application-testing-logo

Main Office: 888.624.4447

rivals banner

Frequently asked questions

 
  AppLoader - Load Testing
 
 
AppsWatch - Application Testing
 
 
Chroniker Suite - Availability Monitoring

 

 

 

 

 

 

 
Systems

Frequently Asked Questions - Answers 

 

 AppLoader


Q: What should I do when AppLoader Station, Session Initiator, or Console does not open when trying to launch it?


A: Register the component you have trouble launching as follows:
    Go to start then run and type cmd then hit enter
    Register Chroniker: Go to your \webserv\bin\
    Type regsvr32 /u mscomctl.ocx then hit enter
    Now Type regsvr32 /u \Webserv\bin\mscomctl.ocx then hit enter
    To register Station: Go to your \appsloader\agent\
    Type regsvr32 /u mscomctl.ocx then hit enter
    Now Type regsvr32 /u \appsloader\agent\mscomctl.ocxthen hit enter
    To register Console: Go to your \appsloader\Console\
    Type regsvr32 /u mscomctl.ocx then hit enter
    Now Type regsvr32 /u \appsloader\Console\mscomctl.ocx then hit enter
    To register Session Initiator: Go to your \appsloader\Initiator\
    Type regsvr32 /u mscomctl.ocx then hit enter
    Now Type regsvr32 /u \appsloader\Initiator\mscomctl.ocx then hit enter
    If the above does not work do the following:
    Go to c:\windows\system32
    Type regsvr32 /u mscomctl.ocx then hit enter
    Now Type regsvr32 /u c:\windows\system32\mscomctl.ocx then hit enter

 If the above does not work do the following:
   Go to c:\windows\system32
   Type regsvr32 /u mscomctl.ocx then hit enter
   Now Type regsvr32 /u c:\windows\system32\mscomctl.ocx then hit enter

 


Q: Can I copy and paste line actions in AppLoader Station?


A: Yes. The saved scenario file can be found under your \My Documents\AppLoader Station\script\ folder. You can open the scenario file in notepad or any text editor to modify it.

 Q: I opened my AppLoader Station in Session Initiator RDP sessions but I don't see it in my Console, what should I do?


A: Go to your AppLoader Station and click on Tools then Options. Check the host and the port. The host should be the host of the machine where Console is installed, and the port is the Station listening port, the default port is 11003 or the port you specified when installing the Station. If this information is blank or incorrect then the Station is not able to read the registry or the registry information is incorrect.
To resolve this issue:
Make sure to close the Console, Session Initiator, and Log off current users on Terminal Server. (To Log off   current users, log in to the Terminal Server as an administrator and go to Task Manager then go to Users Tab and right click on the users to log them off.
Go to start then run. Type regedit then hit enter
HKEY_LOCAL_MACHINE -> SOFTWARE -> CHRONIKER -> AppLoader (click on AppLoader)
On the left pane you will see the keys, make sure they are correct
Make sure your users have full access to the registry. To give permissions: right click on AppLoader (located in HKEY_LOCAL_MACHINE -> SOFTWARE -> CHRONIKER -> AppLoader) and click on Permissions.
Go to start -> run and type services.msc then hit enter. Restart Chroniker Agent Service.
Launch AppLoader Console, the Session Initiator and test your connection

Q: I've created a scenario to capture a bitmap on my windows task bar; however, when I run the scenario it does not find the bitmap image?


A: Make sure the bitmap you selected matches the image. For example, some images change on mouseover. Also make sure that the image has the same color depth as the machine running the scenario.

Q: When I load many users into Session Initiator, Some users disconnect before I complete launching all the users.

A: Check the following:

1. Make sure you have enough resources on that machine to run the number of users you're running.
2. Make sure windows Screensaver and Terminal Server timeout session are disabled for all users. You can disable them by going to gpedit.msc
3. Make sure you don't see any errors popping inside the RDP sessions.

Q:   What should I do when my scenarios fail randomly?


