Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

STRM - Troubleshooting WMI Connections to Win2008 servers

0

0

Article ID: KB19244 KB Last Updated: 17 Nov 2010Version: 2.0
Summary:
This article describes some of the troubleshooting options to use when trying to connect STRM to Windows 2008 servers using WMI 
Symptoms:
If using the MS Windows Event Log Protocol (WMI - Windows Management Instrumentation) and Windows server 2008 with the Windows Firewall enabled, you must set a firewall rule to allow for both the default DCOM port of 135 and the dynamic port range DCOM will use to communicate back to the STRM Appliance.


Solution:
To create the firewall rule:
  1. On the Windows 2008 server open the Administrative Tools and launch the Server Manager.
  2. Select Configuration > Windows Firewall and Advanced Security.
  3. Create a new inbound rule.
  4. Under the rule wizard select Customer Rule > All Programs > Protocol
  5. Change to TCP 
  6. Under "Which remote IP addresses does this rule apply to" enter "These IP addresses" and add the STRM collector.
  7. Set to allow the connection to finish the remainder of the wizard.
Windows 2008 Server added some new security which could affect DCOM which is needed for WMI to work.  The Windows Event Log protocol connects to the "WBEM Scripting Locator" object on the Window Server.   To verify that this object exists, you need to open the "DCOM Configuration".

To access DCOM Configuration:
  1. Go to Start Menu > Run
  2. Enter: dcomcnfg
  3. DCOM can be found under "Console Root / Component Services / My Computer / DCOM Config / {76A64158-CB41-11D1-8B02-00600806D9B6}".  If this object does not exist, the WMI protocol will create it if possible.


Issues with Windows 2008 Server:

In Windows 2008 Server (and possibly Windows 7), after making a connection, if you find that the object still does not exist, you may need to update the permissions of this object in the registry:
  1. Open regedt32
  2. Go to: "HKEY_CLASSES_ROOT \ CLSID \ {76A64158-CB41-11D1-8B02-00600806D9B6}".
    On occasion, even when using a local administrator account; in Windows 2008 the object in question is owned by the "TrustedInstaller" user and does not allow even local administrators access to this object.  To resolve this, update this registry entry, setting the owner to the local administrators group or to the user being used to connect and retrieve events.
  3. Right click and choose "Permissions"
  4. Choose "Advanced"
  5. Choose the "Ownership" tab
  6. The current owner should show up as "TrustedInstaller"
  7. Change the current owner to "Administrators" or to the user being used to connect from STRM
  8. Save
  9. Ensure the role or user added (Administrators) has "Full Control"
In a few isolated cases, even after changing the ownership of this object, it may not get created when the WMI connection is made from STRM. 

For information regarding connecting other versions of Windows to STRM, consult: KB15576
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search