duplication of user

sv7 · ‎11-23-2023

Hi All,

We are using shared machine like multiple machine hosted on Single VM server, where we Observed our duplication of user in Mrr Server policy but when i check Mrr User policy no such duplication i found. Can anyone help the root cause of this.

Server Group

User Group

mski7861 · ‎11-24-2023

Are the IP addresses the same for duplicate servers? Also, which ones are showing active? It's possible one has an older version of the connector and the duplicate has a newer version. If that's the case, you may need to merge the two endpoints

sv7 · ‎11-24-2023

Yes ip address are same. Out of duplicate 3-4 computers of same hostname and ip address one observe as last seen of current date while rest of them are of last 2-3 days to last week. What could I do in that case

mski7861 · ‎11-27-2023

Since this is affecting virtual machines, I would recommend looking into the policy Advanced Settings and review the Identity Persistence settings as a possible solution.

sv7 · ‎11-28-2023

i have checked but did not finds Persistence settings into the policy Advanced Settings. Can you pls share the snap from where i can find that

Roman Valenta · ‎11-28-2023

Identity persistence is something that will have to be activated by TAC. But Identity Persistence (ID Sync) will not fix the issue if the deployment was done incorrectly. Also you should not use Identity Persistence (ID Sync) if you deploy connector manually in other words if Secure Endpoint is not included as a part of your golden image.

I would highly recommended to read this article as it explains everything you need to know about ID Sync, how it works and mainly how to deploy correctly.

Configure Identity Persistence in Secure Endpoint

https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/217557-cisco-secure-endpoint-guide-to-identity.html#toc-hId--1650006128

Once ID Sync is activated it can be found under Policy --- > Advanced Settings