15 Replies Latest reply on Aug 6, 2010 1:02 PM by Fodome

    Creating alert for windows 2008 R2 Server

      I need to create an alert for a service to restart on windows 2008 R2 server. I have opened up the correct ports for both SNMP and WIM. I tried using a domain account and also a local account of that machine. I disabled local security policy: UAC Run all administrators in Admin Approval Mode. 

      Please let me know how I can resolve this issue.

        • Re: Creating alert for windows 2008 R2 Server
          Fodome

          Hello mstampfle,

          In order to successully control services remotely, you need to make sure that the following ports are open over TCP:
           
          -139
          -445
           
          In order to test this, you can open a CMD prompt on the ipMonitor system and run the following command:
           
          -To stop a service: sc [ip] stop [service name]
          -To start a service: sc [ip] start [service name]
           
          If this works, ipMonitor should be able to restart services remotely.
           
          Let me know if you require additional assistance with this.
           
          Sincerely,
           
          Chris Foley - SolarWinds - Support Specialist
          Support:866.530.8040 || Fax:512.857.0125
          network management simplified  |  solarwinds.com

            • Re: Creating alert for windows 2008 R2 Server

              Chris, 

              This is the error that i continue to get 
              Unable to obtain the list of services from "10.239.xx.xx". Reason: Logon failure: unknown user name or bad password. (0x52e) 
              I have verified that the password matches on the server and in IPmonitor.  also this machine is a none domain machine.
               we are using the COMPUTERNAME\Username format

                • Re: Creating alert for windows 2008 R2 Server
                  Fodome
                  mstampfle,

                   

                  As one cannot impersonate an account on another system, you will need to use the ".\username" or "username"format.  Try this:

                   

                  1. On the ipMonitor system, open a CMD prompt.

                  2. Type "Runas /user:[username] cmd.exe" and enter.

                   

                  ***where [username] is the local account that exists on both ipMonitor and Remote systems.

                   

                  3. Enter password when prompted.

                  4. In new CMD Window running as account, type the following:

                   

                  sc [ip] query

                   

                  ***where [ip] is the IP of the remote system.

                   

                  Does this give you the list of services on the remote system?

                   

                  Let me know.

                   

                  Sincerely,

                   

                  Chris Foley - SolarWinds - Support Specialist
                  Support:866.530.8040 || Fax:512.857.0125
                  network management simplified  |  solarwinds.com
                    • Re: Creating alert for windows 2008 R2 Server

                      Fodome,

                       

                      C:\Users\ipmonitor>Runas /user:[ipmonitor@app.cxx.xxx] cmd.exe

                      Enter the password for [ipmonitor@app.xxx.xxx]:

                      RUNAS ERROR: Unable to acquire user password

                        • Re: Creating alert for windows 2008 R2 Server

                          Any suggestions?  I have followed the documentation provided by ipmonitor below.  And it did not have any effect on ipmonitor.

                          Troubleshooting WMI

                          1. As remote WMI connections use RPC, the RPC Service must be enabled and started on the remote system

                          a. Logon to the remote system.

                          b. Open the Windows Services list on that system.

                          c. Ensure that the "Remote Procedure Call (RPC)" service is enabled and started.

                          2. As WMI also uses DCOM to communicate with the remote system, it must be enabled and configured correctly on the remote system.

                          a. Log on to the target server with an administrator account.

                          b. Navigate to Start > Control Panel > Administrative Tools > Component Services. You need to switch to the Classic View of the Control Panel to use this navigation path.

                          c. Expand Component Services > Computers.

                          d. Right-click My Computer, and then select Properties.

                          e. Select the COM Security tab, and then click Edit Limits in the Access Permissions grouping.

                          f. Ensure the user account you want to use to Monitor resources over WMI has Local Access and Remote Access, and then click OK.

                          g. Click Edit Default, and then ensure the user account you want to use to Monitor resources over WMI has Local Access and Remote Access.

                          h. Click OK.

                          i. Click Edit Limits in the Launch and Activation Permissions grouping.

                          j. Ensure the user account you want to use to Monitor resources over WMI has Local Launch, Remote Launch, Local Activation, and Remote Activation, and then click OK.

                          k. Click Edit Default, and then ensure the user account you want to use to Monitor resources over WMI has Local Launch, Remote Launch, Local Activation, and Remote Activation.

                          l. Click OK.

                          3. Verify WMI Security to ensure that the account used by the ipMonitor Credential can access the CIMV2 namespace.

                          a. Log on to the computer you want to monitor with an administrator account.

                          b. Navigate to Start > Control Panel > Administrative Tools > Computer Management > Services and Applications. You need to switch to the Classic View of the Control Panel to use this navigation path.

                          c. Click WMI Control, and then right-click and select Properties.

                          d. Select the Security tab, and then expand Root and click CIMV2.

                          e. Click Security and then select the user account used to access this computer and ensure you grant the following permissions:

                          •  -Enable Account 

                           

                          •  -Remote Enable 

                           

                           

                          f. Click Advanced, and then select the user account used to access this computer.

                          g. Click Edit, select This namespace and subnamespaces in the Apply to field, and then click OK.

                          h. Click OK on the Advanced Security Settings for CIMV2 window.

                          i. Click OK on the Security for Root\CIMV2 window.

                          j. Click Services in the left navigation pane of Computer Management.

                          k. Select Windows Management Instrumentation in the Services result pane, and then click Restart.

                          4. If you are monitoring a target in a workgroup, you need to disable remote User Account Control (UAC). This is not recommended, but it is necessary when monitoring a workgroup computer. Disabling remote user account control does not disable local user account control functionality.

                          Warning: The following procedure requires the modification or creation of a registry key. Changing the registry can have adverse effects on your computer and may result in an unbootable system. Consider backing up your registry before making these changes.

                          a. Log on to the computer you want to monitor with an administrator account.

                          b. Click Start > Accessories > Command Prompt.

                          c. Enter regedit.

                          d. Expand the following registry key:

                          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

                          e. Locate or create a DWORD entry named LocalAccountTokenFilterPolicy and provide a DWORD value of 1.

                          Note: To re-enable remote UAC, change this value to 0. 

                          5. If the target computer has Windows Firewall enabled, it must have a Remote WMI exception to allow remote WMI traffic through (http://msdn.microsoft.com/en-us/library/aa389286(VS.85).aspx).

                          a. Click Start, click Run, type cmd and then press ENTER.

                          b. Type netsh firewall set service RemoteAdmin enable at the command prompt, and then press ENTER.

                          c. Type exit at the command prompt, and then press ENTER.

                          • Re: Creating alert for windows 2008 R2 Server
                            Fodome

                            mstample,

                            As you are using a local account, you should not be specifying '@computername'.

                            Simply enter 'Runas /user:ipmonitor cmd.exe'

                            This of course assumes the same local account exists on the ipMonitor system and the remote system with the same password.  One cannot impersonate an account on a different system.

                            Chris Foley - SolarWinds - Support Specialist
                            Support:866.530.8040 || Fax:512.857.0125
                            network management simplified  |  solarwinds.com