• State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 23 subscribers
  • Views 620 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Creating alert for windows 2008 R2 Server

mstampfle

I need to create an alert for a service to restart on windows 2008 R2 server. I have opened up the correct ports for both SNMP and WIM. I tried using a domain account and also a local account of that machine. I disabled local security policy: UAC Run all administrators in Admin Approval Mode. 

Please let me know how I can resolve this issue.

  • 0

    Hello mstampfle,

    In order to successully control services remotely, you need to make sure that the following ports are open over TCP:
     
    -139
    -445
     
    In order to test this, you can open a CMD prompt on the ipMonitor system and run the following command:
     
    -To stop a service: sc [ip] stop [service name]
    -To start a service: sc [ip] start [service name]
     
    If this works, ipMonitor should be able to restart services remotely.
     
    Let me know if you require additional assistance with this.
     
    Sincerely,
     
    Chris Foley - SolarWinds - Support Specialist
    Support:866.530.8040 || Fax:512.857.0125
    network management simplified  |  solarwinds.com

  • 0 in reply to Fodome

    Chris, 

    This is the error that i continue to get 
    Unable to obtain the list of services from "10.239.xx.xx". Reason: Logon failure: unknown user name or bad password. (0x52e) 
    I have verified that the password matches on the server and in IPmonitor.  also this machine is a none domain machine.
     we are using the COMPUTERNAME\Username format

  • 0 in reply to mstampfle
    mstampfle,

     

    As one cannot impersonate an account on another system, you will need to use the ".\username" or "username"format.  Try this:

     

    1. On the ipMonitor system, open a CMD prompt.

    2. Type "Runas /user:[username] cmd.exe" and enter.

     

    ***where [username] is the local account that exists on both ipMonitor and Remote systems.

     

    3. Enter password when prompted.

    4. In new CMD Window running as account, type the following:

     

    sc [ip] query

     

    ***where [ip] is the IP of the remote system.

     

    Does this give you the list of services on the remote system?

     

    Let me know.

     

    Sincerely,

     

    Chris Foley - SolarWinds - Support Specialist
    Support:866.530.8040 || Fax:512.857.0125
    network management simplified  |  solarwinds.com
  • 0 in reply to Fodome

    Fodome,

     

    C:\Users\ipmonitor>Runas /user:[ipmonitor@app.cxx.xxx] cmd.exe

    Enter the password for [ipmonitor@app.xxx.xxx]:

    RUNAS ERROR: Unable to acquire user password

  • 0 in reply to mstampfle

    Any suggestions?  I have followed the documentation provided by ipmonitor below.  And it did not have any effect on ipmonitor.

    Troubleshooting WMI

    1. As remote WMI connections use RPC, the RPC Service must be enabled and started on the remote system

    a. Logon to the remote system.

    b. Open the Windows Services list on that system.

    c. Ensure that the "Remote Procedure Call (RPC)" service is enabled and started.

    2. As WMI also uses DCOM to communicate with the remote system, it must be enabled and configured correctly on the remote system.

    a. Log on to the target server with an administrator account.

    b. Navigate to Start > Control Panel > Administrative Tools > Component Services. You need to switch to the Classic View of the Control Panel to use this navigation path.

    c. Expand Component Services > Computers.

    d. Right-click My Computer, and then select Properties.

    e. Select the COM Security tab, and then click Edit Limits in the Access Permissions grouping.

    f. Ensure the user account you want to use to Monitor resources over WMI has Local Access and Remote Access, and then click OK.

    g. Click Edit Default, and then ensure the user account you want to use to Monitor resources over WMI has Local Access and Remote Access.

    h. Click OK.

    i. Click Edit Limits in the Launch and Activation Permissions grouping.

    j. Ensure the user account you want to use to Monitor resources over WMI has Local Launch, Remote Launch, Local Activation, and Remote Activation, and then click OK.

    k. Click Edit Default, and then ensure the user account you want to use to Monitor resources over WMI has Local Launch, Remote Launch, Local Activation, and Remote Activation.

    l. Click OK.

