57
DameWare Server Evaluation Guide

DameWare Server Evaluation Guide

Embed Size (px)

DESCRIPTION

DameWare ServerEvaluation Guide

Citation preview

Page 1: DameWare Server Evaluation Guide

DameWare ServerEvaluation Guide

Page 2: DameWare Server Evaluation Guide

About DameWare

Contact Information

Team Contact Information

Sales 1.866.270.1449

General Support http://www.dameware.com/customers.aspx

Technical Support Submit a ticket: http://www.dameware.com/technical-support.aspx

Customer Service Submit a ticket: http://www.dameware.com/customers/customer-service.aspx

User Forums http://forums.DameWare.com/

Note: DameWare only provides technical support by email. If you need technical support, please open a ticket using a link provided in the table.

End-of- Life PolicyIn order to continue to drive innovation and new functionality into our products, SolarWinds must transition customers from legacy versions of software to our current versions. Please review the following support schedule:

l 5/06/2014: End-of-Life announcement (EoL) – Customers on DameWare v7.4 or older should begin transition to DameWare 11.0.

l 12/12/2012: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds DameWare v6.9 or older.

LegalCopyright © 1995-2014 SolarWinds Worldwide, LLC. All rights reserved worldwide.

No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of SolarWinds. All right, title, and interest in and to the software and documentation are and shall remain the exclusive property of SolarWinds and its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Page 3: DameWare Server Evaluation Guide

The SOLARWINDS, the SOLARWINDS & Design, DAMEWARE, ORION, and other SolarWinds marks, identified on the SolarWinds website, as updated from SolarWinds from time to time and incorporated herein, are registered with the U.S. Patent and Trademark Office and may be registered or pending registration in other countries. All other SolarWinds trademarks may be common law marks or registered or pending registration in the United States or in other countries. All other trademarks or registered trademarks contained and/or mentioned herein are used for identification purposes only and may be trademarks or registered trademarks of their respective companies. Microsoft®, Windows®, and SQL Server® are registered trademarks of Microsoft Corporation in the United States and/or other countries.

The DameWare third party libraries are covered with more accuracy and detail in http://www.solarwinds.com/documentation/3rdPartySoftware/3rdParty.htm

Page 4: DameWare Server Evaluation Guide

Table of ContentsAbout DameWare i

Contact Information i

End-of- Life Policy i

Legal i

Introduction 1

Installing the Server 2

Installing the DameWare Server 3

System Requirements 3

Port Requirements 4

Licensing 4

Installing the DameWare Server (Express) 6

Installing the DameWare Internet Proxy with Another Web Server 8

Configuring the DameWare Server 10

Express Configuration 10

Configuring the DameWare Internet Proxy 13

Setting the Internet Session URL 13

Modifying Your Firewall or Router 14

Testing the Internet Session Connection 16

Troubleshooting the Internet Session URL 16

Installing Centralized DRS or MRC 17

Installing the DRS or MRC Applications 17

Installing DRS or MRC from the Command Line 18

Installing MRC agents 20

MRC Client Agent Service Installation Methods 20

Install the Service On-demand 20

Page 5: DameWare Server Evaluation Guide

Install the Service from the MRC Application 21

Manually Install the Service 21

Deploy Custom MSI Packages 22

Logging on to the Admin Console 24

Connecting to the Central Server or Mobile Gateway 24

Default User Accounts 25

Admin account 25

User account 25

Managing Users 27

Adding Users 27

Importing Users 28

AD Import 28

CSV Import 29

Licensing DRS or MRC Users 29

DameWare Central Server Administrator Permissions 29

Managing the Global Host List 31

Creating the Global Host List 31

Importing to the Global Host List 32

AD Import 32

File Import 32

Managing Internet Sessions 34

Limitations to Internet Sessions 34

Internet Session Troubleshooting Guide 35

Connecting to MRC 37

Troubleshooting Your Central Server Connection 38

Connecting to Agents with MRC 39

Page 6: DameWare Server Evaluation Guide

What privileges do I need to connect with DMRC? 39

Non-Administrator Mode 39

Administrators Only Mode 40

Connecting through a Firewall 40

Changing the Default Port 41

Connecting with an Internet Session 41

Internet Session Properties 42

Internet Session Properties Dialog Options 42

VNC Setup 44

Sample Procedures 44

MRC Quick Tour 47

DameWare Mini Remote Control Quick Tour 47

Enabling Remote Logging 47

Using DameWare with Citrix or Other Terminal Services 48

Silently deploying the Registration information 48

Program Shortcuts 49

Shadow Registry: 49

Using Smart Cards 49

Requirements 49

How to Backup and Restore the saved host list 50

Backup the Saved Host List 51

Restore the Saved Host List 51

Forcing Encryption Levels 51

Page 7: DameWare Server Evaluation Guide

Introduction

DameWare Server provides a powerful, comprehensive remote control solution to support end users inside and outside your internal network seamlessly. You can securely authenticate to computers, troubleshoot and solve problems, and chat with end users on computers running Windows, Mac OSX, or Linux.

