Video Screencast Help

Remote Symantec Management Agent Diagnostics

Created: 30 Jul 2013 • Updated: 25 Oct 2013 | 6 comments
DerekEngel's picture
+2 2 Votes
Login to vote

 

This utility gives the Symantec administrator the ability to view diagnostic data on a remote managed endpoint from the comfort of their computer.  Please take some time to review the utilities features and the the prerequisites.  This utility is not an official Symantec endorsed utility.

MainDataScreen.png

Utility prerequisites:

With the exception of the Symantec Management Agent requirement, the following requirements are for running the utility only.  The endpoint you plan on connecting to does not need to meet these requirements.

PreReq1.png

Utility Features:

Features1.png

Directions:

Download the attached .ZIP file to a location on your computer.

Extract the ZIP file and run the MSI to install the utility. 

Launch the utility from Start > All Programs > Remote Symantec Agent Diagnostics Utility

Enter computer name or IP Address and click on the Add button.

Right click on the computer to bring up the actionable items list.

Important Things To Know:

When you first launch the Remote Symantec Agent Diagnostics utility, it will create a text file called computers.txt.  This text file is used to store recently used computers.

The following features require that the remote computer be configured for PowerShell remoting. http://technet.microsoft.com/en-us/library/hh849694.aspx

  • Retrieve Agent Details
  • Update Configuration
  • Send Basic Inventory
  • Execute SWD
  • Enable Verbose Logging
  • Disable Verbose Logging
  • Set NSE Capture Folder
  • Disable NSE Capture Folder

When you click on any of the above listed features, the program will check that remoting is enabled on the selected computer.  If not, it will make two attempts to enable PSRemoting.  The following is what will be attempted:

Enable-PSRemoting First Attempt:

Create a scheduled task on the remote computer called EnablePSRemote.  This scheduled tasks runs powershell.exe, passing the command “enable-psremoting –force”.

  • Execute scheduled task
  • Delete scheduled task.
  • Pause for 20 seconds.
  • Verify first attempt was successful

Enable-PSRemoting Second Attempt:

If verification for the first attempt fails, the following five steps will be done:

  1. Configure remote computer’s WinRM service to listen for WinRM requests by creating one registry key on the remote computer.
    • Create registry key:  "SOFTWARE\Policies\Microsoft\Windows\WinRM\Service"
    • Create two DWORD values and two String values as follows:
      • DWORD Name = "AllowAutoConfig"
      • DWORD Value = "0x1"
      • String Name = "IPv4Filter"
      • String Value = “*”
      • String Name = “IPv6Filter”
      • String Value = "*"
  2. Change the startup type of the WinRM service to automatic.
  3. Restarts the WinRM service.
  4. Configure remote computer's firewall by setting one registry key.
    • Create registry key:  "SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules"
      • String Name = “WINRM-HTTP-In-TCP”
      • String Value = “v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=5985|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30267|”
      • String Name = “WINRM-HTTP-In-TCP-PUBLIC”
      • String Value = “v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30267|”
  5. Restarts Windows Firewall

Please feel free to leave feedback or request any features you might like to see.

Comments 6 CommentsJump to latest comment

JeanWilson's picture

This is awesome, i will try it out and give feedback

-1
Login to vote
DerekEngel's picture

Release History:

Version 3.0.0:

  • Initial release

Version 3.0.1:

  • Added Reset Guid functionality

Version 3.0.2:

  • Added the ability to view task agent history and task agent status.
-1
Login to vote
burndtjammer's picture

What features does this add over RAADv2? What features arent included?

-1
Login to vote
DerekEngel's picture

RAADv2 is an actual program.  If RAADv2 works for you, I would probably continue to use that.  Maybe use this utility in conjunction with RAADv2 if you like.

This utility utilizes PowerShell scripts "under the hood"  I present a GUI front end to the end user.  

RAADv2 offers more features than this utility does.  If there is something you would like to see in this utility, let me know and I'll try to add it.

-1
Login to vote
steinb's picture

I am not the familar with PowerShell. I installed WMF 3.0 that includes PowerShell. I can start a Windows PowerShell console. I have Microsoft .Net Framework 4.5.1 installed. When I try to install RSADU, I get This application requires PowerShell V3. Please install WinRM 3.0, then run this installer again.

I googled and can not find WinRM 3.0 anywhere.

Is there something I need to configure?

0
Login to vote
DerekEngel's picture

I wonder if your install for Windows Management Framework failed?  I believe that WinRM 3.0 is Windows Management Framework.

What operating system is your endpoint running?

If it's Windows 7, please do this.  Click on Start, Run.  In the dialogue box type in powershell.  You should see Windows PowerShell listed.  Click on it.  When powershell opens, type in the following command:  $psversiontable

What does it say for PSVersion?  It should say 3.0.

0
Login to vote