Additional Info.
From the rpm.log file on the SQL Server I see:
20050105 13:36:54 Warning: REXECD/10.x.x.x.1327: connection reset, whilst reading callback
I tried restarting all 4 of the Radia Services on the SQL Server box. The following
Information was generated which may have been from the Radia Management agent.
Event Type: Information
Event Source: rma
Event Category: None
Event ID: 1
Date: 5/01/2005
Time: 1:31:52 p.m.
User: N/A
Computer: SQLDBPR1
Description:
The description for Event ID ( 1 ) in Source ( rma ) cannot be found. The local computer
may not have the necessary registry information or message DLL files to display messages
from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information is part of the
event: Service Starting.
From the STATScannerDebug.log file on the VPM Server:
00000034 13:38:08.157 [10080] adminTool::connectToResource: \\10.x.x.x\admin$,
Access is denied.
00000035 13:38:38.360 [10080]
adminTool::runHaveWinRegistryAccess:RegConnectRegistry: \\10.x.x.x, Access is denied.
00000036 13:38:53.844 [8900] CScanMgr::ReportTotallySecureMachines: Determing if
any machines are secure.
Interestingly I'm getting a number of sshd events on the VPM Server during the time the
task is running.
I have not installed SSH on the SQL Server, but I did not believe that was a pre-requisite.
I can't understand how it could have worked if that's the case. Excample of the event.
Event Type: Information
Event Source: sshd
Event Category: None
Event ID: 0
Date: 1/5/2005
Time: 2:03:03 PM
User: WCC\xxxxxxxaccount
Computer: ITSMPR1
Description:
The description for Event ID ( 0 ) in Source ( sshd ) cannot be found. The local computer
may not have the necessary registry information or message DLL files to display messages
from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information is part of the
event: sshd : PID 9068 : input_userauth_request: illegal user WCC\\xxxxxxaccount.
There's also a logon event for Anonymous around the same time on the SQL Server box.
In WBEM, the account is setup as above; e.g. domain\account
The password is correct, I can login to the Server using these account credentials and map
to the file share that the VPM appears to be targetting.
I tried to reinstall the VPM Agent, which seemed to go okay, but there was an unusual event
during configuration.
The initial scheduling went okay, but I then wanted to change the Run As User. When I went
back in, okayed the Selected Server it then said HPSIM had been unable to determine the OS
and to select an OS but gave no options to select.
From all of the above I believe the HPSIM/VPM somehow think the remote Server is a
non-Windows Server and attempt to connect via SSH which has not been installed on the
Server.
All recent attempts to get a successful scan are now failing so I'm not too sure what has
changed. My guess is that it is something on the HPSIM/VPM Server side as it seems to be
that that is making the SSH connection.
