cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Cody_Ray
Iron

Licensing in Endpoint After Computer Deletion

Why is a license taken up for the Endpoint client when the computer is moved to the Deleted Users/Computers directory in the SmartEndpoint console? Is there a way to purge this on a scheduled basis or have it remove the active license when placed in this directory?

12 Replies
Admin
Admin

Re: Licensing in Endpoint After Computer Deletion

It will automatically do so after 30 days.

More specifically, it will do it for any host that does not communicate with the management server in 30 days.

If you need to do it sooner than that, you will need to contact the TAC: Contact Support | Check Point Software 

Stacy_Dunn
Nickel

Re: Licensing in Endpoint After Computer Deletion

Dameon, can you direct me to an sk that contains the commands/process to preemptively release the licensing? I've had Endpoint techs do it for me in the past and I would like to know what commands to run on my own, if needed.

0 Kudos
Admin
Admin

Re: Licensing in Endpoint After Computer Deletion

Unfortunately, the commands are in an internal SK, which means I cannot share them.

0 Kudos

Re: Licensing in Endpoint After Computer Deletion

If we have remote laptops that don't get used often, what happens if the CheckPoint Management Server automatically deletes that laptop after 30 days, what will happen if the laptop gets used again?  Will the management server give the license back to that endpoint or break the endpoint on that laptop?  

0 Kudos
Stacy_Dunn
Nickel

Re: Licensing in Endpoint After Computer Deletion

We did used to have this issue with a previous version. Before we disabled a particular feature, users were getting locked out of their laptops due to inactivity, essentially. (Some had workstations AND laptops and neglected their laptops.)

0 Kudos
Admin
Admin

Re: Licensing in Endpoint After Computer Deletion

In theory, they should get the license back when they "phone home" (assuming one is available).

J_B
Ivory

Re: Licensing in Endpoint After Computer Deletion

Is there a way to mass delete users/computers from the Deleted User/Computers folder within the management console, rather than having to do them one by one?  Or a job that can purge them after so many days?

Thanks

0 Kudos
Admin
Admin

Re: Licensing in Endpoint After Computer Deletion

It's similar to what I said in the first response in this thread:

0 Kudos
J_B
Ivory

Re: Licensing in Endpoint After Computer Deletion

OK thanks, I'll log a call with TAC because that isn't happening.  If we don't manually delete them then we end up with hundreds of old machines and users, many of which are 6 months old.

Thanks

0 Kudos
Employee
Employee

Re: Licensing in Endpoint After Computer Deletion

The Endpoint server will (by default) clear monitoring information about users/machines from the database every 30 days. This is information like the last contacted IP, blade status, encryption status, etc. The license being used by a device will not be cleared from the database unless the object is reset from the console or cleared from the database by other methods.

what this means - If machines have not contacted the server in 30+ days you will get blank information about the blades on the device when you click on it in Users and Computers. Any license being used by this device will still be used until you reset/delete the object.

To the question about clearing this information faster than one by one - For servers older than R80.20 we have support tools and processes for clearing this information but I would recommend opening a support ticket so we can make sure it will work for your situation. For R80.20 these tools come with the server but I would still recommend getting with support so we can assist.

0 Kudos

Re: Licensing in Endpoint After Computer Deletion

Hi Michael, I'm having this exact issue, could you let me know where i can find the tool in R80.20?

 

Thanks

Jamie

0 Kudos
Employee+
Employee+

Re: Licensing in Endpoint After Computer Deletion

Deletion is an operation which should be performed with extra care, based on this - such procedures are not public and can be provided only by TAC.

 

Please open to us relevant service request and we will provide with a procedure to perform the desired maintenance. 

There is one possible issue which could prevent automatic purge of inactive devices - if the database contains duplicate devices - and in this situation once again - SR should be raised.

 

If a device got deleted manually or automatically - if it will communicate with the server again - the system will not allow them to connect with error " Not found in PAT" error in server_messages.log.
Such device can be reinstalled or reconnected.
 

TAC can provide a reconnection procedure.

 

 

0 Kudos