When an agent computer name has changed (NETIQKB71672)

  • 7771672
  • 05-Aug-2009
  • 20-Aug-2009

Environment

Security Manager 5.x

Security Manager 6.x

Situation

When an agent computer name has changed, how is it handled by Security Manager?

Resolution

The agent will come back up after a rename and restart, and then get inserted into the computer table with the new name and a new guid/computer entry.

The old agent hostname will however still be in place, and will start to show as offline, as the agent is no longer technically on the network. The best way to address this is by performing the following steps in order to hide the agent. If you choose to delete the old agent entry rather than "Mark as Uninstalled" (hide) the agent, then you will not be able to return data in a forensic query for the old agent name unless you run a cross platform forensic query.

 

  1. Go into the Agent Administrator/Agent Summary View
  2. Highlight the old agent entry.
  3. Click on Uninstall/Pending uninstallation.
  4. Close the Agent Administrator
  5. Go the Pending Agent/Uninstallation in the Development Console.
  6. Right click on the agent, and then click "Mark as Uninstalled"

Cause

Agent machines get renamed, how does Security Manager handle that? It creates a new record for the "new" computer, and leaves the old entry in the system as well. The old entry will need to be hidden.

Additional Information

Formerly known as NETIQKB71672

Feedback service temporarily unavailable. For content questions or problems, please contact Support.