What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

WMI monitor MS ISA 2006 - Unidentified IP Traffic (TCP:3856)

Votes:

0

When I try to monitor (WMI) the status of our ISA server and define a FW-rule to allow RCP traffic from the PRTG server to the ISA server I see in the ISA Logging the following error:

Denied Connection ISA 10/11/2010 13:42:05 Log type: Firewall service Status: Rule: Source: Internal ((PRTG IP_address>:59668) Destination: Local Host ( <isa IP-address>:3856) Protocol: Unidentified IP Traffic (TCP:3856)

When I create a rule to allow that port all is working fine, but when I reboot the ISA the port that PRTG is using a different port. Therefore a question: What is the purpose of the traffic of this port and is it dynamic and of course can it be set fixed? We use: PRTG Network Monitor 8.1.2.1760

isa sensor wmi

Created on Nov 10, 2010 12:52:30 PM



6 Replies

Votes:

0

Dear Jan,

which sensors from PRTG are monitoring this ISA-Server?

Best Regards.

Created on Nov 15, 2010 3:38:39 PM by Torsten Lindner [Paessler Support]



Votes:

0

One of the PRTG included WMI monitors, for instance CPu load, the one with tag "cpuloadsensor wmicpuloadsensor".

Created on Nov 16, 2010 12:18:55 PM



Votes:

0

Only this one sensor? Or others as well?

Created on Nov 16, 2010 4:21:12 PM by Torsten Lindner [Paessler Support]



Votes:

0

Over 200 sensors are configured on the PRTG 8 I tested with this one sensor WMI querying the ISA. When I block the 3856 port on the ISA the WMI sensor is not working. This is even true when I have only one WMI sensor to ISA active, for instance the CPU sensor

Created on Nov 17, 2010 7:52:59 AM



Votes:

0

More sensors, but tested with only one active to the ISA. After a ISA reboot the port number has changed, now it is destination port 5197 (dynamic).

Created on Nov 18, 2010 11:57:07 AM



Votes:

0

Dear Jan,

sorry for taking so long to answer.

This sounds as if the DCOM system that WMI uses for communication between the computers, is relying implicitely on one or more dynamic port settings which are not under our control, unfortunately. But with ISA being a Microsoft system there is very probably a way to configure ISA to allow WMI/DCOM traffic, so perhaps Microsoft might be of assistance in your case. Sorry again that we can't be more specific.

Kind regards, - Volker Uffelmann

Created on Jan 13, 2011 10:33:57 AM by Volker Uffelmann [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.