Environment
Symptoms
When a Horizon Instant clone is spun up and pre-configured with a sensor ID set to 0, the VDI settings within EDR should re-assign a previous sensor ID based on the computer name and DNS hostname, by default. However, sometimes the sensor does not show up as Online in the console or the sensor information for certain sensor IDs seem to match that of another endpoint.
Cause
When the Horizon Instant clone starts up, the clone prep process will attempt to assign a computer name and DNS hostname to the instance. This assignment might occur after the sensor has already attempted to register with the EDR backend. VDI checks are only performed during the register call, so the computer name and DNS hostname might change after the VDI mapping is completed.
Resolution
A workaround that might help is to delay the start of the CarbonBlack service on the endpoint, by setting the service to "Automatic (Delayed Start)" in the Services control panel. Alternatively, this can be set in an elevated command prompt with the following command (space after the "=" is required):
sc config carbonblack start= delayed-auto
By default, the Automatic (Delayed Start) setting will cause a service to wait 120 seconds before starting. It might be necessary to increase this delay further by adding the following registry key with a value greater than 120:
HKLM\SYSTEM\CurrentControlSet\services\CarbonBlack\AutoStartDelay
Related Content