A: Check to see that your bitmap does not change color or style on mouse over. When using Bitmap actions on the left pane to capture bitmaps, make sure the bitmap image and the captured image are the same.
  If the bitmap on the screen needs time to appear, then use WaitForBitmapAppear action instead of FindBitmap. You can also specify the wait time for the bitmap to appear in the WaitForBitmapAppear window. If you enter 5, for example, this means the scenario will look for the image for 5 seconds before it decides a fail or success
  If you captured the bitmap on one machine and then moved your scenarios to a different machine, then make sure the two machines have same color depth and the captured image matches the original.

•    Another way of capturing the bitmap is without using waitForBitmapAppear action:
You can take the bitmap yourself using snapshot or print screen on your keyboard (make sure you don't edit the image or change the format). You can capture the image itself and save it as bitmap using "paint" program. Make sure you save the bitmap same color depth as the machine you are running the scenario on. For example, If the machine depth is 16bits then you should save the bitmap as 16 bits.
Save the image in your scenario scripts [scenario]_files folder
My Documents\AppLoader Station\script\[scenario]_files folder
Give it a meaningful name, in our example we will use products.bmp
Open your scenario file in Text Editor "notepad", for example, and add the following line where appropriate
WaitBitmapAppear (products,81,95,640,286,4,10,0,0,0,0)
products   is the name of the image we saved
81   is the width of the saved image
95  is the threshold of the image we saved
640   is the x position on the screen where you captured the bitmap
286   is the y position on the screen where you captured the bitmap
4  This is cursor position (center)
10   is the time wait for the bitmap to appear
0   Search Region (x) top from (top, left)
0   Search Region (y) left from (top, left)
0   Search Region (x) from (bottom, right)
0   Search Region (y) from (bottom, right)

•    My Scenario fails before completion and I get "Playback failed to complete within specified duration of [number of seconds] :
You can set the scenario time by going to File then Scenario Properties from your Station and set the "Playback Error After" time. The duration time of your actual scenario plus ( Event Enterval * number of lines in your scenario ) should be equal or less than "Playback Error After" time.
The Event Enterval means to wait for the specified time in milliseconds before it executes each line in your scenario. It can also be specified by going to File then Scenario Properties from your Station

•    My scenario fails and I have many applications open. How can I close all those open applications?

In your Station, go to File then choose Scenario Properties: Input the command to execute on scenario failure. The command you enter will be executed at the specific station where the scenario fails. You can enter more than one command, for example,
taskkill /im iexplore.exe /im wfica32.exe /f
The above command will kill all "Internet Explorer" running and "Citrix ICA Client Engine" running.
Note: This command is a windows command. You can enter any windows command that is installed on your windows OS in this option box.
  

AppsWatch

 

Q:    I know that one of the pages in my scenario takes long to load. How can I make the script wait until the page loads?


A:    There are few options Scenario Station provides:
You can use WaitForWindowAppear Action on the left pane of your Scenario Station to wait for window to load successfully, you can set the time of wait in the "Select Window" popup window.
You can use WaitForBitmapAppear Action on the left pane of your Scenario Station to wait for bitmap in that window to load successfully, you can set the time of wait in the "Select Bitmap" popup window
You can use Wait Action on the left pane of your Scenario Station and set wait time in seconds.

Note: Make sure the total time of your scenario including wait times does not exceed the "Playback error after" time specified in File->Scenario Properties in your Scenario Station.

Q:    How long does a scenario wait for a Windows event to happen before failing?


A:    The default wait time is 10 seconds. It can be modified as follow:
If you are using WaitForWindowAppear Action then you can modify the wait time option in the "Select Window" popup window.
If you are using WaitForBitmapAppear Action then you can modify the wait time option in the "Select Bitmap" popup window.
If you are using Wait Action then you can modify the wait time option in the "Wait" popup window.
 

Q:    How can I get the response time up to specific points within one scenario?


