agg-mb
January 5, 2026, 3:15pm
3
Hello, we are facing a similar issue, see also:
Hello,
We have a use case where we'd like to monitor hundreds of Citrix VDI desktops. Those are machines that are regularly rebooted and are built based on an image that's prebuilt...
We have 1 image that is pushed to VDI machines in 2 different network environments, i.e Elastic agents also talk to 2 different Fleet Servers.
I saw 2 similar previous question and issue that were raised around this same topic, but never got answers to?
Issue with Elastic Agent ID duplication · Issue #37743 ·…
The duplicate host.id might be caused by e.g. non-persistent VDIs or when you duplicate machines from a “golden image”.
See also my post about a way to alter the host.id:
opened 06:43PM - 29 Oct 20 UTC
Team:Elastic-Agent
7.16-candidate
As a user, I would like to have a uniquely created `host.id` even when using VM … (VDI, virtual desktop infrastructure)
**The problem:**
The `host.id` isn't unique enough, we are using `elastic/go-sysinfo` to generate the `host.id` from hardware information but if you have two VM from the same images it's possible that the `host.id` is the same.
This can easily be done via registry in Windows and (although not tested by me: for Linux & MacOS it could be possible to alter these values):
The add_host_metadata processor adds a host.id field to every Beat event by default. The value is retrieved in go-sysinfo:
Linux: Reads /etc/machine-id, /var/lib/dbus/machine-id, and /var/db/dbus/machine-id. (machineid.go )
macOS: IOPlatformUUID via the gethostuuid API call. (machineid_darwin_amd64.go)
Windows: Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid (machineid_windows.go )
See also:
opened 07:31PM - 06 May 19 UTC
closed 05:32PM - 20 Dec 19 UTC
*Original comment by @ph:*
As Fleet API, I want to make sure the machine talkin… g to me is the same machine that was enrolled.
To do that we want to generate a fingerprint of the machine and use that fingerprint as a machine-id,
I think we could use theses source to create the ID, we could also add the mac address to it.
- OS X uses IOPlatformUUID
- BSD uses /etc/hostid (smbios.system.uuid fallback)
- Linux uses /var/lib/dbus/machine-id
- Windows LINK REDACTED
We should not expose that key directly to the api, we should cryptographically hash the key.
I hope this helps. By altering the MachineGuid I could find a way to circumvent the duplicate host.id values. A solution could be a script that checks its hostname against a table of generated custom UUIDs and setting the corresponding MachineGuid to the matching value in the list. This way even for non-persistent VDIs there could be a way to have “persistent”, “unique” host.ids.