RSA enVision^® Discussions

AlexeyK · ‎2013-01-07

Hi everyone,

I cannot find a reason, why added device (windows server) is not discovering.

Where can i find any docs to know what happens when new device is added?

Which ports should be opened, which rights should be have account (we are using agentless way).

Thanks in advance.

(i hope you can understand what i described above)

SatyaSandeepkum · ‎2013-01-07

Hello Aleksey,

1^st and basic one make sure the windows firewall is not blocking the connections.

2^nd - permission. Windows version devices are been used (2k3 or 2k8) .?

Regards,

Sandeep.

AlexeyK · ‎2013-01-07

Hi SandeepBoddapu,

Thank you fast answer,

of course we should check 1st and 2nd points, but for investigating problem the better way to know how it works. I cannot just check firewall because it is job for network team, i cannot just check permission on windows server because it is job for windows op team and etc. And in that case we need a docs where step by step will be described how discovery mechanism works. (then i can create ticket to check ports to network team)

SatyaSandeepkum · ‎2013-01-07

Hey Aleksey,

If you want to know the cause why added device is not discovering you will need network team support.

Want to know how it works, it’s simple!

Windows Agentless use very simple method to grab logs. It needs a User with read only permission toevent viewer.

Agentless uses these credentials to read logs from Event viewer and doesn’t need any other type of windows services or access to grab.

Thanks

Sandeep.

RSAAdmin · ‎2013-01-08

Hi aleksey,

Well, all the answers to your questions are in the enVision help. If you click on "?" on the top and search for the keyword, you'll get them.

here are a few things I know about agentless:

1. You need to open TCP 135, 137 and 445 from enVision to Windows.

2. You need to have a user in Windows Domain to read Windows Event Log Files.

3. After configuration in enVision, restart the NIC Windows service to have this in affect.

4. Log in to enVision GUI, go to Analysis -> Message View.

5. Select NIC System -> Collector and look for any error with advanced fileter value "Agentless" which will let you know if there is any error while enVision is trying to connect to your Windows Servers.

Here are sample errors you may see.

%NIC-3-606302: AgentlessWindows, Agentless Windows Process, -, -, -, -, Detail: 5068: xx.xx.xx.xx:Security: Failed to opening event log => The RPC server is unavailable.

%NIC-3-606309: AgentlessWindows, Agentless Windows Process, -, -, -, -, Detail: 5068: xx.xx.xx.xx,Security: Unable to connect to remote registry; log file disabled (53: The network path was not found.).

These errors will help you troubleshooting the correct problem.

Hope this helps.

regards,

Kuljeet

SaurabhSrivasta · ‎2013-01-29

Hi Aleksey,

You have to add required system in blelow path as well..and do restart Window Services.

system configuration--> Services-->Manage Windows Services

Regards,

Saurabh

areebasad · ‎2013-02-26

hi,

i think you should add the domain the windows server belong to and use a domain admin user.

also if you have external firewall you should create policy to enable the traffic between rsa and windows server (TCP\135, TCP\139, TCP\445 and Dynamics RPC ports)

Regards

RSA enVision® Discussions

Discovery device

RSA enVision^® Discussions