Hostmonitor (WMI) in Firewall protected environment

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
Gerhard
Posts: 26
Joined: Mon Oct 16, 2006 8:25 am

Hostmonitor (WMI) in Firewall protected environment

Post by Gerhard »

Dear KS-Soft,

I have been using Hostmonitor succesfully for a while now, but still have one issue i cannot get resolved. In our company we have a pretty large DMZ environment protected by firewalls. Offcourse i have several RMA's installed within this DMZ.

The problem is that within the DMZ we have a lot of subnets again protected with firewalls. It's not an option to install a RMA per subnet, because we have a lot of subnets. I like to perform WMI test a.s. within this DMZ using a RMA.

test from Hostmonitor server to the RMA in the DMZ works fine (using port 1055) with 1 port opened in the firewall, but as i understand WMI uses random high ports which are impossible to open all in all firewalls. I would like to use 1 RMA in the DMZ and configure this RMA (DCOM) to perform WMI tests with specified port(range). Can anybody help me with this? Thanks in advance.

Gerhard
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

Yes, DCOM dynamically allocates TCP ports for each process.
Theoretically you may decide how many ports you want to allocate to DCOM processes, which is equivalent to the number of simultaneous DCOM processes through the firewall. You do this with the "HKEY_LOCAL_MACHINES\Software\Microsoft \Rpc\Internet" registry key, which you have to create.
E.g.
- set REG_MULTI_SZ to "5100-5020 135 1055"
- set PortsInternetAvailable to "Y"
- set UseInternetPorts to "Y"
http://msdn.microsoft.com/en-us/library ... S.85).aspx
http://support.microsoft.com/kb/154596
Note1: that you must use Regedt32.exe instead of Regedit.exe to add the REG_MULTI_SZ value.
Note2: serious problems might occur if you modify the registry incorrectly

You should open all TCP ports corresponding to the port numbers you choose. You also need to open TCP/UDP 135, which is used for RPC End Point Mapping.

Regards
Alex
Gerhard
Posts: 26
Joined: Mon Oct 16, 2006 8:25 am

Post by Gerhard »

Dear Alex,

Thanks for your quick reply, i have succesfully created the registry entry on the RMA server. But it is not working, or do i have to create this entry on the hostmon or client server?

Hostmonitor server --> RMA --> Clients

The hostmonitor server performs tests using RMA, i created registry entry on RMA server and opened the ports in the firewall, but on the clients these ports are not listening (netstat -a). Any ideas?

Regards Gerhard
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

Yes, you should modify registry on system where RMA is running (if test is performed by agent).
The hostmonitor server performs tests using RMA, i created registry entry on RMA server and opened the ports in the firewall, but on the clients these ports are not listening (netstat -a). Any ideas?
If you set REG_MULTI_SZ to "5100-5020 135 1055", it does not mean these ports should be open on remote system. However port 135 (End Point Mapping) should be "listened" on remote system. If this port is not active, I assume RPC service is not started. If RPC service is not started, you cannot perform any tests like CPU Usage, Process, Service, WMI, Performance Counter, etc.

Regards
Alex
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

Also
1) Have you restarted server after registry modifications?
2) I made mistake here REG_MULTI_SZ to "5100-5020 135 1055"
5100-5020 does not look correctly. 5100-5200 looks better
3) Also if that system communicates with other Windows systems on regular basis plus RMA should be able to test several remote systems, I think you may need more then 100 ports in that range.
Quote from Microsoft "In most environments, a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other"

Regards
Alex
Post Reply