Key features include:

l Controlling end users' computers inside and outside your internal network

l Centralized licensing

l The ability to create a global host list

l A personal host list that technicians can access from any computer running the DRS or MRC application in Centralized mode

l The ability to connect to remote computers using your mobile device

The server version of DameWare software is available for centralized versions 11.0 and above. This mode requires you to install and deploy at least one server component—the DameWare Central Server. License activation occurs on the server level; you do not activate licenses on each computer with DRS or MRC installed on it. DRS and MRC users authenticate to the Central Server and can logon at any centralized DRS or MRC installation. Centralized mode is most useful for organizations with a large user base, with large or centralized IT departments, or with multiple DameWare product licenses that you wish to manage from a single point.

- 1 -

Chapter 1

Page 8: DameWare Server Evaluation Guide

Installing the Server

DameWare Server includes the following discrete programs that you can install:

l DameWare Server l DameWare Central Server component l DameWare Internet Proxy component l DameWare Mobile Gateway component

l DameWare Server Administration Console l DRS with MRC (Centralized mode) l MRC client agent

Each program must be installed and configured on your network to fully utilize the DameWare Server.

Use the following topics to install DameWare Server and related software:

Installing DameWare Server

l System Requirements l Port Requirements l Installing the DameWare Server l Licensing

Configuring DameWare Server Components

l Express Configuration l Configuring the DameWare Internet Proxy

Installing DRS and MRC in Centralized Mode

l Ports Used for MRC l Selecting Your Install Type l Installing DRS or MRC from the Command Line

- 2 -

Chapter 2

Page 9: DameWare Server Evaluation Guide

Chapter 2

Installing MRC Client Agents

l MRC Client Agent Service Installation Methods

Installing the DameWare Server

System RequirementsBefore you install the DameWare Server, review the following system requirements.

Hardware/Software Requirements

OS Windows XP (32-bit SP3, 64-bit SP2) or later (for evaluation only)

Windows Server 2003 SP2 or later

Hard drive space

1 GB (2 GB or more recommended for database expansion)

CPU Quad core, 2.0 GHz or greater

RAM 4 GB (8-16 GB recommended)

.NET Framework

3.5.1

4.0

Notes: If .NET is not present on the computer...

...You may be prompted to restart the computer after the .NET Frameworks are installed. Manually restart the computer, and run the installer again.

...You may need to manually install .NET Framework 2.0 or 3.5 when installing on older operating systems, such as Windows XP.

Network 100 Mbps or greater

DameWare also installs the following components, which are embedded in the installer:

l Microsoft Visual C++ 2005 SP1 Redistributable x86 l Microsoft Visual C++ 2008 SP1 Redistributable x86 or x64 l Microsoft Visual C++ 2010 Redistributable x86 or x64 l Microsoft Visual C++ 2012 Redistributable x86 or x64 l Microsoft SQL Server Compact 4.0 Service Pack 1

If you are unable to complete the installation due to missing pre-requisites, download and install them separately. See SolarWinds KB400136 for more information.

Mobile Client requirementsThe DameWare Mobile Client is supported on the following operating systems:

l iOS 6.x and 7.x l Android 4.1-4.4

- 3 -

Page 10: DameWare Server Evaluation Guide

Installing the Server

Port RequirementsDameWare listens to the following ports by default:

Port Number

Description Used with Component or Product

Change the Default Port in...

Modify the port settings on...

80 DameWare Internet Proxy HTTP - Used to connect computers through an Inter-net Session or download an MRC or Internet Session agent

DameWare Internet Proxy The Configuration Wizard

N/A

443 DameWare Internet Proxy HTTPS - Used to connect computers through an Inter-net Session or download an MRC or Internet Session agent

DameWare Internet Proxy The Configuration Wizard

N/A

6129 DMRC protocol - DameWare agents listen on this port for incoming remote desktop con-nections

DameWare Mini Remote Control

DameWare Mini Remote Control application

Mobile Client in Global Set-tings

6130 DameWare Mobile Client protocol - Gateway service listens on this port for incoming mobile con-nections

DameWare Mobile Gate-way

Administration Console or the Configuration Wizard

Mobile Client on the gate-way login screen

6132 Internet Session data stream between MRC and the DameWare Internet Proxy

DameWare Central ServerDameWare Internet Proxy

The Configuration Wizard

N/A

6133 Communication requests for DameWare Central Server components

DameWare Central ServerDameWare Internet ProxyDameWare Mobile Gate-way

The Configuration Wizard

DRS, MRC, and Admin-istration con-soles on the login screen

If you want to use Internet Session functionality, you must open ports 443 and 80 in your organization's firewall to allow the DameWare Internet Proxy to communicate with users outside of your internal network.