A:    You can use Transaction action on the left pane of your Scenario Station to divide your Scenario into meaningful sections. Each Transaction is a section of the scenario (consisting of a sequence of actions) marked for the purpose of measuring the performance (response time) of that section within the scenario. Transactions let you know the exact point where the failure or slowness occurs when playing back the scenario against your target application.
 

Q:    How can I view the screenshots of past failures?


A:    To view screenshots of past errors:
Click on the scenario name to see the graph and summary statistics.
Click on the point on the graph where the scenario failed in the past (value will be zero).
The actual screenshot of the failed scenario will pop up. Note: the center of the magnifying glass must be exactly over the point to retrieve the screen shot.

Q:    What should I do when my scenarios fail randomly?


A:     My Scenario keeps failing at a certain bitmap image:
Check to see that your bitmap does not change color or style on mouse over. When using Bitmap actions on the left pane to capture bitmaps, make sure the bitmap image and the captured image are the same.
If the bitmap on the screen needs time to appear, then use WaitForBitmapAppear action instead of FindBitmap. You can also specify the wait time for the bitmap to appear in the WaitForBitmapAppear window. If you enter 5, for example, this means the scenario will look for the image for 5 seconds before it decides a fail or success.
If you captured the bitmap on one machine and then moved your scenarios to a different machine, then make sure the two machines have same color depth and the captured image matches the original.
•    Another way of capturing the bitmap is without using waitForBitmapAppear action:
You can take the bitmap yourself using snapshot or print screen on your keyboard (make sure you don't edit the image or change the format). You can capture the image itself and save it as bitmap using "paint" program. Make sure you save the bitmap same color depth as the machine you are running the scenario on. For example, If the machine depth is 16bits then you should save the bitmap as 16 bits.
Save the image in your scenario scripts [scenario]_files folder
[AppsWatch Install Folder]\ScenarioStation\bin\script\[scenario]_files folder
and give it a meaningful name, in our example we will use products.bmp
Open your scenario file in Text Editor "notepad", for example, and add the following line where appropriate
WaitBitmapAppear (products,81,95,640,286,4,10,0,0,0,0)
products   is the name of the image we saved
81   is the width of the saved image
95  is the threshold of the image we saved
640   is the x position on the screen where you captured the bitmap
286   is the y position on the screen where you captured the bitmap
4  This is cursor position (center)
10   is the time wait for the bitmap to appear
0   Search Region (x) top from (top, left)
0   Search Region (y) left from (top, left)
0   Search Region (x) from (bottom, right)
0   Search Region (y) from (bottom, right)

•    My Scenario fails before completion and I get "Playback failed to complete within specified duration of [number of seconds] :
You can set the scenario time by going to File then Scenario Properties from your Station and set the "Playback Error After" time. The duration time of your actual scenario plus ( Event Enterval * number of lines in your scenario ) should be equal or less than "Playback Error After" time.
The Event Enterval means to wait for the specified time in milliseconds before it executes each line in your scenario. It can also be specified by going to File then Scenario Properties from your Station

•    My scenario fails and I have many applications open. How can I close all those open applications?
In your Station, go to File then choose Scenario Properties: Input the command to execute on scenario failure. The command you enter will be executed at the specific station where the scenario fails. You can enter more than one command, for example,
taskkill /im iexplore.exe /im wfica32.exe /f
When installing Scenario Station, the web default port of scenario station is 8000 unless it is changed. You can test the connectivity between the station and AppsWatch by opening a web browser on the AppsWatch machine and typing the following URL in the address bar http://[IP of Scenario Station machine]:8000
You should see a Remote Locations page. If you don't see the page, then:
check any firewall connections between AppsWatch machine and Scenario Station machine if each is installed on its own machine.
And check that you have registered Scenario Station with the correct port by going to tools-> Scenario Stations page, then edit the station.
 

Chroniker General

Basic Questions

Q:    What does the following error in my windows eventlog mean?


