Monitoring

Windows Firewall Issues

Configuring Windows Firewall to allow remote WMI

When obtaining data from a remote computer, WMI must establish a DCOM connection. If windows firewall is running with default settings, it will not allow this connection. To allow remote WMI through the firewall, on the computer to be monitored, perform these steps:

In a command shell on the system to be monitored, type:In a command shell on the system to be monitored, type:

netsh firewall set service RemoteAdmin enable 

OR, depending on your version of Windows:

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

OR, if you would rather use the Group Policy editor than the NETSH commands above, use the following steps in the Group Policy editor (Gpedit.msc) to enable "Allow Remote Administration" on the computer to be monitored.

1. Under the Local Computer Policy heading, double-click Computer Configuration.

2. Double-click Administrative Templates, Network, Network Connections, and then Windows Firewall.

3. If the computer is in the domain, then double-click Domain Profile; otherwise, double-click Standard Profile.

4. Click Windows Firewall: Allow remote administration exception.

5. On the Action menu, select Properties.

6. Click Enable, and then click OK.

See Connecting Through Windows Firewall

 

Connecting through external Firewalls

Our suggestion - don't.  If you have different security zones in your network that are separated by firewalls or NAT devices, and no host is excluded from these restrictions, then simply install multiple collectors - one on each side of the firewall or NAT devices - to monitor hosts in those zones appropriately.

If you wish to try to monitor Windows hosts from a collector that is firewalled from them, you must ensure that DCOM works, and that no NAT is being performed.