Troubleshooting Windows monitoring 2007 Intellipool AB



Similar documents
Configuring SSL VPN on the Cisco ISA500 Security Appliance

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

DCA Local Print Agent Push Install

Networking Best Practices Guide. Version 6.5

Monitor Print Popup for Mac. Product Manual.

PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008

Veeam Task Manager for Hyper-V

Advanced Event Viewer Manual

StruxureWare Power Monitoring In-Place Upgrade Guide SQL Server Standard Edition Only

Network Client. Troubleshooting Guide FREQUENTLY ASKED QUESTIONS

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Network Setup Instructions

How to Create a Basic VPN Connection in Panda GateDefender eseries

CORE Enterprise on a WAN

Best Practices & Deployment SurfControl Mobile Filter v

Windows Server 2008/2012 Server Hardening

Kerio VPN Client. User Guide. Kerio Technologies

Universal Management Service 2015

A Guide to New Features in Propalms OneGate 4.0

Backup Exec Private Cloud Services. Planning and Deployment Guide

Setting Up Scan to SMB on TaskALFA series MFP s.

NovaBACKUP Central Management Console

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

HP LeftHand SAN Solutions

Installation Troubleshooting Guide

Best Practices for Integrating NetVanta UC Server with Microsoft Exchange Server

CA Nimsoft Monitor Snap

Agency Pre Migration Tasks

CITRIX 1Y0-A14 EXAM QUESTIONS & ANSWERS

WatchManager Data Backup

Nexio Connectus with Nexio G-Scribe

CA Nimsoft Monitor. Probe Guide for IIS Server Monitoring. iis v1.5 series

User Guide to the Snare Agent Management Console in Snare Server v7.0

TrueEdit Remote Connection Brief

Endpoint Security VPN for Windows 32-bit/64-bit

Dell Spotlight on Active Directory Deployment Guide

NETASQ SSO Agent Installation and deployment

NetSpective Global Proxy Configuration Guide

Snare Agent Management Console User Guide to the Snare Agent Management Console in Snare Server v6

August 2012 Web Application for Enprise Job Costing SAP 2007A, SAP 2007A SP01, SAP 8.8 All regions

TECHNICAL SUPPORT GUIDE

LifeCyclePlus Version 1

Remote Filtering Software

CA Unified Infrastructure Management

XStream Remote Control: Configuring DCOM Connectivity

Shared File Room Field Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Lesson Plans Managing a Windows 2003 Network Infrastructure

LOCAL PRINT AGENT OVERVIEW

SoftDent Practice Management Software. Technician s Installation Guide

Active Directory Monitoring With PATROL

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

M86 Authenticator USER GUIDE. Software Version: Document Version:

Sophos Anti-Virus for NetApp Storage Systems startup guide

How To - Implement Clientless Single Sign On Authentication with Active Directory

DC Agent Troubleshooting

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

AdminToys Suite. Installation & Setup Guide

Symantec Mobile Management for Configuration Manager

Rebasoft Auditor Quick Start Guide

Allworx OfficeSafe Operations Guide Release 6.0

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Net Protector Admin Console

UserLock advanced documentation

DIGIPASS Authentication for Windows Logon Product Guide 1.1

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Active Directory 2008 Implementation. Version 6.410

ILTA HANDS ON Securing Windows 7

Administration Guide. SafeWord for Internet Authentication Service (IAS) Agent Version 2.0

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

BMC Performance Manager Windows Security White Paper DCOM / WMI

Transparent Identification of Users

Desktop Release Notes. Desktop Release Notes 5.2.1

Kaseya Server Instal ation User Guide June 6, 2008

PC-Duo Web Console Installation Guide

ManageEngine Exchange Reporter Plus :: Help Documentation WELCOME TO EXCHANGE REPORTER PLUS... 4 GETTING STARTED... 7 DASHBOARD VIEW...

