FAQ

Q: Should I install the program on a server or on a workstation?

A: Both a server and a workstation can run Total Network Monitor 2. It’s just a matter of usage convenience, because it's not a client-server application, and you need to have access to the graphical console of the computer it's installed on, either directly or by using a remote desktop utility. However, if you run it under the domain admin account, you’ll be able to run monitors with WINDOWS and FILE sensors as "current user" – otherwise you’d need to specify domain admin credentials explicitly (for example, those of the domain administrator).

However, take note that if you install the program on Windows XP SP2/SP3 or Vista SP0/SP1 and there are a lot of TCP checks running simultaneously, these checks may return incorrect results. This is caused by a restriction on the maximum number of TCP half-open connections (connection attempts, SYN_SENT socket state) existing in the aforementioned Windows versions, which doesn't allow for more than 10 outbound connections to be in this state at a time. After reaching this limit, all other connections in the system (including those executed by this program) are queued and may reach their timeout, thus producing inconsistent results. This issue is also known as the Event 4226 issue, because reaching the limitation produces a record in the System Event Log with EventID 4226. Windows 2000 Professional, XP SP0/SP1, Windows 7 and newer and all Windows Server systems don't have this limitation. Thus, in the general case, we recommend to install the program on server systems or modern desktops.

 

Q: I don't understand the operating principle of your program. How does it work?

A: The program revolves around 4 main points:

1. Device: any device in the network with an IP address.
2. Monitor: enables control over various aspects of device operation and execution of actions. It consists of:
2.1. Sensor: an integral part of the monitor; it directly checks the devices. There are 3 groups of sensors (Internet sensors, Windows sensors, File sensors).
2.2. Action(s): enables alerting and taking certain measures according to user-set parameters.

See TNM's operational structure below:

Q: I've opened a new project. How do I create my first monitor?

A: Any monitor belongs to a device, which in turn belongs to a group. That's why at first it's necessary to create a group and a device.

  1. Select My Network Place in the tree.
  2. Press Add Group on the toolbar.
  3. Create a group, then select it in the tree.
  4. Press Add Device.
  5. Create a device and select it in the tree.
  6. Press Add Monitor in the Monitor menu.

More details about operations with monitors here...


Q: I created a monitor, started it and noticed that it assumes different colors. What does it mean?

A: During its work the monitor is able to assume three colors: black, red and green. Black color means that an error has occurred during sensor operation (e.g. failure to receive authorization on the remote Windows PC). The other two colors display the logical result of a check. For file sensors you can set the rules of color change yourself.

 

Q: Which log types does TNM create and what do they contain?

A: TNM maintains 4 logs:

  1. All monitors log;
  2. Current monitor's log;
  3. Current monitor's activity;
  4. Executed actions.

In All monitors log the records on all monitors are displayed. A new record is created only when a monitor changes color.
Current monitor's log only displays the records originating from the monitor selected in the list.
Records on all performed actions are logged in Executed actions. If an action has been executed with an error, an appropriate record is highlighted red, and the error information is included into the entry.
Statistical information about the monitor selected in the list is shown in Current monitor's activity.

More details about logging here...


Q: What's an Activity diagram?

A: An Activity diagram shows all the color states that the selected monitor has been in during its run. Every check is labeled by a square, its color defined by the result of the check. A multitude of squares of the same color form a block.

 

Q: How do I update my TNM to the latest version?

A: Choose Help (?) -> Check for updates in the top right corner of TNM's window. If there's a new update press Download. The update will be installed right after TNM exits.

 

Q: There is a checkbox “Device has static IP” in the new device create window. What does it mean?

A: If a device obtained a static IP, it will always be used during monitoring. Otherwise, TNM will try to resolve the hostname each time and receive the current IP address.


Q: Can I export one of the logs to different formats?

A: Yes. Select the log. Right-click on it and select one of the export formats.

 

Q: How do I deal with the errors "Access is denied" or "Unknown user name or bad password"?

A: These errors can occur for several reasons:

  • Username or password are specified incorrectly.

Check your username and password in device or monitor properties. Specify the user name in full format: DOMAIN\Administrator.

  • The specified user account does not have administrator rights on the remote machine.

You need to have administrator access to remote computers to be able to monitor them (local administrator or domain administrator rights).

  • Blank password.

Remote administrator access with blank password is not allowed starting with Windows XP.

  • The monitored computer has Windows XP Home Edition installed.

This version of Windows cannot be monitored remotely. It’s an OS limitation, and the Access denied error will be displayed at all times.

  • Computers are not in domain and have default settings.

Workstations running Windows XP, Vista or later client versions and not connected to a domain don't allow the local administrator to authenticate as himself by default. Instead, the ForceGuest policy is used, which means that all remote connections are mapped to the Guest account. But again, the administrator rights are required for monitoring. Thus, you need to update the security policy on each computer using one of the following ways:

  • Run secpol.msc, expand Local policies / Security options, locate the Network access: Sharing and security model for local accounts policy and change its value from Guest to Classic.
  • Disable the Use simple file sharing option in File Explorer’s Folder Options.
  • Modify the registry: set the forceguest value, located in the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" key, to zero.

For Windows client versions starting with Vista, an additional step should be taken: it concerns the User Account Control (UAC). It restricts administrator rights for remote logons in certain cases. You should either disable UAC or make changes to the registry: create a DWORD parameter (name: LocalAccountTokenFilterPolicy; value: 1) in the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system" key (source). A reboot may be required.

You can modify both settings easily by running a .reg file with the following contents on such computers (omit the last two lines for Windows XP):

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system]
"LocalAccountTokenFilterPolicy"=dword:00000001