How do I properly setup an AppManager Managed Client to be monitored over a firewall? (NETIQKB2725)

How do I properly setup an AppManager Managed Client to be monitored over a firewall?
How do I troubleshoot connection issues associated with NetIQ AppManager agents outside of a firewall?

After installing the AppManager Managed Client on the Server on the opposite side of the firewall from the AppManager Management Server, run the AMAdmin_ConfigSiteCommType knowledge script specifying n for the Use IP Address? parameter. This will test the Agent to resolve back to the AppManager Management Server by hostname rather than by IP Address.

The AppManager Agent uses name resolution to communicate with the Management Server (MS).  You can use these steps to test name resolution:

1. Launch a command prompt.
2. Type:

   ping <machinename>

   If the machine name resolves to an IP Address, the "ping" command will produce output similar to the following:

       c:\winnt> ping machinename
      Pinging machinename [10.1.1.128] with 32 bytes of data:

      Reply from 10.1.1.128: bytes=32 time<10ms TTL=128
      Reply from 10.1.1.128: bytes=32 time<10ms TTL=128
      Reply from 10.1.1.128: bytes=32 time<10ms TTL=128
      Reply from 10.1.1.128: bytes=32 time<10ms TTL=128
   

   If the "ping" command fails to resolve to an IP Address, it will produce an error message similar to the following:

       Bad IP Address machinename

   This would indicate that the name of the server could not be resolved and that WINS, DNS or a local host file may not contain that server name or that name resolution is not functional.

NOTE: It is recommended that local host files are used on the target machines if there is no DNS name resolution available.

Formerly known as NETIQKB2725

The AppManager Managed Client needs to use the hostname instead of the IP Address to resolve back to the AppManager Management Server because firewalls can be set up to deny request to specific IP Addresses.

The network administrator should ensure that the firewall is configured properly so that AppManager Managed Clients outside of the firewall can communicate with the AppManager Management Server.  For further information on how to configure AppManager Managed Clients for connectivity across firewalls and port information, refer to the NetIQ AppManager Administrators Guide packaged with the Install files.

To verify connectivity if ICMP is disabled:

• On the Management Server (MS) launch a command prompt.and type:

telnet <Management Client name> 9998

This should enter a telnet session. If there is no connectivity the following message will appear:

Could not open a connection to host on port 9998: Connect failed

• On the Managed Client (MC) launch a command prompt and type:

telnet <Management Server name> 9999

This should enter a telnet session. If there is no connectivity the following message will appear:

Could not open a connection to host on port 9999: Connect failed

An additional way to test connection to the Management server would be through the use of the NetIQctrl utility's trip command

• open a command prompt on the agent machine
• type netiqctrl
• type trip mchostname netiqmc mshostname

The connection will indicate a failure if any of the first column contains a 0 (zero) instead of a full Unix timestamp.