This section provides information on troubleshooting and system security. Before using any of these procedures, ensure that your system is configured according to the instructions in "Configuring OMCC."
Service Pack 2 and the Internet Configuration Firewall
Microsoft® Windows® XP with Service Pack 2 provides high system security for remote system management, including a built-in firewall that prevents remote management from another system. To manage a Windows XP with Service Pack 2 system remotely, you must make certain adjustments to the firewall configuration.
The following procedures apply to Dell OpenManage™ Client Connector (OMCC) version 2.1 and all client Dell OpenManage products, including OMCC version 1.0.
Tools for Systems Management
Dell™ and Microsoft provide a variety of tools for both client agent and remote management of client systems. Some of these tools are listed in Table 7-1.
Table 7-1. Management and Client Agent Tools
Name Of Program
Type of Tool
Company
IT Assistant
Management console
Dell
CIM Studio
Microsoft management console
Microsoft
OMCC version 1.0 (Dell OpenManage Client Connector)
Lightweight management console
Dell
OMCC version 2.1 (Dell OpenManage Client Connector)
All of the previous tools support Windows XP Service Pack 2. IT Assistant version 6.5.1 or later is required for Service Pack 2. However, only IT Assistant version 7.0 or later is compatible with OMCC version 2.1.
This document describes only the settings changes necessary to manage OMCI. Management of other client packages, such as Dell OpenManage Server Administrator, is covered in other documents.
Settings Changes on the Client
The operation of the previous systems management tools is directly affected by the security enhancements in Service Pack 2. To enable remote management, you must reconfigure the Windows firewall by performing the following procedures on the client system:
Enable a remote management tool
Enable ICMP Ping (if your management application is IT Assistant)
Enabling a Remote Management Tool
Enable a remote management tool (for example, IT Assistant, OMCC, or CIM Studio) to connect to a Service Pack 2 client. Without this setting change, the client firewall will not permit login by the remote administrator. One way to make this change is to use the netsh command from the command line.
To enable the REMOTEADMIN exception in the client firewall, an authorized user can type the following command:
netsh firewall set service REMOTEADMIN enable
This command enables remote administration from all accessible nodes, which is not a very secure configuration. Specifying additional constraints provides additional security. The following example narrows the administration pool to only those systems on the same subnet as the client:
netsh firewall set service REMOTEADMIN enable subnet
Itemizing the permitted IP addresses of managing systems narrows the focus even further:
netsh firewall set service REMOTEADMIN enable
255.255.255.255
netsh firewall set service REMOTEADMIN enable 255.255.255.255, 10.9.118.112
Enabling ICMP Ping
Enable ICMP ping only if the management application is IT Assistant. If OMCC, CIM Studio, or Wbemtest are being used, then it is not required.
IT Assistant uses ICMP Ping to discover systems on the network. By default, Windows XP Service Pack 2 turns off the ICMP ports. With the ICMP echo request blocked by the client firewall, IT Assistant cannot discover the remote system.
To turn on the ICMP echo request, perform the following steps:
Click the Start button, point to Settings, and select Control Panel and Windows Firewall.
Click the Advanced tab and select Settings in the ICMP section.
Check Allow incoming echo request.
Click OK.
Click OK.
BIOS Password Encryption
OMCC supports BIOS password encryption on client systems with an OMCI version of 7.3 or later. For client systems running an OMCI version prior to 7.3, the Disable Encryption check box is selected. There may be situations when you have to manually select/deselect the Disable Encryption check box (click System�Configuration�Dell Configuration�Dell Configuration to access the Disable Encryption check box), as listed below:
While upgrading OMCC on client systems running an OMCI version prior to 7.3, the Disable Encryption check box may not be selected automatically. To disable encryption, select the Disable Encryption check box.
If you upgrade OMCI to version 7.3 on the client system and OMCC contains data from the OMCI version prior to upgrade, manually deselect the Disable Encryption check box on the client system.
Settings Changes on the IT Assistant System
While the previous settings changes were made on each client system, the following changes must be made on the remote administration system and onlyif the administration system is running Windows XP Service Pack 2.
Enabling Anonymous Logon
Windows XP with Service Pack 2 disables anonymous logons and prevents the remote system from capturing CIM indications (alerts) issued by the client. This feature prevents CIM registration to the clients; therefore, CIM indications cannot reach the management station. To enable anonymous logon, an administrator can perform the following steps:
Click Start and select Settings�Control Panel�Administrative Tools�Component Services.
In the Component Services tree, right-click My Computer and select Properties.
In the My Computer Properties box, select the COM Security tab.
In the COM Security window, under Access Permissions, click Edit Limits.
Add ANONYMOUS LOGON to the access list for local and remote access.
NOTE: Ensure that ANONYMOUS LOGON does not belong to a group for which local and remote access is
disabled.
Enabling SNMP Traps
You must open UDP port 162 so IT Assistant can receive SNMP traps from Platform Event Trap (PET)-enabled systems. To open port 162, perform the following steps:
Click Start and select Settings�Control Panel�Windows Firewall.
Click the Exceptions tab.
Click Add Port.
In the Name box, type SNMP Traps.
For the port number, enter 162.
Select UDP.
Click OK.
Click OK.
Repeat step 1 through step 8 to open any additional ports.
NOTE: See the IT Assistant online help for a complete listing of ports that IT Assistant uses to manage a network.
Enabling SMTP Mail on the Management Station
IT Assistant uses the Windows IIS SMTP service to send e-mail actions as part of the Alert Management System. By default, the Windows XP Service Pack 2 firewall blocks all SMTP mail requests. To enable SMTP Mail on the Management Station, perform the following steps:
Click Start and select Settings�Control Panel�Windows Firewall.
Click the Exceptions tab.
Check Allow SMTP mail.
Click OK.
OMCI Status Classes
The following OMCI properties can help you isolate error conditions. A value of 0 or OK indicates a satisfactory condition.
Dell_Slot.Status
Dell_SMARTDrive.Status
Dell_DiskDrive.Status
Dell_Fan.Status
Dell_USBController.Status
Dell_VoltageSensor.Status
Dell_TemperatureSensor.Status
Dell_CurrentSensor.Status
Check the Dell_Configuration.ChassisIntrusionStatus property, as an opened chassis can create a warning state in IT Assistant.
For more information about CIM classes and properties, see the Dell OpenManage Client Connector CIM Reference Guide.
