Q: How do I deal with the error "RPC server is unavailable"?

A: This error usually can appear for several reasons:

1) !!!!!!!!!!!!!11Connection is blocked by a firewall (Windows Firewall or third party firewall). Try

to disable a firewall on remote computer temporarily. If the target computer has Windows XP
SP2/SP3 or Vista, see next question.!!!!!!!!!!!!

2) Target computer does not have Windows Management Instrumentary service installed.
According to Microsoft documentation:

"WMI is preinstalled in Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP,
Windows Me, and Windows 2000.
Windows NT Workstation 4.0 SP4 and later: WMI is available through "Add/Remove Windows
components" in Control Panel, as WBEM option install. A later, more comprehensive, version is
available as an Internet download from http://www.microsoft.com/downloads. See "WMI CORE 1.5
(Windows 95/98/NT 4.0)".
Windows 98/95: WMI CORE 1.5 (Windows 95/98/NT 4.0) is available as an Internet download
from http://www.microsoft.com/downloads. This download requires Microsoft Internet Explorer
version 5 or later."

If this is the case, the mentioned WMI CORE 1.5 components installer can be found in the "WMI"
folder within location of Total Network Inventory, for example: "C:\Program Files\Total Network
Inventory\WMI\wmicore.exe".

Note: remote interrogation of Windows 98/95 computers is supported partially, because problems
with DCOM authentication may be encountered. The solution is to make local (manual or autostart)
scanning or domain logon script scanning with the help of standalone audit tool ("tniaudit.exe").

3) Target computer is offline or IP address may not be occupied at all (if scanning by IP's and ping
before scan is disabled). Windows Browser service updates the computer list each 12 minutes, thus
a computer can go offline but still be visible in the network neighbourhood. However in this case
you are more likely to get status "Ping failed". But if the ICMP protocol (ping, echo) is not allowed
in your network, you might want to disable pinging in "Options - Connection - Ping before scan".
After this you will be able to scan online hosts which don't respond to pings, but all offline hosts
(and also not occupied IP adresses) will show "RPC error" status, and thus it will slow down the
scanning of large groups or IP ranges.

4) Wrong DNS record. If you scan the computer by name, it could be resolved to invalid or not
existing (not occupied) IP address due to problems with DNS or WINS. If you scan the computer
by IP address, you are likely to receive "Ping failed", but if ping before scan is disabled, you will
get "RPC error" when scanning offline address or not occupied address (see point 3). A user of TNI
has faced such situation and described it on our forum:
http://www.softinventive.com/forum/index.php?showtopic=428

5) Target host is not a computer or a non-Windows computer. If the scanned name or IP address
refers to a network device which can be pinged but which is not a Windows server or desktop
(network printer, router, managed switch, type library, IP phone, firewall, thin client,
Mac/Linux/BSD/other non-Windows machine etc), it cannot be comprehensively scanned and
shows this error. However the program tries to scan this host also by SNMP protocol, and if it
succeeds, it adds this host to the network tree with a different icon (small grey box) and some basic
information can be viewed for this host.
P.S. Please refer to the question #7 below for explanation of how the program uses different
network protocols and why you might receive other statuses except described in present question.

Q: Can I get the port numbers that this product uses to connect to configure the
firewall?

A: As for the current moment, in order to provide agent-free remote computer interrogation, our
application relies on Windows Management Instrumentation (WMI). It requires special
configuration of Windows Firewall in Windows XP SP2 and Windows Vista to allow remote
connections. WMI needs to support connection with RPC and DCOM (TCP ports 135 and 445). But
it also needs to connect to dynamically assigned ports, so just opening TCP port 135 is not enough.
This applies to remote administration of computers using administrative tools such as the Microsoft
Management Console (MMC) and Windows Management Instrumentation (WMI).

