Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-17-2009 01:13 AM
There is something peculiar about AD Policy and SBS 2003 SP2.
I have installed Lansweeper, freeware and premimium, on standard Windows 2003 domains and have had no problems enabling remote administration exemptions on the client firewalls.
I have been having no end of trouble with an SBS 2003 SP2 domain.
Lansweeper would enumerate all the servers in the domain, it was aware of the client PCs, but it could not scan them. Connectivity tests showed the following results.
Remote WMI test
-----------------------------------------------
\root\cimv2 Remote WMI access test FAILED
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
Remote Registry test using WMI
-----------------------------------------------
\root\default Remote WMI access test FAILED
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
Netsh firewall show state on the clients showed emote adminstration disabled.
I followed all your KBs for connectivity errors but still drew a blank.
In the end, the issue seems to have been with the application of group policy in the differing AD architecture of SBS.
Your KB http://www.lansweeper.com/kb/firewall.aspx does not seem to work exactly with SBS2003, although the concept is completely sound.
I am not certain which of number of changes I did to get the clients started scanning. I went through every GPO that had firewall settings and put in an administrative exemption for the IP address of the Lansweeper server, and now slowly the clients are starting to be enumerated.
The shotgun approach here is not good ITIL type practice, but I was running out of time and the administrative exemption for only the 1 IP address mitigated the risks associated with the shotgun.
It would be nice if there were documentation specific to SBS 2003.
Thanks.
Labels:
- Labels:
-
Archive
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-17-2009 01:03 PM
Could it be that the isaserver that comes with SBS is blocking the traffic?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-17-2009 10:02 PM
Lansweeper wrote:
Could it be that the isaserver that comes with SBS is blocking the traffic?
No. In this case, there is no ISA server installed.
The problem was that policies were not applying properly.
It is all working now. It was just a bit of a problem getting it going.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-17-2009 01:43 AM
And.... a bit of digging reveals that the domain is the result of a swing migration from a Win2K domain, so maybe all bets are off.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-17-2009 01:23 AM
Although, to be completely fair, I must concede that part of the problem here may be the result of shoddy SBS 2003 administration. The use of standard Win 2K3 means, rather than the wizards, to join PCs to the domain leads to a somewhat messed up AD. And it is harder to apply policies in a coherent fashion when PCs are in non-standard OUs.