I am testing the trial version of PRTG and have run into a bizarre problem. Both the PRTG computer and the target computer are VM guests on a Windows 2008 R2 Hyper-V server. I want to monitor a few WMI values, and have a Group Policy rule to allow incoming WMI, also to allow echo requests. These settings work fine for Spiceworks, but PRTG only retrieves WMI info when I also open port 1341 TCP.
I found this port number by examining the Windows Firewall log. This error appeared:
2011-03-08 17:14:58 DROP TCP 192.168.60.7 192.168.60.2 1030 1341 413 AP 3286503447 2969398679 65264 - - - RECEIVE
It seems there is an initial contact on port 135, then more contact on 1341 ... is this normal?
PRTG is simply using the Windows mechanism of asynchronous calls. please see: http://msdn.microsoft.com/en-us/library/aa389286%28VS.85%29.aspx As for why this affects port 1341 we don't know either.
To avoid possible trouble with DCOM complexities our recommendation is to use remote probes for monitoring WMI across domains.
Kind regards,
- Volker
Mar, 2011 - Permalink