According to Microsoft documentation, "when obtaining data from a remote computer, WMI must
establish a DCOM connection from the local computer to the remote computer. To establish this
connection, both Windows Firewall and DCOM on the remote computer must be configured
appropriately. The configuration must be done locally on either by changing the Group Policy
settings, by executing NETSH commands, or by executing a script locally. Windows Firewall does
not support any remote configuration". (It should added that no support for remote configuration
does not mean a necessity to configure Windows Firewall manually for each separate computer -
see below).

So the best way (providing that Windows Firewall disabling is unacceptable) is to apply a special
Windows Firewall policy which allows remote administration with MMC and WMI.

N.B.: The program has alternative connection method which uses file and printer sharing protocol,
so you would only need to enable firewall exception for "File Sharing" or directly for TCP ports
139 and 445 and stop at this point. If this does not help, follow the instructions below.

The step-by-step guide is provided here: "Connecting Through Windows Firewall"

To be short, two major ways are:

1. - to use a netsh
firewall command at
the command prompt:
netsh firewall set
service RemoteAdmin
enable.
- or to use the Group Policy editor: Group Policy editor (gpedit.msc) -> Local Computer
Policy -> Computer Configuration -> Administrative Templates -> Network -> Network Connections -
> Windows Firewall -> Domain Profile or Standard Profile -> Windows Firewall: Allow remote
administration exception -> Action -> Properties -> Enable.

N.B.: Windows Firewall in Vista has a special exception named "Windows Management
Instrumentary (WMI)", which can be enabled and thus save you from necessity of setting up the
policies manually.

Also consult the following document: "Troubleshooting Windows Firewall settings in Windows XP
Service Pack 2" especially the last point "Configuring Windows Firewall Group Policy" and
associated document "Deploying Windows Firewall Settings for Microsoft Windows XP with
Service Pack 2" which describes how to easily apply firewall settings throughout a local network.

Note: some of the mentioned Microsoft documents refer to asynchronous calls requiring additional
firewall setup at the local computer for successful callbacks. Our application does not use such
calls, so there is no need to pay attention to this.

P.S. Short summary for other firewalls than Windows Firewall - you need to do one of the
following:
- allow NetBIOS connections or open TCP ports 139 and 445;
- open TCP port 135 and allow "svchost.exe" (for Windows XP/Vista, or "winmgmt.exe" for
Windows 2000) to open random ports for incoming connections (usually this means that you need
to allow this executable to do everything), which are used for data transfer, while port 135 is used
only during installation of connection.

Q: Is it possible to scan Windows 95/98/NT machines?

A: Actually, it is. First of all, you should install Microsoft WMI core components for Windows
95/98/NT. WMI CORE 1.5 (Windows 95/98/NT 4.0) is available as an Internet download from
http://www.microsoft.com/downloads It also can be found in the "WMI" folder within location of
Total Network Inventory, for example: "C:\Program Files\Total Network Inventory\WMI\
wmicore.exe".

Then place a link to "\WINDOWS\SYSTEM\WBEM\WinMgmt.exe" to the startup folder and

reboot, or start it manually. After this it will be possible to use standalone audit tool "tniaudit.exe"
for manual, autorun or domain logon scan.

In order to be able to use remote online scan, you should run a registry file (*.reg) of the following
contents on a Windows 95/98 machine:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\OLE]
"EnableDCOM"="Y"
"EnableRemoteConnect"="Y"

[HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM]
"SetupForDCOM"="1"
"AutostartWin9X"="2"
"EnableAnonConnections"="1"

Or you may change these values manually. It would be good idea to restart the computer. After this
you should be able to connect remotely using any credentials or as current user.
Please note that support for Windows 95/98/NT is provided "AS IS", because Microsoft has
officially stopped support for these operating systems.

Q: What should I do to overcome the error "Access is denied"?

A: TNI works in both workgroup and domain environment. But the point is that you need to have
administrator access to remote machines. Make sure that you specify username and password of the
user that has administrator rights on those computers (local administrator or domain administrator).
If the administrator has blank password, remote access will not be possible also. If you're loggen on
as a domain administrator, use "As current user" scan option. Otherwise specify the admin name in
full format: DOMAIN\Administrator.

