Network Inventory tool will not connect with firewall enabled

Good day everyone. We are using a network inventory tool called Total network Inventory by Softinventive. It works well when I have gotten it to work. My problem is that if the Windows firewall is enabled, it will give me a

scan failed: SNMP: Incorrect community or SNMP not available

The company states that I should enable SMB protocol to access Windows computers. To do so I should enable "File and Printer Sharing" exception in the Windows Firewall or TCP port 445 in other firewalls. You may also try to enable TCP port 139 (NetBIOS) for older systems.

I have tried enabling both every single inbound and outbound rule available for Windows Server 2008 R2 and nothing. But as soon as I turn off the firewall, I am able to connect no problem.

Any ideas?
mig1980Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jkocklerCommented:
Open the following ports for SNMP to communicate:

161, 162, 10161, 10162
0
gheistCommented:
Essor message does not say about SMB, it mentions SNMP (which uses 161/UDP for queries as in your error message, and 162/UDP to send Traps back to management workstation)

Note that it uses UDP so that concept of "connection" is not applicable.
0
mig1980Author Commented:
So I opened up the ports suggested (even tried all four ports suggested) and no luck. Port 162 already had a rule associated with it in Windows Firewall which I just enabled. For the other 3 ports, I created a new rule and added the ports to the remote ports section of the rule.

Any other ideas?

By the way, the primary method of accessing the details of the servers from this software is SMB. When I only select SMB, it gives me an error stating that no open ports are available.
0
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

gheistCommented:
162 and 161  UDP or TCP?


Check throughly... UDP is used with DNS, NTP and SNMP, and you do not get connections, just a stream of packets.
0
mig1980Author Commented:
They were both UDP. Screenshots attached. Both ports were enabled for Inbound traffic...is that correct?
SNMPError.jpg
0
jkocklerCommented:
This problem computer, is it an asset you are trying to scan, or your inventory software host/server? Or is this happening on all assets that you try to access?

Try opening port 135.. This software uses WMI in conjunction with RPC as well as SMB.
0
gheistCommented:
Monitoring / Device
SNMP request
Random port => 161/udp

Trap
162/udp <= random port

WMI uses 135 to negotiate other port to use for session, so firewall needs to decode it just like FTP. OR - if not - you need to allow monitoring station to connect to any port on the device.
0
jkocklerCommented:
Well the random port thing is true with most protocols and services behind a stateful firewall. The outside port will hardly ever match the internal port it is listening on. The firewall does the job of keeping a log of what port is being used in it's internal connection tracker. You can however force most protocols and services to communicate over, and listen on specific ports. This configuration only works if both the client and server adhere to the configuration.
0
mig1980Author Commented:
The serve rin question is a client I am trying to scan. The issue occurs with all servers on our domain but there are two servers that I am using the Windows Firewall for to contain access (both with Windows Server 2008 R2).

i attempted to add both an inbound and outbound rule to allow all ports open for the specific IP address of the host server. That still does not work. Could their be a Group policy that would be blocking this? If so, how do I check on the client server.
0
jkocklerCommented:
If the problem is only when the firewall is on, then your problem is the firewall. There must be a port, or possibly a service, that you are missing. Sometimes an IP Protocol must be allowed to pass, not just the port. Like GRE with VPNs.
0
mig1980Author Commented:
The creators of the software told me all I needed were the ports mentioned in the original post. Any other input?
0
jkocklerCommented:
Are you familiar with doing a network packet capture? If you have a mirror port on your switch/router, or from one of the machines involved, do a capture with WireShark, and then filter the results for the protocols in question. You will find out where the problem is, because you will see all the protocols involved, and which are not getting through.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gheistCommented:
Microsoft network monitor does not need reboot... and is on par with wireshark as long as microsoft protocols are involved
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.