MySQL Notifier Release Notes
MySQL Notifier uses Windows Management Instrumentation (WMI) to manage and monitor services on remote computers. This section explains how it works and how to set up your system to monitor remote MySQL instances.
In order to configure WMI, it is important to understand that the underlying Distributed Component Object Model (DCOM) architecture is doing the WMI work. Specifically, MySQL Notifier is using asynchronous notification queries on remote Microsoft Windows hosts as .NET events. These events send an asynchronous callback to the computer running MySQL Notifier so it knows when a service status has changed on the remote computer. Asynchronous notifications offer the best performance compared to semisynchronous notifications or synchronous notifications that use timers.
As the following figure shows, asynchronous notification requires
the remote computer to send a callback to the client computer (thus
opening a reverse connection), so the Windows Firewall and DCOM
settings must be properly configured for the communication to
function properly. The client (Computer A), which includes an
unsecured application (unsecapp.exe in this
example), makes an asynchronous call to a remote computer (Computer
B) and receives a call back with data.
Most of the common errors thrown by asynchronous WMI notifications are related to Windows Firewall blocking the communication, or to DCOM / WMI settings not being set up properly. For a list of common errors with solutions, see Common Errors.
The following steps are required to make WMI function. These steps are divided between two machines. A single host computer that runs MySQL Notifier (Computer A), and multiple remote machines that are being monitored (Computer B).
Enable remote administration by either editing the Group Policy Editor, or using
NETSH:Using the Group Policy Editor:
Click , click , type
GPEDIT.MSC, and then click .Under the Local Computer Policy heading, expand Computer Configuration.
Expand Administrative Templates, then Network, Network Connections, and then Windows Firewall.
If the computer is in the domain, then double-click Domain Profile; otherwise, double-click Standard Profile.
Double-click Windows Firewall: Allow inbound remote administration exception to open a configuration window.
Check the option button and then click .
Using the
NETSHcommand:NoteThe "netsh firewall" command is deprecated as of Microsoft Server 2008 and Vista, and replaced with "netsh advfirewall firewall".
Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and select Run as Administrator).
Execute the following command:
NETSH advfirewall firewall set service RemoteAdmin enable
Open the DCOM port TCP 135:
Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and select Run as Administrator).
Execute the following command:
NETSH advfirewall firewall add rule name=DCOM_TCP135 protocol=TCP localport=135 dir=in action=allow
Add the client application that contains the sink for the callback (
MySqlNotifier.exe) to the Windows Firewall Exceptions List (use either the Windows Firewall configuration orNETSH):Using the Windows Firewall configuration:
In the Control Panel, double-click Windows Firewall.
In the Windows Firewall window, click Allow a program or feature through Windows Firewall.
In the Allowed Programs window, click and do one of the following:
If
MySqlNotifier.exeis in the Allowed programs and features list, make sure it is checked for the type of networks the computer connects to (Private, Public or both).If
MySqlNotifier.exeis not in the list, click .In the Add a Program window, select the
MySqlNotifier.exeif it exists in the Programs list, otherwise click and go to the directory whereMySqlNotifier.exewas installed to select it, then click .Make sure
MySqlNotifier.exeis checked for the type of networks the computer connects to (Private, Public or both).
Using the
NETSHcommand:Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and click ).
Execute the following command, where you change "
[YOUR_INSTALL_DIRECTORY]":NETSH advfirewall firewall add rule name=MySqlNotifier program=[YOUR_INSTALL_DIRECTORY]\MySqlNotifier.exe action=allow dir=in
If Computer B is either a member of
WORKGROUPor is in a different domain that is untrusted by Computer A, then the callback connection (Connection 2) is created as an Anonymous connection. To grant Anonymous connections DCOM Remote Access permissions:Click , click , type
DCOMCNFG, and then click .In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click .
In the My Computer Properties dialog box, click the COM Security tab.
Under Access Permissions, click .
In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click .
If the user account that is logged on to the computer running the MySQL Notifier (Computer A) is a local administrator on the remote computer (Computer B), such that the same account is an administrator on Computer B, you can skip to the "Allow for remote administration" step.
Setting DCOM security to allow a non-administrator user to access a computer remotely:
Grant "DCOM remote launch" and activation permissions for a user or group:
Click , click , type
DCOMCNFG, and then click .In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click .
In the My Computer Properties dialog box, click the COM Security tab.
Under Launch and Activation Permission, click .
In the Launch and Activation Permission dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:
In the Launch and Activation Permission dialog box, click .
In the Select Users or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click .
In the Launch and Activation Permission dialog box, select your user and group in the Group or user names box. In the Allow column under Permissions for User, select Remote Launch, select Remote Activation, and then click .
Grant DCOM remote access permissions:
Click , click , type
DCOMCNFG, and then click .In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click .
In the My Computer Properties dialog box, click the COM Security tab.
Under Access Permissions, click .
In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click .
Allowing non-administrator users access to a specific WMI namespace:
In the Control Panel, double-click Administrative Tools.
In the Administrative Tools window, double-click Computer Management.
In the Computer Management window, expand the Services and Applications tree.
Right-click the WMI Control icon and select Properties.
In the WMI Control Properties window, click the Security tab.
In the Security tab, select the namespace and click . Root/CIMV2 is a commonly used namespace.
Locate the appropriate account and check Remote Enable in the Permissions list.
Allow for remote administration by either editing the Group Policy Editor or using
NETSH:Using the Group Policy Editor:
Click , click , type
GPEDIT.MSC, and then click .Under the Local Computer Policy heading, double-click Computer Configuration.
Double-click Administrative Templates, then Network, Network Connections, and then Windows Firewall.
If the computer is in the domain, then double-click Domain Profile; otherwise, double-click Standard Profile.
Click Windows Firewall: Allow inbound remote administration exception.
On the Action menu either select , or double-click the selection from the previous step.
Check the radio button, and then click .
Using the
NETSHcommand:Open a command prompt window with Administrative rights (you can right-click the Command Prompt icon and click ).
Execute the following command:
NETSH advfirewall firewall set service RemoteAdmin enable
Confirm that the user account you are logging in with uses the
Namevalue and not theFull Namevalue:In the Control Panel, double-click Administrative Tools.
In the Administrative Tools window, double-click Computer Management.
In the Computer Management window, expand the System Tools then Local Users and Groups.
Click the Users node, and on the right side panel locate your user and make sure it uses the Name value to connect, and not the Full Name value.
0x80070005DCOM Security was not configured properly (see Computer B, the
Setting DCOM security...step).The remote computer (Computer B) is a member of WORKGROUP or is in a domain that is untrusted by the client computer (Computer A) (see Computer A, the
Grant Anonymous connections DCOM Remote Access permissionsstep).
0x8007000EThe remote computer (Computer B) is a member of WORKGROUP or is in a domain that is untrusted by the client computer (Computer A) (see Computer A, the
Grant Anonymous connections DCOM Remote Access permissionsstep).
0x80041003Access to the remote WMI namespace was not configured properly (see Computer B, the
Allowing non-administrator users access to a specific WMI namespacestep).
0x800706BAThe DCOM port is not open on the client computers (Computer A) firewall. See the
Open the DCOM port TCP 135step for Computer A.The remote computer (Computer B) is inaccessible because its network location is set to Public. Make sure you can access it through the Windows Explorer.