17.40 jdnrnetctrl (controlling network access)
Functionality
This command controls network access of devices by updating the network control list of the management server.
Messages generated while this command is running are written into the network control command message file. For details about the causes and actions concerning the output messages, see the JP1/IT Desktop Management 2 Messages.
Format
jdnrnetctrl -action {allow|deny}{ -hostname host-name| -ip IP-address| -hostname host-name -ip IP-address| -controlfile network-connection-control-file}[ -matchoption {exact|forward}] -settingfile network-control-command-configuration-file
Arguments
- -action {allow|deny}
-
Specify whether to allow the network access of the device.
allow: Allows the network access of the device.
deny: Does not allow the network access of the device.
- -hostname host-name
-
Specify the host name of a device whose network access you want to control. When this argument is combined with -ip, the system finds a device that has the specified host name and the specified IP address to control network access.
- -ip IP-address
-
Specify the IP address of a device whose network access you want to control. When this argument is combined with -hostname, the system finds a device that has the specified host name and the specified IP address to control network access.
- -controlfile network-connection-control-file
-
Specify the absolute path of a CSV file (network connection control file) that contains the device information of network-connected devices.
- -matchoption {exact|forward}
-
Specify how to match the specified host name to a host name of the device managed in JP1/IT Desktop Management 2.
exact (default): The system controls the network access of a device managed in JP1/IT Desktop Management 2 when its host name exactly matches the host name specified with the command.
forward: If the host name specified with the command is not an FQDN, the system controls the network access of a device managed in JP1/IT Desktop Management 2 when the device's host name part matches the host name specified with the command. If the host name specified with the command is an FQDN, the system controls the network access of a device managed in JP1/IT Desktop Management 2 when the device's host name exactly matches the host name specified with the command. We recommend that you specify this option value when there is a device that joins a domain group.
- -settingfile network-control-command-configuration-file
-
Specify the absolute path of the network control command configuration file (ini file).
Storage location
- Executing this command in an environment other than that of the management server
-
Store the files listed below in any folder located in the environment in which you are going to execute this command, and then execute the command.
JP1/IT Desktop Management 2-installation-folder\mgr\remote\
jdnrnetctrl.exe
jdnrnetctrl.ini
- Executing this command on the management server
-
JP1/IT Desktop Management 2-installation-folder\mgr\bin\
You can execute this command without specifying the storage location for the executable file, by using the command prompt provided by JP1/IT Desktop Management 2.
Edit the network control command configuration file shown below. Specify this as the argument of the command.
JP1/IT Desktop Management 2-installation-folder\mgr\conf\jdnrnetctrl.ini
Format of the network connection control file
The following table describes the specifications of the network connection control file:
Item |
Description |
---|---|
File format |
Comma-separated values (CSV) file |
Encoding |
UTF-8 (without BOM) |
The following table describes the format of the network connection control file:
Row |
Field |
Required or optional |
Description |
Acceptable value |
---|---|---|---|---|
1 |
Host name |
At least, either the host name or the IP address must be specified. |
Host name |
A character string of 1 to 256 characters |
2 |
IP address |
IP address (IPv4) |
A character string in the format xxx.xxx.xxx.xxx xxx: A number from 0 to 255 |
The following example shows lines of code in the network connection control file:
Host-A
,192.168.1.2
Host-C,192.168.1.3
Format of the network control command configuration file
The following table describes the format of the network control command configuration file:
Section |
Key |
Value |
Default value |
Acceptable value |
---|---|---|---|---|
settings |
host |
The host name or IP address of a management server |
Blank |
A character string of 1 to 256 characters |
port |
The connection port number on the management server |
31080 |
A number from 2 to 49,151 |
|
user |
The ID of the JP1/IT Desktop Management 2 user who can execute the command |
Blank |
A character string of 1 to 64 characters |
|
pass |
The password of the JP1/IT Desktop Management 2 user ID# |
Blank |
A character string of 1 to 32 characters |
|
sys |
A property for the internal process of JP1/IT Desktop Management 2 (not editable) |
Blank |
None |
#: When the command is executed and the user authentication succeeds on the management server, pass becomes empty. To set the password again, set a character string for pass.