But if the computers are not in domain? Workstations which are running Windows XP Professional
and Vista and not connected to domain don't allow local administrator to authenticate as himself by
default. Instead, "ForceGuest" policy is used, which means that all remote connections are mapped
to Guest account. But again, administrator rights are required to make the scan. Please consult this
document on this matter. You would need to update the policy as described in this document on
each computer. It can be easily done by running "secpol.msc" and expanding Local policies -
Security options - and locating the policy "Network access: Sharing and security model for local
accounts" and changing it from "Guest" to "Classic".

2.Another way for

Windows XP would be
to disable "Use simple
file sharing" option in
Folder Options in the
Explorer.!!!!!!!!!!!!!!
And one more way is through the registry, it is necessary to set the value "forceguest" located in the
key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" to zero, or just run a
*.reg file of the following contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000

This should be done for both Windows XP and Vista. But for Windows Vista there is one more step
that should be taken - it concerns User Account Control (UAC). It restricts administrator rights for
remote logons in some cases. You should either disable UAC, or make changes to the registry: in
the key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system"
create a DWORD parameter with name "LocalAccountTokenFilterPolicy" and value "1" (source).

This all concerns only Windows XP Pro. It is not possible to scan Windows XP Home remotely,
this is the operating system limitation (it does not have such security policy), and it will always
show "access denied" error. Though it is possible to scan XP Home locally by running the
standalone audit tool "tniaudit.exe" (located in the program's installation folder) on that machine. It
will generate an XML file which should be put to the "Data" folder of the program. This newly
scanned computer can be added to the network tree by selecting "Tools - Refresh data storage
folder" menu option.

Q: How can I get the list of computers which some software product is installed on?

A: Here are the steps to get a list of computers which have specific software installed:

1) Select "Reports - Software reports - Software and licenses".

When you run this report for the first time, the software database will be generated, computer data
files will be analyzed and you will see a progress window. When you run this report next time, it
will be built almost immediately.

2) Choose the necessary application title (the list of applications is alphabetically sorted) or use the
shortcut Ctrl+F to search for the software by a part of its name and F3 button to search the next
item. Right-click a software title that you are interested in and select "Show computers which have
this software" (a window with a list will be displayed) or "Copy computers which have this
software" (the list will be copied to clipboard in a format allowing to paste it to a spreadsheet) in the
context menu.
There are also two additional commands in the right-click menu to get computers which don't have
this software, which can be convenient if you need to make sure that all computers have some
software or update installed and search for the computers which you need to install it on.

In the current version of the program this list of computers is available only as a message box
(which can be copied by pressing Ctrl+C) or by copying it directly to the clipboard. In the following
versions the list of computers will be displayed as a custom tabular report.

In the previous versions of the program there was a necessity to recalculate the number and the list
of installations manually after each rescan of computers ("Tools - Software accounting -
Recalculate installations"). Starting with version 1.6.7 the program detects the events which can
lead to the cange of software list in the network itself (rescan, adding via scan wizard or importing,
or removing of one or more computers) and if such event happened, the software database will be
recalculated automatically when you open the report "Software and licenses", otherwise it will be
opened quickly, without recalculation. Besides, this report now includes not all computers on the
network, but only ones selected in the network tree, as all other reports.

Q: How do I set up the program to scan a computer when users log on to a domain?

A: 1) Press "Scan Wizard" button on the main toolbar.

2) Select "Logon script scan" and press "Next".
3) Press "Set path" (this will open "Options - Audit agent" window) and specify the path where the
audit tool should save data files with scan results. This should be a folder with write access for all
users (a network folder or a mapped drive). This folder must be different from the folder specified
in "Options - Storage".
In the same window you can also change the time delay between scanner launch and actual
scanning. It can be set to zero for testing purposes.
Press "OK" after you have made necessary changes.
4) In the second input field specify the folder where the necessary files can be saved (manually or
with the help of "Browse" button). You can specify the network folder which all users have access
to (write access is not necessary), and it can be different from the first folder, but can be the same
also. Or you can specify a temporary folder, then you would need to move two specified files
(tniaudit.exe and tniaudit.ini) to the network folder manually.
Press "Next".
5) On this step it is necessary to add a line to your domain logon script which will launch the audit
tool.
- If you are already using a logon script in your domain and you have direct access to it, select the
first option and browse for the script file. Press "Next" and the program will add a launch string to
the script.
- If you are already using a logon script in your domain, but you don't have direct access to it, select
the second option and copy the command which needs to be added to the script. In general, this
command should have the following syntax:

