User`s guide

ManualsBrandsVMware ManualsOtherVCENTER APPLICATION DISCOVERY MANAGER 6.1 - REPOSITORY

Table Of Contents

Application Discovery Manager User’s Guide

VMware, Inc. 41

Chapter 5 Discovery

WMI Deployment Recommendations

FollowingaretheWMIdeploymentrecommendations.

Creating a User for WMI Detail Discovery

UsingWMItoqueryremotehostsfortheirconfigurationdetailsrequiresappropriateprivileges,asdescribed

next.Toeasilymanagetheseprivileges,itisrecommendedtouseaseparatedomainuserforthispurpose.

Therefore,thefirststepindeployingWMIDetailDiscoveryistocreate

adomainuseraccount.Thisuser

shouldnothaveanyspecialadministrativeprivileges.Infact,thereisnoreasonforittobelongtoanygroups

atall.

Intheeventthatalocaladministratoruserisusedinsteadofaspeciallycreateduser,itisimportantthat

DCOMconfigurationallows

remoteaccessandlaunchforadministratorusers.Troubleshootingtipsregarding

WMIandDCOMpermissionsisfoundinthearticleat:

http://blogs.technet.com/askperf/archive/2007/08/14/wmi-troubleshooting-permissions.aspx

YouneedtocreateaprofileandtemporaryfolderonallmachineswhereDetailDiscoveryistobeperformed

byloggingintothosemachines.

Ifalocaluserisusedratherthanadomainuser,followtheinstructionsin“ConfiguringtheWindowsTelnet

server”onpage 44regardinglocalsecuritypolicy

settings.

Firewall Settings

WMIqueriesinvolvetheMicrosoftRPCnetworkprotocol,whichusesdynamicallyassignedportsonthe

serversideandmightresultinfirewall‐relatedproblems.Toavoidfirewallproblems,youcandeploythe

Collectorapplianceinthesamenetworkasthemanagedhostswithoutafirewallbetweenthem.

Ifyour

environmentrequiresafirewallbetweentheAggregatorapplianceandtheCollectorappliance,

configureittoallowRPCtraffic.Thisisdoneintwostages:

1ConfigurethemanagedhoststouseanarrowrangeofdynamicportsfortheirRPC.Formore

information,gotohttp://support.microsoft.com/kb/154596

2Inthefirewallsettings,openTCP

port135(theportforRPCServiceControlManager)foraccessbythe

Collectorappliance.

Disabling Internal Firewall for Windows XP Service Pack 2

Theinternalfirewallshouldbeturnedofforpartiallydisabledtoallowdirectconnectiontothelocalnetwork.

To change the firewall configuration

1GotoControlPanel>SecurityCenter>WindowsFirewall.

2Tofullydisablethefirewall,in

theGeneraltab,selectOff.

3IfyouwanttoleavethefirewallenabledbutstillallowRPC/DCOMcommunication,selectOninthe

Generaltab,andintheAdvancedtab,clearlocalnetwork.

Setting DCOM Privileges

Inthefollowingsteps,itisassumedthatthedomainnameisMYDOMAINandthattheuserused

forWMI

DetailDiscoveryandthatdomainisnamedDOMAINUSER.

SinceWMIaccesstoaWindowshostinvolv esDCOMtechnology,theDOMAINUSERneedstobeallowedto

performDCOMoperationsoneachmanagedhost.ThisisalreadythedefaultsettinginmostWindowsservers

(Windows2000and2003serverfamilies),butnotinWindowsXPorinserversthathadtheir

defaultschanged.

IMPORTANTWindowsXPwithServicePack2hasabuilt‐ininternalfirewallthatmightblockincoming

RPC/DCOMrequests.