- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 11:34 AM
We are having an issue where AMP has given multiple computers the same GUID ID. We have tried deleting the local.xml and local.xml.old files and restarting the service with no luck. I just saw that the v3 of the API has the ability to uninstall the connector service in which we cannot stop, this would cause a lot of issues as a GUID is needed to uninstall the connector service. Is there anything else we can try to fix this?
Solved! Go to Solution.
- Labels:
-
AMP for Endpoints
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2023 07:51 AM
If you have Connector Protection in place, you need to stop the service via the command line with the -k flag. Check the command line switch document I linked before. If all of that doesn't work for you, please open a TAC case so they can assist but the easiest option will likely be to fix the golden image and redeploy.
-Matt

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 12:10 PM
It sounds like you have an issue with deploying from a golden image. This is typically due to the local.xml being populated in the golden image before being deployed as a new endpoint. If that is the case, each endpoint would be given the same guid. Here is the guide for golden image deployment.
Thanks,
-Matt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 01:36 PM - edited 09-05-2023 01:39 PM
So what would be the best case scenario in terms of getting some of these fixed without reimaging the computers?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2023 04:59 AM
Typically you could use the reregister command line switch, but with Identity Persistence enabled it doesn't work the same. You can attempt removing the local.xml (with the service stopped) and deleting the registry entries before running reregister but it will likely pick up the same UUID based on the Mac or Hostname (depending on what you have set in Identity Persistence).
-Matt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2023 06:26 AM
I am unable to stop the connector service, I tried stopping the Secure endpoint then deleting local files then restarting the service/reinstalling a newer version of amp, with no luck getting a new guid. I believe the connector service is the piece I am missing on how to stop as it won't let me stop it even with admin rights.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2023 07:51 AM
If you have Connector Protection in place, you need to stop the service via the command line with the -k flag. Check the command line switch document I linked before. If all of that doesn't work for you, please open a TAC case so they can assist but the easiest option will likely be to fix the golden image and redeploy.
-Matt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2023 02:08 PM
Hi, I would also like to pitch in with this guide that can give you lots of information about Identity Persistence and how it works, including some hints and most common issues that we seen with this type of deployment.
https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/217557-cisco-secure-endpoint-guide-to-identity.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-07-2023 07:23 AM
Thank you both!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2025 04:38 AM
Hi
So, in an Intune environment, if a computer comes back as a duplicate after being wiped, what should be done?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2025 05:34 AM
@chickenriceandbeans it depends on how you have Identity Persistence configured. If something isn't working as expected, I'd suggest opening a TAC case for assistance and possible explanation since they'll be able to see details of the deployment.
