diff --git a/app/controllers/admin/hosts_controller.rb b/app/controllers/admin/hosts_controller.rb
index db5b2cc..0c2a215 100644
--- a/app/controllers/admin/hosts_controller.rb
+++ b/app/controllers/admin/hosts_controller.rb
@@ -1,40 +1,56 @@
 class Admin::HostsController < Admin::BaseController
-  before_action :fetch_host, only: [:verify, :set_quota]
+  before_action :fetch_host, only: [:verify, :reject, :set_quota]
 
   # GET /admin/hosts/unverified
   def unverified
     @hosts = Host.unverified
   end
 
   # POST /admin/hosts/1/verify
   def verify
     @host.verify(current_user.id)
     redirect_to unverified_admin_hosts_path
   end
 
+  # POST /admin/hosts/1/reject
+  def reject
+    msg = 'You need to provide a reason' if params[:reason].blank?
+
+    if msg.blank?
+      if @host.reject(current_user.id, params[:reason])
+        flash[:success] = 'Client rejected'
+      else
+        flash[:error] = 'Something went wrong'
+      end
+    else
+      flash[:error] = msg
+    end
+    redirect_to unverified_admin_hosts_path
+  end
+
   # PUT /admin/hosts/1/set_quota
   def set_quota
     @host.quota = case params[:unit]
       when 'MB'
         params[:quota].to_i * ConfigurationSetting::MEGA_BYTES
       when 'GB'
         params[:quota].to_i * ConfigurationSetting::GIGA_BYTES
       when 'TB'
         params[:quota].to_i * ConfigurationSetting::TERA_BYTES
       end
 
     if @host.save
       flash[:success] = 'Changes saved'
     else
       flash[:error] = 'Changes not saved'
     end
 
     redirect_to admin_client_path(@host.client)
   end
 
   private
 
   def fetch_host
     @host = Host.find(params[:id])
   end
 end
diff --git a/app/models/host.rb b/app/models/host.rb
index b54f03b..fd3a0a6 100644
--- a/app/models/host.rb
+++ b/app/models/host.rb
@@ -1,390 +1,413 @@
 # The bacula database must be independent from all of our application logic.
 # For this reason we have Host which is the application equivalent of a Bacula Client.
 #
 # A host is being created from our application. When it receives all the configuration
 # which is required it gets dispatched to bacula through some configuration files. After
 # that, a client with the exact same config is generated by bacula.
 class Host < ActiveRecord::Base
   establish_connection ARCHIVING_CONF
 
   include Configuration::Host
 
   STATUSES = {
     pending: 0,
     configured: 1,
     dispatched: 2,
     deployed: 3,
     updated: 4,
     redispatched: 5,
     for_removal: 6,
     inactive: 7,
     blocked: 8
   }
 
   # The default file daemon port
   DEFAULT_PORT = 9102
 
   enum origin: { institutional: 0, vima: 1, okeanos: 2 }
   serialize :email_recipients, JSON
 
   has_many :simple_configurations
   has_many :ownerships
   has_many :users, through: :ownerships, inverse_of: :hosts
   has_many :invitations
 
   belongs_to :client, class_name: :Client, foreign_key: :name, primary_key: :name
   belongs_to :verifier, class_name: :User, foreign_key: :verifier_id, primary_key: :id
 
   has_many :filesets, dependent: :destroy
   has_many :job_templates, dependent: :destroy
   has_many :schedules, dependent: :destroy
 
   validates :file_retention, :job_retention,
     :port, :password, presence: true
   validates :port, :quota, numericality: { greater_than: 0 }
 
   validates :fqdn, presence: true, uniqueness: true
 
   validate :fqdn_format
 
   validate :valid_recipients
 
   scope :not_baculized, -> {
     joins("left join #{Client.table_name} on #{Client.table_name}.Name = hosts.name").
       where(Client.table_name => { Name: nil })
   }
 
   scope :in_bacula, -> {
     where(
       status: STATUSES.select { |k,_|
         [:deployed, :updated, :redispatched, :for_removal].include? k
       }.values
     )
   }
 
   scope :unverified, -> { where(verified: false) }
 
   before_validation :set_retention, :unset_baculized, :sanitize_name,
     :sanitize_email_recipients, :set_password, :set_port, :set_quota
 
   state_machine :status, initial: :pending do
     STATUSES.each do |status_name, value|
       state status_name, value: value
     end
 
     after_transition [:dispatched, :redispatched, :configured, :updated] => :deployed do |host|
       host.job_templates.enabled.
         update_all(baculized: true, baculized_at: Time.now, updated_at: Time.now)
     end
 
     event :add_configuration do
       transition [:pending, :dispatched, :inactive] => :configured
     end
 
