External resources

These links are only provided as reference. All modifications to the system, including modifying the registry is done at your own risk.

"How to restrict access to the registry from a remote computer"

http://support.microsoft.com/kb/153183/en-us

"Removing the Everyone Group from Group Policies in the Remote Registry Services Permanently Removes All Access"

http://support.microsoft.com/kb/281641/en-us

"A custom program that uses the RegConnectRegistry function can no longer access the registry of a remote computer in Windows Server 2003 with Service Pack 1 or in an x64- based version of Windows Server 2003"

http://support.microsoft.com/kb/906570

"Controlling remote Performance Monitor access to Windows NT servers"

http://support.microsoft.com/kb/164018/EN-US/

"Troubleshooting Performance Monitor Counter Problems"

http://support.microsoft.com/kb/152513/en-us

"Unable to complete the operation on <event log>. Access is denied." error message when you try to access a log on a Windows Server 2003-based computer"

http://support.microsoft.com/kb/888189/en-us

Error message when you try to make a remote connection to the registry of a Windows- based computer from a Windows Server 2003 SP1-based computer: "Access denied"

http://support.microsoft.com/kb/913327/en-us

5.15.6 Troubleshooting

This chapter describes how to troubleshoot some common problems related to Windows authentication.

5.15.6.1 Access denied

Either spontaneous errors or a permanent error when monitoring an object.

"Access denied." Cause

Access to the monitored object is denied. This can be caused by an authentication failure or that the monitored object is to busy serving new requests.

Resolution/workarounds

Make sure that the monitoring account has access rights to the monitored object. In most cases this error is caused by the INM monitoring account not being an administrator on the monitored object.

Increase the test interval of the monitor.

Use the Alarm filtering features in the monitor to filter out non-threshold errors.

Firewall restrictions prevents INM from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object.

5.15.6.2 Credential conflicts

Monitors are randomly entering alarm state with credential conflicts as the error message.

”Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.”

Cause

Using more than one account to monitor the object, this includes individual objects pointing to the same address.

Resolution/workarounds

Make sure only one account is used to access the monitored object from the INM host. 5.15.6.3 Network path can not be found

Either spontaneous errors or permanent error when monitoring an object.

"The network path was not found." Cause

The network path could not be found or accessed because of firewall restrictions, name resolution error or a network error.

Resolution/workarounds

DNS server is overloaded and can not translate the object address, try entering the IP number as the object address.

Firewall restrictions prevents INM from accessing the monitored object. This error can be resolved by unblocking port 445 to the monitored object.

make sure that the share is available. If you want to directly monitor a disk rather than a share, use the default share name of the disk (e.g. C$) instead of the volume name (e.g. C:).

5.15.6.4 Performance related issues with monitored object

Spontaneous errors occurs during specific times during the day or other patterns, such as when backup starts or large queries run in a database on the monitored object.

Cause

The monitored object can be unable to complete requests from INM since its busy performing other tasks. It can also be network bandwidth related, for example monitoring objects over an VPN connection can severely degrade network performance and latency. The error

messages can vary but most commonly they are all related to RPC failures.

Resolution/workarounds

Lower the test frequency to 300 seconds

Set the Alarm generation value to at least 5 to filter out false positives

Use the Alarm filtering features in the monitor to filter out non-threshold errors.

If low network bandwidth or high network latency is a factor INM DE can be used to place an gateway closer to the monitored object. A gateway uses only a fraction of the network bandwidth that a normal test would do.

5.15.6.5 Remote session limit

INM is refused access to the monitored object seemingly random with the error text:

”An attempt was made to establish a session to a network server, but there are already too many sessions established to that server”

Cause

Each server or workstation supports a maximum number of authenticated connections. An authenticated connection is considered as one connection from one machine to another, where the connection is associated with a set of credentials.

If the maximum number of connections already are filled the next connection request will be blocked.

Resolution/workarounds

Review the max connection threads that can be used by the lan manager server and if possible, extend the limit.

Use the Alarm filtering features in the monitor to filter out non-threshold errors. 5.15.6.6 The RPC server is unavailable

Errors occurring either randomly or all the time with the following error text.

"The RPC server is unavailable" Cause

machine is either stopped or is experience problems accepting new connections.

Resolution/workarounds

Restart the remote registry service of the monitored object.

Review the objects overall performance, the object might be too busy to serve more connections.

Use the Alarm filtering features in the monitor to filter out non-threshold errors.

Check the DNS entry for the monitored object, confirm that both a forward and reverse zone entry exists.