Agent blacklisting is a mechanism for restricting certain agents from getting policies and/or NSE processing. Here “agent” means “GUID”.
There are basically 2 scenarios when a computer can be blacklisted – manual and automatic.
Automatic Blacklisting - Merge case
Computer is merged with another computer. The automatic merge happens due to one of the computer resource keys coincidence with another computer’s keys: name.domain, fqdn, uniqueid. The reasons why 2 computers might get same keys are out of scope of this doc.
Manual merge of computers might be launched via right click menu -> Merge Resources. It is the Asset Solution item action
When computer X merges into computer Y then X gets into the AgentBlacklist table as well X disappears as a resource at NS. However agent still has GUID X and thinks it is allright. AgentBlacklist table tells NS which computers are not allowed to receive policies and whose NSEs (X, for example) should not be processed.
When agent X requests policies NS checks whether X is blacklisted and if YES, then NS returns a special error code
NFYSVR_E_NOT_FOUND 0x80041003 to the agent which means that agent should change its GUID. Agent then is supposed to call Createresource.aspx which would return the new GUID Z.
Note: In case merge was automatic (X was merged into Y due to equal resource keys) Z = Y, thus we will have 2 machines sharing the same GUID. The ONLY workaround in such case in SMP 7.6 is to make sure all the resource keys are unique for the problematic pair of computers. It is not always possible.
There are 2 filters that are supposed to be managed by users manually. The purpose of these filters is to tell NS what computers should stop receiving policies - all the policies or user-based policies. The use-cases for maintenance of these filters are undefined. However here is what they technically do:
Blacklisted Host Computers The filter is located under Filters-> Computer Filters and is supposed to be updated manually. The computer resources placed into this filter will NOT get any policies. Also, any NSE from these computers will be rejected.
User Configuration Blacklisted Users and Computers. The filter is located under Filters-> Computer Filters and is supposed to be updated manually. Computer resources placed into this filter will NOT get any user-based policies. User resources placed into this filter will NOT get the corresponding user-based policies on all the computers.
Both filters are regular filters, so they may contain either explicit resources or be query-based.
TECH & HOWTO articles
TECH206171 The article relates to blacklisting caused by computer merge. In this case the blacklisted computer should get the special error code NFYSVR_E_NOT_FOUND indicating that resource does not exist on NS and client agent should CHANGE its GUID. This article was probably written in times when agent GUID change did not work properly at the agent side. It should be no longer applicable to 7.5 and higher agents
HOWTO9748 Pretty well described how automatic blacklisting works
TECH199402 This references some bugs that have been fixed in 7.5 and not applicable for 7.6
HOWTO42302 It describes merging in hierarchy. It is related to the automatic blacklisting.
Imported Document ID: HOWTO109585
Subscribing will provide email updates when this Article is updated. Login is required.