2182/s/workstation/k/ghost/p/1

     

    Ghost installations and F-secure. Concept of UID

    Summary

    This article contains information on how to create disk image without facing problems with Unique Identifier (UID) in Policy Manager. This information is valid for corporate users using Policy Manager to remotely manage their AV clients.


    Problem Description

    Every F-Secure product installation contains a unique identification code (UID) that is used by the remote management system (Policy Manager). Several computers may attempt to use the same UID if disk image software is used to install new computers.

    This situation will prevent Policy Manager from functioning properly. Follow these steps to make sure that each computer uses a unique UID even if disk-imaging software has been used.


    Solution
    • Install the system and all the software that should be in the image file, including F-Secure Anti-Virus.
    • Configure F-Secure Anti-Virus to use the correct Policy Manager Server. However, DO NOT import the host to F-Secure Policy Manager Console if the host has sent an auto registration request to the F-Secure Policy Manager Server. Only hosts on which the image file will be installed to should be imported.
    • Run the "FSMAUTIL RESETUID" command from the command prompt. This utility is typically located in the "C:\Program Files\F-Secure\Common" directory (the directory may be different if you are using a localized version of Windows or if you have specified a non-default installation path).
    • Shut down the computer. Do NOT restart the computer at this stage.
    • Create the disk image file.

    The utility program resets the UID in the F-Secure Anti-Virus installation. A new UID is created automatically when the system is restarted. This will happen individually on each machine where the image file is installed. These machines will send auto registration requests to the Policy Manager system and the request can be processed normally.

     

    April 3 2012

     

    Article ID: 2182

  • tripodzid
    tripodzid MyAccount Posts: 10 Security Scout

    This is the first time I have seen this link. Thanks a lot. I would like to learn more about it and also to learn how to prevent it successfully.

     

     

    _________________

    Business is the game!! image

  • Inter_Eng
    Inter_Eng Posts: 3 Security Scout

    At the point you are you don't have to re-install.

     

    Just run on 4 of the 5 clients the command

     

    c:\program files\f-secure\common\fsmautil.exe RESETUID

     

    and reboot. On boot the workstations will have a different UID and they will start reporting to FSPMS. You can import them via 'Import hosts'

     

     

  • Rick586
    Rick586 Posts: 52 Security Scout

    I'm afraid this is an age old known problem with F-Secure and I've always preferred to leave the F-Secure client off images so that I can always deploy the latest client via Group Policy on Windows AD based networks for newly created Ghost-ed machines.

     

    We created a GPO that checks a machine when it boots for the presence of F-Secure and if it doesn't have it installed, the client gets automatically deployed and then we update the MSI centrally every time a new version of the client is released.  That way, we can ensure that the latest version of the client is always installed on to newly Ghost-ed machines.

     

    Also, I've found you have to be careful what you install on to a "cloned image" as any other software that uses a kind of "SID" to identify itself to a centralised management server will also exhibit a similar problem and WSUS servers are also known to exhibit this behavior.

     

    Therefore we reset the machines WSUS ID as part of the shutdown script we use when we run Sysprep on the final image, just before we Ghost the image.

     

    Hope this helps.

This discussion has been closed.

Categories