Q: Should I install the program on a server or on a workstation?
A: Both a server and a workstation can run Total Network Inventory. It’s just a matter of usage convenience, because it's not a client-server application, and you need to have access to the graphical console of the computer it's installed on, either directly or by using a remote desktop utility. However, if you run it under the domain admin account, you’ll be able to scan all computers as "current user" – otherwise you’d need to specify domain admin credentials explicitly. In the general case, we recommend to install the program on server systems or modern desktops.
Backup and restore
Q: How to backup/restore the Storage or move the program to another computer?
A: The Storage is located in a separate folder (file system directory). It can be located by right-clicking the storage root group and selecting Show in Explorer. Then go up one level and copy/archive the whole storage folder.
Program settings can be backed up by copying/archiving a folder entitled Total Network Inventory in your account's AppData folder (can be expanded using the %APPDATA% environment variable) if you chose Install for me during the program installation. If you chose Install for all, the settings are stored in "C:\ProgramData\Total Network Inventory". You can also find this folder by clicking Open tasks folder in the Scanner tab and then going up one level.
To restore the program, install it on another computer (but don't run it) and extract your backed-up settings to the Total Network Inventory folder in the AppData folder for your profile or all users, depending on your choice during the installation (after the installation, this folder is automatically created and contains one file: config.ini). Also, extract the storage folder locally: for instance, to Documents. Then run the program and browse to the storage folder when prompted (if its location differs from the path stored in previous settings).
Backup of the Storage to a .zip archive and its subsequent restoration can also be performed from the program's Storage menu. Regular backups can be performed using the Scheduler.
Multiple access to the storage
Q: Can I open the same storage in several TNI copies at the same time?
A: You can connect several TNI installations to one storage which is located in a shared folder. However, the program does not provide any special mechanisms for simultaneous operation (simultaneous editing in particular). Therefore, while all users can read the information from the same storage, only one user should edit it to avoid critical errors.
Access is denied
Q: How do I deal with the errors "Access is denied" or "Unknown user name or bad password"?
A: These errors can occur for several reasons:
- Username or password are specified incorrectly.
Check your username and password.
- The specified user account does not have administrator rights on the remote machine.
You need to have administrator access to remote computers to be able to scan them (local administrator or domain administrator rights). If you have logged on as domain administrator or remote computers have the same name and password for the local administrator account as your account, you can use the Current user scan option. Otherwise specify the user name in full format: DOMAIN\Administrator.
- Computers are not in domain and have default settings.
Workstations running Windows XP, Vista or later client versions and not connected to a domain don't allow the local administrator to authenticate as himself by default. Instead, the ForceGuest policy is used, which means that all remote connections are mapped to the Guest account. But again, the administrator rights are required for running the scan. Thus, you need to update the security policy on each computer using one of the following ways:
- Run secpol.msc, expand Local policies / Security options, locate the Network access: Sharing and security model for local accounts policy and change its value from Guest to Classic.
- Disable the Use simple file sharing option in File Explorer’s Folder Options.
- Modify the registry: set the forceguest value, located in the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" key, to zero.
For Windows client versions starting with Vista, an additional step should be taken: it concerns the User Account Control (UAC). It restricts administrator rights for remote logons in certain cases. You should either disable UAC or make changes to the registry: create a DWORD parameter (name: LocalAccountTokenFilterPolicy; value: 1) in the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system" key. A reboot may be required.
You can modify both settings easily by running a .reg file with the following contents on such computers:
Windows Registry Editor Version 5.00
RPC server is unavailable
Q: How do I deal with the error "RPC server is unavailable"?
A: This error may be caused by one of the following reasons:
- The connection is blocked by a firewall (Windows Firewall or third party firewall).
Try temporarily disabling the firewall on the remote computer. If the target computer runs on Windows XP SP2/SP3, Vista or 7, see the question regarding the Windows Firewall setup.
- The target computer is offline or the IP address may not be occupied at all (when scanning by IP's and if the Use network discovery option is disabled).
