Print page

Frequently Asked Questions

Q: How do I deal with the error "RPC server is unavailable"?

A: This error usually can appear for several reasons:

1) Connection is blocked by a firewall (Windows Firewall or third party firewall). Try to disable a firewall on remote computer temporarily. If the target computer has Windows XP SP2/SP3 or Vista, see next question.

2) Target computer does not have Windows Management Instrumentary service installed. According to Microsoft documentation:

"WMI is preinstalled in Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, Windows Me, and Windows 2000.
Windows NT Workstation 4.0 SP4 and later: WMI is available through "Add/Remove Windows components" in Control Panel, as WBEM option install. A later, more comprehensive, version is available as an Internet download from http://www.microsoft.com/downloads. See "WMI CORE 1.5 (Windows 95/98/NT 4.0)".
Windows 98/95: WMI CORE 1.5 (Windows 95/98/NT 4.0) is available as an Internet download from http://www.microsoft.com/downloads. This download requires Microsoft Internet Explorer version 5 or later."

If this is the case, the mentioned WMI CORE 1.5 components installer can be found in the "WMI" folder within location of Total Network Inventory, for example: "C:\Program Files\Total Network Inventory\WMI\wmicore.exe".

Note: remote interrogation of Windows 98/95 computers is supported partially, because problems with DCOM authentication may be encountered. The solution is to make local (manual or autostart) scanning or domain logon script scanning with the help of standalone audit tool ("tniaudit.exe").

3) Target computer is offline or IP address may not be occupied at all (if scanning by IP's and ping before scan is disabled). Windows Browser service updates the computer list each 12 minutes, thus a computer can go offline but still be visible in the network neighbourhood. However in this case you are more likely to get status "Ping failed". But if the ICMP protocol (ping, echo) is not allowed in your network, you might want to disable pinging in "Options - Connection - Ping before scan". After this you will be able to scan online hosts which don't respond to pings, but all offline hosts (and also not occupied IP adresses) will show "RPC error" status, and thus it will slow down the scanning of large groups or IP ranges.

4) Wrong DNS record. If you scan the computer by name, it could be resolved to invalid or not existing (not occupied) IP address due to problems with DNS or WINS. If you scan the computer by IP address, you are likely to receive "Ping failed", but if ping before scan is disabled, you will get "RPC error" when scanning offline address or not occupied address (see point 3). A user of TNI has faced such situation and described it on our forum: http://www.softinventive.com/forum/index.php?showtopic=428

5) Target host is not a computer or a non-Windows computer. If the scanned name or IP address refers to a network device which can be pinged but which is not a Windows server or desktop (network printer, router, managed switch, type library, IP phone, firewall, thin client, Mac/Linux/BSD/other non-Windows machine etc), it cannot be comprehensively scanned and shows this error. However the program tries to scan this host also by SNMP protocol, and if it succeeds, it adds this host to the network tree with a different icon (small grey box) and some basic information can be viewed for this host.

P.S. Please refer to the question #7 below for explanation of how the program uses different network protocols and why you might receive other statuses except described in present question.

Q: Can I get the port numbers that this product uses to connect to configure the firewall?

A: As for the current moment, in order to provide agent-free remote computer interrogation, our application relies on Windows Management Instrumentation (WMI). It requires special configuration of Windows Firewall in Windows XP SP2 and Windows Vista to allow remote connections. WMI needs to support connection with RPC and DCOM (TCP ports 135 and 445). But it also needs to connect to dynamically assigned ports, so just opening TCP port 135 is not enough. This applies to remote administration of computers using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI).

According to Microsoft documentation, "when obtaining data from a remote computer, WMI must establish a DCOM connection from the local computer to the remote computer. To establish this connection, both Windows Firewall and DCOM on the remote computer must be configured appropriately. The configuration must be done locally on either by changing the Group Policy settings, by executing NETSH commands, or by executing a script locally. Windows Firewall does not support any remote configuration". (It should added that no support for remote configuration does not mean a necessity to configure Windows Firewall manually for each separate computer - see below).

So the best way (providing that Windows Firewall disabling is unacceptable) is to apply a special Windows Firewall policy which allows remote administration with MMC and WMI.

N.B.: The program has alternative connection method which uses file and printer sharing protocol, so you would only need to enable firewall exception for "File Sharing" or directly for TCP ports 139 and 445 and stop at this point. If this does not help, follow the instructions below.

The step-by-step guide is provided here: "Connecting Through Windows Firewall"

To be short, two major ways are:
- to use a netsh firewall command at the command prompt: netsh firewall set service RemoteAdmin enable.
- or to use the Group Policy editor: Group Policy editor (gpedit.msc) -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile or Standard Profile -> Windows Firewall: Allow remote administration exception -> Action -> Properties -> Enable.

