1. Unable to Add Domains in the Scope of Management?

This could hapen in any of the following cases:

  1. When an incorrect Domain name is specified. Check for spelling errors.
  2. When the supplied credential do not have admin privileges in all the client computers.
  3. When the administrator password specified is incorrect. Check for password case, spelling errors, etc.
  4. The specified domain controller is down or inaccessible.

Questions

2. Endpoint Central Agent installation has failed in client computers? Why?

Endpoint Central Agent installation might fail due to various reasons like invalid credential, blocking by firewalls etc. In most cases, executing the script below will fix the problem. This is applicable for Active Directory based network setup.

Run the script as explained here in all the client machines to configure the Windows Firewall and to install the agent.

If running the script doesn't help, check the following reasons based on the error messages that you see in the remarks column:

2.1 The network path was not found

This error will be shown in any of the following cases:

2.1.1. If the client computer is down or not accessible

Check the client computer is switched on and connected in the network properly and try installing the agent. Also ensure that the computer name is specified correctly.

2.1.2. If the "File and Printer Sharing for Microsoft Networks" is not enabled in the network adapter of the client computers.

Enable this in all the client computers as below and try installing the agent:

  1. Select Start --> Settings --> Network Connections.
  2. Right-click the network connection and select Properties.
  3. In the connection properties dialog, select the General tab.
  4. Select the "File and Printer Sharing for Microsoft Networks" and click OK.
  5. If you do not find this option, click Install button.
  6. In the network component type, select Service and click Add.
  7. Select File and Printer Sharing for Microsoft Networks and click OK.
  8. Click Close to exit the properties dialog

2.1.3. If a third-party Firewall blocks the agent installtion

Run the script as explained here in all the client machines to configure the Firewall and to install the agent.

2.2 Logon failure : unknown username or password

This error is shown in any of the following cases:

2.2.1. If the specified admin credential is no longer valid

If the admin credential specified during defining Scope of Management is no longer valid, use the Edit Credential link to update and try installing the agent.

2.2.2. In case of Workgroup setup, if simple file sharing is enabled

If simple file sharing is enabled, you will get as Access Denied error. Make the following change in all the client computers and try installing the agent:

  1. Start --> Run--> explorer
  2. Select Tools --> Folder Options
  3. Select the View tab.
  4. Unselect the option "Use simple file sharing" and click OK

2.3 No Network provider accepted the given Network Path

The possible reasons for this error include:

2.3.1 When you do not have access to admin$ of the client computer

From the computer where Endpoint Central Server is installed, select Start --> Run and type \\<client Computer Name>\admin$. If you get the same error, enable Remote Administration Exception in the client computers as below:

  1. From the client computer, select Start --> Run and type gpedit.msc and hit enter
  2. Expand the Administrative Templates -> Network Connections -> Windows Firewall
  3. Click the Domain Profile and double click the Windows Firewall : Allow remote administration exception
  4. Select Enabled and click OK

2.3.2 Make sure you are able to ping the client computer by FQDN

Ensure that you are able to ping the client computers from the computer where Endpoint Central Server is installed using the Fully Qualified Domain Name (eg. hostname.domainname.com)

2.3.3 When File and Print Sharing For Microsoft Networks is not enabled

Enable File and Print Sharing For Microsoft Networks in the client computers as below:

  1. Select Start --> Settings --> Network Connections.
  2. Right-click the network connection and select Properties.
  3. In the connection properties dialog, select the General tab.
  4. Select the "File and Printer Sharing for Microsoft Networks" and click OK.
  5. If you do not find this option, click Install button.
  6. In the network component type, select Service and click Add.
  7. Select File and Printer Sharing for Microsoft Networks and click OK.
  8. Click Close to exit the properties dialog.

2.3.4 If File and Printer Sharing is disabled in the Windows Firewall of the client computers.

Enable File and Printer Sharing the in client computers as below:

  1. Open the Windows Firewall and select the Exceptions tab
  2. Select the File and Printer Sharing check box and click OK.

If you still get the same error, verify that you are configuring File and Printer Sharing in the same profile that the Endpoint Central Server computer is using. If you enable File and Printer Sharing in the domain profile, but the Endpoint Central Server computer is using the standard profile, then File and Printer Sharing might not be enabled. You can use the Netsh tool to determine which profile the Endpoint Central Server computer is currently using and which profile has File and Printer Sharing enabled. To enable File and Printer Sharing for all profiles, use the following command:

From the command prompt, type netsh firewall set service type = FILEANDPRINT mode = ENABLE scope = ALL profile = ALL and press enter.

