FAQ

Where do I install the program on—a server or a workstation?

Either server or workstation can run Total Network Inventory 2. It is just a matter of usage convenience, because it's not a client-server application and you need to have access to the graphical console of the computer you install it on, either directly or using some remote desktop utility. Besides, if you run it under domain admin account, you will be able to scan all computers as "current user", otherwise you would need to specify domain admin credentials explicitly.

However take note that if you install the program on Windows XP SP2/SP3 or Windows Vista SP0/SP1, and if there are many scan threads launched simultaneously, there may be issues with connections to remote computers. This is due to a restriction on the maximum number of TCP half-open connections (connection attempts, SYN_SENT socket state) existing in the mentioned Windows versions, which doesn't allow more than 10 outbound connections to be in this state at a time. After reaching this limit, all other connections in the system (including those executed by this program) are queued and may reach their timeout, thus producing inconsistent results. This issue is also known as "Event 4226 issue", because reaching the limitation produces a record in the System Event Log with EventID 4226. Windows 2000, Windows XP SP0/SP1, Windows Vista SP2, Windows 7, and all Windows Server systems don't have such limitation. Thus in general case we recommend to install the program on server systems.

How to backup/restore the storage or move the program to another computer?

The storage is contained in one folder (file system directory). It can be found by right-clicking the storage root group and selecting "Show in Explorer". Then go one level up and copy/archive the whole storage folder.

Program settings can be backed up by copying/archiving the folder "Total Network Inventory 2" in your account's "Application Data" folder (refered to by %APPDATA% environment variable), if you have chosen "Install for me" during the program installation. If you have chosen "Install for all", the settings are stored in "С:\Documents and Settings\All Users\Application Data\Total Network Inventory 2" (Windows 2000/XP/2003) or "C:\ProgramData\Total Network Inventory 2" (Windows Vista/7/2008). You can also find this folder by clicking "Open tasks folder" on the "Scanner" tab" or "Open templates folder" on the "Table reports" tab and by moving one level up.

To restore the program installing it on another computer (but don't run it) and extract the settings to the "Total Network Inventory 2" folder in the application data folder for your profile or all users, depending on your choice during the installation (after the installation this folder is created and contains one file "config.ini"). Also extract the storage folder somewhere, for instance, to My Documents. Then run the program and browse to the storage folder when prompted (if its location differs from the path stored in previous settings).

How do I deal with the error "Access is denied" or "Unknown user name or bad password"?

This error may be caused by several reasons:

• User name or password are specified incorrectly.

Check your user name and password.

• The specified user account does not have administrator rights on the remote machine.

You need to have administrator access to remote computers for successful scan (local administrator or domain administrator rights). If you have logged on as domain administrator or remote computers have the same name and password for the local administrator account as your account, you can use the "Current user" scan option. Otherwise specify the user name in full format: DOMAIN\Administrator.

• Blank password.

Remote administrator access with blank password is not allowed starting with Windows XP.

• The scanned computer has Windows XP Home Edition installed.

This Windows version cannot be scanned remotely, this is the operating system limitation, and it will always show "access denied" error. Though it is possible to scan XP Home locally by running the standalone audit tool tniwinagent.exe (located in the program's installation folder) on that machine. It will generate a file with scan results (.inv extension) which should be copied to the program's storage (it will be imported upon the next program launch, or immediately, if the program is running), or import it using the main menu "Storage" or context menu of any group.

• Computers are not in domain and have default settings.

Workstations which are running Windows XP, Vista or 7 and not connected to domain don't allow local administrator to authenticate as himself by default. Instead, "ForceGuest" policy is used, which means that all remote connections are mapped to Guest account. But again, administrator rights are required to make the scan. Thus you would need to update the security policy on each computer using one of the following ways:

a) Run secpol.msc,  expand Local policies - Security options, locate the policy "Network access: Sharing and security model for local accounts" and change it from "Guest" to "Classic".
b) Disable "Use simple file sharing" option in Folder Options in the Explorer.
c) Modify the registry: set the value "forceguest" located in the key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" to zero, or just run a *.reg file of the following contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000

For Windows Vista and 7 there is one more step that should be taken—it concerns User Account Control (UAC). It restricts administrator rights for remote logons in some cases. You should either disable UAC, or make changes to the registry: create a DWORD parameter with name "LocalAccountTokenFilterPolicy" and value "1" in the key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system" (source). A system restart may be needed.

