Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Cody_Ray
Participant

Licensing in Endpoint After Computer Deletion

Why is a license taken up for the Endpoint client when the computer is moved to the Deleted Users/Computers directory in the SmartEndpoint console? Is there a way to purge this on a scheduled basis or have it remove the active license when placed in this directory?

12 Replies
PhoneBoy
Admin
Admin

It will automatically do so after 30 days.

More specifically, it will do it for any host that does not communicate with the management server in 30 days.

If you need to do it sooner than that, you will need to contact the TAC: Contact Support | Check Point Software 

sdunn
Employee Alumnus
Employee Alumnus

Dameon, can you direct me to an sk that contains the commands/process to preemptively release the licensing? I've had Endpoint techs do it for me in the past and I would like to know what commands to run on my own, if needed.

0 Kudos
PhoneBoy
Admin
Admin

Unfortunately, the commands are in an internal SK, which means I cannot share them.

0 Kudos
Steve_Lander
Collaborator

If we have remote laptops that don't get used often, what happens if the CheckPoint Management Server automatically deletes that laptop after 30 days, what will happen if the laptop gets used again?  Will the management server give the license back to that endpoint or break the endpoint on that laptop?  

0 Kudos
sdunn
Employee Alumnus
Employee Alumnus

We did used to have this issue with a previous version. Before we disabled a particular feature, users were getting locked out of their laptops due to inactivity, essentially. (Some had workstations AND laptops and neglected their laptops.)

0 Kudos
PhoneBoy
Admin
Admin

In theory, they should get the license back when they "phone home" (assuming one is available).

J_B
Collaborator

Is there a way to mass delete users/computers from the Deleted User/Computers folder within the management console, rather than having to do them one by one?  Or a job that can purge them after so many days?

Thanks

0 Kudos
PhoneBoy
Admin
Admin

It's similar to what I said in the first response in this thread:

0 Kudos
J_B
Collaborator

OK thanks, I'll log a call with TAC because that isn't happening.  If we don't manually delete them then we end up with hundreds of old machines and users, many of which are 6 months old.

Thanks

0 Kudos
Michael_Bybee
Employee
Employee

The Endpoint server will (by default) clear monitoring information about users/machines from the database every 30 days. This is information like the last contacted IP, blade status, encryption status, etc. The license being used by a device will not be cleared from the database unless the object is reset from the console or cleared from the database by other methods.

what this means - If machines have not contacted the server in 30+ days you will get blank information about the blades on the device when you click on it in Users and Computers. Any license being used by this device will still be used until you reset/delete the object.

To the question about clearing this information faster than one by one - For servers older than R80.20 we have support tools and processes for clearing this information but I would recommend opening a support ticket so we can make sure it will work for your situation. For R80.20 these tools come with the server but I would still recommend getting with support so we can assist.

0 Kudos
Jamie_Thatcher
Participant

Hi Michael, I'm having this exact issue, could you let me know where i can find the tool in R80.20?

 

Thanks

Jamie

0 Kudos
Maksym_Sofer
Employee Alumnus
Employee Alumnus

Deletion is an operation which should be performed with extra care, based on this - such procedures are not public and can be provided only by TAC.

 

Please open to us relevant service request and we will provide with a procedure to perform the desired maintenance. 

There is one possible issue which could prevent automatic purge of inactive devices - if the database contains duplicate devices - and in this situation once again - SR should be raised.

 

If a device got deleted manually or automatically - if it will communicate with the server again - the system will not allow them to connect with error " Not found in PAT" error in server_messages.log.
Such device can be reinstalled or reconnected.
 

TAC can provide a reconnection procedure.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events