Here is my situation. I set up one Windows box with a Universal Forwarder, V6.3. This one forwarder was to be the one that all the many other forwarders would be cloned from. An older version of a Forwarder was placed on these other Windows boxes when another group created a Windows image. This older version was never set up properly.
In an effort to clean things up, the process that was used to re-do the Forwarders was the following;
Everything looked OK but I'm using a separate server as a Deployment server and monitoring server. When I went to the Distributed Management Console under Forwarders>Instance I see the message below;
Note: Multiple forwarders installed on one host appear with identical host names, but different GUIDs.
When I went through all the devices listed, I only saw one entry for each hostname but I noticed that the GUIDs were all the same.
Does anyone know what's going on and how I can clean this up?
After further review, I found that the issue is with the following file;
It contains the GUID entry. From what I read, I need to remove the "guid = " line and on the Forwarder restart, a new GUID should be generated.
My new question is, can I simply remove the entire file? The only thing in it is;
[general] guid = <number>