cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DeltaTangoMike
Engaged Sweeper

There is something peculiar about AD Policy and SBS 2003 SP2.

I have installed Lansweeper, freeware and premimium, on standard Windows 2003 domains and have had no problems enabling remote administration exemptions on the client firewalls.

I have been having no end of trouble with an SBS 2003 SP2 domain.

Lansweeper would enumerate all the servers in the domain, it was aware of the client PCs, but it could not scan them. Connectivity tests showed the following results.



Remote WMI test
-----------------------------------------------
\root\cimv2 Remote WMI access test FAILED
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Remote Registry test using WMI
-----------------------------------------------
\root\default Remote WMI access test FAILED
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)



Netsh firewall show state on the clients showed emote adminstration disabled.

I followed all your KBs for connectivity errors but still drew a blank.

In the end, the issue seems to have been with the application of group policy in the differing AD architecture of SBS.

Your KB http://www.lansweeper.com/kb/firewall.aspx does not seem to work exactly with SBS2003, although the concept is completely sound.

I am not certain which of number of changes I did to get the clients started scanning. I went through every GPO that had firewall settings and put in an administrative exemption for the IP address of the Lansweeper server, and now slowly the clients are starting to be enumerated.

The shotgun approach here is not good ITIL type practice, but I was running out of time and the administrative exemption for only the 1 IP address mitigated the risks associated with the shotgun.

It would be nice if there were documentation specific to SBS 2003.


Thanks.

4 REPLIES 4
Hemoco
Lansweeper Alumni
Could it be that the isaserver that comes with SBS is blocking the traffic?
Lansweeper wrote:
Could it be that the isaserver that comes with SBS is blocking the traffic?


No. In this case, there is no ISA server installed.

The problem was that policies were not applying properly.

It is all working now. It was just a bit of a problem getting it going.



DeltaTangoMike
Engaged Sweeper

And.... a bit of digging reveals that the domain is the result of a swing migration from a Win2K domain, so maybe all bets are off.



DeltaTangoMike
Engaged Sweeper
Although, to be completely fair, I must concede that part of the problem here may be the result of shoddy SBS 2003 administration. The use of standard Win 2K3 means, rather than the wizards, to join PCs to the domain leads to a somewhat messed up AD. And it is harder to apply policies in a coherent fashion when PCs are in non-standard OUs.