Master Query Engine (MQE) in a demilitarized zone (DMZ) fails to synchronize
MQEs in a DMZ fail to synchronize with the Enterprise Configuration Service (ECS).
- Computers located in the DMZ cannot be queried.
- Query Engines are configured to use the
port instead of a high-level TCP port in the ECS.
Query Engines in the DMZ are using the default port instead of a high level TCP port such as 5525.
Follow these steps to resolve the issue.
PART ONE: Modify the ports
1 Launch the RMS console.
2. In the left column, click bv-control for Windows | Configuration, then double click bv-config.
3. On the menu across the top, click Action | ECS | edit ECS database.
4. Click OK to bypass the warning message "Modifying the Enterprise Configuration Service Database is a powerful feature and should only be done by advanced users."
5. In the list of query engines, double click the MQE that is located in the DMZ
6. In the "Edit Query Engine Entry" dialog box, double click TCP/IP in the list of Protocols.
7. If the port value is blank, enter 5525 or another high level TCP port. Click OK.
- NOTE: Contact your network firewall administrator to enable bi-directional communication across the TCP port between the ECS and the MQE in the DMZ.
8. Restart the query engine service on the MQE located in the DMZ.
NOTE : If you have Slave Query Engines (SQEs) in the DMZ, repeat the above steps for each SQE in the DMZ.
PART TWO: Verify User credential Settings
1. Launch the RMS console.
2. In the left column, click RMS Configuration. On the right, double click User Manager.
- NOTE: If the User Manager icon does not appear, confirm that the standard tab is selected at the bottom of the right pane.
3. Highlight the respective computer account, then click the Modify button.
4. Click the bv-Control for Windows Users Option Tab.
5. Clear the check box "Use Credentials For Query". Click OK.
NOTE: Repeat the above steps for other users listed in User Manager.
PART THREE: Verify the MQE in the Connection Database
1. Launch the RMS console
2. Click bv-control for Windows | Configuration, the double click Connection Databases.
3. In the Connection Database Dialog box, double click the Name of the Connection Database.
4. When prompted, enter the password for the Connection Database
5. Click the Name of the MQE in the DMZ so that is highlighted.
6. Click the Verify button
7 .The window will refresh.
8. Confirm that the status is "Connected", then click OK twice.
PART FOUR: Change the Query Engine Settings
1 Launch the RMS console.
2. In the left column of the RMS console, click bv-control for Windows | Configuration, then double click bv-config.
3. In the left column of bv-Config, double click the Name of the MQE in the DMZ.
4. On the right, double click Query Engine Settings.
5. Click the Advanced Security tab.
6. Under "Additional Security Settings", clear the check box *Require authentication".
6. Click OK twice to exit Query Engine Settings.
PART FIVE: Verify all port Settings in regedit
- On the computer hosting the ECS, run regedit. Modify the following key: HLKM\Software\Bindview\Enterprise Configuration Service\ECSRPCServer\ProtocolSequences\ncacn_ip_tcp\Endpoint Value: 5525 (specified port)
- On each MQE in the dmz, run regedit. Modify the following key: HLKM\Software\Bindview\BindView Query Engine\QERPCServer\ProtocolSequences\ncacn_ip_tcp\Endpoint Value: 5525 (specified port)
PART Six: Verify that the Query Engine Service is using the correct logon properties on each DMZ host
- A special service account with administrative rights is needed to query domains OR workgroups. The account must be a member of the domain admins group to query domain computers. Or, the account must be a member of the local administrators group to query workgroup computers.