Hitachi

JP1 Version 12 JP1/Performance Management - Remote Monitor for Platform Description, User's Guide and Reference

3.1.5 WMI connection setting method (when both the PFM - RM host and the monitored host are running Windows)

This subsection explains how to set up the WMI connection settings necessary for collecting performance data from a monitored host running Windows.

To connect WMI, settings for the following are required:

When you have finished making the settings, check that you can connect from the PFM - RM host to the monitored hosts.

Notes about WMI connection setting

  • Data cannot be collected when Disabled is set as the startup type of the Windows Management Instrumentation service (service name: WinMgmt) that provides system administration information for the OS of a monitored host.

  • The type of records that can be collected differs according to the account type. For details about various account types and whether records can be collected, see 3.1.1(5)(a) Setting the user accounts.

Organization of this subsection

(1) DCOM setting

This subsection describes how to set DCOM at the PFM - RM host and the monitored hosts.

(a) Setting at the PFM - RM host

Set DCOM at the PFM - RM host.

To set DCOM:

  1. From the Windows Start menu, choose Run.

  2. Enter dcomcnfg.exe, and then click the OK button.

    The Component Services window appears.

  3. Click Component Services and Computers to expand the tree.

  4. Choose My Computer, and then from the right-click menu, choose Properties.

    The My Computer Properties dialog box appears.

  5. Choose the Default Properties tab, and then select Enable Distributed COM on this computer.

  6. Click the OK button.

    The My Computer Properties dialog box closes.

  7. Restart the machine.

    This step is not needed if you have not changed the setting of Enable Distributed COM on this computer.

(b) Setting at a monitored host

Set DCOM at each monitored host.

If the UAC security facility is enabled, set DCOM for the user itself or for a group to which the user belongs, except for the Users or Administrators group.

To set DCOM:

  1. From the Windows Start menu, choose Run.

  2. Enter dcomcnfg.exe, and then click the OK button.

    The Component Services dialog box appears.

  3. Click Component Services and Computers to expand the tree.

  4. Choose My Computer, and then from the right-click menu, choose Properties.

    The My Computer Properties dialog box appears.

  5. Choose the Default Properties tab, and then select Enable Distributed COM on this computer.

  6. Choose the COM Security tab, and then click the Edit Limits button for Access Permissions.

    The Access Permission dialog box appears.

    Check to see if the user who connects to the monitored host or the group to which the user belongs is displayed in Group or user names.

    If it is not displayed, click the Add button, and then add the user or the group to which the user belongs.

  7. In Group or user names, select the user who connects to the monitored host or the user's group.

    Check to see if Allow is selected in Remote Access. If this option is not selected, select it.

  8. Click the OK button.

    The Access Permission dialog box closes.

  9. Choose the COM Security tab, and then click the Edit Limits button for Launch and Activation Permissions.

    The Launch Permission dialog box appears.

    Check to see if the user who connects to the monitored host or the group to which the user belongs is displayed in Group or user names.

    If it is not displayed, click the Add button, and then add the user or the group to which the user belongs.

  10. In Group or user names, select the user who connects to the monitored host or the user's group.

    Check to see if Allow is selected for both Remote Launch and Remote Activation. If it is not selected, select it.

  11. Click the OK button.

    The Launch Permission dialog box closes and the My Computer Properties dialog box is displayed again.

  12. Click the OK button.

    The My Computer Properties dialog box closes.

  13. Restart the machine.

    This step is not needed if you have not changed the setting of Enable Distributed COM on this computer.

To Page Top

(2) Firewall setting

The setting to pass through the port for WMI is required when a Windows firewall is enabled.

For details about the port number used by WMI, see E. List of Port Numbers.

To determine if the firewall setting is enabled or disabled, from the Windows Start menu, choose Control Panel, and then Windows Firewall#.

#

If the OS is Windows Server 2019, Windows Defender Firewall is displayed instead.

To Page Top

(3) WMI namespace setting

This subsection explains the procedure for setting the WMI namespace.

If the UAC security facility is enabled, set the WMI namespace security for the user itself or for a group to which the user belongs, except for the Users or Administrators group.

To set the WMI namespace security:

  1. From the Windows Start menu, choose Run.

  2. Enter wmimgmt.msc, and then click the OK button.

    The Windows Management Infrastructure (WMI) dialog box appears.

  3. Choose WMI Control (Local), and then from the right-click menu, choose Properties.

    The WMI Control (Local) Properties dialog box appears.

  4. Choose the Security tab, and then click Root and CIMV2 to expand the tree.

  5. Click the Security button.

    The Security for ROOT\CIMV2 dialog box appears.

    Check to see if the user who connects to the monitored host or the user's group is displayed in Group or user names. If it is not displayed, click the Add button, and then add the user or the group to which the user belongs.

  6. In Group or user names, select the user who connects to the monitored host or the group to which the user belongs.

    Check to see if Allow is selected for both Enable Account and Remote Enable. If it is not selected, select it.

  7. Click the OK button.

    The Security for ROOT\CIMV2 dialog box closes, and the WMI Control (Local) Properties dialog box is displayed again.

  8. Click the OK button.

    The WMI Control (Local) Properties dialog box closes.

