Old device no longer visible after discovering new device
Description
The discovery of a second device for a user is supposed to add an additional AT RISK device to the Inventory on Endpoint Cloud. In specific cases, this does not happen and the existing device is replaced by the new device.
How to identify the problem
A user receives a second device or a replacement device. When the new device is discovered it overwrites the existing device hostname with the new device hostname and the activation of the new device doesn't continue.
What caused this problem?
This is due to the Fortinet VPN adapter that is installed on these devices.
The Fortinet VPN adapter assigns a duplicate MAC address to all devices instead of assigning unique addresses to each device.
The duplicate MAC address causes the Discovery Agent to believe that the new device is actually the old device with a different hostname. The behavior of the device is different because of this and the device does not show up on Endpoint Cloud as an At-Risk device, but rather as an Active device.
How do I resolve this problem?
Here is the procedure to get both devices to show as separate devices on Endpoint Cloud. This will also ensure that both devices will show up in the agent restore view instead of just a single device.
Perform the following steps on the OLD device:
- Stop the Discovery Agent
- Disable the VPN adapter
- Clear the agent cache by browsing to %appdata%\Cibecs\
- Delete the Discovery folder
- Start the Discovery Agent service
Perform the following steps on the NEW device (if the device IS NOT on the LAN)
- Stop the Discovery agent service / Uninstall the Discovery agent
- Delete the new device from Cloud
- Remove the Discover and Agent folders under %appdata%\cibecs and C:\ProgramData\Cibecs
- Enable the VPN Adapter
- Connect to the VPN (only if the device is not on the company network)
- Install the Discovery Agent
- Activate the device
Perform the following steps on the NEW device (if the device IS on the LAN)
- Stop the Discovery agent service / Uninstall the Discovery agent
- Delete the new device from Cloud
- Remove the Discover and Agent folders under %appdata%\cibecs and C:\ProgramData\Cibecs
- Install the Discovery Agent
Check if the problem has been fixed
If the problem has been fixed successfully, then you will see both the new and the old devices on Endpoint Cloud. The old device will show its status as ACTIVE and the new device will show as AT-RISK.