Unsolved
This post is more than 5 years old
743 Posts
0
19278
Ports
Hi,
I am struggling still with which ports to open just for WMI Discovery/Inventory.
We have enabled Port 135 on all client servers, but only some clients are discovered and inventoried correctly. The majority return back as UNKNOWN.
We are using a Host Based FireWall (symantec) and the FW guys tell me that 135 is open (Which fits in with the information that some of the servers are discovered OK).
As an example a server which disallows the inventory is blocking on a combination of RemoteHostPort/Local ports of 30635/135 and at another time the same server blocks on the combination of 30360/135 or 62046/135 and so on.
So although we have port 135 open, it seems that there are many other ports that need to be opened as well. But I can't find doco on these extra ports.
Can someone pls help explain what may be going on?
What mistifies me is that some servers are dicovered/inventoried just fine, but they are in a minorty of ~40%.
Thx,
John Bradshaw
DELL-Raj S
327 Posts
0
March 18th, 2013 12:00
John,
Run troubleshooting tool on servers that were not discovered and check the status.
You can also verify by running wbemtest tool (Run -> wbemtest.exe) in OME machine & connect to the target device.
Note: Launch wbemtest.exe as administrator. Otherwise it will not connect to \\root\dcim\sysman namespace.
Click on “Connect” button and give the namespace as \\targetdeviceipaddress\root\cimv2\dell, provide credentials and click connect.
Once the connection is established, click "Enum Classes" button, select "Recursive" radio button and then click OK.
You will see a bunch of classes enumerated. If not there seems to be a connection/enumeration issue with the device.
Only port 135 should be good enough to do discovery/inventory as WMI makes RPC calls.
System updates feature in OME for Windows servers will need additional ports for transferring data from OME machine to target devices.
Thanks,
Raj Shresta
bradje1
743 Posts
0
March 18th, 2013 14:00
Hi Raj,
Thx for your help.
When I click Connect I get the following:
Number: 0x800706ba
Facility: Win32
Description: The RPC server is unavailable.
I can ping the remote server no problem and map a drive etc in Windows. No problems running wbemtest.exe on the client server directly. It enumerates fine.
John Bradshaw
DELL-Raj S
327 Posts
0
March 18th, 2013 14:00
Is there any firewall client running that is blocking these packets from reaching the destination server ?
Can you disable the firewall temporarily and check if the connection works ?
You may also want to search on Google regarding this error.
Thanks,
Raj Shresta
bradje1
743 Posts
0
March 18th, 2013 14:00
Thx again Raj.
I think there might be a Symantec Firewall issue still, or another wmi problem. I have our Firewall guys looking at it.. Shall let u know...
JB
mithunsanghavi
2 Posts
0
March 19th, 2013 12:00
Hello,
What version of Symantec Endpoint Protection have you installed?
To allow WMI through the Firewall in SEPM, perform the following (assuming you have the default SEPM policy still in place):
1) Open Symantec Endpoint Protection Manager Console
2) Click Clients
3) Choose appropriate OU (Default: My Company)
4) Click the Policies Tab
5) Double Click Firewall Policy
6) (If prompted, choose the Edit Shared option)
7) Click Rules
8) Find "Block Remote Administration"
9) Uncheck the box in the "Enabled" column.
10) Hit OK
Note: that this disables SEPM from blocking any remote administration requests, which would not be the best practice. Ideally, you could create rules to restrict it to allow only the local subnet or only your SW server to access port 135.
If the rule doesn't already exist, create a rule allowing traffic for WMI. The "block all other traffic" rule would be affecting WMI. Again, best practice would be to restrict the rule to only allow the hosts that need it.
bradje1
743 Posts
0
March 19th, 2013 13:00
Thx mate. I'll check with the SEPM guys.
JB