Known issue—Multiple machines share same identifier

Occasionally, Chrome Enterprise Core identifies multiple machines that share the same identifier. This can happen in environments if you clone Microsoft Windows or Linux virtual machines without updating the clones' identifier.

To check if enrolled devices are identified more than once:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenManaged browsers.

    If you signed up for Chrome Enterprise Core, go to Menu and then Chrome browserand thenManaged browsers.

  3. (Optional) On the left, select an organizational unit. By default, all browsers are shown.
  4. Look for managed browsers with a Duplicate device ID alert icon next to the machine name.

Solution

When enrolling virtual machines that were imaged from the same source, make sure that their identifiers are different so that Chrome Enterprise Core identifies each device as an individual machine. On Windows, running Microsoft's system preparation tool (Sysprep) with the /generalize option should ensure that the machine is assigned a unique identifier.

To resolve the duplicate device ID issue, identify the machines that share an identifier and re-image them. The device identifiers are:

  • Windows—Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
  • Linux/etc/machine-id

After you re-image machines and before you open Chrome browser, make sure that each machine has:

  1. A device identifier which is unique to the machine
  2. A Chrome Enterprise Core enrollment token. For details, see Enroll cloud-managed Chrome browsers.

Additionally, the system image should not have a Chrome Enterprise Core device token:

  • Windows—The device token is written to two locations, which should match. To check the value, go to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment or HKEY_LOCAL_MACHINE\Software\Google\Chrome\Enrollment and check dmtoken.
  • Linux—Go to $user_data_dir/policy/Enrollment. The device token file name is the DeviceID, as listed at chrome://policy.
    Note: To see the user data directory, which contains the device token, go to chrome://version and find the Profile path.

Each device you set up must use a unique device token. If you use a system image to deploy Chrome browser, make sure that the image does not include a device token. Otherwise, every device will try to use the value from the image and your deployment will fail.

Once all identifiers are unique, the Duplicate device ID alert icon should disappear from the original managed browser after approximately 1 month.

Experimental workaround

If you are unable to re-image the machine, you can try to manually reset the device identifier.

Warning: This is a more risky approach and might break other software or products that depend on the identifier. Use at your own risk. 

If you find machines that share a device identifier, you can fix the issue by following these steps on all impacted devices:

  1. Update the identifier to a new value. For example, by running Microsoft's system preparation tool (Sysprep) with the /generalize option on Windows.
  2. Delete the device token to force Chrome browser to re-enroll:
    • Windows—The device token is written to two locations, which should match. To check the value, go to HKEY_LOCAL_MACHINE\Software\WOW6432Node\Google\Enrollment or HKEY_LOCAL_MACHINE\Software\Google\Chrome\Enrollment and check dmtoken.
    • Linux—Go to $user_data_dir/policy. The device token file name is the DeviceID, as listed at chrome://policy.
      Note: To see the user data directory, which contains the device token, go to chrome://version and find the Profile path.
  3. Restart Chrome browser on the device. Chrome browser then re-enrolls itself.

Once all identifiers are unique, the Duplicate device ID alert icon should disappear from the original managed browser after approximately 1 month.

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
11326556874029563464
true
Search Help Center
true
true
true
true
true
410864
false
false