4 Replies Latest reply on Sep 24, 2018 10:34 AM by Bill Robinson

    Discovery signature for contactable agents only

    Marie Farah dela Cruz

      Hi,

       

      I have a compliance job that has a discovery signature for “_AGENT_STATUS” where I’m filtering for alive agents only. In my compliance results, 

      it seems that there were servers tagged as non-compliant because BSA cannot connect to them. One of the errors show a “Login not allowed” message yet the _AGENT_STATUS is alive, and _AGENT_DIAG says OK. I did run a USP and Verify, and both showed the same error message.

      I need to ensure that my compliance will only discover contactable agents. What properties should I use in my discovery signature to ensure this is followed?

        • 1. Re: Discovery signature for contactable agents only
          Bill Robinson
          I have a compliance job that has a discovery signature for “_AGENT_STATUS” where I’m filtering for alive agents only.

          AGENT_STATUS (not _AGENT_STATUS) is a built-in property that's populated by the USP job or a 'verify'.

           

          In my compliance results, it seems that there were servers tagged as non-compliant because BSA cannot connect to them.

          yes, that happens when you can't connect to a server...

           

           

          One of the errors show a “Login not allowed” message yet the _AGENT_STATUS is alive,

          AGENT_STATUS is updated by a USP job run or a verify as noted above.  if something changed on the agent between when you ran the usp or verify and now, and no USP or verfiy has been run since the server had a problem, then you will have this situation.  AGENT_STATUS is not a real-time reflection of the agent status.

           

          and _AGENT_DIAG says OK.

          _AGENT_DIAG is a custom property you or someone in your env has created.  who knows how it's populated.

           

          I did run a USP and Verify, and both showed the same error message.

          and after you did that does AGENT_STATUS still show as online ?  you might need to refresh the gui/server object for it to refresh the property panel values on the server object.

          • 2. Re: Discovery signature for contactable agents only
            Marie Farah dela Cruz

            Hi Bill,

             

            Stand corrected on AGENT_STATUS format, thank you.

            I did run a USP and Verify, and both showed the same error message.

            and after you did that does AGENT_STATUS still show as online ?  you might need to refresh the gui/server object for it to refresh the property panel values on the server object.

             

            Yes, after I did this my AGENT_STATUS still shows "agent is alive". In situations like this when the hindrance of the console to successfully connect to the agent is permission-related issues, should it reflect in my AGENT_STATUS property? Should it say "not responding" if the console has verify issues caused by the "Login not allowed" error?

             

            Here's what our BLAdmin said about _AGENT_DIAG property:

                 Permission issues will not show up in _AGENT_DIAG unless they are because the agent is missing BLAdmin      privileges.  We can’t automate testing of privileges as it would require logging in as every customer role and      we do not want to have one role with all that access.

            • 4. Re: Discovery signature for contactable agents only
              Bill Robinson
              In situations like this when the hindrance of the console

              it's really the appserver connecting, the console doesn't ever directly connect.

              to successfully connect to the agent is permission-related issues, should it reflect in my AGENT_STATUS property? Should it say "not responding" if the console has verify issues caused by the "Login not allowed" error?

              if the usp gets an error back, including the login not allowed, then it should say 'not responding'.

               

              Here's what our BLAdmin said about _AGENT_DIAG property:

                   Permission issues will not show up in _AGENT_DIAG unless they are because the agent is missing BLAdmin      privileges.  We can’t automate testing of privileges as it would require logging in as every customer role and      we do not want to have one role with all that access.

              as i mentioned - _AGENT_DIAG is some property you created in your env.  you should ask your BLAdmin how this property value is set.  and what it has to do w/ one role w/ 'all that access'.