How do I deal with the error "RPC server is unavailable"?

This error may be caused by the following reasons:

• Connection is blocked by a firewall (Windows Firewall or third party firewall).

Try to disable a firewall on remote computer temporarily. If the target computer has Windows XP SP2/SP3, Vista or 7, see the question regarding the Windows Firewall setup.

• Target computer does not have Windows Management Instrumentary service installed.

According to Microsoft documentation:

"WMI is preinstalled in Windows 7, Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, Windows Me, and Windows 2000.
Windows NT Workstation 4.0 SP4 and later: WMI is available through "Add/Remove Windows components" in Control Panel, as WBEM option install. A later, more comprehensive, version is available as an Internet download from http://www.microsoft.com/downloads. See "WMI CORE 1.5 (Windows 95/98/NT 4.0)".
Windows 98/95: WMI CORE 1.5 (Windows 95/98/NT 4.0) is available as an Internet download from http://www.microsoft.com/downloads. This download requires Microsoft Internet Explorer version 5 or later."

Remote interrogation of Windows 98/95 computers is supported partially, because problems with DCOM authentication may be encountered. The solution is to make local (manual or autostart) scanning with the help of standalone audit tool ("tniwinagent.exe").

Additional information about scanning the Windows computers using WMI.

• Target computer is offline or IP address may not be occupied at all (if scanning by IP's and ICMP ping option is disabled).

Windows Browser service updates the computer list each 12 minutes, thus a computer can go offline but still be visible in the network neighborhood. However in this case you are more likely to get status "Ping failed". But if the ICMP protocol (ping, echo) is not allowed in your network, you might want to disable pinging in "Options - Scanner - Use ICMP ping". After this you will be able to scan online hosts which don't respond to pings, but all offline hosts (and also not occupied IP adresses) will show "RPC error" status, and thus it will slow down the scanning of large groups or IP ranges.

• Wrong DNS record.

If you scan the computer by name, it could be resolved to invalid or not existing (not occupied) IP address due to problems with DNS or WINS. If you scan the computer by IP address, you are likely to receive "Ping failed", but if ping before scan is disabled, you will get "RPC error" when scanning offline address or not occupied address (see point 3). A user of TNI has faced such situation and described it on our forum: http://www.softinventive.com/forum/index.php?showtopic=428

• Target host is not a computer or it runs an operating system other than Windows when scanning via RPC protocol.

If the scanned name or IP address belongs to a network device which can be pinged but which is not a Windows computer (NIX-computer, network printer, router, managed switch, type library, IP phone, firewall, thin client, etc.), it cannot be scanned via RPC protocol and shows this error. However the program tries to scan this host via other protocols (SMB, SSH and SNMP) and the scan result may vary depending on the settings for these protocols and the nature of the scanned network host.

Can I get the port numbers that this product uses to connect to configure the firewall?

By default the program uses SMB protocol to access Windows computers. It can be allowed by enabling "File and Printer Sharing" exception in the Windows Firewall or TCP port 445 in other firewalls. You may also try to enable TCP port 139 (NetBIOS) for older systems.

Besides, the program uses RPC protocol to scan Windows computers (direct WMI connection) if SMB fails. in Options - Scanner. To allow remote RPC connection you would need either to disable Windows firewall or set it up in a special way:

• Use a netsh firewall command at the command prompt: netsh firewall set service RemoteAdmin enable for Windows XP/Vista or netsh advfirewall firewall set rule group="remote admin" new enable=Yes for Windows 7.
• Use the Group Policy editor: Group Policy editor (gpedit.msc) -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile or Standard Profile -> Windows Firewall: Allow remote administration exception -> Action -> Properties -> Enable.