  9. In the Windows Management Infrastructure (WMI) dialog box, click File, and then Exit to close the dialog box.

To Page Top

(4) Setting up UAC

If you specify a local user who has Administrator permissions (except for the Administrator user who is created during OS installation) as the user in monitoring target setting, UAC will restrict the permission and connection will be made as an ordinary user. Consequently, access might be refused and you might not be able to collect performance data. In this case, take one of the steps below.

(a) Specifying LocalAccountTokenFilterPolicy

You can specify the following settings only when the local host is not to be monitored:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

To return to the original setting, execute the following command:

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /f

(b) Disabling UAC

Specify the following settings on the PFM - RM host and the monitored hosts.

  • Setting the UAC setting slider to Never notify

    1. Select Control Panel, User Accounts, and then Change User Account Control settings.

    2. Set the slider on the left-hand side of the User Account Control Settings window to Never notify.

  • Setting up local security policies

    1. Select Control Panel, Administrative Tools, and then Local Security Policy.

    2. Select Security Settings, Local Policies, and then Security Options.

    3. Disable User Account Control: Run all administrators in Admin Approval Mode.

To Page Top

(5) Checking the WMI connection

Use the wbemtest.exe Windows tool to check whether the PFM - RM host and a monitored host are connected. Perform this procedure at the PFM - RM host.

To check the WMI connection:

  1. At the command prompt, execute the following command:

    runas /user:user-name wbemtest

    The Windows Management Instrumentation Tester dialog box appears.

    For the user name, specify the values for RMHost_User and RMHost_Domain. If re-entry of the password is requested after the command executes, specify the value of RMHost_Password.

    For details about RMHost_User, RMHost_Domain, and RMHost_Password, see Table 3-9 Instance environment setting items and values for PFM - RM for Platform (for Windows).

    To use common account information, specify the respective values that are specified in User, Domain, and Password in the common account information (pfmhost) for the instance environment.

  2. Click the Connect button.

    The Connect dialog box appears.

  3. In Namespace, User, Password, and Authority, enter the appropriate information.

    If the WMI connection target is the local host, there is no need to enter values in User, Password, or Authority. If you enter values in these items, an error occurs and you will not be able to connect.

    To execute the tool (wbemtest.exe) on the local host, click the Connect button without entering values in User, Password, or Authority.

    The following describes each item.

    • Namespace

      Enter \\monitored-host-name\root\cimv2. For the name of the monitored host, specify the value of Target Host.

    • User

      Enter the user name used to log on to the monitored host. For the user name, specify the value of User. To use common account information, specify the value that is specified in User in the common account information (wmi).

    • Password

      Enter the user's password. For the user's password, specify the value of Password. To use common account information, specify the value that is specified in Password in the common account information (wmi).

    • Authority

      Enter ntlmdomain:domain-name-of-monitored-host. If the monitored host is a workgroup, leave this field blank. For the domain name of the monitored host or the monitored host name, specify the value of Domain. To use common account information, specify the value that is specified in Domain in the common account information (wmi).

    For details about Target Host, User, Password, and Domain, see Table 3-16 Setting items and values for a monitored host in PFM - RM for Platform.

  4. Click the Connect button.

    If connection is established successfully, the Connect dialog box closes and all buttons are enabled in the Windows Management Instrumentation Tester dialog box.

    If an error dialog box is displayed, check the settings based on the error number. The error numbers and causes are described below.

    Note that if you change the settings while running the wbemtest.exe tool, and then attempt to re-establish connection, an error might result. In such a case, restart the tool, and then check the connection.

    • 0x8001011c

      DCOM is not set at the PFM - RM host.

    • 0x80070005

      Possible cause of the error is one of the following:

      • DCOM is not set at the PFM - RM host.

      • DCOM is not set at the monitored host.

      • The user name, password, or domain name used to connect to the monitored host is invalid.

    • 0x80041003

      At the monitored host, Namespace is not selected for WMI.

    • 0x80041008

      The value specified in Authority does not begin with ntlmdomain:.

    • 0x800706xx

      Possible cause of the error is one of the following:

      • The monitored host name is invalid.

      • The monitored host is not running.

      • The firewall was not set up at the monitored host.

      • The password for the user who logs on to the monitored host has expired.

  5. Click the Enum Instances button.

    The Class Info dialog box appears.

  6. To monitor processes, enter Win32_Service in Enter superclass name, or enter Win32_PerfRawData_PerfOS_System in all other cases, and then click the OK button.

    The Query Result dialog box appears.

    If you enter Win32_Service in Enter superclass name

    Check to see if objects are displayed in the list. If an error dialog box is displayed, the user name used to connect to the monitored host might not be a member of the Administrators group.

    If you enter Win32_PerfRawData_PerfOS_System in Enter superclass name

    Check to see if Win32_PerfRawData_PerfOS_System=@ is displayed in the list. If an error dialog box is displayed or this value is not displayed in the list, the user who connects to the monitored host might not be a member of the Administrators, Performance Log Users, or Performance Monitor Users group.

    Note that if you change the settings while running the wbemtest.exe tool, and then attempt to re-execute enumeration of instances, an error might result. In such a case, restart the tool, and then re-check the connection.

For details about PFM - Manager startup, see the chapter that describes startup and termination of Performance Management in the JP1/Performance Management User's Guide.

To Page Top

Copyright (C) 2019, 2020, Hitachi, Ltd.

Copyright (C) 2019, 2020, Hitachi Solutions, Ltd.