2.3.5 Configre Security Policy

  1. Select Start --> Settings --> Control Panel --> Administrative Tools --> Local Security Policies
  2. In Security Options  -> local policies -> Security Options -> Change the Network security: LAN Manager authentication level: Send LM & NTLM responses

2.3.6 If the "Workstation Service" is not running in the Client Computers

  1. Select Start --> Settings --> Control Panel --> Administrative Tools --> Services.msc
  2. Right-click Workstation service and then click start

2.3.7 If the "TCP/IP NetBIOS Helper" service is not running in the Client Computers

  1. Select Start --> Settings --> Control Panel --> Administrative Tools --> Services.msc
  2. Right-clickTCP/IP NetBIOS Helper service and then click start

2.4 Not enough server storage is available to process this command

This error will be shown if IRPStackSize registry entry on the client computer is set too low. Increase the IRPStackSize registry entry as below:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
    If the IRPStackSize entry is not present in this subkey, follow these steps:
    1. Click Edit, point to New, and then click DWORD Value.
    2. Type IRPStackSize, and then press ENTER.
      Note: Type IRPStackSize exactly as it appears. The value name is case sensitive.
  3. Click IRPStackSize, click Edit, and then click Modify.
  4. In the Data Value box, type a larger value, and then click OK.

Questions

3. I have uninstalled the Product, but the agents installed by Endpoint Central are not uninstalled. How to uninstall all the agents now?

It is advised to remove agents from the managed computers from the Scope of Manageemnt page prior to uninstalling the product. If, by mistake, you have removed the product without uninstalling the agents, follow the steps below to uninstall the agents:

  1. Download the script UnInstallDCAgent.txt
  2. Rename it to UnInstallDCAgent.vbs
  3. Run the script in all the client computers from the command prompt: CSCRIPT UnInstallDCAgent.vbs

If you have an Windows Active Directory setup, configure as below to run the script as a startup script:

Note: You should perform these steps in the Domain Controller. For the script to execute successfully, the file association of .vbs files should be set to "Microsoft Windows (r) Based Script Host" in all the client computers. If this has been modified to some text editor, the scripts will not execute.

  1. Start -> Run -> gpmc.msc
  2. Right-click the domain and select Create and Link a GPO here.
  3. Specify a name for the GPO
  4. Select the GPO from the tree. Ensure that the Scope tab --> Security Filtering has the Authenticated Users group added.
  5. Right-click the GPO and select Edit.
  6. Expand Computer Configuration --> Windows Settings --> Scripts.
  7. Right-click Startup and select properties.
  8. Click Show Files and drag and drop the UnInstallDCAgent.vbs to this location and close.
  9. In the Startup Properties dialog, click Add.
  10. Browse to select the UnInstallDCAgent.vbs script.
  11. Click OK to close the Add a Script dialog
  12. Click OK to close the Startup Properties dialog
  13. Close the Group Policy Object Editor
  14. Close the Group Policy Management dialog.

The Endpoint Central Agents will get unnstalled in the client computers during next startup.

Questions

4. I am running Symantec Endpoint Protection in all my computers. Do I need to specifically add any exceptions for Endpoint Central Agent to make it functional?

Yes, you need to notify the following to Synamtec Endpoint Protection as trusted:

  • dcagent.dll
  • dcconfig.exe
  • agentupgrader.exe
  • AgentTrayIcon.exe
  • dcagentservice.exe
  • dcinventory.exe
  • dcpatchscan.exe
  • dcrdservice.exe
  • dcstatusutil.exe
  • qchain.exe
  • rdsAgentWindow.exe

Questions

5. I have disabled users from uninstalling the Endpoint Central Agents from Add/Remove Programs. How do I uninstall the agent now?

  1. Download the dcagentuninstall.txt and rename it to dcagentuninstall.bat.
  2. Execute this script from the client computers to uninstall the Endpoint Central Agent.

Questions

6. Is it possible to change the name/ip and the port number of the Endpoint Central Server for the agents that have been already installed?

