SQL Query that will show where the contents of the AgentBlackList table originate from
|Article:HOWTO26068|||||Created: 2010-05-04|||||Updated: 2012-04-09|||||Article URL http://www.symantec.com/docs/HOWTO26068|
There are a lot of GUID entries in the agentBlackList table in the NS DB. How can I determine where the entries come from?
Computers can get blacklisted as part of the NS auto-merge function in addition to the scenario described in KB HOWTO9748.
You can use this SQL Query to find out if the NS Merge process is responsible for the computers showing up in the agentBlackList table:
i2.name as Resource2Name, '**********' as '**********',
i1.name as Resource1Name,
vi.name, '**********' as '**********',
from agentblacklist abl
left join vitem vi on vi.guid = abl.guid
left join Evt_Resource_Merge erm on erm.resource2guid = abl.guid
left join vItem i1 on i1.Guid = erm.Resource1Guid
left join vItem i2 on i2.Guid = erm.Resource2Guid
order by abl.BlacklistDate desc
The preceding query will show the current Guid and name of the resource. It will also identify what Merge Key and Key Value was used to determine that it needed to be merged with another resource.
The results of the query will show you if the computer has been automerged. Auto merging should store the losing GUID in the agentBlackList table and permit the winning guid access to the NS.
Article URL http://www.symantec.com/docs/HOWTO26068