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

v Installation Guide for Websense Enterprise v Embedded on Cisco Content Engine with ACNS v.5.4

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

MAPI Acceleration. Exinda ExOS Version Exinda, Inc

Virtual Web Appliance Setup Guide

Citrix Access Gateway Plug-in for Windows User Guide

Diamond II v2.3 Service Pack 4 Installation Manual

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

Configuring Windows Server 2008 Network Infrastructure

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Delphi+ System Requirements

Table of Contents. FleetSoft Installation Guide

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Barracuda Link Balancer

Malwarebytes Enterprise Edition Best Practices Guide Version March 2014

Remote Management Reference

BlackShield ID Agent for Remote Web Workplace

Implementing and using the NetSupport Connectivity Server

FREQUENTLY ASKED QUESTIONS

Remote Filtering. Websense Web Security Websense Web Filter. v7.1

Customer Tips. Basic Configuration and Troubleshooting. for the user. Overview. Basic Configuration. Xerox Multifunction Devices.

Server Application. ACTi NVR v2.2. Quick Installation Guide

Transcription:

Troubleshooting Windows monitoring 2007 Intellipool AB

Troubleshooting Windows monitoring 2007 Intellipool AB All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher. Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks. While every precaution has been taken in the preparation of this document, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by this document. Printed: maj 2007 in Härnösand, Sweden

Contents I Table of Contents Part I Introduction 2 1 INM Service account... and rights assigment 3 2 Service monitor... 4 3 CPU/Disk/Memory/Process/Swap... monitor 5 4 Event log monitor... 6 Part II Troubleshooting 8 1 Access denied... 8 2 Credential conflicts... 8 3 Network path... can not be found 8 4 Performance related... issues with monitored object 9 5 Remote session... limit 9 6 The RPC server... is unavailable 9 Part III External resources 12 Index 0 0 I

Section I

Introduction 2 1 Introduction Troubleshooting Windows monitoring and authentication Intellipool Network Monitor is capable of agentless monitoring of remote Windows workstations and services. The pre-requisite for monitoring a remote object is an successful authentication with an Windows account that have access to a number of different resources on the monitored object. There is a number of different problems that can arise that this document will try to answer. This document is provided as a troubleshooting reference and Intellipool AB can not guarantee that these problems can be solved. All modifications to the system, including modifying the registry is done at your own risk.

3 Troubleshooting Windows monitoring 1.1 INM Service account and rights assigment If INM is running under a user account other than LocalSystem, make sure the following local security policies are enabled for the service account. Log on as a Service Act as part of the operating system (Windows 2000) Bypass traverse checking Read, Write and Execute rights on the \Intellipool Network Monitor folder To make full use of the built in account manager all objects should be assigned an account other than the base service account. Monitoring accounts In INM you have the ability to assign an default account to each object. This account will be used to authenticate with the monitored object. In the following text we will refer to this account as the monitoring account. In the object property page its called the default account. In the monitor property page the account selection option should be set to Use object default account. The monitoring account should be an member of the Administrators group on the object being monitored. In most cases this is the Domain Admin group. Account username format Depending on the location of the monitoring account INM requires you to format the username according to the following rules (that also applies to Windows in general)..\username (Account is found by INM on the local machine) username (Account is found by INM on the local machine) domain\username (Account is found by INM on the domain "domain") username@domain.com (Same as above but valid for XP, 2003 and Vista)

Introduction 4 1.2 Service monitor This monitor type uses Remote Procedure Calls to query status of a service running on the monitored machine. Make sure the RPC service is running on the monitored object and the INM host. The monitor account needs to be an administrator on the monitored host to gain access to the service manager.

5 Troubleshooting Windows monitoring 1.3 CPU/Disk/Memory/Process/Swap monitor These categorize of monitors uses the remote registry service to query the monitored object. Make sure the remote registry service is running on both the monitored object and the INM host. By default, only administrators can access the remote registry. This is controlled by the registry key HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg You can edit the permissions of this registry key to limit or grant access to the remote register. If the key do not exist access is granted to everyone. A special case for the disk utilization monitor is when in Win32 compatible mode. Then you need to specify the default share representing the disk. For example instead of specifying C: you should specify C$ and make sure this default share exists and is accessible by the monitoring account.

Introduction 6 1.4 Event log monitor By default, everyone can read the eventlog except the Security eventlog, to read the security eventlog the user needs to be a member of the administrator group. The access to the different event logs are controlled by this registry key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog You can edit the permissions of this registry key to limit or grant access to the remote eventlog.

