Phone Lines icon GFI Support Home

Articles in this section

See more

Verifying Required Network Connectivity and Security Permissions for GFI LanGuard Operations

Author: Andriy Rybalchenko Updated

Overview

GFI LanGuard server requires the correct network settings and security permissions to be in place to perform operations on remote computers, especially when users are connecting over a VPN, working from home or remote office, in slow networks.

Even one missed requirement, wrong service account or incorrect registry key setting may lead to Access is Denied errors when deploying agents, network discovery seeing machines as offline, failed scans and patch deployments, and unaccessible shares.

Diagnosis

Computer communications in modern environments depend on correct network configuration and can be restricted by various security settings and mechanisms. Perform the following procedures to ensure that the correct network and security configurations are in place for the GFI LanGuard to work without interruptions.

NOTE: The following tests should be performed using the same account which is running the GFI Services. For Multi-Domain environments, check your permissions against the Best Practices for Setting up Account Permissions with Alternative Credentials before running the tests.

Solution

Please validate the following permissions:

Ensure That Machine Names Resolve via NSLookup

NSLookup is a command prompt utility that finds Name Server information by querying the Domain Name System (DNS).

  1. Open a command prompt on the machine where the GFI LanGuard is installed.

  2. Verify Forward DNS Lookup with the following command: NSLOOKUP client.machine.name, replacing client.machine.name with the fully qualified domain name of a client machine. This should return the IP address of that machine.

  3. Verify Reverse DNS Lookup with the following command: NSLOOKUP 8.8.8.8,  replacing 8.8.8.8 with the machine's IP address. This should return the client machine name.

2019-05-25_19-57-57.png

If either Forward or Reverse DNS lookup is not working, or LanGuard can not ping the client machine by hostname and IP address, operations will simply keep failing. Also, make sure the client machine can ping the server by both hostname and IP, with the same steps described above.

Note: NSLookup is not needed for Workgroup machines. For more information, please refer to the article Setting up a Workgroup Computer for Languard Operations

top

Remote Registry

Using the Remote Registry service, the GFI LanGuard is able to query the registry of a target computer remotely. Perform the following procedure to manually query the registry of a computer from the GFI LanGuard server.

  1. Ensure the Remote Registry service is started and set to automatic on the target computer.
  2. Log on to GFI LanGuard server using the credentials specified for the GFI services.
  3. Open the machine's registry.
  4. Go to File > Connect Network Registry.
  5. Enter the IP Address of the target machine and click on OK.
    IMPORTANT: The hostname cannot be used. Enter the IP Address of the target machine.
  6. Once connected, a new hive will appear for the target machine. Ensure you can browse to the following path:
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog

top

Administrative Shares

The administrative shares are the default network shares created by the Microsoft Windows OS (Operating System). GFI LanGuard uses administrative shares such as C$ to obtain and store information on the remote computer. Perform the following tests to ensure your administrative shares are created and the GFI LanGuard server can access them:

  1. Ensure File and Print sharing is enabled on the remote computer.
  2. Ensure that the default administrative C$ share has been created.
  3. Log on the GFI LanGuard server using the credentials specified for the GFI service.
  4. Go to Start > Run and type the following command: \\<computer_name>\C$
    NOTE: Replace the <computer_name> with the IP address or target computer name.
  5. An explorer window shows the contents of the C drive on the remote machine. Browse to the following folder:
    C$\Windows\System32
  6. Create a text file called test.txt in the location above. Once confirmed that the file has been created, you can safely remove it.

top

Event Log

Some monitoring checks and scans in GFI LanGuard require retrieving information from the Microsoft Windows Event logs remotely on a target machine.
The following checks ensure that the GFI LanGuard server can retrieve this information accordingly:

  1. Log on the GFI LanGuard server using the credentials specified for the GFI service.
  2. Go to Start > Run and type the following command: eventvwr
  3. Click Action and select Connect to another computer.
  4. Enter the name of the target machine near Another Computer and click OK.
    NOTE: Ensure you can view each of the Windows event logs of the target machine.

top

WMI (Windows Management Instrumentation)

Please check the following article to verify and troubleshoot WMI connectivity.

top

Related Articles

Was this article helpful?
2 out of 3 found this helpful

Related articles