Endpoint Protection

 View Only
  • 1.  Non persistent VDIs

    Posted Jul 21, 2020 12:07 PM
    We're having an issue where our offline VDIs are taking up our licenses. I've followed the instructions here: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/using-in-virtual-infrastructures-v57269588-d81e6/using-in-non-persistent-virtual-desktop-infrastruc-v75342792-d81e1119/how-to-manage-the-license-count-for-non-persistent-v75347177-d81e1218.html 

    I have "Delete non-persitent VDI clients that have not connected for specified time" set to 1 day. However, they are not being deleted and still consuming our licenses. We're at version 14.3 and all clients are Win10LTSB. Any suggestions what may be wrond and how to correct this?


  • 2.  RE: Non persistent VDIs

    Broadcom Employee
    Posted Jul 21, 2020 12:18 PM
    Do you have replication set up?  If replication is failing for any reason clients will not be deleted.


    You can set up Finest logging on the SEPM - https://knowledge.broadcom.com/external/article?legacyId=tech230072
    Wait for the Agentsweepingtask to run. (runs every night as midnight)
    Review the Agentsweepingtask log SEPM/Tomcat/logs folder for errors/issues.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 3.  RE: Non persistent VDIs

    Posted Jul 21, 2020 12:46 PM
    What does replication involve? We only have one server with SEP manager currently.


  • 4.  RE: Non persistent VDIs

    Broadcom Employee
    Posted Jul 21, 2020 12:49 PM
    If you only have one SEPM Replication won't be in play.

    ------------------------------
    John Owens
    Principal Product Support
    Symantec
    United States
    ------------------------------



  • 5.  RE: Non persistent VDIs

    Posted Jul 22, 2020 06:56 AM
    Did you set the Registry on the Master images? if so, it should work, at least it works fine for us

    To mark a virtual client as a non-persistent client, you must create a registry key in the base image. To manage the license count for non-persistent VDI clients:
    • After you have installed the Symantec Endpoint Protection client and disabled Tamper Protection, open the registry editor on the base image.
    • Navigate to one of the following registry keys:
      On 32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\
      On 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\
    • Create a new subkey named Virtualization.
    • In the Virtualization subkey, create a key of type DWORD named IsNPVDIClient and assign it a value of 1.



  • 6.  RE: Non persistent VDIs

    Posted Jul 27, 2020 08:36 AM
    Hello Aaron,

    Did you deploy the special package for Embedded VDI?

    Clients won't be deleted with only the registry modifications.


  • 7.  RE: Non persistent VDIs
    Best Answer

    Posted Jul 28, 2020 10:59 AM
    I believe this is resolved. While we had made the registry change, what we weren't doing was running the  clone prep tool on our VDI image. After re-composing our VDIs from a base image the tool was ran on, it appears our stale VDIs are being removed by SEP manager.