EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system

03/26/2020 7 11795

DESCRIPTION:
EX SSL-VPN: What is the reason for IP Address Conflict reported on cloned Windows Operating system images?

RESOLUTION:

Question:

What is the reason for Ip Address Conflict reported on cloned Windows Operating system images?  Is this related to imaging process followed or related to Aventail for assigning same ip address to different clients.

Resolution/Workaround:

Most of the customers provide imaged pc's to their end users.  All imaging tools provide options to generate Unique Security Identifiers.  Aventail Connect Tunnel Client Installed and connected creates a Unique "Tunnel Identifier"  once logged in. 

Identified Imaging Issues:

• Any imaging process that does not generate Unique Security Identifier would cause an issue related to duplicate Identifiers.
• Tunnel Client Installed and tested for access would generate a Unique Tunnel Identifier. The base image with tested tunnel client when cloned would also duplicate the tunnel  Identifier. (Change of Operating System Unique Identifier during the imaging process would not change the Aventail Connect Identifier).
• Aventail Tunnel Identifier is created and stored under registry settings.
• Tunnel Clients should not  to be tried or tested on base images(before cloning).

Where does the Tunnel Identifier gets recorded in Registry:

• HKEY_LOCAL_MACHINESOFTWAREAventail VPN ClientConnections   (Under connections we have Connect tunnel profiles which record information related to Tunnel Identifier.

What needs to be done for such imaging issues?

-Uninstall or  Reinstall of Tunnel Client would generate a Unique Tunnel Identifier with respect to Operating System Unique Identifier.
**Or the Customer could use any tools related to deleting of  Key Value- "TunnelIdentifier"  or deleting the entire "Connections" Key  from Registry.

**
Note: 

• Any modifications to registry might lead to Operating System crash or BSOD.  Such modifications are to be done at customer / User discretion. SonicWall does not hold any responsibility for any manual changes attempted to modify Registry.  SonicWall recommends to use proper imaging system and proper tunnel installation for user access.
• To identify such issues Technical Support team needs  users client side tunnel logs and Aventail VPN system health Information (AMC->logging).