start \\server\path\tniaudit.exe /scripted

"Start" command allows the batch file processor to run the audit tool and exit, thus users will not
see the black command-line window during the scan. "/scripted" switch makes the scanner run
silently without asking users whether they want to run a scan (which happens if you run the tool
manually without any parameters).
Note: if you have spaces in your network path, then the command should be specified in the
following way:
start \\"server\path with spaces\and more spaces\"tniaudit.exe /scripted

- If you are not using a logon script in your domain, select the third option and press "Next". You
will be provided some instructions on how to setup a script.

6) As the users are logging on to the domain, there will be XML files appearing in the folder
specified in "Options - Audit agent". Or if you have some XML files generated by the scan tool
launched manually, put them there also. Now select "Tools - Refresh audit tool folder" and the
program will scan that folder and update it's working folder with new and updates data files, so
newly scanned computers will appear in the tree and existing ones will be updated. You can also set
the program to do this each time it's run, there is an appropriate checkbox in "Options - Audit
agent".

See also:
Creating logon scripts
http://technet2.microsoft.com/windowsserve...a630801033.mspx
Logon Scripts How To...
http://technet2.microsoft.com/windowsserve...9471dd1033.mspx

Q: What is the logic of the program when it makes the scan?

A: The program has two connection methods to scan Windows computers: by SMB/NetBIOS
protocol and by RPC/DCOM protocol, and also SNMP protocol for scanning of SNMP-enabled
network devices. Both methods for computers are enabled by default. The program's behaviour can
be set in "Options - Connection - Connection method".
If you scan IP ranges, first of all the program tries to ping the host (if allowed by the settings). If it
doesn't respond, the program shows "Ping failed" and skips this host. Ping before scan is enabled by
default only for IP range scan and is disabled for scan by names (network neighbourhood).
SMB connection method is tried first by default. If it fails and the option to try another method is
enabled, the program tries RPC method.
If RPC method was selected, it is tried first. If it fails and the option to try another method is
enabled, the program tries SMB method.
After this, if previous method(s) fail, the program tries SNMP protocol (perhaps it's a network
device?). If it also fails, it shows the error which was produced by the last "computer" method that
was used. If SMB method was used last, you can see "Network path not found" error. If RPC
method was used last, you can see "RPC server is unavailable" error.
Considering the above, if you cannot locate the reason for "RPC server" error, it can be useful to
switch the program to use SMB method only and analyze error messages that such scan will
produce. They are usually more meaningful (access denied, network path not found, unknown user
or bad password etc).
You can get more information about connection methods in the Technical whitepaper of the
program.

Q: How to backup/restore the database or move the application to another

computer?

A: The program's database is kept in a separate directory usually called data storage folder or
simply data folder. The path to it is set in "Options - Storage". If it's not absolute (that is not
beginning with a drive letter or "\\" meaning a network path), then it's a relative path and the folder
is located in the program's installation directory (for example, "Data" means "C:\Program Files\
Total Network Inventory\Data"). In order to backup the database, you just need to backup or
archive this whole folder. To restore the database, copy or unpack this folder to some location and
point the program to this folder using the "Browse" button in "Options - Storage".

To move the application to another computer, backup the data folder first. You may also need to
backup the "config.ini" file located in the program's installation directory which contains all settings
including custom reports, IP ranges etc. Now you can uninstall the program and delete the
program's installation directory.
Install the latest version of the program on a new computer, but don't run it. Copy the "config.ini"
file to the program's installation directory and put the data folder from your backup to some
location. Now run the program. It will load the settings and if the path to the data folder is the same
as on old computer, it will open the data folder and run as usual. Otherwise, if the previously used
path doesn't exist, it will ask for a new location of the data folder, so you just need to point the
program to the new location.

