GEDC or SEE DC Management Console Fails to Update Policy or Collect Logs

Article:TECH151905  |  Created: 2007-05-25  |  Updated: 2012-06-14  |  Article URL http://www.symantec.com/docs/TECH151905
Article Type
Technical Solution


Issue



GEDC/SEEDC Management Console Fails to Update Policy or Collect Logs


Solution



Description

Sending out WMI commands from GEDC/SEE DC Management Console for updating policies or collecting logs from clients fails.

Probable Cause

When trying to either collect logs or update policy through the Management Console, WMI ports have to be open for the command to go through. There are three different types of cases where the WMI functionality will be blocked.

Troubleshooting

Failed to connect to WMI scope
1) "Access Denied" message is given in the Management Console.
2) "The service cannot be started" message is given in the Management Console.
3) "RPC server is unavailable" message is given in the Management Console.

Resolution

1) Make sure the user you are performing the scan with has local admin privileges on the remote machine.
2) Make sure the WMI service is started and set to automatic on the remote machine.
3) Make sure WMI ports are open on the remote machine. If Windows Firewall is running, make sure ?Remote Administration? is allowed (either in the Domain policy or the Local policy).

Local Policy-
1) Click Start, click Run, type gpedit.msc, and then click OK.
2) Under Console Root, expand Computer Configuration, expand Administrative Templates, expand Network, expand Network Connections, expand Windows Firewall, and then click Domain Profile.
3) Right-click Windows Firewall: Allow remote administration exception, and then click Properties.
4) Click Enabled, and then click OK.

Domain Policy -
1) Create new GPO in active directory or use current linked GPO, and edit it.
2) Under Computer Configuration, expand Administrative Templates, expand Network, expand Network Connections, expand Windows Firewall, and then click Domain Profile.
3) Right-click Windows Firewall: Allow remote administration exception, and then click Properties.
4) Click Enabled, and then click OK.

GPupdate /force from client machine (XP) and retry WMI commands from GEDC Management Console



Legacy ID



2022


Article URL http://www.symantec.com/docs/TECH151905


Terms of use for this information are found in Legal Notices