Hitachi

JP1 Version 12 JP1/Integrated Management 2 - Manager Configuration Guide

1.17.1 Configuring WMI (for Windows)

This subsection describes how to configure WMI.

WMI connections require the following:

When all the settings have been completed, check whether a connection can be established from the JP1/IM - Manager host to a remote host that will be monitored remotely.

Note:

  • Log information cannot be collected if the startup status of Windows Management Instrumentation (service name WinMgmt) providing system management information in the OS on the monitored remote host is Disabled.

  • Users accessing a remotely monitored host must be members of the Administrators group on that host.

Organization of this subsection

(1) DCOM setting

The following describes how to configure DCOM on a JP1/IM - Manager host and a host to be monitored remotely.

(a) Configuring DCOM on a JP1/IM - Manager host

Configure DCOM on the JP1/IM - Manager host.

The procedure for configuring DCOM is described below.

Note that some steps in the procedure might differ depending on the OS environment on the remotely monitored host.

For example, If the OS of the remotely monitored host is Windows Server 2008, Run might not appear in the Start menu of Windows. If it does not appear, hold down the Windows logo key and press the R key to invoke Run.

  1. From the Windows Start menu, choose Run.

  2. Enter dcomcnfg.exe and then click the OK button.

    The Component Services window appears.

  3. Click Component Services and Computers to expand the tree.

  4. Choose My Computer, and then from the right-click menu, choose Properties.

    The My Computer Properties dialog box appears.

  5. Choose the Default Properties tab, and then select Enable Distributed COM on this computer.

  6. Click the OK button.

    The My Computer Properties dialog box closes.

  7. From the Windows Start menu, choose Run.

  8. Enter gpedit.msc, and then click the OK button.

    The Group Policy dialog box appears.

  9. In the Group Policy dialog box, click Computer Configuration, Administrative Templates, and System. Then, expand the User Profiles node.

  10. For Do not forcefully unload the user registry at user logoff, click Enabled.

  11. Restart the machine.

(b) Configuring DCOM on a remote host to be monitored remotely

Configure DCOM on a host to be monitored remotely.

The procedure for configuring DCOM is described below.

Note that some steps in the procedure might differ depending on the OS on the host to be monitored remotely.

  1. From the Windows Start menu, choose Run.

  2. Enter dcomcnfg.exe and then click the OK button.

    The Component Services window appears.

  3. Click Component Services and Computers to expand the tree.

  4. Choose My Computer, and then from the right-click menu, choose Properties.

    The My Computer Properties dialog box appears.

  5. Choose the Default Properties tab, and then select Enable Distributed COM on this computer.

  6. Choose the COM Security tab, and then click the Edit Limits button for Access Permissions.

    The Access Permission dialog box appears.

    Check to see if the user who connects to the monitored host or the group to which the user belongs is displayed in Group or user names:.

    If it is not displayed, click the Add... button, and then add the user or the group to which the user belongs.

  7. In the Select Users or Groups window, select the user who will connect to the host to be monitored or the group to which the user belongs.

    Check to see if Allow is selected in Remote Access. If this option is not selected, select it.

  8. Click the OK button.

    The Access Permission dialog box closes.

  9. Choose the COM Security tab, and then click the Edit Limits button for Launch and Activation Permissions.

    The Launch and Activation Permissions dialog box appears.

    In the Launch Permission dialog box, in the Group or user names: section, check to see if the user who will connect to the remote host to be monitored or the group to which the user belongs is displayed.

    If the user or a group is not displayed, click the Add... button to add the user or the group to which the user belongs.

  10. In the Select Users or Groups window, in the Launch and Activation Permissions dialog box, select the user who will connect to the host to be monitored remotely or the group to which the user belongs.

    Check to see if Allow is selected for both Remote Launch and Remote Activation. If it is not selected, select it.

  11. Click the OK button.

    The My Computer Properties dialog box is displayed again.

  12. Click the OK button.

    The My Computer Properties dialog box closes.

  13. Restart the machine.

    This step is not needed if you have not changed the setting of Enable Distributed COM on this computer.

To Page Top

(2) Configuring the firewall

You need to configure the firewall when Windows Firewall is enabled.

In the Windows Start menu, click Control Panel and then Windows Firewall to check whether Windows Firewall is enabled.

To configure the firewall when Windows Firewall is enabled:

  1. From the Windows Start menu, choose Run.

  2. Enter gpedit.msc and then click the OK button.

    The Group Policy Object Editor dialog box appears.

  3. Click Computer Configuration, Administrative Templates, Network, Network Connections, and Windows Firewall to expand the tree.

  4. Click Standard Profile#, and then in the right-hand pane, from the right-click menu of Windows Firewall: Allow inbound remote administration exception, choose Edit.

    The Windows Firewall: Allow inbound remote administration exception dialog box appears.

    #: If the host machine is a domain environment, this will be Domain Profile.

  5. Select the Enabled radio button in the Windows Firewall: Allow inbound remote administration exception dialog box.

  6. Click the OK button.

    The Windows Firewall: Allow inbound remote administration exception dialog box closes.

To Page Top

(3) WMI namespace setting

This subsection explains the procedure for setting the WMI namespace.

