bbraunstein 27 Posted February 1, 2016 Share Posted February 1, 2016 (edited) I'm curious how ELA gets it client information. I have a handful of client devices that have been renamed over time due to employee departures and/or hires. The FQDN that ELA is reporting does not match the current hostnames of the devices. All these computers are part of a domain and successfully replicate with the DC. I've tried deactivating and reactiving the clients, flushing DNS, etc. I've even gone so far as purging the devices from my domain and rejoining them. I'm just trying to rack my brain how the old hostnames keep appearing when I can't find any trace of them anywhere. Edited February 1, 2016 by bbraunstein Link to comment Share on other sites More sharing options...
bbraunstein 27 Posted February 2, 2016 Author Share Posted February 2, 2016 So.... nobody knows ? I would really like to have an answer to this Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted February 2, 2016 ESET Staff Share Posted February 2, 2016 So.... nobody knows ? I would really like to have an answer to this My guess is that this information is sent to ELA during activation process (sent by endpoint itself) and it is tied to "hardware fingerprint" of machine -> but to be sure we have to wait for statement from responsible developers. Link to comment Share on other sites More sharing options...
bbraunstein 27 Posted February 2, 2016 Author Share Posted February 2, 2016 Alright, thanks MartinK. My whole use-case for this is because I have a mismatch of "Activated Seats" vs. the total number of connected clients I truly have. For whatever reason, my number of activated seats is shown as 70, but I have a total of 74 connected devices to my ERAS. All of them are reporting fine so I'm just a little confused why I have three less activated seats than I should have. I managed to correct a couple of devices that were not "activated by ERAS" but there are a handful of computers listed with a much older name. As a result, it's harder to figure out what's missing or duplicated. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted February 3, 2016 ESET Staff Share Posted February 3, 2016 (edited) I will quote MichalJ's statement: You need to check ESET License Administrator interface, how the machines are activated. If you rename the machine, it might happen, that even the previous name remains activated, as the machines are tight by the “hardware fingerprint. You need to check “unit management” section in ESET License Administrator, to review the number of activated machines, and if multiple entities are activated as the same seat (they share the same HW fingerprint). This could happen especially in case, that the same VM is cloned multiple times. We are working on enhancing the HW fingerprint functionality, and we will shortly release a new version of ELA, that would allow renaming of the computer, which will transfer the new computer name to ELA interface, and would even enable renaming of the same, which would transfer back to the Endpoint (if version 6.3+ of Endpoint security is installed). Hope that helps at least until computers renaming is available. Edited February 4, 2016 by MartinK Link to comment Share on other sites More sharing options...
bbraunstein 27 Posted February 4, 2016 Author Share Posted February 4, 2016 How do I determine if they share the same HW fingerprint? If there are multiple devices nestled under a '+' dropdown menu ? I do have one device that has a dual partition of OSX and Windows on it that has its own individual ERA Agent + EEA installed on each OS. Even though physically, it is one device but with two logical OSes, does that mean it is utilizing only seat ? I really appreciate the clarification and transparency. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted February 4, 2016 ESET Staff Share Posted February 4, 2016 Not sure about ELA interface, but until MichalJ is available for qualified answers, you can check trace.log of both AGENT installation for something like this: Hardware Fingerprint: 00000000-0000-0000-0000-000000000000 It should be printed just after AGENT start regardless of currently set trace level, but I am not sure it was available before 6.3 release. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted February 11, 2016 ESET Staff Share Posted February 11, 2016 You need to check ESET License Administrator interface, how the machines are activated. If you rename the machine, it might happen, that it remains activated under the old name, as the machines are tight by the “hardware fingerprint. You need to check “unit management” section in ESET License Administrator, to review the number of activated machines, and if multiple entities are activated as the same seat (they share the same HW fingerprint). This could happen especially in case, that the same VM is cloned multiple times, or you have multiple machines on the same OS (Mac with OS X and Windows partitions). Please note, that Windows activated in Fusion, would most probably ends up with different HW fingerprint, as the logic is different. We are working on enhancing the HW fingerprint functionality, and we will shortly release a new version of ELA, that would allow renaming of the seats, which will transfer the new computer name to ELA interface, and would even enable changes of the seat name in ELA,, which would transfer back to the Endpoint (if version 6.3+ of Endpoint security is installed). Link to comment Share on other sites More sharing options...
Recommended Posts