The Windows agent will not run. (NETIQKB42541)

  • 7742541
  • 02-Feb-2007
  • 25-Sep-2007

Resolution

fact
NetIQ Vulnerability Manager 5.0

fact
NetIQ Vulnerability Manager Agent for Windows 5.5

fact
NetIQ Vulnerability Manager Agent for Windows 5.0

fact
NetIQ Vulnerability Manager 5.5

symptom
The Windows agent will not run.

symptom
The Windows agent will not register.

symptom
Installing Microsoft Windows XP Service Pack 2 produces error messages.

symptom
Error: 'Connection Refused.'

symptom
Error: 'The 811 agent type metadata is missing.'

symptom
Error: 'Unable to complete report, agent not registered.'

symptom
Error: 'Unable to register agent, connection refused.'

cause

Windows XP Service Pack 2 has been applied to the agent computer causing communication problems.  By default, when this service pack is applied, the Windows Firewall is turned on. The only exception allowed for incoming traffic is the Remote Assistance application.  



fix

To configure the Windows Firewall to allow the Windows agent to run, follow the instructions below:

  1. Use an administrator account to log on to the agent computer.
  2. In the Windows Control Panel, open the Windows Firewall Windows Components applet. 
  3. Click the Exceptions tab.
  4. Click Add Program.
  5. In the Programs area, select NetIQ VigilEnt Agent.
  6. Click OK to save Windows Firewall changes.
  7. Click OK to close the Windows Firewall window.


fix

To allow for remote deployment, you must make the following updates on the Exceptions tab in theWindows Firewall applet:

  • Enable the predefined File and Printer Sharing exception.  Note that this also enables the ports required to support an ICMP packet (a "ping"), allowing the system to be found during discovery. 
  • Create a port exception for Port 700.

 To configure the Windows Firewall to allow remote deployment of the Windows agent, follow the instructions below:

  1. Use an administrator account to log on to the agent computer.
  2. In the Windows Control Panel, open the Windows Firewall Windows Components applet.
  3. Click the Exceptions tab. 
  4. Select the File and Printer Sharing exception.
  5. Click Add Port.
  6. In the Name field, type a descriptive name for the port.
  7. In the Port Number field, type 700.
  8. Click OK to save Windows Firewall changes.
  9. Click OK to close the Windows Firewall window.


note

When adding port level exceptions, you can control the scope to be one of three levels:

  • Any computer (including those on the Internet)
  • My Network (limits inbound connections to the same subnet as the host computer)
  • Specific list (limits inbound connections to a distinct list of IP addresses)

The scope of the port exception for File and Printer Sharing is set to My Network. You must change the scope if you are deploying across IP subnets. 



Additional Information

Formerly known as NETIQKB42541