Licensing DameWare software is licensed per user, but the centralized and standalone versions of the software handle the per user license differently.

- 4 -

Page 11: DameWare Server Evaluation Guide

Chapter 2

Centralized versions activate at the server and then use the Central Server as a licensing server to track the number of user seats. If you are deploying the Central Server on your network, you must use a centralized license.

Standalone versions allow you to activate a license up to three times per user. If you do not deploy the Central Server on your network, you must use the standalone license.

Notes:

l You cannot run both centralized and standalone versions at the same time.

l You cannot upgrade from centralized to standalone. You must uninstall the software and then install the version you want.

CentralizedThe centralized versions of DameWare software are licensed on the Central Server. Each product - DameWare Remote Support or DameWare Mini Remote Control - is activated from the computer on which the Central Server is installed. The DameWare Mobile Gateway is a feature of DRS that you activate on the computer with the Mobile Gateway installed on it. The DameWare Central Server and DameWare Internet Proxy are included with the centralized version of DameWare Remote Support and are not separately licensed.

The license includes a licensed user number. Each user is assigned a license type by a DameWare Administrator, which reduces the number of available user licenses. See Licensing Users for more information about assigning license types to users in DameWare Central Server. You can install the DRS or MRC applications in centralized mode on multiple machines.

For example, if you purchased a centralized DRS license for 10 users, you activate the license on the Central Server and then assign licenses to up to 10 users. The users can logon with their DameWare credentials to any DRS or MRC application in centralized mode.

- 5 -

Page 12: DameWare Server Evaluation Guide

Installing the Server

Note: After your purchased license is applied, you must disable or delete any user accounts that exceed the number of licensed seats you have purchased.Installing the DameWare Server (Express)The following procedure guides you through installing an evaluation version of DameWare Server using Express options, which install and configure DameWare Central Server, DameWare Remote Support (centralized), DameWare Mobile Gateway, and DameWare Administration Console together on your computer.

Note: You must run the installer as an administrator.

To install and configure DameWare Server (Express):

1. Log on as an administrator.

2. Navigate to your download location and run the DameWareServer executable file.

3. Review the welcome text, and then click Next to continue.

4. Select I accept the terms in the License Agreement, and then click Next.

5. If you want to install to a destination folder other than the default, click Browse, select an installation folder, and then click OK.

6. Select Express DameWare Server Install (Recommended), and click Next.

- 6 -

Page 13: DameWare Server Evaluation Guide

Chapter 2

7. Select which application shortcuts you want the DameWare installer to create, and click Next.

8. Click Install to begin the installation. The installer will install any pre-requisite software that is missing from the computer as well as the DameWare software.

9. Enter the email address you provided to DameWare when you registered for the

- 7 -

Page 14: DameWare Server Evaluation Guide

Installing the Server

software, and click Continue.

10. Click Finish to complete the installation and open the Configuration Wizard.

Installing the DameWare Internet Proxy with Another Web ServerThe DameWare Internet Proxy installs a web server to allow users to download Internet Session agents, handle proxy requests, and host Internet Session resources for users. It also creates and installs a self-signed security certificate for secure communications.

DameWare uses the http.sys web server engine, which IIS also uses. The http.sys engine allows multiple applications to use the same IP address and port number. However, two different engines cannot bind to the same port number.

You can turn on the DameWare Internet Proxy component on computers that already have a web server installed on them.

- 8 -

Page 15: DameWare Server Evaluation Guide

Chapter 2

Installing with IISWhen installing on a computer that has IIS installed, ensure that the Internet Session URL does not already exist. The Configuration Wizard creates the virtual directory from the Internet Session URL and cannot successfully create the path if it already exists.

If you already use a third-party security certificate, the DameWare Internet Proxy does not create a self-signed certificate and uses the preexisting certificate instead. See Removing the Security Error for Internet Sessions for information on installing a third-party security certificate on the DameWare Internet Proxy.

Installing with Other Web Servers (Apache, Tomcat, etc.)When installing on a computer that does not use the IIS web server and http.sys engine, such as Apache or Tomcat, you cannot serve multiple applications out of the same port number.

By design, most web servers only serve one application per port number. For example, if you already serve an application out of port 443, you cannot use port 443 with the DameWare Internet Proxy. To run the DameWare Internet Proxy on the same computer, you must use a different port number for each application.

You can change the port number used by the DameWare Internet Proxy by changing the Internet Session URL in the Configuration Wizard. For example, if you want to run the DameWare Internet Proxy out of port 444 instead of port 443, change the Internet Session URL to https://domainName.com:444.