The description for Event ID ( 487 ) in Source ( Zend Optimizer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Unable to view file mapping, Attempt to access invalid address.

A:    This means Optimizer can't set up the shared memory. you need to clean your windows temp dir, ensure that everybody has access to it, and remove ZendOptimizer files from there, then restart the webserver. Alternatively, you can just ignore it - shared memory is used only for limited-user scripts, so if you don't run those, Optimizer is OK without it.
 

Q:    Do I need to install agents on my system?


A:    If you are using Logs, you will need Logs Agent in the servers containing the log files you want to monitor. With the exception of Logs, all other Chroniker monitors are agent-less.

Q:    Is Chroniker Graphics based?


A:    Chroniker has a web based user interface. Any web browser that supports forms and cookies is usable.
 

Q:    I am running Red Hat Linux 7.3. Will Chroniker work for me?


A:    Chroniker monitors multiple operating systems including Red Hat Linux versions 7.2, 7.3, 8.0 and 9.0 amongst others. However, the install host server for the application is Windows only. Linux and Unix install versions will be available soon.

Q:    I have an older system and am concerned that Chroniker won't work, what are the minimum requirements?


A:    Both the minimum and recommended requirements are listed here for Nodes and Tasks.

Q:    I have a Unix only environment. Can Chroniker run on Unix?


A:    Right now you can monitor Unix, but must have one Windows box to run Chroniker. A Linux version will be available shortly. (you can convert at no cost)

Q:    My status map page says "Page Not Available" and I can't get it back.


A:    This probably occurred because you used the browser navigation (Back and Forward) buttons. You should only use the buttons within the Chroniker program to navigate in Chroniker. To get your page back, use the normal Chroniker navigation and try again. If the problem persists, please restart the Chroniker Service by right clicking on the Chroniker icon in the system tray and click Stop Chroniker Server, and then when the icon turns red, right click again and click Start Chroniker Server.

Q:    I cannot access Chroniker from the browser. Chroniker URL times out from remote systems. What should I do?


A:    It might be a Windows Firewall issue. You need to open the port number that the Chroniker listens to in your windows firewall. The default Chroniker port is 8888. To do so:

    Go to Control Panel > Windows Firewall
    Click on the Exceptions Tab
    Click on " Add Port " button
    Enter the name and port number
    Click OK

Q:    Cannot login to Chroniker. Whenever I entered the username and password, it takes me back to login page.


A:    It could be from your browser's settings. If you are using Internet Explorer (IE), follow these steps:

    Inside the IE window, click on the Tools Menu > Internet Options > Security Tab
    Click on the Trusted Sites Icon then click the Sites Button
    Add the Chroniker address in here and click ok.
    Do the same thing for the Local Intranet and Internet Zones
    Also check the Restricted Sites Zone and see if the Chroniker Site is there. If so then remove it.
    Allow cookies from Chroniker:
    Click on the Privacy Tab then the Sites Button
    Enter the Chroniker address in the given field and click the Allow Button.
    Click ok.

Q:    Does Chroniker use a secure web interface (SSL)?


A:    Starting version 3.5, Chroniker gives you the option to use a secure web interface. During the installation, check the box to use secure web interface otherwise Chroniker will use a regular web interface.

Q:    I am using the Chroniker secure web interface and the Security Alert window pops up whenever I want to access Chroniker. why?


A:    Chroniker uses self-signed certificates which are valid for server name "localhost". To avoid this pop-up, you need to generate your own certificate and key or obtain them from Certificate Authorities like Verisign. Once you have your certificate, refer to the "How can I use my own SSL certificate" question below for the steps on how to make your certificate work with Chroniker.

Q:    How can I use my own SSL certificate with Chroniker?


A:    To use your own certificate:
Copy your certificate to the "\webserv\conf\ssl" folder.
If the certificate and key names are different than the ones already present in the above folder, then you will need to edit the webserver config file:
Open httpd.conf found in the "\webserv\conf" folder.
Change the following values to point to your own certificate and key:
SSLCertificateFile conf/ssl/localhost.cert
SSLCertificateKeyFile conf/ssl/localhost.key
If you want to change the server-name to reflect the name contained in your server-certificate then edit the  following key:
ServerName :

Q:    What kind of reports can I get with Chroniker?


A:    Every module includes Service Level Agreement (SLA) reports, Daily/Monthly/Yearly and Top (N) reports for the most and least of a data set. If you would like additional reports using Chroniker, contact us about custom programming.

Q:    Are the reports easy to understand at a glance?


A:    Yes. Reports are even color coded for ease of use. Daily, weekly and monthly reports are created, with the ability to set any time frame you would like.

Q:   How about if I need custom reports?

A:    We can develop custom reports that fit your specific needs. All you need to do is send us a request with a description of the needed report. Click here to learn more or contact sales@nrgglobal.com

Q:    What kind of things does Nodes Monitor?


A:    Nodes monitors any node or networking device as long as it is TCP/IP based. Meaning it must have an associated IP address. Click here to read a full list.

Q:    What does Nodes Monitor for?


A:    Nodes monitors the response time and system/service uptime.

Q:    What kind of things does Tasks Monitor?


A:    Tasks monitors web applications, FTP, DNS servers, databases, email, network file copy tests, even custom tasks.  Click here to read a full list.

Q:    What does Tasks Monitor for?


A:    Tasks monitors the response time and success ratio.  Also provides reports and graphs on this data.

Q:    I added a "Network FileCopy Task" To Tasks and it fails, what should I do?


A:    Check the following:

Make sure you can connect to the network drive you are copying from/to with the username and password you provided.
Make sure to add a trailing \ at the end of your destination path. For example, c:\temp\

Q:    What kind of things does SNMP Monitor?


A:    It monitors any SNMP OID (object identity) for devices, appliances, printers, and servers.

Q:    What does SNMP Monitor for?


A:    SNMP monitors devices via SNMP for information on hardware failures, server temperature, traffic errors, etc.

Q:    What kinds of things does Systems Monitor?


A:    Systems monitors CPU, Disks, Memory, File Systems, Processes, Services and Applications. Click here to read a full list.

Q:    What does Systems Monitor for ?


A:    Systems monitors the response time for changes in file size, average disk queue length, CPU usage, application processes, physical and virtal memory and window services.

Q:    What kind of things does Applications Monitor?


A:    Applications monitors Applications like Citrix, Oracle, SAP, PeopleSoft, Sieble, etc... from the End users perspective. Click here to read a full list.

Q:    What does Applications Monitor for?


A:    Applications monitors the response time and availability of any complex user scenario in ANY Windows based client application.

Q:    What kind of things does Dashboards Monitor?


A:    Dashboards organizes all the metrics in your monitored environment into real-time KPI dashboards. Click here to read a full list.

Q:    What does Dashboards Monitor for?


A:    Dashboards pro actively monitors your business through customizable groups that allow you to know instantly know what business process is affected.

Q:    Should a high priority alert be raised afterhours, but is not acknowledged within 20 mins, I would like to send another alert to a different destination. Is this possible?


A:    Yes. You can achieve this functionality by using the 4 type of alerts and the duration. In this example, you would have a warning sent to person A if value is greater than X for a duration of 5 mins  then you can have an error alert sent to person B if value is still greater than X after 20 mins.

Q:    I am using my watch elements to monitor nodes, can I now switch them to do system objects?


A:    Yes. Watch Elements can be transferred at will.

Q:    I am unsure about how many Watch Elements I am going to need ahead of time, what should I do?

A:    Start with how many you think you will need first. You can start with the Basic Availability Package or one of the others at nrgglobal/Availability_Monitoring_Packs.  Then you can later expand as much as you need as your project(s) progress.

Q:    I have a very complex scenario, how much will it cost me?


A:    With Applications, each ScenarioStation comes with unlimited number of scenarios.  The cost depends on how many ScenarioStations you need. Please contact  sales@nrgglobal.com for current pricing.

Q:    What is the pricing for the Server Essentials Package?

A:    The pricing depends on your monitoring requirements. Email  sales@nrgglobal.com with a description of the number of servers and nodes you will be monitoring so you can get the current pricing of the package that fits your needs.

Q:    My company has already purchased a larger software package, but I like the reports that are difficult to get without Chroniker. Can Chroniker send alerts through this application?


A:    Yes, you can select Chroniker to send alerts to any third party software.

Q:    Is data extraction available in Chroniker? I would like my other software (Crystal Reports) to analyze the data collected in Chroniker.


A:    Yes, Chroniker's data can be extracted by third party software.

Q:    How can I setup Chroniker to forward its alerts to my other monitoring software (i.e HPOV)?


A:    You can setup Chroniker to send SNMP traps that will forward the Chroniker alerts message to your other monitoring software. To do so:

Go to SNMP trap reaction page
Click on the reactions button in Chroniker top menu
Click on "Add New Reaction"
Once the menu is displayed, click "SNMP Trap Reaction"
Follow the instructions on the page on how to download TrapGen program
Fill out the form as follow:
Enter the host serverwhen your other software is running
The port is optional (it defaults to 162)
In the message field have the alert message variable only, %ms.
Whatever variables you want to include in the alert message, you can set them at the event level as follow:

Go to the events page (click on the events button in the top Chroniker menu bar)
Edit or create an event
Under the Alert Message field, type in your message and use the drop down list in the right of the field to include the necessary variables Note: This message alert in the event is the one that will be sent in the trap.
Click update or add

Q:    What password do I use to get started?


A:    The default password is chroniker (case sensitive). You can change this in the setup options after you are logged in.

Q:    What do I need to send email notifications?


A:    During installation the installer asks for the outgoing mail server/SMTP server. Simply type it in at this time.

Q:    How do I edit a task once it is made?


A:    Click the edit icon next to the task and make the necessary changes .

Q:    What TCP or UDP ports does Chroniker use?


A:    Chroniker uses only one (1) port, and that is for our web server.

Q:    How do I change my password?


A:    The password is changed by clicking on "Setup" in the top menu of any module, then click on Change Password. We recommend you change your password from the default the first time you use Chroniker.

Q:    Can I have more than one console using Chroniker to monitor?


A:    There is no limit to the number of console users.

Q:     I accidentally deleted the Chroniker startup icon from my desktop. How do I run Chroniker?

A:    Click on the icon located on the Start Menu-> Program files ->Chroniker to create a new shortcut. Or to manually open the program in a web browser; the URL is http://(your_hostname):(port)/. Replace (your_hosname) with the name of the computer that Chroniker is installed on, Replace (port) with the TCP port you selected for Chroniker Web server. The default port is 8888.
 
 
 

Systems

WMI Errors

Q:    What could be the reasons for the Access Denied/Host Not Found message?


A:    If you get the message "Access Denied" or "The remote machine does not exist or is unavailable":

Check that you have local Administrator rights on the target machine. WMI will not function unless the account you are using has local Administrator rights on the machine you wish to monitor.
Check that DCOM is enabled on both the host and the target PC. Check the following registry value on both computers:
Key: HKLM\Software\Microsoft\OLE, value: EnableDCOM, should be set to 'Y'
Check that WMI is installed. WMI is present by default in all flavors of Windows 2000 and later operating systems, but must be installed manually on NT4 systems.
To check for the presence of WMI, type "wbemtest" into the Run box (Start Menu). If the WMI Tester application starts up, then WMI is present, if not, it must be installed.
Ensure that WMI permissions have been set correctly.
On a Windows XP Pro computer, make sure that remote logons are not being coerced to the GUEST account (aka "ForceGuest", which is enabled by default computers that are not attached to a domain). To do this, open the Local Security Policy editor (e.g. by typing 'secpol.msc' into the Run box, without quotes). Expand the "Local Policies" node and select "Security Options". Now scroll down to the setting titled "Network access: Sharing and security model for local accounts". If this is set to "Guest only", change it to "Classic" and restart your computer.
Also on an XP computer running SP2, configure the firewall to allow remote administration. To do this, open a command prompt and type: netsh firewall set service RemoteAdmin
If you have other internal firewalls on your network, you may have to configure them to allow WMI messages.
Even if you are not knowingly running any firewall software, bear in mind that big-name antivirus solutions such as those produced by McAfee and Symantec often contain their own firewall functionality. If such software is not properly configured to allow WMI traffic, then this may be the cause of the problem.
Make sure that no remote access or WMI-related services have been disabled. On an XP machine, the following services should be running (or at least allowed to start on demand):

COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
WMI Performance Adapter
Workstation

For more information about troubleshooting WMI, please see the Microsoft WMI troubleshooting site
 

Q:    No errors are returned, but some or all the metrics are empty?


A:    You might need to reset WMI counters, to do so use the following from command line:

winmgmt /clearadap
winmgmt /resyncperf

if the counters are still empty, then try the command:

wmiadap

Q:    What does it mean when it says - RPC Server Unavailable when auditing machines running Windows 2003 or XP SP2 ?


A:    There are two ways you can fix this -
Enable RPC permissions in the Domain Group Policy
-OR-
Enable RPC permissions on a single target machine

Enable RPC permissions in the Domain Group Policy:
Run Microsoft Management Console on a Windows XP machine (Start|Run|mmc). Note: The Group Policy Object Editor for Windows 2000 does not have the required template to edit Windows XP Firewall settings, thus it must be run under Windows XP.
Add "Group Policy Object Editor" snap-in (File|Add/Remove Snap-in...|Add...|Group Policy)
Select the Group Policy Object for which you want to enable RPC ( Normally this will be the "Default Domain Policy", but if you already have other Group Policy Objects enabled for your networks, select the appropriate one )
Navigate to: [Group Policy Object]|Computer Configuration|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Profile ( for a Domain administered network - Standard Profile for a Workgroup network )
Edit Setting: "Windows Firewall: Allow Remote Administration Exception"
Set "Enabled".
Set "Allow unsolicited incoming messages from:" to "localsubnet" (without the quotes)
Apply settings
These settings will not generally take effect immediately. You can use Microsoft's Group Policy Update Utility to force immediate updates ( see Microsoft's article: "A Description of the Group Policy Update Utility" )
Enable RPC permissions on a single target machine:
Run Microsoft Management Console on the target machine (Start|Run|mmc)
Add "Group Policy Object Editor" snap-in (File|Add/Remove Snap-in...|Add...|Group Policy)
Select the "Local Computer" Group Policy Object for which you want to enable RPC
Navigate to: [Group Policy Object]|Computer Configuration|Administrative Templates|Network|Network Connections|Windows Firewall|Domain Profile ( for a Domain administered network - Standard Profile for a Workgroup network )
Edit Setting: "Windows Firewall: Allow Remote Administration Exception"
Set "Enabled".
Set "Allow unsolicited incoming messages from:" to "localsubnet" (without the quotes)
Apply settings
These settings will not generally take effect immediately. You can use Microsoft's Group Policy Update Utility to force immediate updates ( see Microsoft's article: "A Description of the Group Policy Update Utility" )
 

Q:    What are the security settings to access WMI from a remote machine?


A:    In order to access WMI on a remote machine, you'll need to alter the WMI security on the remote computer and restart the WMI service. This can all be accomplished through the Computer Management Console in the control panel shown in Figure 2. Right clicking on the WMI Control of the Services and Application section allows you to access the WMI Properties.

Computer Management Console in the System Administration Tools of the Control Panel
This will bring up the WMI Control Properties dialog shown in Figure 3.  This dialog will allow you to change the security on the particular WMI node you are trying to access.  In this case we want to change the security on the CIMV2 node to enable remoting.
WMI Control Properties Dialog (Security Tab)

Clicking the security button opens a dialog that allows us to change security on the computer to enable remoting as shown in figure 4.  We will give remote access to everyone in this case.
Allow Everyone Remote Access to WMI

Now we simply restart the WMI service in the computer management console as shown in figure 5.
Restarting the WMI Service

Q:   How to configure RPC dynamic port allocation to work with firewalls?

A:    Remote Procedure Call (RPC) dynamic port allocation is used by remote administration applications such as Dynamic Host Configuration Protocol (DHCP) Manager, Windows Internet Name Service (WINS) Manager, and so on. RPC dynamic port allocation will instruct the RPC program to use a particular random port above 1024.
 
Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (TCP) ports.
The following registry entries apply to Windows NT 4.0 and above. They do not apply to previous versions of Windows NT. Even though you can configure the port used by the client to communicate with the server, the client must be able to reach the server by its actual IP address. You cannot use DCOM through firewalls that do address translation (e.g. where a client connects to virtual address 198.252.145.1, which the firewall maps transparently to the server's actual address of, say, 192.100.81.101). This is because DCOM stores raw IP addresses in the interface marshaling packets and if the client cannot connect to the address specified in the packet, it will not work.
For more information see the following Microsoft white paper, "Using Distributed COM with Firewalls": 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp
MORE INFORMATION 
The values (and Internet key) discussed below do not appear in the registry; they must be added manually using the Registry Editor. Also, note that you must use Regedt32.exe instead of Regedit.exe to add the REG_MULTI_SZ value.
Warning*** If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. We cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. 
With Registry Editor, you can modify the following parameters for RPC. The RPC Port key values discussed below are all located in the following key in the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet\ Key Data Type
Ports REG_MULTI_SZ 
Specifies a set of IP port ranges consisting of either all the ports available from the Internet or all the ports not available from the Internet. Each string represents a single port or an inclusive set of ports (for example, "5984" or "5000-5100" ). If any entries are outside the range of 0 to 65535, or if any string cannot be interpreted, the RPC runtime treats the entire configuration as invalid.
PortsInternetAvailable REG_SZ - Y or N (not case-sensitive) 
If Y, the ports listed in the Ports key are all the Internet-available ports on that computer. If N, the ports listed in the Ports key are all those ports that are not Internet-available.
UseInternetPorts REG_SZ - Y or N (not case-sensitive) 
Specifies the system default policy. 
If Y, the processes using the default will be assigned ports from the set of Internet-available ports, as defined previously. 
If N, the processes using the default will be assigned ports from the set of intranet-only ports. 
Example:

Add the Internet key under: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
Under the Internet key, add the values "Ports" (MULTI_SZ), "PortsInternetAvailable" (REG_SZ), and "UseInternetPorts" (REG_SZ).

In this example, use ports 5000 through 5100 inclusive, so the new registry key appears as follows: 
Ports: REG_MULTI_SZ: 5000-5100 
PortsInternetAvailable: REG_SZ: Y 
UseInternetPorts: REG_SZ: Y
Restart the server. All applications that use RPC dynamic port allocation use ports 5000 through 5100, inclusive. In most environments, a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other. 
You should open up a range of ports above port 5000. Port numbers below 5000 may already be in use by other applications and could cause conflicts with your DCOM application(s). Furthermore, previous experience shows that a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other.

Note*** The minimum number of ports may differ from computer to computer and depends on the configuration of the computer. For additional information, look up the following article numbers in the Microsoft Knowledge Base:
167128 Network ports used by remote helpdesk functions
179442 How to configure a firewall for domains and trusts
263293 Windows 2000 NAT does not translate Netlogon traffic
172227 Network Address Translators (NATs) can block Netlogon traffic

Back to Questions