Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

problem to run on network clients

problem to run on network clients

Postby Petrocelli » Thu May 31, 2012 1:02 pm

Hello,

I installed the Network/Cloud version and added a network. The clients (XP, Windows 7 and Server 2008) were found. I configured them and some clients were "enable", some "ignored" with the message "ADMIN$: failed. The network path was not found" or "XP agents are not supported.Pending."
But I get no connection to any client. The message of the enabled clients is "connection not possible".
Also I see no Firewall icon on the clients.

I look in the documentation, but it is in English and I´m not sure to understand all.

What can I do?

Regards,
Petro
Petrocelli
 
Posts: 10
Joined: Thu May 31, 2012 12:42 pm

Re: problem to run on network clients

Postby VistaFirewallControl » Thu May 31, 2012 5:06 pm

The connection can be established to an installed agent only.
W7FC tries to install agents to remotes/clients (excepting XP, the XP compatibility is pending) automatically for all the agents marked “Enabled” of “Maintaining” (after successful installation will be changed to "Enable")
If the marks above are set to an agent list item, W7FC tries to install the agent to the related remote/client. If the attempt is successful W7FC displays (Enable = the agent is ready).
If the attempt fails, W7FC displays “ignored” (no installation attempts will be done automatically and last error message of the failed attempt.
After the problem indicated by the message fixed, the agent installing can be retried.

“ADMIN$: failed. The network path was not found"
Means the required for the agent auto-installation path is not found.
I.e. \\TheRemoteNameOrIp\ADMIN$ share is not available on TheRemoteNameOrIp.
Some system (Windows 7, for instance) may disable the share by default.
The shares can be listed by “net share” command.
http://support.microsoft.com/kb/947232 explains the details

>But I get no connection to any client. The message of the enabled clients is "connection not possible".

Could you please clarify:
You see an agent listed in the Agents pane with the status “Enable”
The status is stable and does not revert to “Ignored” (with an error message) automatically within a couple of minutes (i.e. the agent is installed and verified)
However choosing the agent in the “Computer” combobox (at the bottom of the main W7FC pane), displays “can’t connect”.
Correct?

>Also I see no Firewall icon on the clients.

The agents installed to remote clients have no user interface at all. The agents are just the filtering services controllable remotely. No icons or other user interactions with W7FC should be expected on the clients. The clients controlling is pure remote.
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: problem to run on network clients

Postby Petrocelli » Fri Jun 01, 2012 6:26 am

VistaFirewallControl wrote:Could you please clarify:
You see an agent listed in the Agents pane with the status “Enable”
The status is stable and does not revert to “Ignored” (with an error message) automatically within a couple of minutes (i.e. the agent is installed and verified)
However choosing the agent in the “Computer” combobox (at the bottom of the main W7FC pane), displays “can’t connect”.
Correct?

Yes. The other problems are now ok (See the pictures:).

>Also I see no Firewall icon on the clients.

The agents installed to remote clients have no user interface at all. The agents are just the filtering services controllable remotely. No icons or other user interactions with W7FC should be expected on the clients. The clients controlling is pure remote.

This means that the user has no possibility to enable or disable something himself?
When the administrator is not in?



ImageImage
Petrocelli
 
Posts: 10
Joined: Thu May 31, 2012 12:42 pm

Re: problem to run on network clients

Postby VistaFirewallControl » Fri Jun 01, 2012 11:47 am

>This means that the user has no possibility to enable or disable something himself?

Changing client’s permission by the client himself is against the Network/Cloud Edition purpose.
The user on the client machine has no user a related user interface, so the user is not able to change anything. If the user would like to change his/her (local) permissions he/she must install an independent (licensed) product (excepting Free Edition). So the client’s PC permissions can be adjusted locally and remotely (by the network admin). The agent installed remotely is practically equal a GUI-less W7FC service included in (installed with) any other version (excepting Free Edition). So the service installed (by any reason) on the client can be concurrently accessed by local (if any) and remote GUIs.


>Yes. The other problems are now ok (See the pictures:)

Please provide us with more details of the behavior/configuration.
Actually the agent verification (“Enable” in the Agents pane) and connecting to the agent ( with Computer combobox) are just made to different interfaces of the same remote service.
So if the agent is “Enable”-ed it should be accessible under normal conditions.

Could you please provide us with more info.
- how long does it take to display “Verbindung nicht mцglich” after HERMES is chosen?
- Do you see any blocked events on ATLAS after the switching is made.
- How HERMES is configured in the Agents pane? By IP, IPv6? Or by name?
- Can HERMES (for instance) be simply switched off, blocked, not available or so?
- Can you then switch back to ATLAS with the same combobox?
- What was the previous host, before switching to HERMES. Was the host with the empty programs list? Typically if W7FC “can’t connect” it reverts back to the previous host immediately/automatically.