The Windows Browser service updates the computer list every 12 minutes, so a computer can go offline, but remain visible in the Network browser. However, in this case you are more likely to get the Ping failed status. But if the ICMP protocol (ping, echo) is not allowed in your network, you might want to disable pinging in Options – Scanner – Use network discovery. After this, you will be able to scan online hosts which don't respond to pings, but all offline hosts (and also unoccupied IP addresses) will show the RPC error status, and thus it will slow down the scanning of large IP groups or ranges.
- Wrong DNS record.
If you scan the computer by name, it could be resolved to an invalid or not existing (unoccupied) IP address due to problems with DNS or WINS. If you scan the computer by IP address, you are likely to receive Ping failed, but if pinging before scanning is disabled, you will receive the RPC error when scanning an offline or unoccupied address (see the previous point).
- The target host is not a computer, or it runs an operating system other than Windows when scanning via the RPC protocol.
If the scanned name or IP address belongs to a network device which can be pinged, but is not a Windows computer (NIX-computer, network printer, router, managed switch, type library, IP phone, firewall, thin client, etc.), it cannot be scanned via the RPC protocol and shows this error. However, the program tries to scan this host via other protocols (SMB, SSH and SNMP), and the scan result may vary depending on the settings for these protocols and the nature of the scanned network host.
Q: How can I find out which port numbers are used by TNI, so I can configure the firewall?
A: By default, TNI uses the SMB protocol to scan Windows computers. It can be allowed by enabling the File and Printer Sharing exception in the Windows Firewall or TCP port 445 in other firewalls.
Also, TNI uses the RPC protocol to scan Windows computers (direct WMI connection) if SMB fails. To allow remote RPC connections, you should either disable Windows Firewall or set it up in the following way:
- Use the following netsh firewall command in the command prompt: netsh advfirewall firewall set rule group="remote admin" new enable=Yes;
- Use the Group Policy editor: Group Policy editor (gpedit.msc) -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile or Standard Profile -> Windows Firewall: Allow remote administration exception -> Action -> Properties -> Enable.
Windows Firewall in Vista, 7 or newer has a special exception entitled "Windows Management Instrumentation (WMI)", which can be enabled and thus save you from the necessity of setting up the policies manually.
No network provider accepted the given network path
Q: How to fix the error "No network provider accepted the given network path"?
A: Take the following steps:
- Make sure that you can ping the remote computer by network name;
- Make sure that the File and Printer Sharing exception is enabled in the Windows Firewall (or that NetBIOS is allowed in any other firewall), or the firewall is disabled;
- Make sure that both Client for Microsoft Networks and File and Printer Sharing For Microsoft Networks are enabled in the properties of the network connection on the remote computer;
- Make sure that the NetBIOS over TCP/IP setting in the properties of the network connection (Internet Protocol Version 4 – Properties – Advanced – WINS) is set to Default or Enabled and that the TCP/IP NetBIOS Helper service is set to Automatic and started;
- Make sure that the Network security: LAN Manager authentication level security policy (secpol.msc–Local Policies – Security Options) is set to Send LM & NTLM responses (option #1) or Send LM & NTLM responses – use NTLMv2 session security if negotiated (option #2);
- Run sfc /scannow.
Call was canceled by the message filter
Q: How to fix the error "Call was canceled by the message filter"?
A: Take the following steps:
- Run services.msc on the remote computer and make sure that the Windows Management Instrumentation service is set to Automatic and started;
- Make sure that DCOM is enabled: run dcomcnfg, select Component Services – Computers – My Computer, right-click, choose Properties, open the Default Properties tab and make sure that Enable Distributed COM on this computer is on;
- Restart the remote computer;
- Run WMI diagnosis utility from Microsoft;
- Follow these tips to repair WMI on the remote computer.
Domain logon scan
Q: How do I set up the program to scan computers when users log on to a domain?
A: This is a shortened guide. The full version of this guide is available here.
- Copy the standalone scan agent tniwinagent.exe located in the program’s installation directory to a shared folder on your file server accessible to all users with read-only access. For this, open the Options window, then open the Logon script page, press the Export standalone scanner button and specify the folder to export to. This action will also fill the Path to agent field. It should be a UNC path (a network path starting with double backslash).
