Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Issue:

Using the SMP on a network with name (DNS) resolution

Resolution:

The Symantec SMP has in most cases a dependency on name resolution.  However it does have features which allow regular operation via IP addresses instead of name.  Agent install requires name resolution even for IP addresses so adding relevant names and IP addresses to the hosts file on the SMP server will circumvent this issue.

Configuration Steps

Server
  • On the NS server put the IP address of the SMP server in this registry location - HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\PreferredNSHost
  • Then go to the Scheduled Tasks folder and run the task "NS.Package Refresh..." scheduled task.
  • Then in the Symantec Management Agent Install page, click on Settings and check the box for "Specify different Notification Server" and put http://<xxx.xxx.xxx.xxx> (example: http://10.10.2.139) which should be the IP address of the SMP server being configured, not the number given here.
  • Then on the SMP server the hosts file needs to be updated with the IP address and name of the client. Note: this is only for the install action. Management afterward should be via IP address only. This "resolution" only needs to be on the server not the endpoints.

The server is now configured. And this configuration only needs to be done once.

Client

On the client the following needs to be checked.

  • In Windows Firewall, Exceptions tab, highlight "File and Printer Sharing", click Edit, verify ports 139 and 445 are checked and the scope for both is "any" [scope change may not be necessary but don't know all the details of the environment and so this is just to make sure]. The scope can be changed by highlighting each row/port one at a time and clicking "Change scope...".
Installation steps
  • Now install from the agent install page in the SMP console either by putting in the IP address of a client in the "Add" box or importing a .csv file with the IP addresses [with only one column just a list of the IP addresses with returns in. Not sure right now of the exact column order of the .csv file but that should be in the docs if needed.

If there are problems check the following on the client side:
In TCP/IP Advanced settings, Options, TCP/IP filtering. Is there any filtering turned on? If there is check to make sure it doesn't interfere.
In the local area connection properties window do you have "File and Printer Sharing" and "Client for Microsoft Networks"?
Is Simple File Sharing turned off in Windows Explorer, Tools, Folder Options, View tab, at the bottom of the list?
If there is still a problem let me know.

I checked the registry and I could not find PreferredNHost. Am I supposed to create one? Can you give me more details on this? Other than the registry I was able to find the schedule task and settings.

We have windows firewall disabled on all the machines at the stores, what we are using is Symantec Endpoint Protection and port 139 and 445 are open since I can telnet into those ports both directions.

1. We are not using TCP/IP filtering, everything is set on Permit All
2. File and Printer Sharing and Client for Microsoft Networks are both installed and checked.
3. Simple File Sharing is turned off.

Thanks.

JOHNNY YOO
Information Technology
JOHNNY.Y@FOREVER21.COM
213.741.8912 Tel
213.741.8943 NOC
213.220.2739 Cel

From: Brent Bishop BBishop@arellia.com
Sent: Wednesday, February 02, 2011 7:40 PM
To: Johnny Yoo; Cody R. Leser; Rod Parker; Brad Coddington; Jonathan Wong
Cc: John Petersen; Damen Farrar
Subject: Re: quick meeting response: Symantec-Forever 21 Arellia Update

Johnny,

Here are the details for installing agents and configuring the platform for operation on a network with no name resolution.
On the NS server put the IP address of the SMP server in this registry location - HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\PreferredNSHost
Then go to the Scheduled Tasks folder and run the task "NS.Package Refresh..." scheduled task.
Then in the Symantec Management Agent Install page, click on Settings and check the box for "Specify different Notification Server" and put http://<xxx.xxx.xxx.xxx> (example: http://10.10.2.139) which should be the IP address of the SMP server being configured, not the number given here.
[Note: If you import a .csv list on the client install page with the name and the IP address then this step may not be necessary.] Then on the SMP server the hosts file needs to be updated with the IP address and name of the client. Note: this is only for the install action. Management afterward should be via IP address only. This "resolution" only needs to be on the server not the endpoints.
The server is now configured. And this configuration only needs to be done once.