There are some mismatches in the behavior.
After “Verbindung nicht mцglich” is displayed, W7FC changes the agent status to "maintaining" immediately.
So W7FC agents installer tries to re-install the agent to the remote. The installation can be done only of Agents/”Elemente verarbeiten” is checked (otherwise the agent checking/installing subroutine is not running, so the agent can’t be installed/checked). You did not check the box. By the way, could it be the main problem?

At the moment (till we know other details) we suspect that the remotely installed agent is stopped/deleted by a third party on the remote machine right after the remote installation.
Do you have an RDP access to the remote machine to verify?
The target agent is Windows7FirewallService.exe (started as service, no sense to invoke it manually, but only via services.msc) located in the remote’s System32 and must be running.

We could provide you with the logging version of the agent to verify the behavior on the remote PC, if required
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: problem to run on network clients

Postby Petrocelli » Fri Jun 01, 2012 12:58 pm

VistaFirewallControl wrote:>
Please provide us with more details of the behavior/configuration.
Actually the agent verification (“Enable” in the Agents pane) and connecting to the agent ( with Computer combobox) are just made to different interfaces of the same remote service.
So if the agent is “Enable”-ed it should be accessible under normal conditions.

Could you please provide us with more info.
- how long does it take to display “Verbindung nicht mцglich” after HERMES is chosen?

Its not only HERMES, its at all "enabled" PCs. Fast.

- Do you see any blocked events on ATLAS after the switching is made.

No.

- How HERMES is configured in the Agents pane? By IP, IPv6? Or by name?

See the Picture. The PCs are all configured the same way.

- Can HERMES (for instance) be simply switched off, blocked, not available or so?

Im not sure to understand, but I think no.

- Can you then switch back to ATLAS with the same combobox?

Yes.

- What was the previous host, before switching to HERMES. Was the host with the empty programs list? Typically if W7FC “can’t connect” it reverts back to the previous host immediately/automatically.

That does not matter. It does not revert.

There are some mismatches in the behavior.
After “Verbindung nicht mцglich” is displayed, W7FC changes the agent status to "maintaining" immediately.
So W7FC agents installer tries to re-install the agent to the remote. The installation can be done only of Agents/”Elemente verarbeiten” is checked (otherwise the agent checking/installing subroutine is not running, so the agent can’t be installed/checked). You did not check the box. By the way, could it be the main problem?

I unchecked the box only for the picture. But as I checked the box again now, all PCs are "Maintaining" and dont change.

At the moment (till we know other details) we suspect that the remotely installed agent is stopped/deleted by a third party on the remote machine right after the remote installation.
Do you have an RDP access to the remote machine to verify?

I dont know wthat it is. The problem is on all "enabled" PCs, not only on HERMES.

The target agent is Windows7FirewallService.exe (started as service, no sense to invoke it manually, but only via services.msc) located in the remote’s System32 and must be running.

There is no file in system32 oder a running service with this name on the remote PCs.

We could provide you with the logging version of the agent to verify the behavior on the remote PC, if required

Image
Petrocelli
 
Posts: 10
Joined: Thu May 31, 2012 12:42 pm

Re: problem to run on network clients

Postby VistaFirewallControl » Fri Jun 01, 2012 1:42 pm

Following the screenshot provided you have non-empty networks list.
It would be better to have the list empty till the basic functionality is achieved.


>I unchecked the box only for the picture. But as I checked the box again now, all PCs are "Maintaining" and dont change.
>I dont know wthat it is. The problem is on all "enabled" PCs, not only on HERMES.
>There is no file in system32 oder a running service with this name on the remote PCs.

All the above are just the evidences of no agents have been installed remotely.
So there is no ability to connect to the agents.

Here are the explanations:
If ”Elemente verarbeiten” is checked W7FC tries to install/check the agents.
If the state is “Enable” for an agent, W7FC verifies the agents (tried to connect to) and if the connection is not established, W7FC reverts to “maintaining” and tries to install the agent.
The verification/installation cycle repeats through all the agents every 10 secs.
So if you have 5 agents and every agent installation attempt takes 30 secs, the entire cycle takes
5*30+10, so not a short period.
After every maintaining cycle W7FC updates the last error message for every agent.
We would like to realize whether there are any messages for HERMES (for instance) after the all the agents maintaining cycle is performed.
To speed up the process set all the agents to Ignored excepting HERMES, wait for 1-2-5 mins and check the error message. The message is very descriptive typically, W7FC gathers error texts from every underlying core operation.

