When I try to monitor (WMI) the status of our ISA server and define a FW-rule to allow RCP traffic from the PRTG server to the ISA server I see in the ISA Logging the following error:
Denied Connection ISA 10/11/2010 13:42:05 Log type: Firewall service Status: Rule: Source: Internal ((PRTG IP_address>:59668) Destination: Local Host ( <isa IP-address>:3856) Protocol: Unidentified IP Traffic (TCP:3856)
When I create a rule to allow that port all is working fine, but when I reboot the ISA the port that PRTG is using a different port. Therefore a question: What is the purpose of the traffic of this port and is it dynamic and of course can it be set fixed? We use: PRTG Network Monitor 8.1.2.1760
Article Comments
One of the PRTG included WMI monitors, for instance CPu load, the one with tag "cpuloadsensor wmicpuloadsensor".
Nov, 2010 - Permalink
Over 200 sensors are configured on the PRTG 8 I tested with this one sensor WMI querying the ISA. When I block the 3856 port on the ISA the WMI sensor is not working. This is even true when I have only one WMI sensor to ISA active, for instance the CPU sensor
Nov, 2010 - Permalink
More sensors, but tested with only one active to the ISA. After a ISA reboot the port number has changed, now it is destination port 5197 (dynamic).
Nov, 2010 - Permalink
Dear Jan,
sorry for taking so long to answer.
This sounds as if the DCOM system that WMI uses for communication between the computers, is relying implicitely on one or more dynamic port settings which are not under our control, unfortunately. But with ISA being a Microsoft system there is very probably a way to configure ISA to allow WMI/DCOM traffic, so perhaps Microsoft might be of assistance in your case. Sorry again that we can't be more specific.
Kind regards, - Volker Uffelmann
Jan, 2011 - Permalink
Dear Jan,
which sensors from PRTG are monitoring this ISA-Server?
Best Regards.
Nov, 2010 - Permalink