Windows Firewall in Vista/7 has a special exception named "Windows Management Instrumentary (WMI)", which can be enabled and thus save you from necessity of setting up the policies manually.

How do I deal with the warning "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts"?

This warning may appear when you run the network scan under Windows XP SP2/SP3 or Windows Vista SP0/SP1 with port scan enabled. In these operating systems there is a controversial limitation of not more than 10 concurrent TCP connect attempts ("half-open connections") introduced by Microsoft to limit the speed of malicious software spread over the networks. You can find more information in this Microsoft article. When you see this message in the scanner log, it means that the program detects that some computers have no open ports and there is an event with ID 4226 (source: Tcpip) in the system Event Log with the same message. Because of reaching the aforementioned limitation, the program cannot reliably detect whether ports on computers are open or not. That's why the program starts to ignore the port scan results and connects to all computers using all selected protocols to provide successful scans. This policy remains active during the current session, that is until the next program restart. To avoid this warning you can do the following:

• Disable the "Scan ports" option in the Scanner settings. Note that this will decrease the network scan performance.
• Patch your system using the widely known patch by LvlLord or this patch (based on LvlLord's one). However note that this is illegal according to the Windows EULA.
• Run TNI on the system which is not affected by this limitation: Windows Server 2000/2003/2008, Windows 2000, Vista SP2 or Windows 7.

How to fix the error "No network provider accepted the given network path"?

Take the following steps:

1. Make sure that you can ping the remote computer by network name.
2. Make sure that "File and Printer Sharing" exception is enabled in the Windows Firewall (or NetBIOS is allowed in any other firewall) or firewall is disabled.
3. Make sure that both "Client for Microsoft Networks" and "File and Printer Sharing For Microsoft Networks" are enabled in the properties of network connection of that computer.
4. Make sure that the setting "NetBIOS over TCP/IP" in the properties of network connection (Internet Protocol Version 4 - Properties - Advanced - WINS) is set to "Default" or "Enable" and that "TCP/IP NetBIOS Helper" service is set to "Automatic" and is started.
5. Make sure that security policy (secpol.msc - Local Policies - Security Options) "Network security: LAN Manager authentication level" is set to "Send LM & NTLM responses" (option #1) or "Send LM & NTLM responses - use NTLMv2 session security if negotiated" (option #2).
6. Run "sfc /scannow".

How to fix the error "Call was canceled by the message filter"?

Take the following steps:

1. Run "services.msc" on the remote computer and make sure that "Windows Management Instrumentation" service is set to "Automatic" and is started.
2. Make sure that DCOM is enabled: run "dcomcnfg", select "Component Services - Computers - My Computer", right-click, "Properties", open "Default Properties" tab and make sure that "Enable Distributed COM on this computer" is enabled.
3. Restart the remote computer.
4. Run WMI diagnosis utility from Microsoft.
5. Follow these tips to repair WMI on the remote computer.

How do I set up the program to scan computers when users log on to a domain?

This is a shortened guide. The full version of this guide is available here.