Q: Where do I install the program on - a server or a workstation?

A: Either server or workstation can run Total Network Inventory. It is just a matter of usage
convenience, because it's not a client-server application and you need to have access to the
graphical console of the computer you install it on, either directly or using some remote desktop
utility. Besides, if you run it under domain admin account, you will be able to scan all computers
"as current user", otherwise you would need to specify domain admin credentials explicitly.

However take note that if you install the program on Windows XP (starting with SP2), Windows
Vista or Windows 7, and if there are many scan threads launched simultaneously, there may be
issues with connections to remote computers. This is due to a restriction on the maximum number
of TCP half-open connections (connection attempts, SYN_SENT socket state) existing in the
mentioned Windows versions, which doesn't allow more than 10 outbound connections to be in this
state at a time. After reaching this limit, all other connections in the system (including those
executed by this program) are queued and may reach their timeout, thus producing inconsistent
results. This issue is also known as "Event 4226 issue", because reaching the limitation produces a
record in the System Event Log with EventID 4226. Windows XP SP0/SP1, Windows 2000
Professional and all Windows Server systems don't have such limitation. So in general case we
suggest installing the program on a server operating system.

Q: Why does the program show that no antivirus (or firewall, or antispyware) is
installed?

A: Our software can recognize all antiviruses and firewalls (in Windows XP SP2/SP3, Windows
Vista and Windows 7) and antispyware (only in Windows Vista and Windows 7) that support
Windows Security Center, that is if they are displayed by Security Center. The vendors of antivirus
(firewall and antispyware) software should provide this support from their side, because they have
to publish the product information and status to the system in a special way. Otherwise neither our
product, nor Windows itself can recognize such software (in this case Windows Security Center
should usually generate a message from time to time that the computer is not protected by
antivirus/firewall/antispyware).
Unfortunately, even with the support from the side of the security products, this does not work on
Windows 2000 and earlier and also on all Windows Server systems, because they don't have
Security Center, that is they don't provide an interface for these products to publish their status to
the system and thus to other applications.
We are going to add support for direct detection of the most popular products without dependency
on the Security Center interface in the future versions of our program.

Q: How to fix the error "No network provider accepted the given network path"?

A: Take the following steps:

1. Make sure that you can ping the remote computer by network name.
2. Make sure that "File and Printer Sharing" exception is enabled in the Windows Firewall (or
NetBIOS is allowed in any other firewall) or firewall is disabled.
3. Make sure that both "Client for Microsoft Networks" and "File and Printer Sharing For
Microsoft Networks" are enabled in the properties of network connection of that computer.
 4. Make sure that the setting "NetBIOS over TCP/IP" in the properties of network connection
(Internet Protocol Version 4 - Properties - Advanced - WINS) is set to "Default" or "Enable"
and that "TCP/IP NetBIOS Helper" service is set to "Automatic" and is started.
5. Make sure that security policy (secpol.msc - Local Policies - Security Options) "Network
security: LAN Manager authentication level" is set to "Send LM & NTLM responses"
(option #1) or "Send LM & NTLM responses - use NTLMv2 session security if negotiated"
(option #2).
6. Run "sfc /scannow".

Q: How to fix the error "Call was canceled by the message filter"?

A: Take the following steps:

1. Run "services.msc" on the remote computer and make sure that "Windows Management
Instrumentation" service is set to "Automatic" and is started.
2. Make sure that DCOM is enabled: run "dcomcnfg", select "Component Services -
Computers - My Computer", right-click, "Properties", open "Default Properties" tab and
make sure that "Enable Distributed COM on this computer" is enabled.
3. Restart the remote computer.
4. Run WMI diagnosis utility from Microsoft.
5. Follow these tips to repair WMI on the remote computer.