Troubleshooting auditing errors

When scanning the machines on your networks to see what hardware and software they have, it is highly likely that you will encounter one or two errors. It is almost certain that at least some of the machines on your network are not configured properly to be remotely administered and, especially the first time that you scan the machines on your network, a little bit of tweaking might be required in order to be able to audit ALL of the machines you manage.

When you successfully audit a machine, the Network Status of that machine is set to OK. By contrast, if you receive an error while trying to audit a machine or machines on your network, the Network Status no longer shows OK, but will instead provide you with more detailed information concerning the error that you received. Typically this will be something like RPC Server Unavailable or WMI Not Installed.

As you can see in the screenshot above, where the Network Status is not OK, this is highlighted in bold blue text, which indicates that you can click on this. Clicking on the Access Denied Network Status message in the grid above, for example, would take you to the appropriate article in our Knowledge Base, which contains the most up to date information concerning the particular network status code, including information about why this network status might be returned for a machine that you are trying to audit and what you can do to rectify the situation.

Although the most up to date and appropriate information for any errors that you encounter will be found by referring to the resources cited above, the following general advice may also be useful.

Any problems that you encounter trying to audit machines on your network will most likely encounter can be divided into two broad categories:

Preparation refers to a machine's "readiness" to be audited. ENT NetCenter makes use of a service, called WMI, which is built in to the Windows operating system. However, this service has only be shipped as a part of the operating system since the release of Windows ME, so for machines running earlier operating systems (such as Windows NT 4.0 or Windows 95/98) this must be installed as an operating system upgrade BEFORE you will be able to audit these machines. For systems running Windows 95 or the first release of Windows 98, you will also need to make sure DCOM 95/98 is installed.

Now days, most networks will have few, if any, machines running operating systems that do not have the remote management features of WMI installed, so security will probably be the most common source of errors that you receive during the audit process. During a network audit, ENT NetCenter will request a variety of information from what kind of processors the remote machine has installed through to BIOS versions and installed software. This is, obviously, not the sort of information that you want to make available to the world at large, and in order to be able to audit the machines on your network, ENT NetCenter must be accorded sufficient privileges on your network to be able to access this Information.

If you're an administrator - In 99% of cases, this simply means that ENT NetCenter must be run by or as a member of the Administrators group on your domain. So, if you are auditing machines on your own domain and you are an administrator, then you're already off to a good start. By default, ENT NetCenter will have the same privileges as the user that is logged in to Windows and running ENT NetCenter itself - so if you're running ENT NetCenter and you're an administrator then ENT NetCenter should have the privileges that it requires to remotely audit most of the machines on your network.

If you're not an administrator - If you're not an administrator on your network, you can still audit machines. However, in this case, ENT NetCenter will have to impersonate someone else (who is an administrator) in order to be able to audit remote machines. Configuring ENT NetCenter to do this is fairly simple. All you have to do is provide the username and password for an administrative user in the Credentials section of the details for the network that you want to audit. If ENT NetCenter discovers that an explicit set of credentials have been provided for the network that you are scanning or that a machine you are trying to audit is connected to, then it will use these credentials rather than those of the user that is logged into windows an running ENT NetCenter.

If you're auditing another domain - If you're trying to scan the machines on a domain that you're not logged into then, even though you may be an administrative user on your own network you may not have the privileges that are required in order to be able to audit machines on the remote domain. In this case, you will have to make sure that the Credentials section of the details for the network that you want to audit contains the details of an administrative user on the remote domain. For example, if you're trying to audit the domain "domain.foofoo.com" and one of the administrators on the network has a smarmy login name like "god", you could provide the username DOMAIN.FOOFOO.COM\GOD along with the password for god on that network.

If you don't have a domain controller - If you're not running a domain controller then security is going to be a bit fiddly. In this case, privileges to audit remote machines cannot be accorded by a domain controller and they must be configured/provided by each and every individual machine that you wish to audit. For further information, see the Administrative Users on a Workgroup section of the topic: Who can audit machines?.

•	Add the administrative domain user (that you supplied in the ENT NetCenter credentials for the network that the machine is connected to), as an administrative user on the local machine that you are trying to audit

•

Treat these notebooks like machines that are permanently disconnected from the network and use our command line auditing utility (EntAudit.exe) to audit these machines (perhaps in a login script, if you wanted the machine to be audited regularly). For further information, see the topics on Auditing disconnected machines.