Skip to main content

Windows Agent | Liongard Agent Overwrite & Remediation

Updated over a week ago

Overview šŸ’„

In certain environments, Liongard Agents may appear to overwrite one another in the platform. This occurs when multiple devices share the same Windows MachineGuid, causing the platformā€™s deduplication logic to treat distinct machines as the same agent record. Liongard uniquely associates an Agent with a device using system identity values such as the Windows MachineGuid. When this identifier is duplicated across multiple systems, the platform cannot distinguish those devices without additional configuration.

Liongard is actively developing a permanent platform-level fix. Until that is released, this KB outlines a temporary mitigation using a PowerShell-based installation process and the MSI DEVICEID flag to prevent agent overwrites entirely.

The deployment script:

  • Detects MachineGuid conflicts

  • Optionally removes an existing agent before reinstalling

  • Generates a unique Device ID when required

  • Installs the Liongard Agent using that unique identity

  • Writes an installer log and a full transcript log of the console output

šŸ‘‰ For the latest supported installation script, deployment guidance, and parameter explanations, see:

Liongard Agent Install Script

Current Status šŸ¤”

Permanent Fix (In Development)

Liongard is building a platform-level solution that will:

  • Correctly handle duplicate identifiers

  • Improve deduplication logic

  • Reduce reliance on MachineGuid during agent linking

Temporary Mitigation (Use Immediately)

The provided PowerShell installer, combined with the MSI DEVICEID parameter, ensures each installed agent has a unique identity, preventing overwrites even on systems with duplicated MachineGuids.

The script also includes:

  • An optional pre-uninstall step to remove an existing Liongard Agent

  • The ability to include or omit the Environment parameter in the MSI install

  • Clear console messaging for install success/failure

  • A transcript file capturing all console output for later review

Partner Action Items šŸ§‘ā€šŸ«

  • Use this script above on endpoints affected by the overwrite behavior

  • Decide whether to:

    • Use pre-uninstall ($EnablePreUninstall = $true) for a clean reinstall, or

    • Keep it idempotent ($EnablePreUninstall = $false), where the script skips installation if the Agent is already present

  • Verify in Liongard that:

    • Agents are no longer overwriting each other

    • Each device is represented as a unique agent

  • When reporting issues to Liongard Support, include:

    • C:\Liongard\AgentInstall.log

    • The transcript log (e.g., C:\Liongard\LiongardAgentInstaller_DeviceID_YYYYMMDD_HHmmss.log)

    • Hostname and MachineGuid

    • Environment name

Also:

  • Ensure Sysprep is used in imaging workflows

  • Reimage or correct OEM devices known to ship with duplicated MachineGuids

Root Cause Explained šŸš€

Why does Agent overwrite occur?

Liongard Agents identify themselves using the Windows MachineGuid. When multiple endpoints share the same MachineGuid, the platform sees them as the same device, and they all attach to a single Agent record.

This leads to:

  • Device details flipping between endpoints

  • Inspectors reporting from whichever endpoint checked in last

  • Apparent ā€œoverwriteā€ behavior rather than duplicate agents

Common Causes of Shared MachineGuids

  • Imaging without Sysprep

    • Golden images/clones preserve the same MachineGuid

  • VM templates not generalized

    • Cloned VMs inherit the templateā€™s MachineGuid

  • OEM devices with duplicate GUIDs

    • Some vendors ship hardware with repeated MachineGuid values

  • Broken or placeholder registry keys

    • HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid is missing or invalid

Why this didnā€™t happen in the past

Previously:

  • Uninstalling and reinstalling the Agent could create duplicate Agent records

  • This was fixed by treating MachineGuid as the primary identity and reusing an existing record when MachineGuid matches

That fix works correctly for reinstalls on the same machine, but it creates a new edge case when different machines share the same MachineGuid. In those cases:

  • All machines legitimately reattach to the same Agent record

  • No duplicates are createdā€”just overwrites

The current script/workaround solves this by assigning a stable, unique DEVICEID per machine, even when their MachineGuid values collide.

How the Workaround Prevents Overwrites šŸ§

The MSI installer supports:

DEVICEGUID=<value>

The PowerShell script:

  1. Reads the local MachineGuid

  2. Falls back to the system UUID if needed

  3. Queries Liongardā€™s /api/v1/agents endpoint to see how that identity is currently used

  4. Detects when the local MachineGuid matches an existing Agent but with a different hostname (overwrite risk)

  5. Generates a new GUID-based DEVICEGUID in those cases

  6. Passes DEVICEGUID=<generated GUID> to msiexec

As a result, each endpoint gets its own unique DEVICEGUID, so even if MachineGuids are duplicated, the platform can keep the agents separate.

Summary šŸ¤©

This KB addresses the Liongard Agent overwrite issue caused by shared MachineGuid values and describes a robust PowerShell-based workaround.

The script:

  • Detects overwrite risk using Liongardā€™s API

  • Can optionally uninstall an existing Agent before reinstalling

  • Assigns a unique per-machine DEVICEGUID when needed

  • Supports installs with or without the Environment parameter

  • Writes to C:\Liongard\AgentInstall.log

  • Generates a script transcript log (LiongardAgentInstaller_DeviceID_YYYYMMDD_HHmmss.log) for full run visibility

  • Prints clear success/failure messages and returns useful exit codes for RMM monitoring

Until the permanent platform fix is released, this script + DEVICEGUID approach is the recommended way to prevent Agent overwrites on endpoints with duplicate MachineGuids.

Did this answer your question?