Agent Blacklisting
search cancel

Agent Blacklisting

book

Article ID: 178533

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

 What is Agent Blacklisting?

Environment

ITMS 8.x

Resolution

What is agent blacklisting?

Agent blacklisting is a mechanism for restricting certain agents from getting policies and/or NSE processing. Here “agent” means “GUID”.

 
Scenarios:

There are basically 2 scenarios where a computer can be blacklisted – Automatic Blacklisting and Manual Blacklisting.
 
Automatic  Blacklisting - Merge case
  • Computer is merged with another computer. The automatic merge happens due to one of the computer resource keys merge with another computer’s keys: name.domain, fqdn, uniqueid. The reasons why 2 computers might get same keys are out of scope of this doc.
  • Manual merge of computers might be launched via a right-click menu -> Merge Resources. This is in the Asset Solution item action

When computer X merges into computer Y then X gets put into the AgentBlacklist table and it (computer X) disappears as a resource in the SMP Console. However the Sym Agent still has GUID X and thinks it is allright.  The AgentBlacklist table tells the Notification Server (NS) which computers are not allowed to receive policies and whose NSEs (X, for example) should not be processed.

When Sym Agent X requests policies the NS checks whether X is blacklisted and if YES, then the NS returns a special error code NFYSVR_E_NOT_FOUND  0x80041003 to the agent which means that the Sym Agent should change its GUID.  The Sym Agent then is supposed to call Createresource.aspx which would return the new GUID Z.

Note: In cases where the merge was automatic (X was merged into Y due to equal resource keys) Z = Y, then we will have 2 machines sharing the same GUID. The ONLY workaround in such cases is to make sure all the resource keys are unique for the problematic pair of computers. This is not always possible.

 Manual Blacklisting

There are 2 filters that are supposed to be managed by users manually. The purpose of these filters is to tell the NS what computers should stop receiving policies - all policies or user-based policies. The use-cases for maintenance of these filters are undefined. However here is what they technically do:

  1. Blacklisted Host Computers - This filter is located under Filters-> Computer Filters and is supposed to be updated manually. The computer resources placed into this filter will NOT get any policies. Also, any NSE from these computers will be rejected.
     
  2. User Configuration Blacklisted Users and Computers - This filter is located under Filters-> Computer Filters and is supposed to be updated manually. Computer resources placed into this filter will NOT get any user-based policies. User resources placed into this filter will NOT get the corresponding user-based policies on all the computers.

Both filters are regular filters, so they may contain either explicit resources or be query-based.

Additional Information

Powered by Wolken Software