We've got lots of documentation for monitoring via WMI and what ports/permissions are needed, but I can't find anything about RPC service monitoring.
Does anyone have information on permissions/groups/etc for RPC?
Thanks.
To monitor Windows Performance Counters over RPC the user account must either be a member of the Administrators group OR a member of the "Performance Monitor Users" group in Windows.
Monitoring Processes via RPC appears to use the same permissions as listed above. Windows Services via RPC however requires Administrative permissions (Member of the Administrators Group". The only workaround to this is defining permissions on a per-service level using the "sc sdset" command.
http://www.solarwinds.com/netperfmon/SolarWinds/wwhelp/wwhimpl/common/html/wwhelp.htm#context=SolarWinds&file=OrionAPMPHComponentTypesPerformanceCounter.htm
That doesn't mention anything about the permissions needed (or services).
This may help as well.
Unfortunately no, still nothing to do with permissions needed for querying services.
Andy,
Are you looking for info on the user permissions needed to run the RPC service or to make calls to the service remotely?
Sorry, you answered that.
Thanks,
Michael
I've spoken to the development team about this and they will be sending me an internal document on this matter. I should have an answer for you tomorrow. Sorry for the delay. Hang in there!
Cool, thanks for poking people
Not to send you in the wrong direction, but is this the type of error you're seeing? If so, it might be a DCOM/firewall error or a DCOM config error?
0x800706xx (DCOM RPC error)
This often occurs when a firewall is configured on the remote computer. You will need to open the appropriate ports on the firewall to permit remote administration using DCOM.
Alternatively, the computer might be having problems mapping the IP and the Hostname. To test that possibility, try using the IP address instead of the Hostname in your connection string:
Set objWMIService = GetObject("winmgmts:\\192.168.1.1")
To troubleshoot remote errors
Check whether the user has access to the remote computer. From the command prompt, execute the following command:
net user \\<remotecomputer>\\C$ /u:<domain\username> *
Enable the verbose logging level on the remote computer and re-run the script. After running the script, examine the logs on the remote machine (%windir%\system32\wbem\Logs\).
Enable audit events to determine which account is responsible for the failed connection. After auditing has been enabled, you will see events similar to this in the event log:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 6/14/2004
Time: 10:52:35 AM
User: NT AUTHORITY\SYSTEM
Computer: <remote machine>
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: xuser
Domain: NTDEV
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: <console Machine >
Check the DCOM configuration for the Access\Launch permission; the user running the script must have this permission.
(copied from here: http://technet.microsoft.com/en-us/library/ee692772.aspx#EEAA)
Michael - the error was Access Denied, so networking was fine it was just the permissions.
aLTeReGo is on the right track and this is what we see with WMI as well. I was hoping with RPC we could set different permissions but it must use the same model.
Altering the DACL is a real P.I.T.A when you have 10+ services over 30+ client servers that need adjusting.
Thanks for the clarification!
