Change Guardian for Windows Filters disappear off machines located in a Network DMZ (NETIQKB72307)

  • Document ID:7772307
  • Creation Date:12-May-2010
  • Modified Date:15-Mar-2013
    • Micro Focus Products:
      Change Guardian

Environment

Change Guardian for Windows 2.0 SP1
Change Guardian for Windows 2.0 SP2
Security Manager 6.5
Security Manager 6.5 SP1

Situation

When using CGW on unmanaged SM Agents located in a Network DMZ, the filters disappear from the agents after a change is made

Resolution

In order to resolve this issue, please follow these steps:

  1. Open the Configuration Wizard from the Control Center Console
  2. Launch the Change Guardian for Windows configuration
  3. Go to the Configure Change Guardian for Windows Filters
  4. Remove the Filter(s) that are using computer restrictions for the SM Computer Rule groups containing the DMZ Agents
  5. Close the CGW Wizard and apply the changes now
  6. Remove the SM Computer Rule group containing the DMZ agents from the Development Console
  7. Force the Configuration Changes
  8. Perform a Scan all managed Agents
  9. Wait for the Unmanaged DMZ Agent(s) to get a 21240
  10. Verify that the DMZ SM Agents are no longer members of the deleted Computer Rule Group
  11. Verify that the Local Registry on the DMZ SM agents does NOT contain the Deleted CGW Filter
  12. Create a New SM Computer Rule Group
  13. Add the new SM Computer Rule Group to the Change Guardian Processing Rule Group
  14. Manually include the Unmanaged SM DMZ Agent(s)
  15. Apply the New SM Computer Rule group to the All of the Change Guardian for Windows Processing Rule Group and Sub Groups
  16. Force the Configuration change from the Dev Console
  17. Do a Managed Agent Scan
  18. Wait for the Agents to get a 21240 Windows Event as well as populate the new computer rule group
  19. Re-Create the Filter Group in the CGW Configuration Wizard
  20. Apply the changes now
  21. Force the changes from the Dev Console
  22. Scan All Managed Agents
  23. Wait for the Agents to get the 21240
  24. Now the filter rules should be working.

Cause

CGW uses mainly Active Directory resources to connect to SM Agnets (managed or unmanaged). Because of this, CGW cannot add or search for machine workgroups machine directly.

 

The first time SM Agents are added into an SM Computer Group which is then added to the CGW configuration (for any reason), CGW can recognize that some of the SM Agents are workgroups member machines. CGW then looks for them as workgroup machines. After the initial configuration, CGW sometimes assumes the SM Agents are part of a domain. When CGW sees the SM Agents as domian memebers, CGW can't locate them. This will occur even if the agents are added to the SM computer group. 

 

Additional Information

Formerly known as NETIQKB72307

If the 21240 does not come through after a short period of time (15 - 30 mins) the SM Agent service on the SM DMZ Agent(s) might need to be restarted.