Jump to content

Recommended Posts

Posted

Hi,

 

We have configured a Dynamic group based on an expressing where the application ESET Endpoint Antivirus = false. But the new clients that have an agent installed always show up in the Lost & Found container.

I dont want them there beacause there are no correct policys on that container.

The strange thing is that in the container view, wich is recplicated from Active Directory, the client is shown in its AD OU and in the Lost & Found container. In the lost & found container the client is displayed in Red and configurerd with an agent. The client in the origina AD OU is standard, like there in nog agent installed. So why does the Remote Administrator show them twice, one correct and one not correct besides the fact that it is displayed in the lost & Found container.

 

thanks

 

Tim

Posted (edited)

I also have this issue.  Initially when I first sync'd AD - I had two copies, one in its respective folders and one in Lost and Found.  Shouldn't there be some kind of unique ID that prevents it from creating duplicates at different location and shouldn't it take the path of the AD location as default, not in lost and found?

 

I presume the lost and found was originally intended for rogue workstations.

 

 

 

-----update------

I think i figured out why mine's going into lost and found.  So when there's 600+ alerts, and I couldn't figure out how to clear the alerts (the client endpoints didn't show any in the logs or scans), so I marked everything and started deleting them.  There's a prompt that asks you to confirm stating policies, triggers, etc.. will be lost for these clients if you delete it... I didn't read and just accepeted it.  Needless to say, a good bulk of it that weren't in the correct folders in AD and were in the lost and found of ERA.

Edited by sleatcoc
Posted

Hi,

 

My policys are still in place. The weird thing is that the client names are different. In Active Directory OU they are displayed like pcname.domain.com and in the lost and found they are displayed only by pcname without domain name.

Why do they not match or link to each other.

Posted (edited)

Double check your AD Synchronization Server Task, should have:

 

* Computer Creation Collision Handling : Move

* Computer Extinction Handling : Skip

 

Then this will run each time server is turned on or when you activate it.  It will reconcile the names with the correct group that it belongs to in accordance with AD.

Edited by sleatcoc
Posted

I have the same issue. Sync task populates groups with clients like client01.contoso.com. After I install agent there, new item client01 (without domain name) is created next to client01.contoso.com, which is still marked as "unmanaged".

Switching "Computer Creation Collision Handling" doesn't seem to affect anything. I still have a managed client01 computer and an unmanaged client01.contoso.com in my console.

What I need:

1. Remove duplicated items. At very least, stop them from reappearing after sync
2. Make console show FQDN for managed computers instead of machine name only

Posted

I have exactly the same issue, but its not every client, which is frustrating.

 

We have 2 domains we manage, I have only set one up for now, but it's set to put the domain computers in a separate container under All (e.g. All --> Domain 1), some computers are in the correct AD container whereas others appear in Lost & Found, there appears to be no pattern or logic to why some are in the correct place while some are not.

 

Has anyone managed to figure this out yet? I have tried the suggestions on this thread but have had no luck.

  • 2 weeks later...
Posted

Two weeks have passed since the last post and still no feedback from Eset. Loooks promising :unsure:

  • ESET Staff
Posted

ERA 6.2 will have new server task that will batch rename computers by their reported FQDN or Netbios name. By default this will be defined for Lost and Found group and executed each hour. Other new feature in synchronisation task will remove duplicated unmanaged computers (marked with circle) and replace them with managed computers (agent connects to ERA) if there are any present in ERA tree. Collision handling for computers would need to be set to Move. These new features should solve problems described here in this thread. What will still need to be done manually is removal of duplicated computers that are managed - both were connecting to ERA Server and their names are same.

Posted

Is there any ETA for when 6.2 will be released?

  • 3 weeks later...
Posted

Any news on a release date?

 

Might this be related to incorrectly configured Reverse Lookup Zones in DNS?

  • 1 month later...
Posted

You may need to check your DNS server on this one. I had a problem where many computers were going into the Lost & Found group upon Agent Install, but I found out our DNS server was not updating pointers for some reason.

  • 2 months later...
Posted

I also have the same issue with new machines going to lost and found.. was there ever a fix for this?  (and duplicate machine names due to more than one nic)...

  • 1 month later...
Posted

Is there not a rule/task we could create to automatically move machines to certain folders based on an expression?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...