How do I run the General_Counter knowledge script on Agents behind or across a firewall? (NETIQKB17066)

How do I run the General_Counter knowledge script on Agents behind or across a firewall?

To work around the typical failure causes listed above, NetIQ suggests one of the three following options.

1. Type the desired counter name using the following format:
   
        <object>\<counter>\<instance>
   
   
2. You can enter multiple instances separated by commas. For example:
   
        Process\% Privileged Time\mapisp32,mqsvc


3. Open port 135 bi-directionally on the firewall application from the Operator Console to the Agent(s).

4. Install and run an Operator Console on the same side of the firewall as the Agent(s), and open port 1433 bi-directionally.  Opening port 1433 will allow the Operator Console to establish a connection to the Repository server.  The logged on Windows user account on the Operator Console machine needs to have access to the performance counters on the remote target agent machine.

When configuring the General_Counter Knowledge Script, a connection is made from the Operator Console to the Agent machine in order to enumerate the counters when clicking the ellipses (...) to select counters (value: Counter to Monitor).  A firewall will typically block this connection. The Windows logged on user account, that is used to log into the console machine where the Operator Console is opened, must have the necessary permissions to access performance objects on the remote agent machine. This is often a problem with agents on the other side of a firewall since they are typically not in the same or trusted domain as the Operator Console machine.

Formerly known as NETIQKB17066