    3. Verify WMI Security to ensure that the account used by the ipMonitor Credential can access the CIMV2 namespace.

    a. Log on to the computer you want to monitor with an administrator account.

    b. Navigate to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications. You need to switch to the Classic View of the Control Panel to use this navigation path.

    c. Click WMI Control, and then right-click and select Properties.

    d. Select the Security tab, and then expand Root and click CIMV2.

    e. Click Security and then select the user account used to access this computer and ensure you grant the following permissions:

    •  -Enable Account 

     

    •  -Remote Enable 

     

     

    f. Click Advanced, and then select the user account used to access this computer.

    g. Click Edit, select This namespace and subnamespaces in the Apply to field, and then click OK.

    h. Click OK on the Advanced Security Settings for CIMV2 window.

    i. Click OK on the Security for Root\CIMV2 window.

    j. Click Services in the left navigation pane of Computer Management.

    k. Select Windows Management Instrumentation in the Services result pane, and then click Restart.

    4. If you are monitoring a target in a workgroup, you need to disable remote User Account Control (UAC). This is not recommended, but it is necessary when monitoring a workgroup computer. Disabling remote user account control does not disable local user account control functionality.

    Warning: The following procedure requires the modification or creation of a registry key. Changing the registry can have adverse effects on your computer and may result in an unbootable system. Consider backing up your registry before making these changes.

    a. Log on to the computer you want to monitor with an administrator account.

    b. Click Start > Accessories > Command Prompt.

    c. Enter regedit.

    d. Expand the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    e. Locate or create a DWORD entry named LocalAccountTokenFilterPolicy and provide a DWORD value of 1.

    Note: To re-enable remote UAC, change this value to 0. 

    5. If the target computer has Windows Firewall enabled, it must have a Remote WMI exception to allow remote WMI traffic through (msdn.microsoft.com/.../aa389286(VS.85).aspx).

    a. Click Start, click Run, type cmd and then press ENTER.

    b. Type netsh firewall set service RemoteAdmin enable at the command prompt, and then press ENTER.

    c. Type exit at the command prompt, and then press ENTER.

  • 0 in reply to mstampfle

    mstample,

    As you are using a local account, you should not be specifying '@computername'.

    Simply enter 'Runas /user:ipmonitor cmd.exe'

    This of course assumes the same local account exists on the ipMonitor system and the remote system with the same password.  One cannot impersonate an account on a different system.

    Chris Foley - SolarWinds - Support Specialist
    Support:866.530.8040 || Fax:512.857.0125
    network management simplified  |  solarwinds.com

  • 0 in reply to mstampfle

    Also note that monitoring the status of a service can be done via:

    • WMI
    • RPC
    • SNMP

    However, controlling a service can only be done via RPC.

    Therefore, reviewing WMI security settings will not help.

    Chris Foley - SolarWinds - Support Specialist
    Support:866.530.8040 || Fax:512.857.0125
    network management simplified  |  solarwinds.com

  • 0 in reply to Fodome

    Fodome, 

     

    I didn't have the user ipmonitor on both systems with the same password.  That solved the login bad password issue.  However now I am getting this:  Reason: Access rights are insufficient 

    any suggestions?

     

    Thanks

  • 0 in reply to mstampfle

    Mstampfle,

    As you have now replicated the Windows account on the ipMonitor system, can you try the steps I had provided again:

    1. On the ipMonitor system, open a CMD prompt.

    2. Type "Runas /user:[username] cmd.exe" and enter.
     
    ***where [username] is the local account that exists on both ipMonitor and Remote systems.
     
    3. Enter password when prompted.
    4. In new CMD Window running as account, type the following:
     
    sc [ip] query
     
    ***where [ip] is the IP of the remote system.
     
    Does this give you the list of services on the remote system?
     
    Let me know.
     
    Sincerely,
     
    Chris Foley - SolarWinds - Support Specialist
    Support:866.530.8040 || Fax:512.857.0125
    network management simplified  |  solarwinds.com
  • 0 in reply to Fodome

    When i do the sc 10.239.xx.xxx query i get ERROR: Unrecognized command

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.