- Create and share a folder with write access for all users on your file server. This will be the folder where the scan agent will save the scan results. Note: instead of creating a separate folder (most secure), you can share an empty folder inside the TNI storage (secure) or the storage root folder (least secure) with write access for all users.
- In Options – Logon script – Save path specify a path to the folder where the agent should save the files (the folder from step 2). This should also be a UNC path. Specify other options if necessary (such as Delay before scan start and Overwrite existing files).
- Copy the auto-generated command using the Copy the command button.
- If you already have a logon script for your domain, a particular Organizational Unit or a single user, paste the command you’ve copied earlier to this script and save it. Otherwise, refer to the full version of this guide.
- In the main TNI window: press Options, open the Auto-import page and specify the path to the folder with the inventory files in the Import data path field. You can import new data right now or set the settings to import on startup or set the timer. Each time you want to update the information manually, open Options – Auto-import and click Import now. Also, you can delete files after importing or import from subfolders (in case each OU has its own logon script which runs the scanner with different parameters to save results in different folders). If you chose to share a folder in the storage or the whole storage folder, you don’t need to set up Auto-import. The scan results will be automatically imported as you run the program and it opens the storage, or immediately, if the program is already running.
Other scan errors
Q: While scanning I have received the "Internal error in ScannerLib.dll" error.
A: This may be caused by problems related to the setting of the OS "Language for non-Unicode programs" on the computer where TNI is installed.
To fix the error, go to the OS language settings, select "Additional date, time & regional" settings, then "Region". In the opened window, go to the "Administrative" tab and change the system locale for non-Unicode programs to English.
In the same Region Settings window tick the "Use Unicode UTF-8 for worldwide language support" option.
Program usage questions
Network tree selection
Q: I have selected several assets in the network tree, but the report shows only one. Why?
A: In TNI, the Network tree has two node selection modes: single and multiple. To build a report for several nodes, either select a group (the report will be built for all assets in this group and all subgroups) or enable multiple selection by ticking the Multiple selection checkbox over the tree — checkboxes will appear in front of each node. Rectangular selection (as well as selection using Ctrl or Shift) is not used for building reports and is used for working with the nodes in the tree (drag'n'drop moving, deleting, etc). For more details, see Selecting a node.
List of computers with particular software
Q: How to get a list of computers which have particular software installed?
A: There are several ways to obtain this information:
- Go to the Software accounting tab, use the Search bar and filters to find the necessary software and select it to display a list of computers it's installed on (in the details area on the Installations page). You can select the items in the list and copy or export them, or click the Installations summary link to get a printable report.
- Go to the Table reports tab and modify the Installed software report template. Add a condition that will filter your report by a specific software title.
Version of Microsoft Edge or Internet Explorer
Q: Why can't I find the version of Microsoft Edge or Internet Explorer in the list of installed software?
A: This information is available on the Viewer & reports tab, in the Operating system category. You can also find this field in Table reports. The names of the fields are Microsoft Edge version and Version of Internet Explorer.
License keys of Microsoft products
Q: Why does TNI sometimes show only the last five characters of the license key for a Microsoft product?
A: Usually TNI can automatically detect license keys for Microsoft Windows and Office products. However, if the key shows only 5 characters, it means that MAK (Multiple Activation Key) or KMS (Key Management Service) is used and it's not possible to retrieve the full key automatically in any way. This is due to the full key not being stored in the registry as usual. Not even the VAMT tool from Microsoft (Volume Activation Management Tool) or the ospp.vbs script (cscript ospp.vbs /dstatus) in the Office installation folder can show more than the last few characters.
No antivirus installed
Q: Why does the program show that no antivirus (or firewall, or antispyware) is installed?
A: TNI can recognize all antiviruses and firewalls (in Windows XP SP2/SP3, Vista or later) and antispyware (only starting from Windows Vista) that support Security and Maintenance (previously known as Windows Security Center and Action Center), that is, if they are displayed in Security and Maintenance. The vendors of antivirus (firewall and antispyware) software should provide this support from their side, because they have to publish the product information and status to the system in a special way. Otherwise neither our product, nor Windows itself can recognize such software (in this case Security and Maintenance should usually generate a message from time to time that the computer is not protected by antivirus/firewall/antispyware).