Hi Experts,
With the FNMS 2019 R2 release, an unique identifier called "AgentID" is being created by all flavors of the Flexera agent, for all types of Inventory devices.
The AgentID is used for matching. For any data collected by a Flexera agent, a matching AgentID value takes precedence over the "Matcher" process described in the "Gathering FlexNet Inventory" document in the "Identifying Related Inventory" chapter (page #177).
How is the AgentID identifier calculated though?
Any information on the algorithms used for calculating the AgentID would be appreciated.
Mar 10, 2020 06:06 AM
At a high level, agent ID is generated using the following:
Physical Machines: SHA256(HostName + BIOS_Serial_Number + History_Iteration)
Virtual Machines: SHA256(VMID + GenerationID + History_Iteration) (where generation ID is available only for certain hypervisors running certain versions of Windows guests)
The agent ID is regenerated if enough conditions have changed, at which point the history iteration is incremented also:
Physical Machines: HostName and BIOS_Serial_Number both changed
Virtual machines are rather complicated to distinguish VMs that have been moved or cloned (copied). To account for a broad array of scenarios the following is used:
- If generation ID is present and changed, and all physical MAC addresses have changed, regenerate ID
- If VMID is present and changed, regenerate ID
- If all physical MAC addresses have changed, regenerate ID
The agent ID, the properties used to generate it, and all historical IDs and properties are sent in an NDI created with ndtrack.
Please note that these are implementation details that are subject to change across versions of the FNMS agent to account for future scenarios. Also note that while the agent ID helps to uniquely identify a machine it may not be used if other evidence is present. This is also an implementation detail that is subject to change across FNMS versions.
Mar 16, 2020 11:06 AM
Hi Erwin,
I guess it is randomly generated. It is stored in the registry and I believe it could withstand an in-place-migration. With a new agent installation it would be newly generated. If it was generated live from hardware properties, it wouldn't need to be in the registry.
I think this is done to overcome new ExternalIDs being created if a machine changed domains and other changes.
I stand corrected, see Erwins comment.
Best regards,
Markward
Mar 10, 2020 06:50 AM - edited Mar 10, 2020 07:18 AM
Hi Markward,
“Stored in the Registry” is correct. On Windows, after running the Flexera Agent, you can find the AgentID value in the following location:
HKEY_USERS > <SID> > Software > Classes > VirtualStore > Machine > Software > WOW6432Node > ManageSoft Corp > ManageSoft > AgentUniqueID
However, I don’t think the value is „randomly generated“:
It looks as if the value for AgentID is based on properties of the device/VM where the agent is run.
WHICH properties is the question ...
Mar 10, 2020 07:15 AM
Hi Erwin,
So identical copies of a VM should independently create the same AgentID?
Best regards,
Markward
Mar 10, 2020 07:19 AM
There isalso a discussion about the AgentId in the Release Blog.
"While I am not sure of the exact calculation I understand that it uses all of the available MAC addresses, so if all of the MAC's change for a given computer then the AgentID will also change. The IP address is not taken into account when creating the AgentID."
Unfortunately it doesn't describe the complete algorithm.
Mar 10, 2020 07:58 AM
Mar 10, 2020 08:43 AM
I can confirm that the calculated AgentID value is indentical if you physically copy a Virtual Machine.
If you follow these steps:
Inspecting the NDI files that are generated shows that the AgentID value is identical.
If you select "I copied it" after launching one of these VMs before creating the NDI file, the AgentID is different.
Obviously, for a VM, the UUID value is being used for calculating the AgentID value. It would be interesting to learn about the other properties.
Mar 10, 2020 02:29 PM - edited Mar 10, 2020 02:30 PM
Hi, good work on testing, Erwin.
Renaming the machine or chaning IP address do not alter the AgentID.
Could Flexera elaborate what factors are considered for AgentID. We have customers that may clone VMs or do some other actions that may or may not generate unique AgentID.
Mar 16, 2020 03:54 AM
At a high level, agent ID is generated using the following:
Physical Machines: SHA256(HostName + BIOS_Serial_Number + History_Iteration)
Virtual Machines: SHA256(VMID + GenerationID + History_Iteration) (where generation ID is available only for certain hypervisors running certain versions of Windows guests)
The agent ID is regenerated if enough conditions have changed, at which point the history iteration is incremented also:
Physical Machines: HostName and BIOS_Serial_Number both changed
Virtual machines are rather complicated to distinguish VMs that have been moved or cloned (copied). To account for a broad array of scenarios the following is used:
- If generation ID is present and changed, and all physical MAC addresses have changed, regenerate ID
- If VMID is present and changed, regenerate ID
- If all physical MAC addresses have changed, regenerate ID
The agent ID, the properties used to generate it, and all historical IDs and properties are sent in an NDI created with ndtrack.
Please note that these are implementation details that are subject to change across versions of the FNMS agent to account for future scenarios. Also note that while the agent ID helps to uniquely identify a machine it may not be used if other evidence is present. This is also an implementation detail that is subject to change across FNMS versions.
Mar 16, 2020 11:06 AM
Mar 16, 2020 11:09 AM
Hi Josh,
i have a few additional questions about the generated Agent IDs.
As already described by you, the AgentIDs for VMs are composed of VMID, GenerationID and History_Itheration.
The VMID is the UUID of the VM which can also be found in the NDI, right? I found the GenerationID in the vCenter and can be read out in the *.vmx file there. But I could not find the GenerationID in the *.ndi file.
Now to my questions:
1./ How to get the GenerationID to create the AgentID if it is not available in *.ndi. Is it read from the registry / a WMI?
2./ What is the "History_Itheration" and where does your algorithm get this information from? Is this the information from REG:[...]ManageSoft\AgentUniqueID\History?
3./ Is there a more detailed documentation for generating the AgentID?
- which data (partly known)
- are from which sources (not known)
I'm asking because we have an enormous amount of duplicate AgentIDs in one environment, which means we are missing a lot of VMs in the interface. I want to show the customer exactly where the problem lies in their infrastructure.
Thanks for your feedback.
Sep 17, 2020 05:11 AM
Here is a short summary about AgentID.
The AgentID is formed from the following information:
physical machines:
SHA256 (HostName + BIOS_Serial_Number + History_Iteration)
virtual machines:
SHA256 (VMID + GenerationID + History_Iteration) (where generation ID is available only for certain hypervisors running certain versions of Windows guests)
As far as we know, an insufficiently mature process in the creation of VMs (e.g. simple copying) can lead to agents on different devices generating the same AgentID.
The reason for this is that the same VMIDs (UUID) and MAC addresses exist on the open devices.
The consequence is that the import into the FNMS inventory table is only done from one of the devices, because the UniqueAgentIdentifier is supposed to prevent the import of multiple objects with the same value.
According to the statements of the Flexera support staff, the following measures can be taken to prevent the creation of AgentID duplicates.
1./ Changing the VMID (UUID) using script or manual correction on the machine itself
(was successfully tested at my customer's site)
2./ Change of one or more MAC addresses on the machine.
This should also result in a change of the History Itheration, because here changes of the AgentID are included, which are based on changes of the MAC address.
Statement of the Flexera Support:
"The History_Iteration section is part of the AgentIDHistory section to keep track of AgentID changes. This is calculated with MAC address changes."
I could not confirm this yet, but I will add an update here as soon as I have tested it.
I had our customer make changes to the UUIDs.
Now we can also see VMs in the interface that were previously not loaded into the database by the AgentID duplicates.
Regards,
Cap
Sep 28, 2020 03:20 AM - edited Sep 28, 2020 05:39 AM