If not, is it possible you've deployed a number of hosts with the same hardware UUID? Perhaps by copying a VM?

Here are some notes from that conversation: Status Quo (host_identifier=uuid) - Works until hosts have the same UUID. Seems to be an issue  in your (current) environment. - Not viable in your (current) environment due to hosts overwriting enrollment. host_identifier=instance - A new, osquery-specific UUID will be generated and stored in the osquery DB for each host - Works until a VM image is copied with the osquery DB already initialized (though host_identifier=uuid will fail in the same way) - Changing this now will cause Fleet to see every host as a fresh enrollment, leading to a single duplicate for each host in Fleet. The duplicates will have to be cleaned up later (though this can be automated with the host_expiry setting in Fleet). Redeploy offending hosts with properly reset UUIDs - No idea if this is viable for your situation, but if the duplicate issue described above seems worse than doing this, it is worth considering

@Alon Starikov are you still encountering this issue? Would it be possible for you to generate a debug archive so that I can try to understand what is going on (https://github.com/fleetdm/fleet/blob/master/docs/infrastructure/performance.md#generate-debug-archive-fleet-340)? I am going to implement a fix that will rate limit enrollment but I'd also really like to debug the issue that is being triggered before that is fixed.

@Alon Starikov we've pushed a cooldown period for host enrollment in Fleet 3.5.0 that is likely to resolve the issue for you. If you have a chance before upgrading we would really appreciate a debug archive. It's easy to do and may help us prevent similar problems in the future.