On the endpoint the following needs to be checked.
In Windows Firewall, Exceptions tab, highlight "File and Printer Sharing", click Edit, verify ports 139 and 445 are checked and the scope for both is "any" [scope change may not be necessary but don't know all the details of the environment and so this is just to make sure]. The scope can be changed by highlighting each row/port one at a time and clicking "Change scope...".
Now you should be able to install from the agent install page in the SMP console either by putting in the IP address of a client in the "Add" box or importing a .csv file with the IP addresses and names. Not sure right now of the exact column order of the .csv file but that should be in the docs if needed.

If there are problems check the following on the client side:
In TCP/IP Advanced settings, Options, TCP/IP filtering. Is there any filtering turned on? If there is check to make sure it doesn't interfere.
In the local area connection properties window do you have "File and Printer Sharing" and "Client for Microsoft Networks"?
Is Simple File Sharing turned off in Windows Explorer, Tools, Folder Options, View tab, at the bottom of the list?
If there is still a problem let me know.

On 2/7/11 4:16 PM, "Brent Bishop" <BBishop@arellia.com> wrote:

Johnny,

Just to clarify, we should be able to import a list of machines as IP
addresses into the agent install page and then if the names (even if they
are repeated) and IP addresses are in the hosts file then the resolution
should take place and agents can be installed and managed.

If you have any questions or concerns let me know.

Brent

On 2/3/11 4:17 PM, "Brent Bishop" <BBishop@arellia.com> wrote:

Actually that should be ok.

Sent from my iPhone

On Feb 3, 2011, at 3:54 PM, "Johnny Yoo" <johnny.y@Forever21.com> wrote:

Adding the name on host file worked, but at this point, the problem
will be that all our POS systems have exact same names on every
store with different IP address. Any idea how we can resolve this?

Thanks.

JOHNNY YOO
Information Technology
JOHNNY.Y@FOREVER21.COM<BLOCKED::johnny.y@forever21.com>
213.741.8912 Tel
213.741.8943 NOC
213.220.2739 Cel

[cid:image001.png@01CBC3B0.613F9B50]

From: Brent Bishop [mailto:BBishop@arellia.com]
Sent: Thursday, February 03, 2011 2:28 PM
To: Johnny Yoo; Cody R. Leser; Rod Parker; Brad Coddington; Jonathan
Wong
Cc: John Petersen; Damen Farrar
Subject: Re: quick meeting response: Symantec-Forever 21 Arellia
Update

Johnny,

And you did add the machine to the hosts file on the server?

Brent

From: Johnny Yoo
<johnny.y@Forever21.com<johnny.y@Forever21.com>>
Date: Thu, 3 Feb 2011 13:44:07 -0800
To: Brent Bishop <bbishop@arellia.com<bbishop@arellia.com>>,
"Cody R. Leser" <CLeser@arellia.com<CLeser@arellia.com>>, Rod
Parker <Rod_Parker@symantec.com<Rod_Parker@symantec.com>>,
Brad Coddington
<Brad_Coddington@symantec.com<Brad_Coddington@symantec.com
>>, Jonathan Wong
<jonathan.w@Forever21.com<jonathan.w@Forever21.com
>>
Cc: John Petersen
<John_Petersen@symantec.com<John_Petersen@symantec.com
>>, Damen Farrar <damefar@cdw.com<damefar@cdw.com>>
Subject: RE: quick meeting response: Symantec-Forever 21 Arellia
Update

I tried every step below, but same issue. Funny thing is that I can
even open \\10.208.100.12\admin$<file:///\\10.208.100.12\admin$>
share from the Arellia server.

JOHNNY YOO
Information Technology
JOHNNY.Y@FOREVER21.COM<BLOCKED::johnny.y@forever21.com>
213.741.8912 Tel
213.741.8943 NOC
213.220.2739 Cel

[cid:image001.png@01CBC3B0.613F9B50]

From: Brent Bishop [mailto:BBishop@arellia.com]
Sent: Thursday, February 03, 2011 12:39 PM
To: Johnny Yoo; Cody R. Leser; Rod Parker; Brad Coddington; Jonathan
Wong
Cc: John Petersen; Damen Farrar
Subject: Re: quick meeting response: Symantec-Forever 21 Arellia
Update

Just add a string value called PreferredNSHost to the key
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server and
set the value date to the IP address of the SMP server.

  • No labels