     event :dispatch do
       transition :configured => :dispatched
     end
 
     event :redispatch do
       transition :updated => :redispatched
     end
 
     event :set_deployed do
       transition [:dispatched, :redispatched, :configured, :updated] => :deployed
     end
 
     event :change_deployed_config do
       transition [:deployed, :redispatched, :for_removal] => :updated
     end
 
     event :mark_for_removal do
       transition [:dispatched, :deployed, :updated, :redispatched] => :for_removal
     end
 
     event :set_inactive do
       transition [:configured, :deployed, :dispatched, :updated, :redispatched] => :inactive
     end
 
     event :disable do
       transition all => :pending
     end
 
     event :block do
       transition all - [:blocked] => :blocked
     end
 
     event :unblock do
       transition :blocked => :pending
     end
   end
 
   # API serializer
   # Override `as_json` method to personalize for API use.
   def as_json(opts={})
     if for_api = opts.delete(:for_api)
       api_json
     else
       super(opts)
     end
   end
 
   # Determines if a host has enabled jobs in order to be dispatched to Bacula
   #
   # @return [Boolean]
   def bacula_ready?
     job_templates.enabled.any?
   end
 
   # Shows the host's auto_prune setting
   def auto_prune_human
     client_settings[:autoprune]
   end
 
   # Uploads the host's config to bacula
   # Reloads bacula server
   #
   # It updates the host's status accordingly
   def dispatch_to_bacula
     return false if not needs_dispatch?
     bacula_handler.deploy_config
   end
 
   # Removes a Host from bacula configuration.
   # Reloads bacula server
   #
   # If all go well it changes the host's status and returns true
   #
   # @param force[Boolean] forces removal
   def remove_from_bacula(force=false)
     return false if not (force || needs_revoke?)
     bacula_handler.undeploy_config
   end
 
   # Determines if a host needs a simple config
   #
   # @return [Boolean]
   def needs_simple_config?
     job_templates.none? && simple_configurations.none?
   end
 
   # Restores a host's backup to a preselected location
   #
   # @param fileset_id[Integer] the desired fileset
   # @param location[String] the desired restore location
   # @param restore_point[Datetime] the desired restore_point datetime
   # @param restore_client[String]] the desired restore client
   def restore(file_set_id, location, restore_point=nil, restore_client=nil)
     return false if not restorable?
     job_ids = client.get_job_ids(file_set_id, restore_point)
     file_set_name = FileSet.find(file_set_id).file_set
     bacula_handler.restore(job_ids, file_set_name, restore_point, location, restore_client)
   end
 
   # Runs the given backup job ASAP
   def backup_now(job_name)
     bacula_handler.backup_now(job_name)
   end
 
   # Disables all jobs and sends the configuration to Bacula
   def disable_jobs_and_update
     job_templates.update_all(enabled: false)
     bacula_handler.deploy_config
   end
 
   # Disables all jobs if needed and then locks the host
   def disable_jobs_and_lock
     return false if can_set_inactive? && !disable_jobs_and_update
     block
   end
 
   # Determinex weather a host:
   #
   # * has all it takes to be deployed but
   # * the config is not yet sent to bacula
   #
   # @return [Boolean]
   def needs_dispatch?
     verified? && (can_dispatch? || can_redispatch?)
   end
 
   # Determines weather a host is marked for removal
   #
   # @return [Boolean]
   def needs_revoke?
     for_removal?
   end
 
   # Handles the host's job changes by updating the host's status
   def recalculate
     add_configuration || change_deployed_config
   end
 
   # Fetches an info message concerning the host's deploy status
   def display_message
     if !verified?
       { message: 'Your host needs to be verified by an admin', severity: :alert }
     elsif pending?
       { message: 'client not configured yet', severity: :alert }
     elsif configured? || dispatched?
       { message: 'client not deployed to Bacula', severity: :alert }
     elsif updated? || redispatched?
       { message: 'client configuration changed, deploy needed', severity: :alert }
     elsif for_removal?
       { message: 'pending client configuration withdraw', severity: :error }
     elsif inactive?
       { message: 'client disabled', severity: :alert }
     elsif blocked?
       { message: 'client disabled by admin.', severity: :error }
     end
   end
 
   # Determines if a host can issue a restore job.
   #
   # @return [Boolean] true if the host's client can issue a restore job
   def restorable?
     client.present? && client.is_backed_up?
   end
 
   # @return [User] the first of the host's users
   def first_user
     users.order('ownerships.created_at asc').first
   end
 
   # Marks the host as verified and sets the relevant metadata
   #
   # @param admin_verifier[Integer] the verifier's id
   def verify(admin_verifier)
     self.verified = true
     self.verifier_id = admin_verifier
     self.verified_at = Time.now
     recipients = users.pluck(:email)
     if save
       UserMailer.notify_for_verification(recipients, self).deliver if recipients.any?
       return true
     end
     false
   end
 
