6.1

ManualsBrandsVMware ManualsApplicationsvCenter Application Discovery Manager

Table Of Contents

Application Discovery Manager User’s Guide

VMware, Inc. 41

Chapter 5 Discovery

WMI Deployment Recommendations

Creating a User for WMI Detail Discovery

UsingWMItoqueryremotehostsfortheirconfigurationdetailsrequiresappropriateprivileges,asdescribed

next.Toeasilymanagetheseprivileges,itisrecommendedtouseaseparatedomainuserforthispurpose.

Therefore,thefirststepindeployingWMIDetailDiscoveryistocreateadomainuseraccount.This

user

shouldnothaveanyspecialadministrativeprivileges.Infact,thereisnoreasonforittobelongtoanygroups

atall.

Intheeventthatalocaladministratoruserisusedinsteadofaspeciallycreateduser,itisimportantthat

DCOMconfigurationallowsremoteaccessandlaunchfor

administratorusers.Troubleshootingtipsregarding

WMIandDCOMpermissionsisfoundinthearticleat:

http://blogs.technet.com/askperf/archive/2007/08/14/wmi-troubleshooting-permissions.aspx

YouneedtocreateaprofileandtemporaryfolderonallmachineswhereDetailDiscoveryistobeperformed

byloggingintothosemachines.

Ifalocaluserisusedratherthanadomainuser,followtheinstructionsin“ConfiguringtheWindowsTelnet

server”onpage 44regardinglocalsecuritypolicy

settings.

Firewall Settings

WMIqueriesinvolvetheMicrosoftRPCnetworkprotocolthatusesdynamically‐assignedportsontheserver

side,andisthereforequitefirewall‐unfriendly.Toavoidfirewalltrouble,itisrecommendedtodeploythe

DetailDiscovery,Collectorapplianceinthesamenetworkasthemanagedhostswithoutafirewallbetween

them.

IftheremustbeafirewallbetweentheManagement,AggregatorapplianceandtheDetailDiscovery,Collector

appliance,itshouldbeconfiguredtoallowRPCtraffic.Thisisdoneintwostages:

1ConfigurethemanagedhoststouseanarrowrangeofdynamicportsfortheirRPC.ThefollowingURLs

provide

furtherinformation:

http://msdn2.microsoft.com/en-us/library/ms809327

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewal

l.asp

2Inthefirewallsettings,openTCPport135(theRPCServiceControlManagerport),inadditiontothefull

rangeofRPCportsspecifiedinStep 1,foraccessbytheDetailDiscovery,Collectorappliance.

Disabling Internal Firewall for Windows XP Service Pack 2

Theinternalfirewallshouldbeturnedofforpartiallydisabledtoallowdirectconnectiontothe

localnetwork.

To change the firewall configuration

1GotoControlPanel>SecurityCenter>WindowsFirewall.

2Tofullydisablethefirewall,intheGeneraltab,selectOff.

3IfyouwanttoleavethefirewallenabledbutstillallowRPC/DCOMcommunication,selectOninthe

Generaltab,andintheAdvancedtab,clearlocal

network.

Setting DCOM Privileges

Inthefollowingsteps,itisassumedthatthedomainnameisMYDOMAINandthattheuserusedforWMI

DetailDiscoveryandthatdomainisnamedDOMAINUSER.

SinceWMIaccesstoaWindowshostinvolvesDCOMtechnology,theDOMAINUSERneedstobeallowedto

performDCOMoperationsoneachmanagedhost.ThisisalreadythedefaultsettinginmostWindowsservers

(Windows2000and2003serverfamilies),butnotinWindowsXPorinserversthathadtheir

defaultschanged.

MPORTANTWindowsXPwithServicePack2hasabuilt‐ininternalfirewallthatmightblockincoming

RPC/DCOMrequests.