Removing SM Agent

BlakeRichardson
Kind of a big deal
Kind of a big deal

Removing SM Agent

We have the SM agent installed on all of our laptops. When someone leaves we backup their machine, remove the machine from the Meraki network and reimage it. The image we have contains the SM agent so as soon as the laptop has internet access it registers iteslf with Meraki.

 

My problem is when it re-registers itself Meraki seems to remember all of the details from before it was removed the network. Is this normal? I would expect it to reconnect with the new hostname and NOT have any tags attached to it....

18 Replies 18
jared_f
Kind of a big deal

@BlakeRichardson Usually when you remove a device from Meraki dashboard and re-enroll, it is fresh. I am wondering why you are experiencing this issue. Anyways, you could use the apple script below to remove the agent: 

 

on onConfirmUninstall()
	set applicationName to "Meraki Systems Manager"
	try
		display dialog "Are you sure you want to uninstall " & applicationName & "?"
		set uninstallScript to quoted form of POSIX path of (path to resource "uninstall.bash")
		do shell script "bash " & uninstallScript with administrator privileges
		display dialog "Successfully Uninstalled " & applicationName buttons {"OK"} default button "OK"
		
	on error err
		if err contains "User canceled" then
			display dialog "Canceled " & applicationName & " Uninstall" buttons {"OK"} default button "OK"
		else
			display dialog "We're sorry, but there was an error uninstalling " & applicationName & " described as: " & err buttons {"OK"} default button "OK"
		end if
	end try
end onConfirmUninstall

onConfirmUninstall()

You could edit it so it requires no user interaction. I found this in Dashboard > Clients > Add Devices > MacOS > You will see a button to download the uninstaller. It is just an Apple Script app, I just opened it an extracted the code.

 

Jared

Find this helpful? Click the kudos button. Thanks!
sshort
Building a reputation

I experience a similar issue when re-imaging, however it usually refreshes with the current user's info within 10-60 minutes.

MRCUR
Kind of a big deal

I think this is expected behavior. If you remove a client from Dashboard without first removing all of the tags and then later re-enroll that same client (even if it has a new hostname), it will be detected as the same client because the serial/MAC hasn't changed. At least this is what I see with iOS and Mac devices. 

MRCUR | CMNO #12
rguthrie
Getting noticed

hey y'all~ I know I'm a hair late to this party, but I wanted to comment here. This should not be expected behavior. Once removed, my reasonable expectation is that it is removed.  It should purge that info. It's a nightmare with my test machine which gets re-imaged and re-added often. And not always do I get that update in 10-60 mins as sshort mentioned.  And even if it does, it will pick up the new owner, but it will list a ton of apps on it that aren't really on there.  😐 

As you mention here MRCUR, next test go 'round I will try removing all the tags first and even go as far as uninstalling the agent on the test system, reset to factory settings and re-enroll it. 

jared_f
Kind of a big deal

Our users have to authenticate with their directory credentials to login. I don't do any other Windows Server administration, but we have them all in different groups broken down from All Employees, Department, and all of the branch offices. I believe AD is synced nightly on Meraki. Once the user assigns themselves the tablet, the appropriate configuration comes down. 

 

But, I do see this as an issue for lab or loaner machines.

Find this helpful? Click the kudos button. Thanks!
rguthrie
Getting noticed

ok~  I did some testing and I had success removing / re-adding a macbook pro with a clean slate on the dashboard. 

 

Here are the steps I took to "cleanly" disconnect my test macbook pro and re-added it so it appeared brand new.  

 

Steps Taken

  1.  Removed all tags from the dashboard (which resulted in 2 profiles being removed from the client)
  2. From the macbook go to System Preferences > Profiles > Removed meraki profile (was password prompted since we have it password protected in our network)
  3. Used the uninstaller to remove the agent from the macbook
  4. Cleared Owner from the dashboard. All autotags except for Mac Device disappeared and here is what I was l was left with


    ZenMacbookProdashboard.png

  5. Removed the client from the network via the dashboard > select client > delete > remove from network
    • Note: This macbook is not part of our Device Enrollment Program. I have not tested with a DEP system; however, if yours is part of the DEP, I recommend waiting 24 hours before the reinstall and setup steps 6 & 7 (with DEP steps 8 & 9 below are moot) and don't forget to assign settings in the ADEP dashboard screen.
  6. Rebooted the macbook in internet recovery mode (option-command-r). Used disk utility to wipe the HDD and then selected new High Sierra install. 
  7. Once wipe/reinstall is complete, initiated the MacBook through the setup including enabling location services and connecting to WiFi. 
  8. Waited 48 hours before attempting to re-enroll (as an added precaution and because it was Friday afternoon) 
  9. Opened Safari > URL m.meraki.com > entered our Network ID > authenticated > accepted the profile install

 

At this point, I checked the daskboard, and the device appeared brand new. No previous installation information or preferred SSID's appeared.  🙂

Mykl
Comes here often

Thanks so much for your time posting this...

 

You would think that Recovery booting, erasing, and reinstalling would implicitly remove the profile and agent.

Mykl
Comes here often

To add a little more information, particularly for DEP enrolled devices, this article seems to be the piece that's missing from @rguthrie's post :

 

https://n134.meraki.com/Apple-Devices/n/lPRBebgc/manage/support?utf8=%E2%9C%93&support_magic_search_...

 

I'm about to test this on a MacBook Pro that was Assigned, then nuked and paved.

rguthrie
Getting noticed

You're welcome Mykl (sorry for late response I wasn't very active in the forums last quarter of 2018 due to some projects.

How did the test with the DEP Macbook Pro go?

Also~ note that the link you list in the 10-11 11:53 post is not leading to an article.
Mykl
Comes here often

Strange. The link works for me... here's the URL:

https://n134.meraki.com/Apple-Devices/n/lPRBebgc/manage/support?utf8=✓&support_magic_search_box=&kb_...

 

https://n134.meraki.com/Apple-Devices/n/lPRBebgc/manage/support?utf8=✓&support_magic_search_box=&kb_article=&search_term=3802



FYI, my test went as expected-- positive.

Richard_W
A model citizen

The link you are posting:

 

https://n134.meraki.com/Apple-Devices/n/lPRBebgc/manage/support?utf8=✓&support_magic_search_box=&kb_article=&search_term=3802

 Appears to be from your dashboard help: 

n134.meraki.com

Which is why it works for you, but for the rest of us it just opens up our dashboard.

Based off the support article number I feel you are trying to link to this:

 

https://documentation.meraki.com/SM/Device_Enrollment/Recovering_DEP-Enrolled_Devices

 

So how does this resolve the issue outlined, for clarification?

 

R.

 

Richard

 

 

in regards to DEP, the 24 hours cool off period - how did that number come about?

Honestly, it was trial and error. And in truth, the actual wait time could be somewhere between 4 hrs and 24 hrs.  There seems to be a lag between DEP and Cisco, and in previous troubleshooting that involved DEP we have found that it was prudent to wait several hours... and we settled on a full 24 as a matter of course.

My issues stem from attempting to remove a DEP enrolled machine so I can re-deploy but I can't seem to shake the name nor data from the older machine showing up. I agree that surely erasing a machine removes the agent and profiles and it should sort of be instantaneous, so I'm trying your 24 period to see if this resolves.

 

 

sshort
Building a reputation

@rguthrie @Richard_W If you're re-deploying a Mac, it might be worth to just delete the client from the dashboard so a fresh record is created when it re-enrolls. Don't delete the machine from DEP, just the standard client list.

Done did, but old client name and data in SM keeps on coming back. No fresh record is being created. Tried the 24 cool off and issue persists.

Hi sshort~ that's part of the problem we've encountered.  It's NOT creating a new record when deleting from the "device" list.   At this time, if I read Richard_W's comment correctly, even after 24 hours the old info sticks.

I'm just baffled as to why deleting a machine from network in device list does NOT do that. I would have expected that that action along with an erase and install would render the machine as a new client. If Meraki can send an email stating that DEP setting have changed for a particular serial number then surely it should be able to purge this info from SM so that re-enrollment should be as advertised.
As per article ID: 1267

Removing Settings from Devices
In the event a device needs to be reset and managed under different conditions, the settings applied via DEP can be removed.
Navigate to Systems Manager > Manage > DEP.
Click the checkbox next to the device(s) in question.
Click Remove settings.

and voila nothing...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels