Community FAQ
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Teneray
Engaged Sweeper
Hello, I'm not sure there's anything you can do to help with this but I thought I would bring it up anyway.

I have 2 offices separated by a VPN that uses NAT. It appears that I cannot use lsclient over the VPN as the NAT changes the IP of the requesting machine to that of the gateway on the local side. This causes the scan to fail because the required services are not present on the gateway.

The recurring error I get is:
Wmierror The RPC server is unavailable. (Exception from HRESULT: 0x800706BA) SOLANGE (192.168.1.1)
Solange is the correct host, but the IP is that of the gateway.

It appears that when you request a scan via LSCLIENT it basically says, "Hey, scan me on the ip you see this request coming from". Since this IP is changed to appear to be coming from the IP of my gateway/firewall it doesn't work.

Is there a work around for this? A nslookup of the hostname making the request and then a scan attempt on the IP that is returned as a result of that scan would work I think?

Thanks!

PS: We are going to be going with the premium version I think, but I'm still not sure I'd want to use the active scanning based on some of the problems (not sure if they're resolved) I've glanced at while looking over the forums, so I think I may have this problem with the premium version as well.
4 REPLIES 4
Hemoco
Lansweeper Alumni
In the next version there will be a switch for lsclient "/scanonhostname" this sould solve this problem.
Teneray
Engaged Sweeper
Just to give you a better understanding (no harm since it's all private IPs, but I'll modify them to fictitious numbers )

Office #1

Lansweeper Server (192.168.1.361)
Firewall/Gateway (192.168.1.1)

Office #2
Solange (192.168.2.375)
Firewall/gateway (192.168.2.1)

I remotely connect to solange and run: lsclient 192.168.1.361 (I've tried it with the hostname of the server as well)

So traffic will go 192.168.2.375 => 192.168.2.1 => 192.168.1.1 => 192.168.1.361

It comes back with success in the command prompt on Solange, but of course it gives me RPC Server Unavailable on 192.168.1.361.

In the website ont he lansweeper server dashboard it shows the error message given a couple of posts up with the IP of the Office #1 firewall associated to Solange (instead of solange's IP)

BTW - from the lansweeper server I have tried the connection tester to solange and all 4 tests pass.

Teneray
Engaged Sweeper
There is a VPN tunnel between sites connecting them - unfortunately we have NAT turned on in order to facilitate connectivity with a couple of devices between offices. It's necessary.

nslookups based on FQDN do resolve to the proper IP. The IP of the gateway that is being assigned to the remote host (solange in this case) is not associated in any wins or dns records of any kind. This is why I assumed it must be a way in which the scan request is made that uses the IP that 'sent' the request, instead of doing a lookup on the hostname of the requester. ...if that makes any sense =). Essentially if it did a nslookup or attempted to just initiate a connection to the hostname (which would involve a DNS lookup - so long as the Lansweeper service doesn't have some sort of internal DNS cache), I believe that would resolve the issue.

Great program and quick reply for support - thank you!
Hemoco
Lansweeper Alumni
We have build in the reverse lookup error as a warning because when the reverse lookup is wrong mostly WMI access will fail due to security errors.

In the next version we will first try on ip address, if this fails on FQDN.
In your case this would still fail because the FQDN would probably point to an old IP address. (or an ip not reachable through the NAT)

Maybe a possible solution would be to use some sort op vpn/ipsec tunnel to connect both sites.

Archive

This board contains archived posts from the retired Lansweeper Forum and Insiders Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now