NG14.0 Remote Management Issue

Hello,

 

This has been a recurring problem with NG. I recently had to replace my laptop as the old one went bad. The new one has Windows Vista Home Premium and my desktop has Vista Ultimate. My desktop has NG14.0 and the laptop has 12.0.

 

I previously had XP Home on the OLD laptop and at the time had all kinds of problems getting NG14 on my desktop to be able to remotely manage NG12 on the laptop but finally had it working. Now with the new laptop I reinstalled NG12.0 and once again cannot get this to work. When I GOOGLE this issue I find that all kinds of people have trouble with this - this is not a new issue but it seems that what makes it work for one person does not always solve it for another.

 

So here's the deal and sorry to be long-winded.

 

 

First I will state that I can ALWAYS browse between the two computers using Windows Explorer and the user authentication is never a problem between the two UNITL it comes to NG. NG always acts like the user authentication fails. I have tried logging in with either the admin account from the desktop or the laptop admin account, NG is not able to authenticate against either one. I have also MATCHED up and have identical ADMIN accounts on both computers including user name and password. This does not help either.

 

I have disabled NIS 2009 Firewall on both - still NO GO.

 

The ONLY thing I have found which allows NG desktop to connect to NG laptop is to disable BOTH UAC AND NIS 2009 firewall on the laptop! Disabling either UAC by itself or NIS 2009 firewall by itself does NOT work. And YES Windows firewall is always disabled since I have NIS 2009.

 

Now it gets even more ridiculous. Once I disable UAC and restart the laptop, then I disable NIS firewall I can now connect from my desktop. AND if I turn NIS 2009 firewall back ON I can STILL connect. BUT once I restart the laptop I can no longer connect from the desktop until I disable NIS firewall. Then again I can re-enable firewall and still connect. This process continues each time I reboot the laptop!

 

I am a software engineer and this still does not make sense to me. Symantec has some serious problems with NG remote management and it is getting really old.

 

In the end, obviously NG needs to be able to work with both UAC and its own NIS 2009 firewall. Symantec claims to be compatible with Windows Vista therefore it MUST be able to work seamlessly with UAC and especially its own firewall.

 

Lastly when it comes to firewall. The only TCP ports I can find documented indicates that the firewall must be configured to allow TCP traffic through on ports 135 and 1038. I have done so yet it does not help.

 

 

Does anyone have this working between Vista Ultimate and Vista Home Premium? If so did you originally have problems and if so how did you solve it?

 

Thanks so much for being patient with my ranting. :)

 

Allen

I forgot to mention above that when I disable UAC and the NIS firewall I can then connect from NG desktop to NG laptop but it does NOT ask for user authentication at all, it just connects right in.

 

Somehow the combination of UAC and NIS firewall is blocking this feature but again I reiterate that I must disable BOTH UAC and NIS firewall to get this to work.

 

Thanks again

Allen

Folks,

 

I've finally figured out the answer to this issue and it would be nice if Symantec documented this!!

 

First, NIS 2009 cannot be configured to just allow TCP traffic through on port 135. This firewall rule did NOT work until I set traffic type to ALL.

 

Secondly and most importantly, Vista UAC does NOT by default allow remote user authentication (e.g., from another computer). You must make a registry change to allow this, otherwise ALL attempts by Ghost to remotely connect to Ghost client on the other computer will be denied and you will receive the annoying message indicating that user authentication failed!

 

For those who are curious or who are faced with this problem please see the following Microsoft article:

 

http://support.microsoft.com/kb/951016

 

Please note that from what I can see in this article, if you are configured on a domain (AD) it will 'probably' work without this registry change. But since most home networks are on a WORKGROUP, this registry change is necessary to manage a Ghost client on a different computer when UAC is enabled.

 

Once I made this change and modified the NIS 2009 firewall rule, this is working flawlessly!

 

 

Note to any Symantec employee: Can you please make sure this gets documented?!? I do not appreciate having to solve a problem for you which would not have been necessary had the proper documentation been available!

 

Allen

I should have clarified that Vista UAC does not by default allow a remote user to be elevated to Administrator privlege, instead you are treated as a standard user with no elevation potential.

 

With the registry change explained in the Microsoft article (link in previous post) UAC will allow a user to be elevated to Administrator and allow Ghost to remotely manage a Ghost client on another computer.

 

All this also begs the question for Symantec. Is it REALLY necessary for Ghost to require Administrator privlege? Shouldn't a standard user be able to perform backups? If this were allowed then the UAC would never have been a problem to begin with!

 

Suggestion for Symantec: how about allowing standard users to perform backups and require elevation to Administrator only when performing restore operations?

 

Allen