Troubleshooting for systems that connect over a VPN Systems in the System Tree are typically identified with their unique MAC address. But, when systems connect over a VPN they can become associated with the MAC address of the VPN server instead. This can create problems when multiple systems are all connecting through the same VPN. To resolve this, McAfee recommends using the Client GUID to uniquely identify systems that use a VPN. How systems are associated with a MAC address The following diagram shows how two systems can be associated with the same MAC address in McAfee ePO. Client A connects to McAfee ePO over the VPN connection. McAfee ePO associates the MAC address of the VPN server, 00:12:3F:11:11:11, to Client A rather than the client's actual MAC address. Client B connects to McAfee ePO over the VPN connection. McAfee ePO associates the MAC address of the VPN server, also 00:12:3F:11:11:11, to Client B. Now two clients have the same VPN server MAC address. As a result, Client A is deleted from the System Tree because both clients are associated with the same MAC address. Preventing MAC address conflicts by using the client GUID instead To resolve this issue, McAfee recommends using client GUIDs instead of MAC addresses to uniquely identify systems. First, find the Organizationally Unique Identifier (OUI) of the VPN server. The OUI is the first six digits of the MAC address. Add the VPN server OUI to the virtual MAC vendor values. This change allows McAfee ePO to identify the VPN server and begin using the client GUID as the unique identifier for systems that connect through it. Add Virtual MAC Vendor This feature allows you to add the duplicated MAC address to the McAfee ePO database and prevent it from matching the used MAC address to another system. Virtual machines are assigned a unique MAC (Media Access Control) address in a particular host system. Use the System Tree to find the MAC address of the VPN To prevent MAC address duplication when systems connect through a VPN, first determine the MAC address of the VPN server. The primary way to learn the MAC address is to access one of the systems that connects through the VPN. Create a report to find the MAC address of the VPN To prevent MAC address duplication when systems connect through a VPN, first determine the MAC address of the VPN server. An alternative way to learn the MAC address is to create a report and identify the systems that share an address.