On Windows machines, LAN Watch tries to connect to the folder \\admin$ using the credentials that you supplied.
The first test that the computer you are trying to connect to, is available?
On the machine you are running the LAN Watch from, start a Windows command prompt and type the following:
Ping <IP Address>
Where <IP Address> is the IP Address of the computer you are trying to connect to.
If you don't receive a reply see Troubleshooting below. If you do receive a reply, you know that the machine is turned on and a firewall is not blocking connections. Next, verify that the share is available. Type the following:
start \\<IP Address>\admin$ -username –password
If you have a problem, see Troubleshooting below. If all is OK, on Windows a window appears containing the remote computer's c:\windows directory. Now, you know that the machine is turned on and the share exists.
Next, verify that the KCONNECT.EXE command works correctly. Remote control to the machine you ran LAN Watch on. The Kconnect.exe file is located in the Kaseya Working directory, (you can verify the location of the working directory in IT Center VSA -> Agent -> Configure Agents -> Working Directory). Start a command prompt and type:
c:\"working directory"\kconnect.exe \\<IP Address> -username -password ipconfig
You should see the results of ipconfig for the target computer displayed on the machine you are running remote control on. If not, the RPC service on the target machine is probably disabled and blocking remote procedure calls.
- Both local and remote computers have file and print sharing enabled.
- The default admin$ share—a hidden share that maps to the \Windows directory—is defined on the remote system.
- Ping Failures - Either the machine is not on, or there is a firewall on the machine stopping pings. Either of these will stop the process and need to be corrected before continuing. Verify File and Printer Sharing is enabled on the target machine's firewall if the target machine's firewall is on.
- Invalid Credential - The credential must have administrator rights on the local machine. The agent requires administrator rights to install successfully. If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form domain\administrator or administrator@domain. On Vista, 7, and 2008 machines, ensure User Account Control (UAC) is disabled for the administrator rights credential being used.
- Network Path Not Found - If you get a message saying that the network path could not be found, it means that the admin$ share is not available on that machine. The admin$ share is a default share that windows creates when it boots, it is possible to turn this off via the local security policy, or domain policy. If you want to check the shares on that remote machine you can use Kconnect.exe to retrieve a list for you. Type kconnect \\ "net share". Check that the admin$ share exists and points to c:\windows or c:\winnt on older operating systems. Windows 8 machines do not have the admin$ share on by default. Follow these steps to turn on the admin$ share on Windows 8 machines:
- Run Regedt32 and browse to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. Right-click the right panel to create a REG_DWORD value called LocalAccountTokenFilterPolicy. Use REG_QWORD for 64-bit machines. Set the value of the DWORD to 1.
- Turn on file sharing on the machine.
- If the firewall is on, ensure that file sharing is allowed both in and out.
- Verify the setting works by running \\<machinename>\admin$ in Windows Explorer.
- KCONNECT.EXE Fails to Connect - The RPC service is not available on the target machine. For example, XP Home does not support RPC. This prevents anything from remotely executing on that box. On Windows XP you can turn this service on by opening Windows Explorer and selecting Tools - Folder Option... - View tab. Scroll to the bottom of the list and uncheck Use simple file sharing. The XP default configurations are as follows:
- XP Pro on a domain - RPC enabled by default. Use simple file sharing is unchecked.
- XP Pro in a workgroup - RPC disabled by default. Use simple file sharing is checked.
- XP Home - RPC is disabled always. Use simple file sharing is not available.
- Blocked by Network Security Policy
- Windows - Kconnect.exe connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for Kconnect.exe to operate across the network. Note: Classic is the default setting for machines that are members of a domain. Guest is the default setting for machines that are not in a domain. Microsoft does not allow Windows XP Home Edition to become a domain member.
- Macintosh - SSH can be blocked by client management network policies, which are configured using Server Admin in Mac OS X 10.4 and later.
- Blocked by Anti-Virus Program - Some anti-virus programs may classify LAN Watch and SSH as security threats and block its execution.
- A reboot of Remote Machine Required - If a remote install attempt fails, you may need to reboot the remote machine. The problem is that the rejected attempt to mount the remote file share is remembered on the remote machine. Until the remote machine is rebooted, the failed attempt is cached and the remote machine continues to return that old failed status until the machine is rebooted.
- Windows 7 Starter Edition - Windows 7 Starter edition does not provide a "Local Security Policy" page. The administrator account may be disabled. if so, it has to be enabled from the command prompt with this command: net users administrator /active:yes
- File and Printer Sharing Not Enabled - Verify File and Printer Sharing is enabled on the target machine's firewall if the target machine's firewall is on.
- On Vista, 7, and 2008 machines - Ensure User Account Control (UAC) is disabled for the administrator rights credential being used.
- Mac OS - Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.
- Linux - Linux machine's credentials must use the root user on the Install Agents page. Embedding a root credential in the agent install package is unnecessary for Linux agent to install packages used on the Install Agents page.
- SSH Not Installed or Enabled - Mac OS X 10.3.9 and above machines must have SSH Remote Login in System Preferences > Sharing > Remote Login enabled to support the remote install of Macintosh agents using Install Agents. On Linux, sshd must be installed and enabled. This is not enabled by default in some Linux distributions.
- SSH listening port changed from port 22 - Users can change the SSH listening port on Mac and Linux. If the port is changed from the default (22) to some other port, then LAN deploy will not work.