Scan a DMZ network

neosys · ‎06-23-2009

Hi,

our DMZ is not part of Active Directory for security reasons.
How can I manually run a scan on these servers and add the results to the Web Console ?

Thanks,
Neosys

Groupe Rodeus

neosys · ‎06-29-2009

MS says that

Starting with Windows Vista, you can set up the WMI service to run as the only process in a separate host and specify a fixed port.

Since our server are running Windows 2003 and are not using the windows firewall I can't see how to resolve this issue.

Would there be a way to run the invetory report locally on the servers and then feed these infos into the Lansweeper server ?

Thanks

Groupe Rodeus

Hemoco · ‎06-27-2009

After the first connection on port 135 WMI uses random ports.
You can check the microsoft knowledgebase to let WMI work over a static port.

neosys · ‎06-26-2009

Yes, all these are open from the LAN to DMZ
NetBios NS UDP 137
NetBios DGM UDP 138
NetBios SSN TCP 139

I can telnet the DMZ servers on 135 no problems, from the LS server.

I can launch the lsclient.exe servername port from each server
Lansweeper client
-----------------
Connecting...
Success

I can launch the lsclient.exe servername machinename port from the LS server
Lansweeper client
-----------------
Connecting...
Success

Using the connection test I get this:
Exception from HRESULT: 0x800706BA

And the Web Console shows the same error
Wmierror The RPC server is unavailable 0x800706BA

Groupe Rodeus

neosys · ‎06-25-2009

Q2: For the Domain credentials part - which port is used for authentication ?

Groupe Rodeus

Hemoco · ‎06-26-2009

neosys wrote:
Q2: For the Domain credentials part - which port is used for authentication ?

Do you mean from the server to the dmz computer?

139/TCP, 137/UDP, and 138/UDP

Hemoco · ‎06-24-2009

In the web console I get the machines now but there are wmi errors since these are firewalled from the LAN...

Only way to solve is to change your firewall settings to allow the scanning server.

neosys · ‎06-25-2009

Only way to solve is to change your firewall settings to allow the scanning server.

I found my answer here:
RPC and WMI network ports

Now I am only getting the WMI errors from the servers on the web console now.
Access is denied 0x80070005

Any one has a fix for 2003 Windows server which are behind a firewall and allowing WMI traffic?

Groupe Rodeus

neosys · ‎06-23-2009

1) I do but I get a "Cannot verify logon, wrong username or password", I've checked the do not authenticate box.
2) OK I see now.

In the web console I get the machines now but there are wmi errors since these are firewalled from the LAN...

Groupe Rodeus

Hemoco · ‎06-23-2009

1) You can define any account that has administrative credentials on this server.
2) No, there is a separate tab (non premium) for scheduled tab.

neosys · ‎06-23-2009

Ok so all this is to be setup in the Premium version tab of the configuration utility...

1) I should add a lansweeper user account on these servers // and in the domain credentials tab
2) By Scheduled scanning you mean the Active scanning tab ?

I'll wait and see. Is there an error reporting I can lookat to see if something is wrongly configured ?
Thanks,

Groupe Rodeus

Scan a DMZ network

Archive

New to Lansweeper?

Try Lansweeper For Free