Related Documentation Download this Excerpt
PDF (US Ltr) - 2.2Mb
PDF (A4) - 2.2Mb
EPUB - 1.8Mb
HTML Download (TGZ) - 1.8Mb
HTML Download (Zip) - 1.8Mb


MySQL and Windows  /  ...  /  Remote monitoring set up and installation instructions

1.4.2 Remote monitoring set up and installation instructions

The MySQL Notifier uses Windows Management Instrumentation (WMI) to manage and monitor services in remote computers running Windows XP or later. This guide explains how it works, and how to set up your system to monitor remote MySQL instances.

In order to configure WMI, it is important to understand that the underlying Distributed Component Object Model (DCOM) architecture is doing the WMI work. Specifically, MySQL Notifier is using asynchronous notification queries on remote Microsoft Windows hosts as .NET events. These events send an asynchronous callback to the computer running the MySQL Notifier so it knows when a service status has changed on the remote computer. Asynchronous notifications offer the best performance compared to semisynchronous notifications or synchronous notifications that use timers.

Asynchronous notifications requires the remote computer to send a callback to the client computer (thus opening a reverse connection), so the Windows Firewall and DCOM settings must be properly configured for the communication to function properly.

Figure 1.33 MySQL Notifier Distributed Component Object Model (DCOM)

MySQL Notifier Distributed Component Object Model (DCOM)

Most of the common errors thrown by asynchronous WMI notifications are related to Windows Firewall blocking the communication, or to DCOM / WMI settings not being set up properly. For a list of common errors with solutions, see Common Errors.

The following steps are required to make WMI function. These steps are divided between two machines. A single host computer that runs MySQL Notifier (Computer A), and multiple remote machines that are being monitored (Computer B).

Computer running MySQL Notifier (Computer A)

  1. Allow for remote administration by either editing the Group Policy Editor, or using NETSH:

    Using the Group Policy Editor:

    1. Click Start, click Run, type GPEDIT.MSC, and then click OK.

    2. Under the Local Computer Policy heading, double-click Computer Configuration.

    3. Double-click Administrative Templates, then Network, Network Connections, and then Windows Firewall.

    4. If the computer is in the domain, then double-click Domain Profile; otherwise, double-click Standard Profile.

    5. Click Windows Firewall: Allow inbound remote administration exception.

    6. On the Action menu either select Edit, or double-click the selection from the previous step.

    7. Check the Enabled radio button, and then click OK.

    Using the NETSH command:

    Note

    The "netsh firewall" command is deprecated as of Microsoft Server 2008 and Vista, and replaced with "netsh advfirewall firewall".

    1. Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and click Run as Administrator).

    2. Execute the following command:

      NETSH advfirewall firewall set service RemoteAdmin enable
      

  2. Open the DCOM port TCP 135:

    1. Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and click Run as Administrator) .

    2. Execute the following command:

      NETSH advfirewall firewall add rule name=DCOM_TCP135 protocol=TCP localport=135 dir=in action=allow
      

  3. Add the client application which contains the sink for the callback (MySqlNotifier.exe) to the Windows Firewall Exceptions List (use either the Windows Firewall configuration or NETSH):

    Using the Windows Firewall configuration:

    1. In the Control Panel, double-click Windows Firewall.

    2. In the Windows Firewall window's left panel, click Allow a program or feature through Windows Firewall.

    3. In the Allowed Programs window, click Change Settings.

    4. If MySqlNotifier.exe is in the Allowed programs and features list, make sure it is checked for the type of networks the computer connects to (Private, Public or both).

    5. If MySqlNotifier.exe is not in the list, click Allow another program....

    6. In the Add a Program window, select the MySqlNotifier.exe if it exists in the Programs list, otherwise click Browse... and go to the directory where MySqlNotifier.exe was installed to select it, then click Add.

    7. Make sure MySqlNotifier.exe is checked for the type of networks the computer connects to (Private, Public or both).

    Using the NETSH command:

    1. Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and click Run as Administrator).

    2. Execute the following command, where you change "[YOUR_INSTALL_DIRECTORY]":

      NETSH advfirewall firewall add rule name=MySqlNotifier program=[YOUR_INSTALL_DIRECTORY]\MySqlNotifier.exe action=allow dir=in
      
  4. If Computer B is either a member of WORKGROUP or is in a different domain that is untrusted by Computer A, then the callback connection (Connection 2) is created as an Anonymous connection. To grant Anonymous connections DCOM Remote Access permissions:

    1. Click Start, click Run, type DCOMCNFG, and then click OK.

    2. In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.

    3. In the My Computer Properties dialog box, click the COM Security tab.

    4. Under Access Permissions, click Edit Limits.

    5. In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click OK.

Monitored Remote Computer (Computer B)

If the user account that is logged into the computer running the MySQL Notifier (Computer A) is a local administrator on the remote computer (Computer B), such that the same account is an administrator on Computer B, you can skip to the "Allow for remote administration" step.

