locked
How to identofy FCS clients were renamed? RRS feed

  • Question

  • I am new to FCS and MOM. I just built a four server topology in our Windows 2003 AD last week. WSUS uses an existing WSUS server of Windows 2003. Other servers are windows 2008. I created three VM clients and manually installed FCS client using /MS and /CG options. All three machines have been getting FCS policy from GPO on OU, doing scheduled scans, and getting new definitions. Then I did the following testing on last Friday:

    1) On client CLT4: move to workgroup, rename to CLT45, and then rejoin to the domain.
    2) On client CLT3: move to workgroup, renamed to CLT4, and then rejoin to the domain.
    3) Removed CLT1 VM and redeployed CLT1 from master image. The master image has Clientsetup.exe /MS /GC loaded.

    On Monday (today), I still see CLT1, CLT3 and CLT4 client objects in MOMAdmin console. They are still Agent-Managed. They were contacted at today's date and time. I could not find any information which could tell me machine is invalid. I know for those renamed machines, I have to force them to un-managed, delete, and then uninstall MOM agent and reinstall MON agent (or delete MOM cache and restart MOM agent service).

    The problem is how to identify which machine is invalid and must be removed from MOM?

    I changed my script to install FCS client without MOM agent on master image machine. After the image deployed to real client, and join to the AD domain, run another script to reinstall MOM agent MOMAgent.msi. Those scripts reduced rename occurrence. But machine rename and machine redeploy will happen from time to time later on in real production. How to identify invalid machine in MOM console is still my biggest concern. Any help is greatly appreciates.

    Monday, June 22, 2009 9:37 PM

Answers

  • If you are doing this in an "imaging" sort of way the key is to install the master image with clientsetup.exe /MS /GC BUUUT do not let this client talk to the MOM server at all during or after the install.  This way when you deploy new clients based on that image when they contact MOM for the first time they will create their new computer object based on their new name.  As for detecting the old names/removing I don't have a good answer for that you might want to pose the question in our MOM forums as they probably have some more knowledgeable people on that aspect.
    CSS Security Support Engineer (FCS/MBSA/WUA/Incident Response) Check out my blog http://blogs.technet.com/kfalde
    Wednesday, June 24, 2009 2:16 PM