Yes, you can change the following in the Endpoint Central Agents that have been already installed:

  • The Name or the IP Address of the Endpoint Central Server
  • The HTTP and HTTPS ports that are usind by the Endpoint Central Agents to communicate with the Server
  • The mode of the communication as HTTP or HTTPS

To change the values,

  1. Download the configureDCAgentServerCommunication.txt and rename it to configureDCAgentServerCommunication.vbs
  2. Copy the script to the client computers and execute as below:

    cscript configureDCAgentServerCommunication.vbs <DCServerName> <DCServer IP Address> <DCServer HTTP Port> <DCServer HTTPS Port> <DCServerAgent Comm Protocol>

    Example: cscript configureDCAgentServerCommunication.vbs joe.manageengine.com 192.168.112.146 8020 8383 http

Questions

7. Is it possible to push Endpoint Central agents in client computers using Imaging?

Yes, Endpoint Central Agents can be pushed to the client computers through imaging. Install Endpoint Central Agent in any one client computer. Create an image and deploy it to other computers.

Note:

  1. When you deploy agents in more than one network, it is recommended to create different images for agents in different network. This is because, proxy settings may vary for different network.
  2. Ensure that the agent (that is installed manually) is able to communicate with the Endpoint Central Server prior to creating the image.
 

Enabling DCOM in Third-party Firewalls

To configure the Firewall and to install the agent, download and run the script as given below:

  1. Download the DesktopCentralAgent.msi by clicking the Download Agent link in the Scope of Management page of the Endpoint Central client. Save the msi file in the network share, for example, \\MyServer\MyShare\DesktopCentralAgent.msi.
  2. Download the script WMIPortSetup.txt.
  3. Rename it to WMIPortSetup.vbs
  4. Run the script in all the client computers from the command prompt: CSCRIPT WMIPortSetup.vbs \\MyServer\MyShare\DesktopCentralAgent.msi

Running the above script will open the following ports in the client computers and installs the Endpoint Central Agent:

  • TCP port 135
  • TCP port 445
  • TCP port 5000
  • TCP port 5001
  • TCP port 5002

To run the script in multiple computers, you can either use the PsExec utility or add this script as a startup script in the GPO of Active Directory.

For Remote Desktop Sharing to work, in addition to running the above script, you need to ensure that the firewall allows to establish remote network connection.

Configuring Windows Firewall and Enabling DCOM in the Client Computers

Most of the agent installation failures are due to improper configuration of Windows Firewall and DCom Settings in the client computers. To configure the Windows Firewall and DCOM Settings and to install the agent, download and run the script as given below

Run the script in a single computer

  1. Download the DesktopCentralAgent.msi by clicking the "Download Agent" link in the Scope of Management page of the Endpoint Central User Interface.
  2. Download the script InstallAgent.txt
  3. Rename it to InstallAgent.vbs
  4. Run the script in each of the client computers from the command prompt: CSCRIPT InstallAgent.vbs DesktopCentralAgent.msi

Run the script in multiple computers using GPO of Active Directory

If you have an Active Directory setup, you can add this as a startup script in all the client computers as below:

  1. Create a network share (eg. \\MyServer\MyShare).
  2. Download the DesktopCentralAgent.msi by clicking the Download Agent link in the Scope of Management page of the Endpoint Central client. Save the msi in the network share created in step 1.
  3. Start -> Run -> gpmc.msc
  4. Right-click the domain and select "Create and Link a GPO here".
  5. Specify a name for the GPO
  6. Select the GPO from the tree.
  7. Select the Scope tab.
  8. Click the Add button in the Security Filtering to specify the computers.
  9. Click the Object Types button in the "Select User, Computer, or Group" dialog and select Computers object type and click OK.
  10. Specify the computer names and click Check Names to add the required computers.
  11. Click OK to close the "Select User, Computer, or Group dialog".
  12. Right-click the GPO and select Edit.
  13. Expand Computer Configuration --> Windows Settings --> Scripts.
  14. Right-click Startup and select properties.
  15. Click Show Files and drag and drop the InstallAgent.vbs to this location and close.
  16. In the Startup Properties dialog, click Add.
  17. Browse to select the InstallAgent.vbs script.
  18. Specify the Script Parameters as, for example, \\MyServer\MyShare\DesktopCentralAgent.msi. This refers to the shared location where you have stored the Endpoint Central Agent.
  19. Click OK to close the Add a Script dialog
  20. Click OK to close the Startup Properties dialog
  21. Close the Group Policy Object Editor
  22. Close the Group Policy Management dialog.

The script will get executed during the next reboot of the client computers. After the execution of the scirpt, the Endpoint Central Agents gets automatically installed in all the client computers.

Note: For the script to execute successfully, the file association of .vbs files should be set to "Microsoft Windows (r) Based Script Host" in all the client computers. If this has been modified to some text editor, the scripts will not execute.