+  # Creates the RejectedHost and then destroys the initial host
+  #
+  # @param rejecter_id[Integer] the responsible admin's id
+  # @param reason[Text] the reject reason
+  def reject(rejecter_id, reason)
+    transaction do
+      begin
+        rejected_host = RejectedHost.new
+        rejected_host.user = users.first
+        rejected_host.rejecter_id = rejecter_id
+        rejected_host.fqdn = fqdn
+        rejected_host.name = name
+        rejected_host.host_created_at = created_at
+        rejected_host.reason = reason
+        rejected_host.save!
+        destroy!
+        true
+      rescue
+        false
+      end
+    end
+  end
+
   # Determines if a host can be disabled or not.
   # Equivalent to is_deployed
   #
   # @return [Boolean]
   def can_be_disabled?
     dispatched? || deployed? || updated? || redispatched?
   end
 
   # Determines if a host is inserted manually from the user or
   #  provided as an option from a list by the system via a third party
   #  like ViMa or Okeanos
   #
   #  @return [Boolean]
   def manually_inserted?
     institutional?
   end
 
   # Resets the hosts token
   #
   # @return [Boolean]
   def recalculate_token
     self.password = token
     save
   end
 
   private
 
   # automatic setters
 
   def sanitize_name
     self.name = fqdn
   end
 
   # Sets the file and job retention according to the global settings
   def set_retention
     self.file_retention = client_settings[:file_retention]
     self.file_retention_period_type = client_settings[:file_retention_period_type]
     self.job_retention = client_settings[:job_retention]
     self.job_retention_period_type = client_settings[:job_retention_period_type]
   end
 
   def unset_baculized
     self.baculized = false if new_record?
     true
   end
 
   def sanitize_email_recipients
     self.email_recipients.reject!(&:blank?)
   end
 
   def set_password
     return true if persisted?
 
     self.password = token
   end
 
   def token
     Digest::SHA256.hexdigest(
       Time.now.to_s + Rails.application.secrets.salt + fqdn.to_s
     )
   end
 
   def set_port
     return true if persisted?
 
     self.port = DEFAULT_PORT
   end
 
   def set_quota
     return true if persisted?
 
     self.quota = ConfigurationSetting.client_quota
   end
 
   # validation
 
   def fqdn_format
     regex = /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)/
     unless fqdn =~ regex
       self.errors.add(:fqdn)
     end
   end
 
   def valid_recipients
     if !email_recipients.all? { |email| email =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i }
       self.errors.add(:email_recipients)
     end
   end
 
   # Handles the returned attribues for api
   #
   # @return [Hash] of the desired attributes for api use
   def api_json
     {
       id: id,
       name: name,
       uname: client.uname,
       port: port,
       file_retention: "#{file_retention} #{file_retention_period_type}",
       job_retention: "#{job_retention} #{job_retention_period_type}",
       quota: quota,
       last_backup: client.last_job_datetime,
       files: client.files_count,
       space_used: client.backup_jobs_size,
       collaborators: email_recipients,
       backup_jobs: job_templates.enabled.backup.map(&:api_json),
       restorable_filesets: client.file_sets.map(&:api_json)
     }
   end
 
   # Proxy object for handling bacula directives
   def bacula_handler
     BaculaHandler.new(self)
   end
 
   # Fetches and memoizes the general configuration settings for Clients
   #
   # @see ConfigurationSetting.current_client_settings
   # @return [Hash] containing the settings
   def client_settings
     @client_settings ||= ConfigurationSetting.current_client_settings
   end
 end
diff --git a/app/views/admin/hosts/_host.html.erb b/app/views/admin/hosts/_host.html.erb
index f1adb47..6356ca7 100644
--- a/app/views/admin/hosts/_host.html.erb
+++ b/app/views/admin/hosts/_host.html.erb
@@ -1,13 +1,16 @@
 <tr>
   <td><%= host.name %></td>
   <td><%= host.fqdn %></td>
   <td><%= host.first_user.display_name %></td>
   <td><%= host.port %></td>
   <td><%= I18n.l(host.created_at, format: :long) %></td>
   <td>
     <%= link_to 'Verify', verify_admin_host_path(host), method: :post,
       class: "btn btn-success", role: "button",
       data: { confirm: "Client #{host.name} will be ready to be dispatched to Bacula" }
     %>
+    <%= link_to 'Reject', '#', class: "btn btn-danger", role: "button",
+                data: { toggle: 'modal', target: '#reject-modal',
+                        id: host.id, name: host.name } %>
   </td>
 </tr>
diff --git a/app/views/admin/hosts/unverified.html.erb b/app/views/admin/hosts/unverified.html.erb
index eeb269e..96c6aa5 100644
--- a/app/views/admin/hosts/unverified.html.erb
+++ b/app/views/admin/hosts/unverified.html.erb
@@ -1,24 +1,54 @@
 <h1>Unverified Clients</h1>
 
