Support Forums

How realistic is it believe that I can push out a servlette AND connect to it on a normal corporate network that possibly has an intrusion?

I am having issues with the FW's on Win7. I successfully pushed out a servlette on port 80, but can't connect. I'm frustrated and possibly overlooking something, but I'm trying to be as realistic as possible, because it isn't that realistic to ask a large company to turn off their firewalls so I can push out and connect.

Is there any way I can push out the servlette and connect in the least obtrusive manner?

Rrwashing,
I believe it to be quite realistic, with the caveat that you need some experience on the network in question and with using the remote agent in general.

Firewalling and system configuration can always be an issue and usually caused investigators a little difficulty at first, but with a little experience you should be able to work through any issues.
For instance, in your post you say that you changed the port to port 80 when pushing the remote agent. Here two things can get in your way. 1. Did you change the port in user preferences on the ProDiscover console system too? If so, it port 80 firewalled on the ProDiscover console? Also if you pushed out the remote agent to the remote system on port 80 and something was already running on port 80 on that system the remote agent would not be able to bind to that port. These are just some of the issues we address in the 3 Day ProDiscover class and in our detailed remote agent documentation.

There are several other ways to get the remote agent running on a remote system, if the PUSH is where your difficulties are. Creating a remote server installation package from the tools menu is one way. ProDiscover’s help file details how to use this function.

Here is a link to the detailed remote agent document that helps step you through possible issues
http://toorcon.techpathways.com/Uploads/DetailedRemoteAgentInstallationAndConnectionFlow.pdf

If you continue to have problems, please just give us a call and we will be happy to walk through things with you for your specific environment.

I switched it back to default port 6518. Still no luck. Then I checked "File and Printer Sharing". It was not enabled on target. After enabling, I was able to PUSH the servlette.

Then I couldn't connect to it. I thought I had put in FW rules allowing 6518 on both machines. No luck. I then turned OFF the FWs on both and still had no luck.

I just read thru some other posts and now I note that the service isn't running on the target machine. When I try to manually start it, I get "Error 2: The system cannot find the file specified". The files are there though.

It sounds like the registry entries may not have been made properly. If this is the case there could be some lockdown to the registry of possibly the environment variables were not identified/set on the remote system. The document I referenced in my last reply has the registry entries identified for the services key. There is also a DFTSrv.ini file on the remote system that should have some path information in it. You may want to check to see that it was set properly. Heightened registry security can sometimes cause problems here. The error "Error 2: The system cannot find the file specified". really leads me to believe that the DFTSRV.ini and/or registry paths were not set properly for some reason.
Also note that the Windows Firewall will sometimes will still enforce rules when it’s off. On more than one occasion I have conducted tests with firewall logging on and then turned off the firewall. Tried to connect to a port and then looked at the log and noticed that the port was logged as blocked even though the firewall was set to off and verified as not running. This is one reason that I recommend that the firewall be set to on and ensure that all the ports and services needed are allowed.

Figured it out.

I ran a netsh advfirewall command ON the machine to make sure the port was open(that wasn't the issue)

Then instead of putting the servlette into the default directory, I put a custom path in there of "..". It worked like a charm.

How can I KEEP that custom path in there now instead of retyping it each time I want to connect to a machine?

Great. I'm glad to see you are up and running. Currently there is no way to preserve the custom path on the push dialog, but I'll add the change to our update list to preserve the last user setting.