This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SBS 2003 Remote WMI Access Fails with Clients

DeltaTangoMike
Engaged Sweeper

‎09-17-2009 01:13 AM


There is something peculiar about AD Policy and SBS 2003 SP2.

I have installed Lansweeper, freeware and premimium, on standard Windows 2003 domains and have had no problems enabling remote administration exemptions on the client firewalls.

I have been having no end of trouble with an SBS 2003 SP2 domain.

Lansweeper would enumerate all the servers in the domain, it was aware of the client PCs, but it could not scan them. Connectivity tests showed the following results.



Remote WMI test
-----------------------------------------------
\root\cimv2 Remote WMI access test FAILED
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

Remote Registry test using WMI
-----------------------------------------------
\root\default Remote WMI access test FAILED
The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)



Netsh firewall show state on the clients showed emote adminstration disabled.

I followed all your KBs for connectivity errors but still drew a blank.

In the end, the issue seems to have been with the application of group policy in the differing AD architecture of SBS.

Your KB http://www.lansweeper.com/kb/firewall.aspx does not seem to work exactly with SBS2003, although the concept is completely sound.

I am not certain which of number of changes I did to get the clients started scanning. I went through every GPO that had firewall settings and put in an administrative exemption for the IP address of the Lansweeper server, and now slowly the clients are starting to be enumerated.

The shotgun approach here is not good ITIL type practice, but I was running out of time and the administrative exemption for only the 1 IP address mitigated the risks associated with the shotgun.

It would be nice if there were documentation specific to SBS 2003.


Thanks.

Labels:
0 Kudos
4 REPLIES 4
Hemoco
Lansweeper Alumni

‎09-17-2009 01:03 PM

Could it be that the isaserver that comes with SBS is blocking the traffic?
0 Kudos
DeltaTangoMike
Engaged Sweeper
In response to Hemoco

‎09-17-2009 10:02 PM

Lansweeper wrote:
Could it be that the isaserver that comes with SBS is blocking the traffic?


No. In this case, there is no ISA server installed.

The problem was that policies were not applying properly.

It is all working now. It was just a bit of a problem getting it going.



0 Kudos
DeltaTangoMike
Engaged Sweeper

‎09-17-2009 01:43 AM


And.... a bit of digging reveals that the domain is the result of a swing migration from a Win2K domain, so maybe all bets are off.



0 Kudos
DeltaTangoMike
Engaged Sweeper

‎09-17-2009 01:23 AM

Although, to be completely fair, I must concede that part of the problem here may be the result of shoddy SBS 2003 administration. The use of standard Win 2K3 means, rather than the wizards, to join PCs to the domain leads to a somewhat messed up AD. And it is harder to apply policies in a coherent fashion when PCs are in non-standard OUs.



0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now