Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
When obtaining data from a remote computer, WMI must establish a DCOM connection. If a Windows firewall is running with default settings, it will not allow this connection. To allow remote WMI through the firewall, on the computer to be monitored, perform one of the sets of steps outlined next.
To allow remote WMI through the firewall using the command-line shell:
netsh firewall set service RemoteAdmin enable
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
To allow remote WMI through the firewall using the Group Policy editor, perform the following steps to enable “Allow Remote Administration” on the computer to be monitored:
In the monitoring industry, it is typically not recommended to connect to a remote Windows computer through an external firewall via WMI. Rather, if you have different security zones in your network that are separated by firewalls or NAT devices, and no host is excluded from these restrictions, then simply install multiple Collectors—one on each side of the firewall or NAT devices—to monitor hosts in those zones appropriately.
The reason it is not recommended to connect through external firewalls is because it requires that hosts then be configured to restrict to a port range. In addition to creating an administrative burden, this customization can lead to port exhaustion if other applications rely on WMI but available ports are restricted, which can then subsequently prevent those applications or even LogicMonitor from referencing or collecting data. In addition, because customizations are in place, LogicMonitor’s ability to provide troubleshooting support may be limited if issues arise.
With that said, if you wish to try monitoring Windows hosts from a Collector that is firewalled from them, you must ensure that DCOM works, and that no NAT is being performed. While it can be done, you are accepting some risks as this configuration could present many No Data alerts and possibly result in poor monitoring reliability.
In This Article