Section II

Troubleshooting 8 2 Troubleshooting 2.1 Access denied Either spontaneous errors or permanent error when monitoring an object. Cause "Access denied." Access to the monitored object is denied. This can be caused by an authentication failure or that the monitored object is to busy serving new requests. Resolution/workarounds Make sure the monitoring account have access rights to the monitored object. In most cases this error is caused by the INM monitoring account not being an administrator on the monitored object. Firewall restrictions prevents INM from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object. 2.2 Credential conflicts Monitors are randomly entering alarm state with credential conflict as error message. Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. Cause Using more than one account to monitor the object, this includes individual objects pointing to the same address. Resolution/workarounds Make sure only one account is used to access the monitored object from the INM host. 2.3 Network path can not be found Either spontaneous errors or permanent error when monitoring an object. Cause "The network path was not found." The network path could not be found or accessed because of firewall restrictions, name resolution error or a network error. Resolution/workarounds DNS server is overloaded and can not translate the object address, try entering the IP number as the object address. Firewall restrictions prevents INM from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object. If the monitor type is a Disk utilization monitor and you are running in Win32 compatible mode, make sure the share is available. If you want to directly monitor a disk rather than a

9 Troubleshooting Windows monitoring share, use the default share name of the disk (ex. C$) instead of the volume name (ex. C:). 2.4 Performance related issues with monitored object Spontaneous errors occurs during specific time of day or other pattern, such as when backup starts or large queries are run in a database on the monitored object. Cause The monitored object can be unable to complete requests from INM since its busy performing other tasks. It can also be network bandwidth related, for example monitoring objects over an VPN connection can severely degrade network performance and latency. The error messages can vary but most commonly they are all related to RPC failures. Resolution/workarounds Lower the test frequency to 300 seconds Set the Alarm generation value to at least 5 to filter out false positives If low network bandwidth or high network latency is a factor INM DE can be used to place an gateway closer to the monitored object. A gateway uses only a fraction of the network bandwidth that a normal test would do. 2.5 Remote session limit INM is refused access to the monitored object seemingly random with the error text: An attempt was made to establish a session to a network server, but there are already too many sessions established to that server Cause Each server or workstation have supports a maximum number of authenticated connections. An authenticated connection is considered as one connection from one machine to another, where the connection is associated with an set of credentials. If the maximum number of already connections already are filled the next connection request will be blocked. Resolution/workarounds Review the max connection threads that can be used by the lan manager server and if possible, extend the limit. 2.6 The RPC server is unavailable Errors occurring either randomly or all the time with the following error text. Cause "The RPC server is unavailable" The most common cause for this problem is that the remote registry of the monitored machine is either stopped or is experience problems accepting new connections.

Troubleshooting 10 Resolution/workarounds Restart the remote registry service of the monitored object. Review the object overall performance, the object might be too busy to serve more connections. Check the DNS entry for the monitored object, confirm that both a forward and reverse zone entry exists.

Section III

External resources 12 3 External resources These links are only provided as reference. All modifications to the system, including modifying the registry is done at your own risk. "How to restrict access to the registry from a remote computer" http://support.microsoft.com/kb/153183/en-us "Removing the Everyone Group from Group Policies in the Remote Registry Services Permanently Removes All Access" http://support.microsoft.com/kb/281641/en-us "A custom program that uses the RegConnectRegistry function can no longer access the registry of a remote computer in Windows Server 2003 with Service Pack 1 or in an x64- based version of Windows Server 2003" http://support.microsoft.com/kb/906570 "Controlling remote Performance Monitor access to Windows NT servers" http://support.microsoft.com/kb/164018/en-us/ "Troubleshooting Performance Monitor Counter Problems" http://support.microsoft.com/kb/152513/en-us "Unable to complete the operation on <event log>. Access is denied." error message when you try to access a log on a Windows Server 2003-based computer" http://support.microsoft.com/kb/888189/en-us Error message when you try to make a remote connection to the registry of a Windowsbased computer from a Windows Server 2003 SP1-based computer: "Access denied" http://support.microsoft.com/kb/913327/en-us

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information