Skip to main content
Start a Conversation

Unsolved

R

RMills1

25 Posts

881

February 10th, 2021 11:00

Management Server endpoint check-in issue

Hey all,

We use Dell Encryption with the Management Server.  A few weeks back we upgraded the server to 10.2.12 and started deploying Encryption 10.9 to some Win 10 20H2 clients to start testing.  We've had some weird issues (BSODs and failure to boot), especially with clients that seem to encrypt, but aren't appearing correctly in the management server.  So we noticed the patch notes about an issue with clients registration (DDPS-9843), so we upgraded to 10.2.13.  Some clients seemed to check in after that, but it could be coincidence.  We aren't even 100% sure Encryption is the cause, but the client check in issue is strange.

I've confirmed on a newly imaged Win10 20H2 machine with Encryption 10.9 installed that the client says it activated and is in compliance, but there isn't a current date for Inventory Received in the Management Server.  We've also noticed Win10 1909 machines with Encryption 10.5 not appearing in the Server's Endpoints page, but then some work correctly.  Anyone else having problems like this?

Thanks!

SteveO1683

Moderator

 • 

146 Posts

February 24th, 2021 10:00

Hi @RMills1,

Starting with the non-registered endpoints first, if you check on the local endpoint console does it show activated and in compliance?  If they are unable to activate this could be why they are not registered in the console.  If they do show activated take a note of their Encryption Client ID in the about area.

Using the first eight characters of that identifier log into your Security Management Server > expand Populations > and click on Endpoints.  Put the ID into the search field and see if it returns a device.  If so is the devices hostname different from the current computer name?  If there's a mismatch it could be caused by the computer being re-imaged and the server hasn't updated its name yet or the new computer name got mixed up when the client sent information to the server.  

For the server not getting up to date information it could be a communications issue or it could be the client thinks the server has everything so it doesn't send up all the information it could.  This KB can help see if its simply just the server and client not being in sync with the info the other has or needs.  In the KB there is a "Send Full Inventory To Server" registry configuration.  On one of the problem endpoints you have create this key.  Also go ahead and configure the "Send Full Inventory for All Users" key.  With both of these configured reboot the endpoint, log into it as domain user, and the client will send all its data up to the server. 

About 15 minutes after you logged in on this endpoint check on the server and see if the information is reporting correctly.  If so our recommendation would be to do this for the remaining problem endpoints.  If not this issue can sprawl in many different directions and a review of logs from our dedicated support team would be best.  You can contact our team via the direct dial information in my signature below.

RMills1

25 Posts

March 15th, 2021 05:00

Hey Stephen,

Sorry for the delay, it's been bit crazier than the normal crazy lately.

Yes, the clients show they are activated and in compliance.  I copied the first 8 characters of the ID and searched it in Endpoints, but nothing shows.  Some machines I can find under Recover Endpoint if I check the box for Include Removed Endpoints, so they haven't checked in in over 30 days (or whatever the threshold is).  We have renamed a lot of computers, due to a new computer naming scheme, but that started a while back, and I know my machine was checked in under the new name, but now it's not checking in.

We gave the registry keys a couple tries, but it didn't work.  Also, the article says the RefreshInventory entry will go away after it processes, but it doesn't do that, so I'm not sure the keys are working.  Here's the keys on my machine:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CMGShield]
"OnlySendInvChanges"="0"
"RefreshInventory"="1"

I opened a ticket with support after this solution didn't work, shared client and server logs, and they are looking into it.

Thanks,
RMills1

View More

View All

No Events found!

Top