Setting DCOM security to allow a non-administrator user to access a computer remotely:

  1. Grant "DCOM remote launch" and activation permissions for a user or group:

    1. Click Start, click Run, type DCOMCNFG, and then click OK.

    2. In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.

    3. In the My Computer Properties dialog box, click the COM Security tab.

    4. Under Access Permissions, click Edit Limits.

    5. In the Launch Permission dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:

      1. In the Launch Permission dialog box, click Add.

      2. In the Select Users, Computers, or Groups dialog box, add your name and the group in the "Enter the object names to select" box, and then click OK.

    6. In the Launch Permission dialog box, select your user and group in the Group or user names box. In the Allow column under Permissions for User, select Remote Launch, select Remote Activation, and then click OK.

    Grant DCOM remote access permissions:

    1. Click Start, click Run, type DCOMCNFG, and then click OK.

    2. In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.

    3. In the My Computer Properties dialog box, click the COM Security tab.

    4. Under Access Permissions, click Edit Limits.

    5. In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click OK.

  2. Allowing non-administrator users access to a specific WMI namespace:

    1. In the Control Panel, double-click Administrative Tools.

    2. In the Administrative Tools window, double-click Computer Management.

    3. In the Computer Management window, expand the Services and Applications tree and double-click the WMI Control.

    4. Right-click the WMI Control icon and select Properties.

    5. In the WMI Control Properties window, click the Security tab.

    6. In the Security tab, select the namespace and click Security.

    7. Locate the appropriate account and check Remote Enable in the Permissions list.

  3. Allow for remote administration by either editing the Group Policy Editor or using NETSH:

    Using the Group Policy Editor:

    1. Click Start, click Run, type GPEDIT.MSC, and then click OK.

    2. Under the Local Computer Policy heading, double-click Computer Configuration.

    3. Double-click Administrative Templates, then Network, Network Connections, and then Windows Firewall.

    4. If the computer is in the domain, then double-click Domain Profile; otherwise, double-click Standard Profile.

    5. Click Windows Firewall: Allow inbound remote administration exception.

    6. On the Action menu either select Edit, or double-click the selection from the previous step.

    7. Check the Enabled radio button, and then click OK.

    Using the NETSH command:

    1. Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and click Run as Administrator).

    2. Execute the following command:

      NETSH advfirewall firewall set service RemoteAdmin enable
      

  4. Now, be sure the user you are logging in with uses the Name value and not the Full Name value:

    1. In the Control Panel, double-click Administrative Tools.

    2. In the Administrative Tools window, double-click Computer Management.

    3. In the Computer Management window, expand the System Tools then Local Users and Groups.

    4. Click the Users node, and on the right side panel locate your user and make sure it uses the Name value to connect, and not the Full Name value.

  5. If the remote computer is running on Windows XP Professional, make sure that remote logins are not being forcefully changed to the guest account user (also known as ForceGuest), which is enabled by default on computers that are not attached to a domain.

    1. Click Start, click Run, type SECPOL.MSC, and then click OK.

    2. Under the Local Policies node, double-click Security Options.

    3. Select Network Access: Sharing and security model for local accounts and save.

Common Errors

  • 0x80070005

    • DCOM Security was not configured properly (see Computer B, the Setting DCOM security... step).

    • The remote computer (Computer B) is a member of WORKGROUP or is in a domain that is untrusted by the client computer (Computer A) (see Computer A, the Grant Anonymous connections DCOM Remote Access permissions step).

  • 0x8007000E

    • The remote computer (Computer B) is a member of WORKGROUP or is in a domain that is untrusted by the client computer (Computer A) (see Computer A, the Grant Anonymous connections DCOM Remote Access permissions step).

  • 0x80041003

    • Access to the remote WMI namespace was not configured properly (see Computer B, the Allowing non-administrator users access to a specific WMI namespace step).

  • 0x800706BA

    • The DCOM port is not open on the client computers (Computer A) firewall. See the Open the DCOM port TCP 135 step for Computer A.

    • The remote computer (Computer B) is inaccessible because its network location is set to Public. Make sure you can access it through the Windows Explorer.


User Comments
Sign Up Login You must be logged in to post a comment.