Topic
  • 1 reply
  • Latest Post - ‏2012-12-05T14:56:45Z by SystemAdmin
SystemAdmin
SystemAdmin
13279 Posts

Pinned topic Request access not working over VPN

‏2012-12-04T23:30:53Z |
Hi
I have some remote servers connected to our IBM Director server over a VPN connection. Director can discover these agents with no problems, but Request Access fails with the error "The request access attempt was not successful on one or more target systems within the time allotted". The Common Agent is currently installed on these servers. I have also tried installing the Platform Agent on 1 server and got the same result.

Here are the things I have tried so far:
  • Confirmed there is no time difference between the Director server and the remote server
  • Turned off all firewalls on both ends while running Request Access
  • Turned off Antivirus on both ends while running Request Access
  • Tested several different administrative accounts, both in the format Domain\Username and Username
  • Confirmed that other VPN traffic is working over the same connection, including accessing file shares and hosted websites
  • Tested that Request Access works fine on local servers, ie. servers on the same side of the VPN as the Director server

Any thoughts on how I can get Request Access to succeed or give me more information on why it's failing?
Updated on 2012-12-05T14:56:45Z at 2012-12-05T14:56:45Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    13279 Posts

    Re: Request access not working over VPN

    ‏2012-12-05T14:56:45Z  
    The only way to positively identify the cause of the failure is to contact the Help Center, let them help you enable logging, retry the test, send in the logs, and have them analyzed.

    You didn't mention anything about your domain/forest layout. Have you tried using userid@domain.name when specifying the ID?

    Do you happen to have NTLMv1 disabled on these remote servers, either specifically or via Global Policy?

    You mention VPN, but didn't specify if you are also using NAT. Systems Director only supports basic NAT (1:1).

    For those systems with a Common Agent, have you tried running configure.bat -amhost ip_of_isd_server -passwd agent_registration_password to see if you can force the certificate exchange with the Agent Manager? If this is successful, you will most likely need to rediscover the Agents or Verify Connection so the Resource Manager gets updated accordingly.

    ----
    Craig Elliott
    IBM Advanced Technical Skills