Highlighted
adamcole
New Member.
270 views

NTCMD Discovery on Windows 2008 Servers

Jump to solution

I am trying to discover Windows 2008 cluster information using NTCMD discovery in version 9.03.  The ID I am using has admin access to the server yet I am getting "NTCMD: Permission denied errors on the servers".  The protocol works just fine on our Windows 2003 servers.  I've found some stuff that indicates it is potentially a problem with how DCOM is called on the target server.  Does anyone have any insight on how to resolve this?

0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Re: NTCMD Discovery on Windows 2008 Servers

Jump to solution

Hi,

you didn't mentioned which CP you're running.

But starting with CP 10 there's a section "How to Run xCmd from a Windows 2008/R2 Machine” in the documentation:

 

Configure windows settings on probe

The problem is that on Windows Server 2008/2008 R2 by default ntcmd uses the RPC/TCP protocol to contact the Service Control Manager on the remote computer instead of RPC/NP, which was used in older versions of Windows. In some cases, this may cause "Access Denied" error 5 to be reported, even though the user account that is used has local administrator rights on the target computer.  This is because for this protocol the network account of the computer running the probe is used (when the probe runs under the LocalSystem account) – hence in the past the workaround was to run the probe under another user account. Recently we got to the bottom of this problem. One should be able to get the probe running under the LocalSystem account and resolve “Access Denied” problems by changing the configuration of the computer running the probe to use the RPC/NP protocol instead.

 

To do this, perform the following steps:

  • On the probe machine, start Registry Editor by running the regedit executable file.
  • In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  • Under this key, there may be a REG_DWORD value called SCMApiConnectionParam:
    • If this value is missing, add a new REG_DWORD value called SCMApiConnectionParam and set its value to 0x80000000.
    • If this value is already available in the registry, combine it with the 0x80000000 mask (using bitwise OR). For example, if there was a value 0x1 there, you would need to set this value to 0x80000001.
    • After that you need to restart the probe for the change to take effect.

Hope this help,

  Michael

0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: NTCMD Discovery on Windows 2008 Servers

Jump to solution

Hi,

you didn't mentioned which CP you're running.

But starting with CP 10 there's a section "How to Run xCmd from a Windows 2008/R2 Machine” in the documentation:

 

Configure windows settings on probe

The problem is that on Windows Server 2008/2008 R2 by default ntcmd uses the RPC/TCP protocol to contact the Service Control Manager on the remote computer instead of RPC/NP, which was used in older versions of Windows. In some cases, this may cause "Access Denied" error 5 to be reported, even though the user account that is used has local administrator rights on the target computer.  This is because for this protocol the network account of the computer running the probe is used (when the probe runs under the LocalSystem account) – hence in the past the workaround was to run the probe under another user account. Recently we got to the bottom of this problem. One should be able to get the probe running under the LocalSystem account and resolve “Access Denied” problems by changing the configuration of the computer running the probe to use the RPC/NP protocol instead.

 

To do this, perform the following steps:

  • On the probe machine, start Registry Editor by running the regedit executable file.
  • In Registry Editor, navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  • Under this key, there may be a REG_DWORD value called SCMApiConnectionParam:
    • If this value is missing, add a new REG_DWORD value called SCMApiConnectionParam and set its value to 0x80000000.
    • If this value is already available in the registry, combine it with the 0x80000000 mask (using bitwise OR). For example, if there was a value 0x1 there, you would need to set this value to 0x80000001.
    • After that you need to restart the probe for the change to take effect.

Hope this help,

  Michael

0 Likes
adamcole
New Member.

Re: NTCMD Discovery on Windows 2008 Servers

Jump to solution

Thanks, that did the trick.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.