SQL Query that will show where the contents of the AgentBlackList table originate from

Article:HOWTO26068  |  Created: 2010-05-04  |  Updated: 2014-12-02  |  Article URL http://www.symantec.com/docs/HOWTO26068
Article Type
How To

There are a lot of GUID entries in the agentBlackList table in the NS DB. How can I determine where the entries come from?

Computers can get blacklisted as part of the NS auto-merge function in addition to the scenario described in KB HOWTO9748.

You can use this SQL Query to find out if the NS Merge process is responsible for the computers showing up in the agentBlackList table:

i2.name as Resource2Name, '**********' as '**********',
i1.name as Resource1Name,
vi.name,  '**********' as '**********',

from agentblacklist abl
 left join vRM_Computer_Item vi on vi.guid = abl.guid
 left join Evt_Resource_Merge erm on erm.resource2guid = abl.guid
  left join vRM_Computer_Item i1 on i1.Guid = erm.Resource1Guid
 left join vRM_Computer_Item i2 on i2.Guid = erm.Resource2Guid
 order by abl.BlacklistDate desc

The preceding query will show the current Guid and name of the resource. It will also identify what Merge Key and Key Value was used to determine that it needed to be merged with another resource.

The results of the query will show you if the computer has been automerged. Auto merging should store the losing GUID in the agentBlackList table and permit the winning guid access to the NS.

Legacy ID


Article URL http://www.symantec.com/docs/HOWTO26068

Terms of use for this information are found in Legal Notices