Environment
McAfee Agent (MA)
5.x, 4.x
McAfee ePolicy
Orchestrator (ePO) 5.x
Problem
If you add a
new computer to the ePO tree, another computer disappears.
The common factor is that this happens with computers that connect
via a Virtual Private Network (VPN).
Cause
You encounter
this problem only when the first connection from a client to the ePO
server takes place over a VPN connection. If the computer's first connection is
via a Local Area Network (LAN), the correct Media Access
Control (MAC) address is added to the table.
When a
computer communicates with the ePO server via VPN, it uses the VPN
virtual computer's MAC address and not its own actual MAC address. This VPN MAC
address is usually the same for all computers connecting through the VPN.
This issue is not restricted only to VPN clients. Anything that could cause
multiple computers to report the same MAC address can cause this problem. For
example, if you clone a virtual machine and do not reset the MAC address, both
computers report the same MAC address to ePO.
Solution
If the computers
have already connected via a VPN, create a new entry in the ePOVirtualMacVendor table with the Organization Unique Identifier (OUI), which is part of the VPN
MAC address:
Determine
the VPN MAC address to add to the ePO VendorID field:
The best way to
obtain the VPN MAC address is to identify a computer that has connected to the
ePO server for the first time via VPN and removed the previous computer.
a. From
the client, use the agent Status Monitor to Collect and Send Props.
b. Log
on to the ePO console.
c. Click Systems.
d. Click
the System Tree.
e. Locate
the computer that has connected via VPN.
f. Double-click
on the computer to view its properties.
g. To
the right of System Information, click More. You see the VPN
MAC address collected from the client.
h. Scroll
down and locate the MAC Address. Make a note of the first six digits of this
MAC address in the next step (for example, 00123F21ECED).
If you
cannot identify a computer using the virtual MAC, you can author a report
to identify the computers:
a. Log
on to the ePO console.
b. Click Menu, Reporting, Queries.
c. Click New Query.
d. Click System Management, Managed Systems and click Next.
e. Select Single Group Summary Table for Display Results As.
f. In
the Labels Are: drop-down list, select MAC Address under Computer
Properties, click Next, and then click Next again.
g. Click Managed
State under Managed Systems, select Equals from the Comparison drop-down list, and select Managed from the Value drop-down
list.
h. Click Run.
You now have a
list of MAC addresses with a count of the number of systems reporting that
MAC address. Ideally it would be a one-to-one ratio. If you have more than
one system sharing the same MAC address, that is probably your issue.
Modify the
SQL script to add the computer to the tree:
NOTE:
For more information about running SQL
scripts provided by Technical Support using OSQL for ePO, see
KB67591.
The referenced article is available only to registered ServicePortal users.
To view registered articles:
2. Type
the article ID in the search field on the home page.
3. Click Search or press Enter.
Use the following
SQL command syntax to add the computer to the tree:
INSERT INTO
ePOVirtualMacVendor (VendorID) values ('######')
(where: ###### is the first 6 digits of the VPN MAC address collected from the
client in all caps)
Example
For a system with 00123F as the first six digits of the MAC
address obtained in step 1:
INSERT INTO
ePOVirtualMacVendor (VendorID) values ('00123F')
NOTE: After applying the solution, ePO
still reports the clients MAC addresses as the Virtual MAC. The solution
will prevent ePO from using MAC addresses with the vendor ID as valid
matching criteria.