The following example shows lines of code in the network control command configuration file:
[settings]
host=SERVER-A
port=31080
user=userA
pass=password01
sys=
Output format of the network control command message file
The following table describes the specifications of the network control command message file:
File name |
Output folder |
Number of retained files |
Size |
---|---|---|---|
jdnrnetctrlCn.log (n:1 to 2) |
folder-containing-the-jdnrnetctrl-command\log, or JP1/IT Desktop Management 2-Manager-installation-folder\mgr\log |
2 |
1 MB |
The following shows the output format of the network control command message file:
date time process-ID message-ID message-text CRLF (end of line)
Notes
-
Execute this command when the management server setup is completed and the management server is running.
-
This command cannot be simultaneously executed by multiple users.
-
A remote server cannot connect to a management server via a proxy server.
-
You must note points listed below on the execution user specified with the command:
-
Notes when users are managed without using JP1/Base:
-
The user authentication fails if the command is executed with the initial password that was set when the user was created in the operation window of JP1/IT Desktop Management 2. You must execute the command with the new password that was reset when the user logged in to JP1/IT Desktop Management 2 for the first time.
-
The command can be executed even after the password expires.
-
When you change the password of the user, you must also edit the network control command configuration file to specify the new password.
-
-
Notes when users are managed using JP1/Base:
-
Set the linked directory server, taking care not to cause the password to expire.
-
When you change the password of the user, you must also edit the network control command configuration file to specify the new password.
-
-
-
You must note the following points when configuring the command:
-
If you change the host name, IP address, or port number of the management server you want to interact with, reconfigure the network control command.
-
If you are executing the command in an environment other than that of the management server, set up the firewall and the communication environment so that the device can communicate with the management server by using the connection information set with the network control command.
-
-
You must note the following point regarding the device information to be specified with the command:
-
In a DHCP environment, set a host name rather than IP address as the command argument that specifies the device to which to apply network access control.
-
Return value
The following table shows the return values of the jdnrnetctrl command:
Return value |
Description |
---|---|
0 |
The command finished normally. |
1 |
The command finished normally. However, an invalid line is found in the specified network connection control file. |
11 |
The format for specifying the command arguments is invalid. |
21 |
Failed to connect to the management server. |
22 |
Authentication failed on the management server. |
31 |
Another command (or another network control command) is being executed. |
51 |
You do not have the permissions to execute this command. |
150 |
The command execution failed. |
Example
The following example shows how to configure this command when you want to execute the network control command on the management server set in C:\temp\jdnrnetctrl.ini and block the network access of the device whose host name is hostname001.
jdnrnetctrl -action deny -hostname hostname001 -settingfile C:\temp\jdnrnetctrl.ini
Collecting troubleshooting information
When you execute the network control command, you might encounter a problem with an unknown cause or unresolved issues. In this case, you need to collect troubleshooting information to make inquiries to the support service. If you have executed the network control command in an environment other than that of the management server, you need to collect troubleshooting information from both the management server and the environment (computer) in which you have executed the command.
The procedure below describes how to collect troubleshooting information from the environment (computer) in which you have executed the command. You must have Administrator permission to carry out this procedure.
-
Open the command prompt and move to the folder in which the network control command is stored.
-
Create a troubleshoot folder, and then move to the created folder.
mkdir troubleshoot
cd troubleshoot
-
Execute the commands for collecting troubleshooting information.
Execute the commands shown below. If a system information dialog box appears, do not click the Cancel button. Instead, wait until the dialog box closes.
systeminfo > systeminfo.txt
netstat -a > netstat_a.txt
netstat -nr > netstat_nr.txt
netstat -no > netstat_no.txt
ipconfig -all > ipconfig.txt
wevtutil qe Application /f:text /rd:true > event.txt
wevtutil qe Security /f:text /rd:true >> event.txt
wevtutil qe System /f:text /rd:true >> event.txt
tasklist /V > tasklist.txt
sc query > service.txt
msinfo32.exe /report msinfo32.txt
-
Close the command prompt.
You will find the folders shown below under the folder in which the network control command is stored. These folders contain troubleshooting information. After making inquiries to the support service, delete the troubleshoot folder.
-
troubleshoot
-
log
To collect troubleshooting information from the management server, execute the getlogs command.
If you have executed the network control command stored in the JP1/IT Desktop Management 2-installation-folder\mgr\bin folder on the management server, information collected by the getlogs command contains troubleshooting information for the command as well. On the other hand, if you have executed a network control command that is stored in a location other than the JP1/IT Desktop Management 2-installation-folder\mgr\bin folder, collect also the log folder located under the folder in which the network control command is stored as the troubleshooting information.
Related Topics: