Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Virtualization Manager (VMAN) > VMAN 7.1 Administrator Guide > Troubleshooting Hyper-V discovery > Configure firewall settings for Hyper-V data collection

Configure firewall settings for Hyper-V data collection

Created by Caroline Juszczak, last modified by MindTouch on Jun 23, 2016

Views: 9 Votes: 0 Revisions: 3

To allow Virtualization Manager to collect data, these firewall rules must be enabled:

  • Core Networking
  • WMI DCOM-In

If you connect to the Hyper-V host over a DMZ or use a hardware firewall, make the corresponding changes to your hardware firewall.

If the Hyper-V host does not respond to ping, either open port 7, or Disable ping discovery.

Add the Windows Firewall snap-in

If you use a Server Core installation, you can connect to the host using a Microsoft Management Console (MMC) connection to modify the firewall.

  1. Log in to a remote server that can connect to the Server Core installation with administrative credentials.
  2. Click Start > Run, and enter mmc.
  3. Click File > Add/Remove Snap-in.
  4. Select Windows Firewall with Advanced Security, and click Add.
  5. Select Another computer, and enter the IP address or computer name of the Server Core installation.
  6. Click OK.
  7. Click OK again.

Enable the core networking rules

Enable core networking rules to collect information from Hyper-V hosts.

These rules might be enabled by default.

Allow core networking traffic through the Windows Firewall on Windows 2008 R2

  1. Log in to the computer you want to monitor with an administrator account.
  2. Click Start > Administrative Tools > Windows Firewall with Advanced Security.
  3. Click Inbound Rules.
  4. Ensure that all Core Networking rules are enabled. If a rule is not enabled, select it, and click Action > Enable Rule.

Allow core networking traffic through the Windows Firewall on Windows 2008

  1. Log in to the computer you want to monitor with an administrator account.
  2. Click Start > Control Panel > Windows Firewall.
  3. Click Allow a program through Windows Firewall.
  4. Select Core Networking, and click OK.

Enable the Windows Management Instrumentation (DCOM-In) rule

You must enable the Windows Management Instrumentation (DCOM-In) rule to collect information from Hyper-V hosts.

Allow WMI traffic through the Windows Firewall on Windows 2008 R2

  1. Log in to the computer you want to monitor with an administrator account.
  2. Click Start > Administrative Tools > Windows Firewall with Advanced Security.
  3. Click Inbound Rules.
  4. Select Windows Management Instrumentation (DCOM-In), and click Action > Enable Rule.

Allow WMI traffic through the Windows Firewall on Windows 2008

  1. Log in to the computer you want to monitor with an administrator account.
  2. Click Start > Control Panel > Windows Firewall.
  3. Click Allow a program through Windows Firewall.
  4. Select Windows Management Instrumentation (WMI), and click OK.

After enabling the Windows Management Instrumentation (DCOM-In) rule, common WMI checks indicate that WMI is not enabled. This is expected behavior.

Create a new firewall rule to open the RPC ports

RPC ports must be open to be able to collect information from Hyper-V hosts.

Open the RPC ports on Windows 2008 R2

  1. Log in to the computer you want to monitor with an administrator account.
  2. Click Start > Administrative Tools > Windows Firewall with Advanced Security.
  3. Click Inbound Rules.
  4. Click Action > New Rule.
  5. In Rule Type, select Custom, and click Next.
  6. Select This program path, and enter %SystemRoot%\System32\dllhost.exe.
  7. In Services, click Customize, ensure that Apply to all programs and services is selected, and click OK.
  8. Click Next.
  9. In Protocol type, select TCP.
  10. In Local port, select RPC Dynamic Ports.
  11. In Remote port, select All Ports.
  12. Click Next.
  13. Apply to any local and remote IP addresses, and click Next.
  14. In Action, ensure that Allow the connection is selected, and click Next.
  15. Select all profiles (Domain, Private, and Public), and click Next.
  16. Enter a name, and click Finish.

The new rule is now displayed in the list of inbound rules.

Open the RPC ports on Windows 2008

  1. Log in to the computer you want to monitor with an administrator account.
  2. Click Start > Control Panel > Windows Firewall.
  3. Click Allow a program through Windows Firewall.
  4. Click Add program, and enter %SystemRoot%\System32\dllhost.exe in the program path.
  5. Click Change Scope to ensure that Any computer is selected, and click OK.
  6. Click Add Port.
  7. Enter the RPC port range.
  8. Click Change Scope, select Any computer, and click OK.
  9. Click OK again.

Disable ping discovery

Virtualization Manager pings hosts before data collection to find or skip hosts. If port 7 is blocked, Virtualization Manager might fail to discover and collect information from Hyper-V sources. You can either open port 7, or disable ping discovery.

  1. Log in to the administration website of the installation (https://ipAddress:5480) as user admin and password admin.
  2. Click SolarWinds Mgmt > Edit Configuration.
  3. Select hyper9-config.xml, and click Edit.
  4. Search for wmiexec.ping.enabled and wmiexec.rpccheck.enabled, and set both keys to false. For example:
    <entry key="wmiexec.ping.enabled">false</entry><entry key="wmiexec.rpccheck.enabled">false</entry>
  5. Click Save.
  6. Click Restart Virtualization Manager.

Configure Virtualization Manager to identify ESX hosts by name

Virtualization Manager uses System Management BIOS (SMBIOS) IDs to keep track of ESX hosts. Based on SMBIOS IDs, Virtualization Manager builds its internal globally unique identifiers (GUIDs).

SolarWinds does not recommend modifying this standard configuration, but you can configure Virtualization Manager to omit SMBIOS IDs and build GUIDs based on ESX host names.

If you configure Virtualization Manager to omit SMBIOS IDs, you cannot rename hosts monitored by Virtualization Manager without creating an error. Virtualization Manager will not be able to recognize the new GUID that is auto-generated.

  1. Log in to the administration website of the installation (https://ipAddress:5480) as user admin and password admin.
  2. Click SolarWinds Mgmt > Edit Configuration.
  3. Select hyper9-config.xml, and click Edit.
  4. Insert this line: <entry key=identity.hostServer.omitSMBIOS>true</entry>.
  5. Click Save.
  6. Click Restart Virtualization Manager.
 
Last modified
04:21, 23 Jun 2016

Tags

Classifications

Public