If the UAC security facility is enabled on the monitored host, set the WMI namespace security for the user itself or for a group to which the user belongs, except for the Users or Administrators group.

  1. From the Windows Start menu, choose Run.

  2. Enter wmimgmt.msc and then click the OK button.

    The Windows Management Infrastructure (WMI) dialog box appears.

  3. Choose WMI Control (Local), and then from the right-click menu, choose Properties.

    The WMI Control (Local) Properties dialog box appears.

  4. Choose the Security tab, and then click Root and CIMV2 to expand the tree.

  5. Click the Security button.

    The Security for ROOT\CIMV2 dialog box appears.

    Check to see if the user who connects to the monitored host or the user's group is displayed in Group or user names. If it is not displayed, click the Add button, and then add the user or the group to which the user belongs.

  6. In Group or user names, select the user who connects to the monitored host or the group to which the user belongs.

    Check to see if Allow is selected for both Enable Account and Remote Enable. If it is not selected, select it.

  7. Click the OK button.

    The Security for ROOT\CIMV2 dialog box closes, and the WMI Control (Local) Properties dialog box is displayed again.

  8. Click the OK button.

    The WMI Control (Local) Properties dialog box closes.

  9. In the Windows Management Infrastructure (WMI) dialog box, click File, and then Exit to close the dialog box.

To Page Top

(4) Setting up UAC

In the monitoring-target settings, if a user who has administrator privileges other than Administrator privileges is specified, UAC will restrict the permission and connection will be made as an ordinary user.

Consequently, access might be refused and you might not be able to collect performance data. In this case, take one of the steps below.

(a) Specifying LocalAccountTokenFilterPolicy

You can specify the following settings only when the local host is not to be monitored:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

To return to the original setting, execute the following command:

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /f

(b) Disabling UAC

Specify the following settings on the JP1/IM - Manager host and the monitored hosts.

  • Setting the UAC setting slider to Never notify

    1. Select Control Panel, User Accounts, and then Change User Account Control settings.

    2. Set the slider on the left-hand side of the User Account Control Settings window to Never notify.

  • Setting up local security policies

    1. Select Control Panel, Administrative Tools, and then Local Security Policy.

    2. Select Security Settings, Local Policies, and then Security Options.

    3. Disable User Account Control: Run all administrators in Admin Approval Mode.

To Page Top

(5) Checking WMI connections

Use the Windows tool wbemtest.exe to check whether the JP1/IM - Manager host and the host to be monitored remotely are connected.

The following procedure describes how to check WMI connections. Perform the procedure on the JP1/IM - Manager host.

  1. At the command prompt, execute the following command:

    runas /user:user-name wbemtest

    The Windows Management Instrumentation Tester dialog box appears.

    Note that for the user name, you need to enter the value specified in the User name box on the IM Host Account page in the System Common Settings window. If you are prompted to enter a password after a command is executed, specify the value set in the Password box on the IM Host Account page.

  2. Click the Connect button.

    The Connect window appears.

  3. In Namespace, User, Password, and Authority, enter the appropriate information.

    The following describes each item.

    • Namespace

      Enter \\monitored-host-name\root\cimv2.

      Replace monitored-host-name with the name of the host that will actually be monitored.

    • User

      Enter the name of the user who will log on to the monitored remote host.

    • Password

      Enter the user's password.

    • Authority

      Enter ntlmdomain:domain-name-of-monitored-host. Leave this box blank if the remote host is a work group.

  4. Click the Connect button.

    If connection is established successfully, the Connect dialog box closes and all buttons are enabled in the Windows Management Instrumentation Tester dialog box.

    If an error notification appears, check the item indicated by the error number. Causes of errors and the corresponding error numbers are given below.

    An error might occur if you change settings while the tool (wbemtest.exe) is active and then re-establish the connection. In that case, restart the tool and check the connection.

    • 0x8001011c

      DCOM is not configured on the JP1/IM - Manager host.

    • 0x80070005

      One of the following is the probable cause of the error.

      - DCOM is not configured on the JP1/IM - Manager host.

      - DCOM is not configured on the host to be monitored remotely.

      - The user name, password, or domain name for connecting to the host to be monitored remotely is incorrect.

    • 0x80041003

      No value is set in Namespace on the host to be monitored remotely.

    • 0x80041008

      The value specified in Authority does not begin with ntlmdomain:.

    • 0x800706XX

      One of the following is the probable cause of the error.

      - The name of the host to be monitored remotely is incorrect.

      - The host to be monitored remotely is not running.

      - No firewall is configured on the host to be monitored remotely

      - The password of the user who will log on to the host to be monitored remotely has expired.

  5. Confirm that there is an event log whose log type is System or Application on the host to be monitored remotely, and then click the Query button. When the Query window appears, enter the next query, and then click the Apply button.

    Select * From Win32_NTLogEvent Where ( Logfile='System' Or Logfile='Application' )

    After you click the Apply button, check whether the execution results of the query appear in the Query Result window.

To Page Top

Copyright (C) 2019, 2021, Hitachi, Ltd.

Copyright (C) 2019, 2021, Hitachi Solutions, Ltd.