System PreRequisites for running MAP Toolkit
- Any Physical or Virtual Machine with Windows 8 or higher, Windows server 2008 or higher Installed.
- Joined to domain
- Turn off Firewall
- Install Netcat for scanning the ports on the network
- Install Telnet/ Enable Telnet from Windows Features
- Domain Admin Account
Check these services in the host(in which MAPToolkit is planned to run)
remote registry service -> automatic -> apply -> start, running
windows management intrumentation -> enabled, running
remote procedure call (RPC) -> enabled, running
remote registry service -> automatic -> apply -> start, running
windows management intrumentation -> enabled, running
remote procedure call (RPC) -> enabled, running
remote registry -> enabled
Try to run the MAP Tool when most of the PCs in the environment are switch on, check with the System Admin and then plan accordingly.
First run MAP Toolkit and then generate report for "Active Devices Users & Computers" in Usage Tracking. (Click here to get the help for running MAP Toolkit)
Filter the Column "Days Since Last Activity" to "<=90days"
Solutions to different "WMI Status" problems in MAP toolkit
- Machine not Found :- Machine not available in the network
- WMI Connection Timeout :- First ping the machine, if the ping replies than check the ports,, port 135,139,445(TCP) & 137,138(UDP)
To check the ports, Telnet for TCP ports i.e. 135,139 & 445
Command is telnet [host] [port]
Ex. telnet 192.168.1.5 135
Telnet ports one by one.
To check for UDP ports use the netcat tool
Command is nc -vzu [host] [port]
Ex. nc -vzu 192.168.1.5 137
If the ports are open check the WMI connection by the tool "WBEMTEST", its inbuilt tool in windows.Open wbemtest, click on connect
Enter the name of destination computerEnter the domain admin credentials and click on connect
Click on Connect, if the successful then try to run a query
SELECT * FROM Win32_Processor
If the reply comes for this query then connectivity to remote PC via the "Domain Admin" credentials which you have used is fine.
If the connection & reply for query is fine then WMI Connectivity is fine, and the problem is with the MAP Toolkit, you need to reduce the number of connections in the MAP Toolkit, refer to this Blog for doing this.
If the port 135 is blocked on the host, you can enable it manually editing Group Policy Settings on the computer or through Group Policy.
On Computer Manually
1. Click Start and then click Run. In the Open box, type gpedit.msc and then click OK.
2. Under Console Root, expand Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall and then click Domain Profile.
3. Right-click Windows Firewall: Allow remote administration exception and then click Properties.
4. Click Enabled and then click OK.
Using Group Policy
1. Using the Local Group Policy Editor, expand Computer Configuration\Windows Settings\Security Settings\Local Policies and then click Security Options.
2. In the Network access: Sharing and security model for local accounts section, click Classic – local users authenticate as themselves.
3. Expand Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall and then click Domain Profile.
4. In the Windows Firewall: Allow remote administration exception section, click Enabled.
5. In the Allow unsolicited incoming messages from box, type the IP address or subnet of the computer that will perform the inventory.
Tip:
1. If you are not able to connect to Remote VMs, check the "computer browser" service and start it.
2. Make filter <=90 only for not machines that are not successful.
3. Add "Enterprise Admin" privileges to the account which you are using so as to allow greater permissions to access the machines in the organization.
4. If the inventory is not successful, check for the connectivity of Domain Controller from the pc running the map toolkit, check for the VLAN connectivity, if the DC's VLAN is accessible from the other computers
1. If you are not able to connect to Remote VMs, check the "computer browser" service and start it.
2. Make filter <=90 only for not machines that are not successful.
3. Add "Enterprise Admin" privileges to the account which you are using so as to allow greater permissions to access the machines in the organization.
4. If the inventory is not successful, check for the connectivity of Domain Controller from the pc running the map toolkit, check for the VLAN connectivity, if the DC's VLAN is accessible from the other computers
No comments:
Post a Comment