N.B.: Windows Firewall in Vista has a special exception named "Windows Management Instrumentary (WMI)", which can be enabled and thus save you from necessity of setting up the policies manually.

Also consult the following document: "Troubleshooting Windows Firewall settings in Windows XP Service Pack 2" especially the last point "Configuring Windows Firewall Group Policy" and associated document "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2" which describes how to easily apply firewall settings throughout a local network.

Note: some of the mentioned Microsoft documents refer to asynchronous calls requiring additional firewall setup at the local computer for successful callbacks. Our application does not use such calls, so there is no need to pay attention to this.

P.S. Short summary for other firewalls than Windows Firewall - you need to do one of the following:
- allow NetBIOS connections or open TCP ports 139 and 445;
- open TCP port 135 and allow "svchost.exe" (for Windows XP/Vista, or "winmgmt.exe" for Windows 2000) to open random ports for incoming connections (usually this means that you need to allow this executable to do everything), which are used for data transfer, while port 135 is used only during installation of connection.

Q: Is it possible to scan Windows 95/98/NT machines?

A: Actually, it is. First of all, you should install Microsoft WMI core components for Windows 95/98/NT. WMI CORE 1.5 (Windows 95/98/NT 4.0) is available as an Internet download from http://www.microsoft.com/downloads It also can be found in the "WMI" folder within location of Total Network Inventory, for example: "C:\Program Files\Total Network Inventory\WMI\wmicore.exe".

Then place a link to "\WINDOWS\SYSTEM\WBEM\WinMgmt.exe" to the startup folder and reboot, or start it manually. After this it will be possible to use standalone audit tool "tniaudit.exe" for manual, autorun or domain logon scan.

In order to be able to use remote online scan, you should run a registry file (*.reg) of the following contents on a Windows 95/98 machine:

REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\OLE] "EnableDCOM"="Y" "EnableRemoteConnect"="Y" [HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM] "SetupForDCOM"="1" "AutostartWin9X"="2" "EnableAnonConnections"="1"

Or you may change these values manually. It would be good idea to restart the computer. After this you should be able to connect remotely using any credentials or as current user.
Please note that support for Windows 95/98/NT is provided "AS IS", because Microsoft has officially stopped support for these operating systems.

Q: What should I do to overcome the error "Access is denied"?

A: TNI works in both workgroup and domain environment. But the point is that you need to have administrator access to remote machines. Make sure that you specify username and password of the user that has administrator rights on those computers (local administrator or domain administrator). If the administrator has blank password, remote access will not be possible also. If you're loggen on as a domain administrator, use "As current user" scan option. Otherwise specify the admin name in full format: DOMAIN\Administrator.

But if the computers are not in domain? Workstations which are running Windows XP Professional and Vista and not connected to domain don't allow local administrator to authenticate as himself by default. Instead, "ForceGuest" policy is used, which means that all remote connections are mapped to Guest account. But again, administrator rights are required to make the scan. Please consult this document on this matter. You would need to update the policy as described in this document on each computer. It can be easily done by running "secpol.msc" and expanding Local policies - Security options - and locating the policy "Network access: Sharing and security model for local accounts" and changing it from "Guest" to "Classic".
Another way for Windows XP would be to disable "Use simple file sharing" option in Folder Options in the Explorer.
And one more way is through the registry, it is necessary to set the value "forceguest" located in the key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" to zero, or just run a *.reg file of the following contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "forceguest"=dword:00000000

This should be done for both Windows XP and Vista. But for Windows Vista there is one more step that should be taken - it concerns User Account Control (UAC). It restricts administrator rights for remote logons in some cases. You should either disable UAC, or make changes to the registry: in the key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system" create a DWORD parameter with name "LocalAccountTokenFilterPolicy" and value "1" (source).

This all concerns only Windows XP Pro. It is not possible to scan Windows XP Home remotely, this is the operating system limitation (it does not have such security policy), and it will always show "access denied" error. Though it is possible to scan XP Home locally by running the standalone audit tool "tniaudit.exe" (located in the program's installation folder) on that machine. It will generate an XML file which should be put to the "Data" folder of the program. This newly scanned computer can be added to the network tree by selecting "Tools - Refresh data storage folder" menu option.

Q: How can I get the list of computers which some software product is installed on?

A: Here are the steps to get a list of computers which have specific software installed:

1) Select "Reports - Software reports - Software and licenses".
When you run this report for the first time, the software database will be generated, computer data files will be analyzed and you will see a progress window. When you run this report next time, it will be built almost immediately.