 <% if @hosts.empty? %>
   <h3>There are no clients pending for approval</h3>
 <% else %>
   <div class="table-responsive">
     <table class="table table-striped table-bordered table-condensed">
       <thead>
         <tr>
           <th>Name</th>
           <th>FQDN</th>
           <th>User</th>
           <th>Port</th>
           <th>Created At</th>
           <th>Actions</th>
         </tr>
       </thead>
 
       <tbody>
         <%= render partial: 'host', collection: @hosts %>
       </tbody>
     </table>
   </div>
 <% end %>
+
+<div id="reject-modal" class="modal fade" tabindex="-1" role="dialog" aria-labelledby="mySmallModalLabel">
+  <div class="modal-dialog">
+    <div class="modal-content">
+      <div class="panel panel-default">
+        <div class="panel-heading">Reject host <em></em></div>
+        <div class="panel-body">
+          <%= bootstrap_form_tag(url: reject_admin_host_path('host_id'),
+                                 method: :post) do |f| %>
+            <%= f.text_area :reason, cols: 40, rows: 5, placeholder: '...', required: true %>
+            <%= f.submit 'Reject', class: "btn btn-danger" %>
+          <% end %>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script type="text/javascript">
+  $('#reject-modal').on('show.bs.modal', function (event) {
+    var button = $(event.relatedTarget);
+    var host_id = button.data('id');
+    var host_name = button.data('name');
+    var form = $(this).find('form');
+
+    form_url = form.attr('action');
+    form.attr('action', form_url.replace('host_id', host_id));
+    $(this).find('em').text(host_name);
+  })
+</script>
diff --git a/config/routes.rb b/config/routes.rb
index fa654c2..9bc62fd 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,130 +1,131 @@
 Rails.application.routes.draw do
   root 'application#index'
   get 'faq' => 'application#faq'
   post 'grnet' => 'application#grnet'
   get 'institutional' => 'application#institutional'
   match 'vima', to: 'application#vima', :via => [:get, :post]
   get 'logout' => 'application#logout'
 
   resources :clients, only: [:index, :show] do
     member do
       get :jobs
       get :logs
       get :stats
       post :stats
       get :users
       get :restore
       post :run_restore
       post :restore_selected
       delete :remove_user
     end
 
     collection do
       post :index
     end
   end
 
   resources :clients, only: [], param: :client_id do
     member do
       get :tree
     end
   end
 
   resources :invitations, only: [:create]
 
   get '/invitations/:host_id/:verification_code/accept' => 'invitations#accept',
     as: :accept_invitation
 
   resources :hosts, only: [:new, :create, :show, :edit, :update, :destroy] do
     member do
       post :submit_config
       post :disable
       post :regenerate_token
       delete :revoke
       get :fd_config
     end
 
     collection do
       get :fetch_vima_hosts, to: 'hosts#fetch_vima_hosts', as: :fetch_vima
     end
 
     resources :simple_configs, only: [:new, :create]
 
     resources :jobs, only: [:new, :create, :show, :edit, :update, :destroy] do
       member do
         patch :toggle_enable
         post :backup_now
       end
     end
 
     resources :filesets, only: [:show, :new, :create, :edit, :update, :destroy]
     resources :schedules, only: [:show, :new, :edit, :create, :update, :destroy]
   end
 
   resources :users, only: :show do
     member do
       patch :generate_token
     end
   end
 
   namespace :admin do
     match '/', to: 'base#index', via: [:get, :post]
 
     get '/login' => 'base#login', as: :login
 
     resources :settings, only: [:index, :new, :create, :edit, :update] do
       member do
         delete :reset
       end
     end
 
     resources :clients, only: [:index, :show] do
       member do
         get :jobs
         get :logs
         get :stats
         post :stats
         get :configuration
         post :disable
         post :block
         post :unblock
         delete :revoke
       end
     end
 
     resources :hosts, only: [] do
       collection do
         get :unverified
       end
 
       member do
         post :verify
+        post :reject
         put :set_quota
       end
     end
 
     resources :users, only: [:index, :new, :create, :show, :edit, :update] do
       member do
         patch :ban
         patch :unban
         patch :revoke_admin
         patch :grant_admin
       end
     end
 
     resources :pools, only: [:index, :new, :create]
 
     resources :faqs
   end
 
   namespace :api, defaults: { format: :json } do
     scope module: :v1, constraints: ApiVersion.new(version: 1, default: true) do
       resources :clients, only: [:index, :show] do
         member do
           post :backup
           post :restore
         end
       end
     end
   end
 end