SQL Query that will show where the contents of the AgentBlackList table originate from

Article:HOWTO26068  |  Created: 2010-05-04  |  Updated: 2012-04-09  |  Article URL http://www.symantec.com/docs/HOWTO26068
Article Type
How To



Question
There are a lot of GUID entries in the agentBlackList table in the NS DB. How can I determine where the entries come from?

Answer
Computers can get blacklisted as part of the NS auto-merge function in addition to the scenario described in KB HOWTO9748.

You can use this SQL Query to find out if the NS Merge process is responsible for the computers showing up in the agentBlackList table:

select
abl.BlacklistDate,
erm.Resource2Guid,
i2.name as Resource2Name, '**********' as '**********',
erm.Resource1guid,
i1.name as Resource1Name,
erm._resourceguid,
vi.name,  '**********' as '**********',
erm.MergeKeyName,
erm.MergeKeyValue

from agentblacklist abl
 left join vitem vi on vi.guid = abl.guid
 left join Evt_Resource_Merge erm on erm.resource2guid = abl.guid
  left join vItem i1 on i1.Guid = erm.Resource1Guid
 left join vItem i2 on i2.Guid = erm.Resource2Guid
 
 order by abl.BlacklistDate desc
  

The preceding query will show the current Guid and name of the resource. It will also identify what Merge Key and Key Value was used to determine that it needed to be merged with another resource.

 


The results of the query will show you if the computer has been automerged. Auto merging should store the losing GUID in the agentBlackList table and permit the winning guid access to the NS.



Legacy ID



52713


Article URL http://www.symantec.com/docs/HOWTO26068


Terms of use for this information are found in Legal Notices