1. Copy the standalone scan agent “tniwinagent.exe” located in the program’s installation directory to a shared folder on your file server accessible to all users with read-only access. For this, open the “Options” window, then open the “Logon script” page, click “Export standalone scanner” button and specify the folder for export. It will also fill the “Path to agent” field. It should be a UNC path (network path starting with double backslash).
2. Create and share a folder on your file server with write access for all users. This will be the folder where the scan agent will save scan results. Note: instead of creating a separate folder (most secure), you can share an empty folder inside the TNI 2 storage (secure) or the storage root folder (least secure) with write access for all users.
3. In “Options – Logon script – Save path” specify the path where the agent should save the files (the directory you have shared in step 2). This should also be a UNC path. Specify other options if necessary (such as “Delay before scan start” and “Overwrite existing files”).
4. Copy the auto-generated command using the “Copy the command” button.
5. If you already have a logon script for your domain, particular Organizational Unit or a single user, paste the command you’ve copied earlier to this script and save it. Otherwise refer to the full version of this guide.
6. In the main window of Total Network Inventory 2 press “Options”, open the “Auto-import” page and specify the path to the folder with the inventory files in the “Import data path” field. You can import new data right now or set the settings to import at startup or by timer. Each time you want to update the information manually, open “Options – Auto-import” and click “Import now”. Also you can delete files after import or import from subfolders (in case each OU has its own logon script which runs the scanner with different parameters to save results in different folders). If you have chosen to share a folder in the storage, or the whole storage folder, you don’t need to set up Auto-import. The scan results will be automatically imported as you run the program and it opens the storage, or immediately, if the program is running.

Resources to read:
Logon script scan
Standalone agent command-line parameters
Data import
Logon scripts FAQ
Creating logon scripts
Logon Scripts How To...

Is it possible to scan Windows 95/98/NT machines?

Actually, it is. First of all, you should install Microsoft WMI core components for Windows 95/98/NT. WMI CORE 1.5 (Windows 95/98/NT 4.0) is available as an Internet download from http://www.microsoft.com/downloads. 

Then place a link to "\WINDOWS\SYSTEM\WBEM\WinMgmt.exe" to the startup folder and reboot, or start it manually. After this it will be possible to use standalone audit tool "tniaudit.exe" for manual, autorun or domain logon scan.

In order to be able to use remote online scan, you should run a registry file (*.reg) of the following contents on a Windows 95/98 machine:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE]
"EnableDCOM"="Y"
"EnableRemoteConnect"="Y"

[HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM]
"SetupForDCOM"="1"
"AutostartWin9X"="2"
"EnableAnonConnections"="1"

Or you may change these values manually. It would be good idea to restart the computer. After this you should be able to connect remotely using any credentials or as current user.
Please note that support for Windows 95/98/NT is provided "AS IS", because Microsoft has officially stopped support for these operating systems.

I have selected several assets in a network tree, but the report shows only one. Why?

TNI 2 network tree has two node selection modes: single and multiple. To select several nodes to be shown in a report, either select a group (a report will be built for all assets in this group and all subgroups) or enable multiple selection by ticking the checkbox Multiple selection over the tree — and boxes will appear against each node. Rubber band node selection (including selection with Ctrl and Shift) is not applied for building reports and is used for working with the nodes in the tree (drag'n'drop moving, deleting, etc). For more details, see Node selection.

How to get a list of computers which have certain software installed?

This can be done easily in Software accounting view in one of the following ways:

• Find the software you need and click "+" button in Copies column. You will see the list of computers. After selecting computer lines, you can copy them as a text or CSV.
• This way is good for the case with several programs. Select the storage root group in the network tree. Click Assets x software report on the sidebar. Tick the needed programs, tick Hide empty lines on the sidebar and click Build. You will get a table containing only the computers with at least one of the selected programs installed.

Why does the program show that no antivirus (or firewall, or antispyware) is installed?

TNI 2 can recognize all antiviruses and firewalls (in Windows XP SP2/SP3, Windows Vista and Windows 7) and antispyware (only in Windows Vista and Windows 7) that support Windows Security Center (Action Center), that is if they are displayed by Security Center. The vendors of antivirus (firewall and antispyware) software should provide this support from their side, because they have to publish the product information and status to the system in a special way. Otherwise neither our product, nor Windows itself can recognize such software (in this case Windows Security Center should usually generate a message from time to time that the computer is not protected by antivirus/firewall/antispyware).
Unfortunately, even with the support from the side of the security products, this does not work on Windows 2000 and earlier and also on all Windows Server systems, because they don't have Security Center, that is they don't provide an interface for these products to publish their status to the system and thus to other applications.
We are going to add support for direct detection of the most popular products without dependency on the Security Center interface in the future versions of our program.