2) Choose the necessary application title (the list of applications is alphabetically sorted) or use the shortcut Ctrl+F to search for the software by a part of its name and F3 button to search the next item. Right-click a software title that you are interested in and select "Show computers which have this software" (a window with a list will be displayed) or "Copy computers which have this software" (the list will be copied to clipboard in a format allowing to paste it to a spreadsheet) in the context menu.
There are also two additional commands in the right-click menu to get computers which don't have this software, which can be convenient if you need to make sure that all computers have some software or update installed and search for the computers which you need to install it on.

In the current version of the program this list of computers is available only as a message box (which can be copied by pressing Ctrl+C) or by copying it directly to the clipboard. In the following versions the list of computers will be displayed as a custom tabular report.

In the previous versions of the program there was a necessity to recalculate the number and the list of installations manually after each rescan of computers ("Tools - Software accounting - Recalculate installations"). Starting with version 1.6.7 the program detects the events which can lead to the cange of software list in the network itself (rescan, adding via scan wizard or importing, or removing of one or more computers) and if such event happened, the software database will be recalculated automatically when you open the report "Software and licenses", otherwise it will be opened quickly, without recalculation. Besides, this report now includes not all computers on the network, but only ones selected in the network tree, as all other reports.

Q: How do I set up the program to scan a computer when users log on to a domain?

A: 1) Press "Scan Wizard" button on the main toolbar.
2) Select "Logon script scan" and press "Next".
3) Press "Set path" (this will open "Options - Audit agent" window) and specify the path where the audit tool should save data files with scan results. This should be a folder with write access for all users (a network folder or a mapped drive). This folder must be different from the folder specified in "Options - Storage".
In the same window you can also change the time delay between scanner launch and actual scanning. It can be set to zero for testing purposes.
Press "OK" after you have made necessary changes.
4) In the second input field specify the folder where the necessary files can be saved (manually or with the help of "Browse" button). You can specify the network folder which all users have access to (write access is not necessary), and it can be different from the first folder, but can be the same also. Or you can specify a temporary folder, then you would need to move two specified files (tniaudit.exe and tniaudit.ini) to the network folder manually.
Press "Next".
5) On this step it is necessary to add a line to your domain logon script which will launch the audit tool.
- If you are already using a logon script in your domain and you have direct access to it, select the first option and browse for the script file. Press "Next" and the program will add a launch string to the script.
- If you are already using a logon script in your domain, but you don't have direct access to it, select the second option and copy the command which needs to be added to the script. In general, this command should have the following syntax:

start \\server\path\tniaudit.exe /scripted

"Start" command allows the batch file processor to run the audit tool and exit, thus users will not see the black command-line window during the scan. "/scripted" switch makes the scanner run silently without asking users whether they want to run a scan (which happens if you run the tool manually without any parameters).
Note: if you have spaces in your network path, then the command should be specified in the following way:
start \\"server\path with spaces\and more spaces\"tniaudit.exe /scripted

- If you are not using a logon script in your domain, select the third option and press "Next". You will be provided some instructions on how to setup a script.

6) As the users are logging on to the domain, there will be XML files appearing in the folder specified in "Options - Audit agent". Or if you have some XML files generated by the scan tool launched manually, put them there also. Now select "Tools - Refresh audit tool folder" and the program will scan that folder and update it's working folder with new and updates data files, so newly scanned computers will appear in the tree and existing ones will be updated. You can also set the program to do this each time it's run, there is an appropriate checkbox in "Options - Audit agent".

See also:
Creating logon scripts
http://technet2.microsoft.com/windowsserve...a630801033.mspx
Logon Scripts How To...
http://technet2.microsoft.com/windowsserve...9471dd1033.mspx

Q: What is the logic of the program when it makes the scan?

A: The program has two connection methods to scan Windows computers: by SMB/NetBIOS protocol and by RPC/DCOM protocol, and also SNMP protocol for scanning of SNMP-enabled network devices. Both methods for computers are enabled by default. The program's behaviour can be set in "Options - Connection - Connection method".
If you scan IP ranges, first of all the program tries to ping the host (if allowed by the settings). If it doesn't respond, the program shows "Ping failed" and skips this host. Ping before scan is enabled by default only for IP range scan and is disabled for scan by names (network neighbourhood).
SMB connection method is tried first by default. If it fails and the option to try another method is enabled, the program tries RPC method.
If RPC method was selected, it is tried first. If it fails and the option to try another method is enabled, the program tries SMB method.
After this, if previous method(s) fail, the program tries SNMP protocol (perhaps it's a network device?). If it also fails, it shows the error which was produced by the last "computer" method that was used. If SMB method was used last, you can see "Network path not found" error. If RPC method was used last, you can see "RPC server is unavailable" error.
Considering the above, if you cannot locate the reason for "RPC server" error, it can be useful to switch the program to use SMB method only and analyze error messages that such scan will produce. They are usually more meaningful (access denied, network path not found, unknown user or bad password etc).
You can get more information about connection methods in the Technical whitepaper of the program.

