Can't access Event Viewer Remotely

[Thraxen]

We have a Windows 2003 server whose Event Viewer can't be accessed remotely via MMC. When attempting to connect you are given an error stating that "The network path was not found".

A search on Microsoft.com turned up an article relating to XP SP2 saying that this could be caused by Windows Firewall and it proceeds to give you three options for opening up specific ports. The problem is that this server isn't running Windows Firewall. WF is disabled in the domain via group policy.

Any ideas on what else might be causing this?

Thanks!

 

[RebateMonger]

If the "Computer Browser" service isn't running on the Windows Server, that will prevent remote access to it, including RDP and the Event Logs.

 

[Thraxen]

Thanks for the reply.

It's not the Computer Browser service, though I double checked after your post. Remote Desktop actually works, but VNC does not. VNC is also installed on this server, but when trying to connect you just get a connection refused error.

 

[stash]

Has anything else been disabled on this server?

VNC has known issues on 2003, not to mention it being redudant and inferior to RDP. But I don't think that would cause issues with RPC calls to eventvwr.

 

[Thraxen]

Not that I'm aware of. It's currently being used as a SQL server and nothing else, but I don't think anything has been disabled.

 

[stash]

Are you able to do a "net view \\servername" against this server from another box?

 

[Smilin]

Originally posted by: stash
Are you able to do a "net view \\servername" against this server from another box?

test by IP as well "net view \\x.x.x.x"

 

[Thraxen]

Yes, net view works. Both by name and IP.

 

[Thraxen]

Any other ideas?

 

[Smilin]

Originally posted by: Thraxen
Yes, net view works. Both by name and IP.

This should indicate authentication is working (kerb/ntlm). Next step would be RPC troubleshooting.

Does anything else RPC based work like say regedit remotely?
Are you using admin credentials on the box you are remoting to (not necessarily same as box you're on)?
Does it work in the other direction?
Are you using a single label AD domain (ie contoso instead of contoso.com ...note this is not the same as the netbios name of the domain which will always be "single label")?


If nothing RPC based is working, check event logs for RPC errors & again ensure the firewalls are off (just for troubleshooting).

Be sure following services are started:
tcp/ip netbios helper
netlogon
Remote Procedure Call (RPC)
RPC Locator
Kerberos Key Distribution center (KDC) if it's a domain controller
RemoteRegistry


What sort of network infrastructure exist between the two boxes? RPC is not just an "open this port" protocol. It will hop ports once the desired rpc service is located. Some firewalls, vpns and intrusion detection have trouble with this if not properly configured. It will start at 135, negotiate a port via the established tcp session then jump to a 1024-65k port.

 

[Thraxen]

Thanks... the RemoteRegistry service was disabled. Now it works.

 

[Smilin]

Cool!