Here are some steps can be made manually, the steps are nearly equal to what W7FC makes automatically.
1. “Net use a-drive-letter \\HERMES\ADMIN$ /user:ADMIN-NAME”
2. W7FC tries to determine the remote PC bitness via WMI. You can check with a WMI tool
root\\cimv2 for Win32_Environment 'PROCESSOR_ARCHITECTURE'. The operation may be long as the remote machine could initiate the WMI infrastructure loading for the first time
3.“Copy a-local-file \\HERMES\system32\”
a-local-file - can be any for testing

Looking forward for the details from you
Note: You should use the IP instead of HERMES to avoid name resolutions problems (of any) and perform the steps as W7FC exactly
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: problem to run on network clients

Postby Petrocelli » Tue Jun 05, 2012 8:53 am

I am on holiday until end of week. I report back next week.
Petrocelli
 
Posts: 10
Joined: Thu May 31, 2012 12:42 pm

Re: problem to run on network clients

Postby VistaFirewallControl » Wed Jun 06, 2012 4:37 pm

Please verify the suggestions above and report.
Actually if the problem is in the remote WMI related operations we would prepare a special edition for you without WMI at all.
Practically the operations are used to determine the remote system bitness only.
If the remote system is 64-bit, W7FC installs 64 bit agents on the system; otherwise 32-bit agent is installed. However 32-bit agent is completely operable on 64-bit system as well (without any noticeable performance degradation). So 32-bit remote agent installation only could allow to exclude the questionable (if any) step.
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Re: problem to run on network clients

Postby Petrocelli » Mon Jun 11, 2012 1:23 pm

VistaFirewallControl wrote:Following the screenshot provided you have non-empty networks list.
It would be better to have the list empty till the basic functionality is achieved.

OK, I deleted the subnetwork (Do I need it? We have only one network (workgroup)) and the PCs in "Elements". But in "Elements" he found the PCs again.Now I took ATLANTIS instead of HERMES, because it is my own PC. It is also a 64-bit PC with Windows 7 64-bit.

There stood "Maintaining" and it does not change.

Here are some steps can be made manually, the steps are nearly equal to what W7FC makes automatically.
1. “Net use a-drive-letter \\HERMES\ADMIN$ /user:ADMIN-NAME”
2. W7FC tries to determine the remote PC bitness via WMI. You can check with a WMI tool
root\\cimv2 for Win32_Environment 'PROCESSOR_ARCHITECTURE'. The operation may be long as the remote machine could initiate the WMI infrastructure loading for the first time
3.“Copy a-local-file \\HERMES\system32\”
a-local-file - can be any for testing

I tried the wmidiag tool from microsoft (see the picture).
Then I tried "net use": I could connect and he asked for the password. I put it and the the message "system error 53, the network path was not found" came.


Image
Petrocelli
 
Posts: 10
Joined: Thu May 31, 2012 12:42 pm

Re: problem to run on network clients

Postby VistaFirewallControl » Mon Jun 11, 2012 5:49 pm

>OK, I deleted the subnetwork (Do I need it?

Just to exclude any kind of ambiguity during the problem investigation.
The Networks pane should be empty, not the Agents pane.
Agents will be detected/added automatically.
Networks are the subjects for manual configuration (setting mutual PC-to-PC permissions )

>There stood "Maintaining" and it does not change.

Hope you waited enough for a result (2-4 mins at least) and have “agent processing” (the Agents pane) checked.


>I tried the wmidiag tool from microsoft (see the picture).

That works in W764bit for us.
However we recommend WMI Tools from Microsoft. The tools allows object browsing ( we need the remote target machine), not only a diagnostics.

>Then I tried "net use": I could connect and he asked for the password. I put it and the the message "system error 53, the network path was not found" came.

For ADMIN$ or IPC$?
Please refer to the system documentation for the Error 53 description.
Typically a remote share can’t be mapped/used 2+ times from the same PC.
So if W7FC keeps the “connection” net use will fail. Uncheck temporary the Agents processing box or close the control panel TrayIcon/RightClick/Close temporarily.

We will try to provide you with a special diagnostic tool tomorrow.
For now we suspect the following.
The WMI based remote bitness detection is significantly delayed because WMI service (Winmgmt/ Windows Management Instrumentation) is not running on the remote machine or is blocked by WindowsFirewall.
Could you temporarily switch WindowsFirewall off for the experiment? Or switch WindowsFirewall logs to verify whether there were any blocks from W7FC running host?
As the result W7FC cycles for a long time waiting for the remote WMI response.
Please verify and stay tuned for the diagnostic tool.
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am

Next

Return to Remote/Network/Cloud protection

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred