Job Management Partner 1/Performance Management - Remote Monitor for Platform Description, User's Guide and Reference

2.1.5 WMI connection setting method

This subsection describes how to set WMI connection.

To connect WMI, settings for the following are required:

• DCOM
  The DCOM setting must be made at both the PFM - RM host and the monitored hosts.
  If you run the PFM - RM host in a cluster system, the DCOM setting must be made at both the executing node and the standby node. If you use Windows MSCS with cluster software, you must set up the resources of the distributed transaction coordinator (MSDTC); for details about specifying this setup, see the technical support information on the Microsoft home page.
  
• Firewall
  Set the firewall on each monitored host, as necessary.
  
• WMI namespace
  Set the WMI namespace on each monitored host, as necessary.
  

When you have finished making the settings, check that you can connect from the PFM - RM host to the monitored hosts.

Notes about WMI connection setting

• Data cannot be collected when Disabled is set as the startup type of the Windows Management Instrumentation service (service name: WinMgmt) that provides system administration information for the OS of a monitored host.
• A user who connects to a monitored host must be a member of the monitored host's Administrators, Performance Log Users, or Performance Monitor Users group. If the OS of the monitored host is Windows Server 2008, the UAC security function is enabled, and an account other than Built-in Administrator is used, then that account must be set as a member of the Performance Log Users or Performance Monitor Users group.

Organization of this subsection

(1) DCOM setting

(2) Firewall setting

(3) WMI namespace setting

(4) Checking the WMI connection

(1) DCOM setting

This subsection describes how to set DCOM at the PFM - RM host and the monitored hosts.

(a) Setting at the PFM - RM host

Set DCOM at the PFM - RM host.

To set DCOM:

1. From the Windows Start menu, choose Run.
2. Enter dcomcnfg.exe and then click the OK button.
   The Component Services window appears.
   
3. Click Component Services and Computers to expand the tree.
4. Choose My Computer, and then from the right-click menu, choose Properties.
   The My Computer Properties dialog box appears.
   
5. Choose the Default Properties tab, and then select Enable Distributed COM on this computer.
6. Click the OK button.
   The My Computer Properties dialog box closes.
   
7. Restart the machine.
   This step is not needed if you have not changed the setting of Enable Distributed COM on this computer.
   

(b) Setting at a monitored host

Set DCOM at each monitored host.

Some parts of the procedure may differ depending on the OS environment of a specific monitored host, as described below:

• If the OS of the monitored host is Windows Server 2003 with no service pack applied, there is no Edit Limits button, which means that there is no need to perform steps 6 through 11.
• If the OS of the monitored host is Windows Server 2008, the UAC security function is enabled, and an account other than Built-in Administrator is used, then steps 6 through 11 must be executed. Perform these steps for a user or a users group that does not belong to the Users or Administrators group.

To set DCOM:

1. From the Windows Start menu, choose Run.
2. Enter dcomcnfg.exe and then click the OK button.
   The Component Services dialog box appears.
   
3. Click Component Services and Computers to expand the tree.
4. Choose My Computer, and then from the right-click menu, choose Properties.
   The My Computer Properties dialog box appears.
   
5. Choose the Default Properties tab, and then select Enable Distributed COM on this computer.
6. Choose the COM Security tab, and then click the Edit Limits button for Access Permissions.
   The Access Permission dialog box appears.
   Check to see if the user who connects to the monitored host or the group to which the user belongs is displayed in Group or user names:.
   If it is not displayed, click the Add... button, and then add the user or the group to which the user belongs.
   
7. In Select Users or Groups, select the user who connects to the monitored host or the user's group.
   Check to see if Allow is selected in Remote Access. If this option is not selected, select it.
   
8. Click the OK button.
   The Access Permission dialog box closes.
   
9. Choose the COM Security tab, and then click the Edit Limits button for Launch and Activation Permissions.
   The Launch Permission dialog box appears.
   Check to see if the user who connects to the monitored host or the group to which the user belongs is displayed in Group or user names:.
   If it is not displayed, click the Add... button, and then add the user or the group to which the user belongs.
   
10. In Select Users or Groups, select the user who connects to the monitored host or the user's group.
    Check to see if Allow is selected for both Remote Launch and Remote Activation. If it is not selected, select it.
    
11. Click the OK button.
    The Launch Permission dialog box closes and the My Computer Properties dialog box is displayed again.
    
12. Click the OK button.
    The My Computer Properties dialog box closes.
    
13. Restart the machine.
    This step is not needed if you have not changed the setting of Enable Distributed COM on this computer.
    

(2) Firewall setting

This setting is required when a Windows firewall is enabled.

To determine if the firewall setting is enabled or disabled, from the Windows Start menu, choose Control Panel, and then Windows Firewall.

If the OS of the monitoring target is Windows Server 2003 with no service pack applied, then the Windows firewall function is not supported, and this setting is not needed.

To set the firewall:

1. From the Windows Start menu, choose Run.
2. Enter gpedit.msc and then click the OK button.
   The Group Policy Object Editor dialog box appears.
   
3. Click Computer Configuration, Administrator Templates, Network, Network Connections, and Windows Firewall to expand the tree.
4. Click Standard Profile,^#1 and then in the right-hand pane, from the right-click menu of Windows Firewall: Allow remote administration exception,^#2 choose Properties.
   The Windows Firewall: Allow remote administration exception Prop... dialog box appears.
   

   #1

   If the host machine is a domain environment, this will be Domain Profile.

   #2

   If the OS of the monitored host is Windows Server 2008, this will be Windows Firewall: Allow inbound remote administration exception.

5. Choose the Setting tab, and then select Enabled.
6. Click the OK button.
   The Windows Firewall: Allow remote administration exception Prop... dialog box closes.
   

(3) WMI namespace setting

If the user who connects to the monitored host does not have Administrator permissions, you must set the WMI namespace.

You must also set the WMI namespace when the user has Administrator permissions but the OS of the monitored host is Windows Server 2008 and neither of the conditions listed below is true. Perform the WMI namespace setting for a user or a users group that does not belong to the Users or Administrators group.

• The user is not a Built-in Administrator.
• The UAC security function is enabled.

To set the WMI namespace:

1. From the Windows Start menu, choose Run.
2. Enter wmimgmt.msc and then click the OK button.
   The Windows Management Infrastructure (WMI) dialog box appears.
   
3. Choose WMI Control (Local), and then from the right-click menu, choose Properties.
   The WMI Control (Local) Properties dialog box appears.
   
4. Choose the Security tab, and then click Root and CIMV2 to expand the tree.
5. Click the Security button.
   The Security for ROOT\CIMV2 dialog box appears.
   Check to see if the user who connects to the monitored host or the user's group is displayed in Group or user names:. If it is not displayed, click the Add... button, and then add the user or the group to which the user belongs.
   
6. In Select Users or Groups, select the user who connects to the monitored host or the group to which the user belongs.
   Check to see if Allow is selected for both Enable Account and Remote Enable. If it is not selected, select it.
   
7. Click the OK button.
   The Security for ROOT\CIMV2 dialog box closes, and the WMI Control (Local) Properties dialog box is displayed again.
   
8. Click the OK button.
   The WMI Control (Local) Properties dialog box closes.
   

(4) Checking the WMI connection

Use the wbemtest.exe Windows tool to check whether the PFM - RM host and a monitored host are connected. Execute this procedure at the PFM - RM host.

To check the WMI connection:

1. At the command prompt, execute the following command:
   runas /user:<user-name> wbemtest
   The Windows Management Instrumentation Tester dialog box appears.
   For the user name, specify the values for RMHost_User and RMHost_Domain. If re-entry of the password is requested after the command executes, specify the value of RMHost_Password.
   For details about RMHost_User, RMHost_Domain, and RMHost_Password, see Table 2-3.
   
2. Click the Connect... button.
   The Connect... dialog box appears.
   
3. In Namespace, User:, Password:, and Authority:, enter the appropriate information.
   The following describes each item.
   
   • Namespace
     Enter \\monitored-host-name\root\cimv2. For the name of the monitored host, specify the value of Target Host.
     
   • User:
     Enter the user name used to log on to the monitored host. For the user name, specify the value of User.
     
   • Password:
     Enter the user's password. For the user's password, specify the value of Password.
     
   • Authority:
     Enter ntlmdomain:domain-name-of-monitored-host. If the monitored host is a workgroup, leave this field blank. For the domain name of the monitored host or the monitored host name, specify the value of Domain.
     
   For details about Target Host, User, Password, and Domain, see Table 2-5.
   
4. Click the Connect... button.
   If connection is established successfully, the Connect... dialog box closes and all buttons are enabled in the Windows Management Instrumentation Tester dialog box.
   If an error dialog box is displayed, check the settings based on the error number. The error numbers and causes are described below.
   Note that if you change the settings while running the wbemtest.exe tool and then attempt to re-establish connection, an error may result. In such a case, restart the tool and then check the connection.
   
   • 0x8001011c
     DCOM is not set at the PFM - RM host.
     
   • 0x80070005
     Possible cause of the error is one of the following:
     DCOM is not set at the PFM - RM host.
     DCOM is not set at the monitored host.
     The user name, password, or domain name used to connect to the monitored host is invalid.
     
   • 0x80041003
     At the monitored host, Namespace is not selected for WMI.
     
   • 0x80041008
     The value specified in Authority: does not begin with ntlmdomain:.
     
   • 0x800706xx
     Possible cause of the error is one of the following:
     The monitored host name is invalid.
     The monitored host is not running.
     The firewall was not set up at the monitored host.
     The password for the user who logs on to the monitored host has expired.
     
5. Click the Enum Instances... button.
   The Class Info dialog box appears.
   
6. In Enter superclass name, enter Win32_PerfRawData_PerfOS_System and then click the OK button.
   The Query Result dialog box appears.
   Check to see if Win32_PerfRawData_PerfOS_System=@ is displayed in the list. If an error dialog box is displayed or this value is not displayed in the list, the user who connects to the monitored host may not be a member of the Administrators, Performance Log Users, or Performance Monitor Users group.
   Note that if you change the settings while running the wbemtest.exe tool and then attempt to re-execute enumeration of instances, an error may result. In such a case, restart the tool and then re-execute the checking.
   

[Contents][Back][Next]

All Rights Reserved. Copyright (C) 2009, Hitachi, Ltd.