What is Agent Blacklisting?

book

Article ID: 178533

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

What is agent blacklisting?

Agent blacklisting is a mechanism for restricting certain agents from getting policies and/or NSE processing. Here “agent” means “GUID”.

 
Scenarios
There are basically 2 scenarios when a computer can be blacklisted – manual and automatic.
 
Automatic  Blacklisting - Merge case
  • Computer is merged with another computer. The automatic merge happens due to one of the computer resource keys coincidence with another computer’s keys: name.domain, fqdn, uniqueid. The reasons why 2 computers might get same keys are out of scope of this doc.
  • Manual merge of computers might be launched via right click menu -> Merge Resources. It is the Asset Solution item action

When computer X merges into computer Y then X gets into the AgentBlacklist table as well X disappears as a resource at NS. However agent still has GUID X and thinks it is allright. AgentBlacklist table tells NS which computers are not allowed to receive policies and whose NSEs (X, for example) should not be processed.

When agent X requests policies NS checks whether X is blacklisted and if YES, then NS returns a special error code NFYSVR_E_NOT_FOUND  0x80041003 to the agent which means that agent should change its GUID.  Agent then is supposed to call Createresource.aspx which would return the new GUID Z.

Note: In case merge was automatic (X was merged into Y due to equal resource keys) Z = Y, thus we will have 2 machines sharing the same GUID. The ONLY workaround in such case in SMP 7.6 is to make sure all the resource keys are unique for the problematic pair of computers. It is not always possible.

 Manual Blacklisting

There are 2 filters that are supposed to be managed by users manually. The purpose of these filters is to tell NS what computers should stop receiving policies - all the policies or user-based policies. The use-cases for maintenance of these filters are undefined. However here is what they technically do:

  1. Blacklisted Host Computers
    The filter is located under Filters-> Computer Filters and is supposed to be updated manually. The computer resources placed into this filter will NOT get any policies. Also, any NSE from these computers will be rejected.
     
  2. User Configuration Blacklisted Users and Computers.
    The filter is located under Filters-> Computer Filters and is supposed to be updated manually. Computer resources placed into this filter will NOT get any user-based policies. User resources placed into this filter will NOT get the corresponding user-based policies on all the computers.

Both filters are regular filters, so they may contain either explicit resources or be query-based.



TECH & HOWTO articles

158008
The article relates to blacklisting caused by computer merge. In this case the blacklisted computer should get the special error code NFYSVR_E_NOT_FOUND indicating that resource does not exist on NS and client agent should CHANGE its GUID. This article was probably written in times when agent GUID change did not work properly at the agent side. It should be no longer applicable to 7.5 and higher agents

181823
Pretty well described how automatic blacklisting works

TECH199402
This references some bugs that have been fixed in 7.5 and not applicable for 7.6

180297
It describes merging in hierarchy. It is related to the automatic blacklisting.

Additional Information

REFERENCE ID : : 3681764