4 Replies Latest reply on Jan 8, 2013 9:18 PM by aLTeReGo

    WMI Calls Over VPN

    blashmet

      When I tested Patch Manager, I successfully deployed third party patches to computers connected to our network via VPN.  However, now it seems that WMI calls cannot be made to computers connected via VPN.  This is prohibiting third party updates from reaching these machines.  Does anyone know how to fix this?  Any help would be appreciated

        • Re: WMI Calls Over VPN
          David Di Blasio

          What are the results of running "Check and Manage Computer Connectivity" against one of these machines? Here's some detailed instructions on how to run this task.

           

          1. In the tree view in the left pane of the application, expand the Microsoft Windows Network level.

           

          2. Select a workgroup or domain from the tree view.

           

          The managed computers within the selected workgroup or domain display in the center pane.

           

          Note: This feature is also available from other views throughout the SolarWinds Patch Manager console, such as the Managed Computers view under the Patch Manager System Configuration level in the tree view on the left pane.

           

          3. Select a managed computer from the center pane.

           

          4. In the Actions pane, click Check and Manage Computer Connectivity.

           

          The system displays the Computer Access Management window.

           

          5. Select the applicable options. The wizard allows you to both check for necessary components/settings and configure them.

           

          6. Click OK.

           

          7. If applicable, complete the Computer Selection section of the Task Options Wizard.

           

          8. Click Next.

           

          9. Complete the Scheduling and Notification Options section of the Task Options Wizard.

           

          10. Click Next.

           

          11. On the Summary screen, click Finish.

           

          Results

          This action causes the system to attempt a WMI connection to the selected computer(s) in an attempt to verify that a connection can be made. Optionally, the action will caused WMI providers to be provisioned to the machine. As with the other configuration management tasks, this action will run according to the scheduling options, and if requested, results will be exported and emailed to the selected recipients.

            • Re: WMI Calls Over VPN
              blashmet

              It fails:

               

              clientname.corpdom.com0clientname.corpdom.comcheck_client_accessFailedHostname is clientname.corpdom.com1/7/2013 3:32 ttSERVERNAME

               

              I can't ping the machine.

               

              I think I found the answer though...I think we can't push updates out manually, but the client can pull them from the WSUS server.  What settings do we have to change in the VPN client to allow WMI calls?

                • Re: WMI Calls Over VPN
                  David Di Blasio

                  Based on this information I believe the first thing you'll want to look at is ports. Here's a list of the ports required for WMI to work.

                   

                  Port 135 TCP - RPC Endpoint Mapper

                  The SolarWinds Patch Manager server uses this port to establish WMI connections to remote computers. It also uses this port to connect to the Service Control Manager (SCM) when it provisions the WMI providers dynamically on the remote computer.

                   

                  Port 445 TCP - SMB over TCP

                  The SolarWinds Patch Manager server uses this port when it provisions the WMI providers to a remote computer.

                   

                  Dynamic Ports 1024-65536 - DCOM/RPC

                  WMI technology is based on Distributed Component Object Model (DCOM)/RPC communication. DCOM/RPC allocates the ports used by the server within a dynamic port range. This range is typically between 1024 and 65536. To configure these ports using Windows Firewall on your managed computers, enable the Inbound Rules in the Windows Management Instrumentation (WMI) group.