|
| | | Forum Newbie
Group: Forum Members
Last Login: 2/25/2005 5:59:00 PM
Posts: 3, Visits: 1 |
| I am attempting to use a passive monitor to watch the NT event logs for critical errors. This works fine for machines on the same subnet as the WUP machine. However, when trying to monitor machines on subnets that go through our Checkpoint Firewall-1 NG machine, I get the following error: "DCOM was unable to communicate with the computer 10.1.2.99 using any of the configured protocols." It's not a firewall rules issue, we are allowing that port to pass. On the firewall log, it's allowing the first packet through, but then dropping subsequent packets using one of their "internal" rules, rule 998. On contacting checkpoint, they said that this rule is invoked when a malformed packet is detected. Has anyone else run into this issue? Is it a WUP issue? The machine running WUP is an XP Pro machine (latest patches) on the 10.1.1.x subnet, the machines I'm trying to monitor on the 10.1.2.x subnet, separated by the checkpoint firewall. We have a support contract with IPSwitch, but they haven't responded to my emails  |
| |
| | | 
Time Traveler
Group: WhatsUp Gold Expert
Last Login: Today @ 6:26:34 AM
Posts: 1,408, Visits: 3,640 |
| A few ideas :
A/ Put a sniffer on each side of the network. Check the packets. Maybe they are corrupt when sent by WUP, maybe checkpoint is corrupting them.
B/ On the WUP subnet put another machine, run the event viewer on it then try to connect to the remote machine. My guess (but I might be wrong) is that the way your event viewer console will access the remote machine is similar to the way WUP does it. If this does work, then it's an issue with WUP. If it doesn't --then probably with your checkpoint.
Hope this helps
Reading, writing and arithmetic - If you need to choose, please take option 1. |
| |
| | | Junior Member
Group: Forum Members
Last Login: 10/21/2005 12:33:00 PM
Posts: 11, Visits: 1 |
| Did you find a resolution to this?
I had the same problem, but without running a firewall. I cured the dcom problem which relates to the server not being able to access the Dcom on the remote machine.
by enabling these services.
COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Workstation
Then opening Computer Management right clicking on WMI Control (local) and select Properties.
Click the Security tab and then click on Root.
Click the Security button. Make sure the Administrator account is added and that the Allow column has checkmarks in all the options
Do this on both machines.
This allowed me to get access to get access to the WMI remotely, but i still can't monitor a remote server.
I'm using the Trial Version of the software does anyone know if there are any limitations in regards to monitoring remote machines? Only I need to evaluate this software for company use.
Any info would be great.
Regards,
Tyson Collins
|
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 2/25/2005 5:59:00 PM
Posts: 3, Visits: 1 |
| Actually, I can use the event view to view the event log of the remote maching FROM the WUP machine! It's only WUP that cannot connect, so that makes me think its a problem with WUP, rather than the firewall or the box. |
| |
| | | Junior Member
Group: Forum Members
Last Login: 10/21/2005 12:33:00 PM
Posts: 11, Visits: 1 |
| | Are you using the trial version? |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 2/25/2005 5:59:00 PM
Posts: 3, Visits: 1 |
| | I am using the full version. |
| |
|
|