Trusted Contributor.. ittyiypeabraham Trusted Contributor..
Trusted Contributor..
742 views

MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Hi experts,

We are in the process of integration MS windows 2003, 2008 and 2008 R2 devices to the Arcsight environment. These are workgroup devices and are behind a firewall. We were having connection issues while trying to connect to these devices, telnet 445 wouldn't work and would not get connected. Though we got a confirmation from the Firewall team that port 445 has been opened for Arcsight to connect to these devices. Now that port 445 is open still we aren't able to connect. After a number of trail and errors the windows team enabled the print and file sharing for one window device and the arcight Id was able to connect to the device and get the logs.

Now my question is do we need to enable this service as enabling this service in turn enables a number of unwanted services, and why would arcsight need this service to be enabled. Is it anything related opening port 137 and 139, do we really need to open them, if yes why? Is there any way out or do we need to add an exception? Is there any particular service that should be enabled for Arcsight other than 445port?

Thanks in advance.

Regards

Ittyiype Abraham

Labels (4)
0 Likes
1 Solution

Accepted Solutions
Highlighted
pratikp Absent Member.
Absent Member.

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Hi,

Yes, you have to open port 139 for connecting to Windows server if its not able to pull logs using 445.

Smartconnector tries to connect Windows Server on port 445 for fetching logs.

But due to some circumstances, if smartconnector not able to connect port 445, it fallsback connection to port 139.

I hope this clarifies your concerns.

If this solves your issue , please mark my response as helpful so that others can make use of it.

Regards,

Pratik 

6 Replies
volkov1
New Member.

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Hello.

Did you find the answer?

0 Likes
Highlighted
pratikp Absent Member.
Absent Member.

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Hi,

Yes, you have to open port 139 for connecting to Windows server if its not able to pull logs using 445.

Smartconnector tries to connect Windows Server on port 445 for fetching logs.

But due to some circumstances, if smartconnector not able to connect port 445, it fallsback connection to port 139.

I hope this clarifies your concerns.

If this solves your issue , please mark my response as helpful so that others can make use of it.

Regards,

Pratik 

pratikp Absent Member.
Absent Member.

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Hi,

Did you find the answer what you were expecting ?

Regards,

Pratik

0 Likes
Established Member.. sbotharaj
Established Member..

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Not to overlook, have you tried the basic telnet test in the Log Source itself and confirmed if it responds to TCP 445?

In of the DMZ servers you want to integrate with Arcsight,

Start -> Run -> CMD -> telnet localhost 445

Getting blankscreen?

0 Likes
Trusted Contributor.. ittyiypeabraham Trusted Contributor..
Trusted Contributor..

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Thanks guys for your reply..

This was posted back in 2013, we found the solution and then I pretty much forgot about this post. Apologies for the same.

But yes Pratik you've answered it..

Thank you!

Ittyiype Abraham

0 Likes
volkov1
New Member.

Re: MS Windows 2003, 2008, 2008 R2 devices integration.

Jump to solution

Hi,

I found that the service File and Printer Sharing for Microsoft Networks has been inactive on the target system. connection on port 445 does not pass. After it is enabled, the connection was successful.



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.