Q: How to backup/restore the database or move the application to another computer?

A: The program's database is kept in a separate directory usually called data storage folder or simply data folder. The path to it is set in "Options - Storage". If it's not absolute (that is not beginning with a drive letter or "\\" meaning a network path), then it's a relative path and the folder is located in the program's installation directory (for example, "Data" means "C:\Program Files\Total Network Inventory\Data"). In order to backup the database, you just need to backup or archive this whole folder. To restore the database, copy or unpack this folder to some location and point the program to this folder using the "Browse" button in "Options - Storage".

To move the application to another computer, backup the data folder first. You may also need to backup the "config.ini" file located in the program's installation directory which contains all settings including custom reports, IP ranges etc. Now you can uninstall the program and delete the program's installation directory.
Install the latest version of the program on a new computer, but don't run it. Copy the "config.ini" file to the program's installation directory and put the data folder from your backup to some location. Now run the program. It will load the settings and if the path to the data folder is the same as on old computer, it will open the data folder and run as usual. Otherwise, if the previously used path doesn't exist, it will ask for a new location of the data folder, so you just need to point the program to the new location.

Q: Where do I install the program on - a server or a workstation?

A: Either server or workstation can run Total Network Inventory. It is just a matter of usage convenience, because it's not a client-server application and you need to have access to the graphical console of the computer you install it on, either directly or using some remote desktop utility. Besides, if you run it under domain admin account, you will be able to scan all computers "as current user", otherwise you would need to specify domain admin credentials explicitly.

However take note that if you install the program on Windows XP (starting with SP2), Windows Vista or Windows 7, and if there are many scan threads launched simultaneously, there may be issues with connections to remote computers. This is due to a restriction on the maximum number of TCP half-open connections (connection attempts, SYN_SENT socket state) existing in the mentioned Windows versions, which doesn't allow more than 10 outbound connections to be in this state at a time. After reaching this limit, all other connections in the system (including those executed by this program) are queued and may reach their timeout, thus producing inconsistent results. This issue is also known as "Event 4226 issue", because reaching the limitation produces a record in the System Event Log with EventID 4226. Windows XP SP0/SP1, Windows 2000 Professional and all Windows Server systems don't have such limitation. So in general case we suggest installing the program on a server operating system.

Q: Why does the program show that no antivirus (or firewall, or antispyware) is installed?

A: Our software can recognize all antiviruses and firewalls (in Windows XP SP2/SP3, Windows Vista and Windows 7) and antispyware (only in Windows Vista and Windows 7) that support Windows Security Center, that is if they are displayed by Security Center. The vendors of antivirus (firewall and antispyware) software should provide this support from their side, because they have to publish the product information and status to the system in a special way. Otherwise neither our product, nor Windows itself can recognize such software (in this case Windows Security Center should usually generate a message from time to time that the computer is not protected by antivirus/firewall/antispyware).
Unfortunately, even with the support from the side of the security products, this does not work on Windows 2000 and earlier and also on all Windows Server systems, because they don't have Security Center, that is they don't provide an interface for these products to publish their status to the system and thus to other applications.
We are going to add support for direct detection of the most popular products without dependency on the Security Center interface in the future versions of our program.

Q: How to fix the error "No network provider accepted the given network path"?

A: Take the following steps:

Make sure that you can ping the remote computer by network name.
Make sure that "File and Printer Sharing" exception is enabled in the Windows Firewall (or NetBIOS is allowed in any other firewall) or firewall is disabled.
Make sure that both "Client for Microsoft Networks" and "File and Printer Sharing For Microsoft Networks" are enabled in the properties of network connection of that computer.
Make sure that the setting "NetBIOS over TCP/IP" in the properties of network connection (Internet Protocol Version 4 - Properties - Advanced - WINS) is set to "Default" or "Enable" and that "TCP/IP NetBIOS Helper" service is set to "Automatic" and is started.
Make sure that security policy (secpol.msc - Local Policies - Security Options) "Network security: LAN Manager authentication level" is set to "Send LM & NTLM responses" (option #1) or "Send LM & NTLM responses - use NTLMv2 session security if negotiated" (option #2).
Run "sfc /scannow".

Q: How to fix the error "Call was canceled by the message filter"?