Additionally, the Internet Session URL cannot already exist in your directory structure. The Configuration Wizard creates the virtual directory from the Internet Session URL and cannot successfully create the path if it already exists.

If you already use a third-party security certificate, the DameWare Internet Proxy does not create a self-signed certificate and uses the preexisting certificate instead. See Removing the Security Error for Internet Sessions for information on installing a third-party security certificate on the DameWare Internet Proxy.

- 9 -

Page 16: DameWare Server Evaluation Guide

Configuring the DameWare Server

Express Configuration The Express Configuration option quickly configures all DameWare Server components with default values.

Express Configuration uses the default port numbers and the host name of the computer on which the software is installed to configure the DameWare Central Server, DameWare Internet Proxy, and DameWare Mobile Gateway.

To run all components on the same computer (Express):

1. If the DameWare Server Configuration Wizard does not automatically open, navigate to Start > Programs > SolarWinds > DameWare Server> DameWare Server Configuration Wizard.

2. Review the installed components, and click Next.

- 10 -

Chapter 3

Page 17: DameWare Server Evaluation Guide

Chapter 3

3. In the DameWare Server Configuration Wizard, select Express Configuration (Recommended for evaluation), and click Next.

4. If you want to evaluate the Internet Session, click Test Connection and correct any errors.

- 11 -

Page 18: DameWare Server Evaluation Guide

Configuring the DameWare Server

5. If you do not want to evaluate the Internet Session at this time, select I do not want to test the Internet Session URL (Skip this step), and click Next.

6. Note the default accounts, and click Finish.

- 12 -

Page 19: DameWare Server Evaluation Guide

Chapter 3

After you have completed installing and configuring DameWare Server, log on to the DameWare Administration Console to add users, create a global host list, or modify your server settings.

Note: To launch the DRS or MRC applications or the Administration Console manually, navigate to Start > Programs > SolarWinds > DameWare Product, and select the application. You will need your DameWare Server user account information to logon.

Configuring the DameWare Internet ProxyIf you have installed the DameWare Internet Proxy on a different machine than the Central Server, you need the component pairing password from the DameWare Internet Proxy when you run the Configuration Wizard on the DameWare Central Server computer.

You should also verify the default Internet Session URL. You can skip this step and finalize the Central Server configuration or you can test the Internet Session URL. This ensures that users outside of your network will be able to join an Internet Session and download a DameWare agent if necessary.

For more information about configuring the DameWare Internet Proxy, see the following topics:

l Setting the Internet Session URL l Modifying Your Firewall or Router l Testing the Internet Session Connection l Troubleshooting the Internet Session URL

Setting the Internet Session URLThe Internet Session URL is the base URL that all users see when initializing or joining an Internet Session. For example, the bold section of the following Internet Session link is the Internet Session URL that you set in the Configuration Wizard.

https://yourdomain.com:443/dwnl/?3285798686

- 13 -

Page 20: DameWare Server Evaluation Guide

Configuring the DameWare Server

This Internet Session URL can be an IP address or domain name. You can use an IP address or domain name that you already have, or you can create a custom path. If you create a custom path, this path cannot already exist in your Web directory. DameWare creates the virtual path using the entry you provide in the Internet Session URL field. The DameWare Internet Proxy may not start if the path already exists.

Note: You cannot use special characters in the Internet Session URL.

If you own or operate your own website, you can use that domain name as your Internet Session URL. In this example, you use the Internet Session URL field in the Configuration Wizard to create a custom path, such as https://domainName.com:443/OverTheInternetHelp.

The DameWare Internet Proxy also acts as a web server so that end users can download Internet Session agents, if necessary, to join Internet Sessions.

Modifying Your Firewall or RouterTo successfully connect to Internet Sessions with users outside of your network, you must modify your externally facing firewall or router to forward TCP requests to the DameWare Internet Proxy. You must also allow ports 6130, 6132, and 6133 to listen for incoming requests.

All firewalls and routers operate differently. Please consult the manufacturers documentation for specifics, and use the information in this topic as a general guide.

When you install the DameWare Internet Proxy, you can install it on a computer with or without a pre-existing web server. See Installing the DameWare Internet Proxy with Another Web Server for more information.

Note: Use the Test Connection button in the Configuration Wizard to ensure that outside users can communicate successfully through your firewall or router.

DameWare Internet Proxy Installed without a Web ServerWhen you deploy the DameWare Internet Proxy on a computer without a web server, you or your network administrator must open ports 443 and 80 on your firewall or router. Create a forwarding rule so that all TCP traffic going to your Internet Session URL is directed to your DameWare Internet Proxy instance. You must also allow ports 6130, 6132, and 6133 to listen for incoming connections.

Note: If you do not have a security certificate from a certificate authority installed, end users may encounter security warnings if they download an Internet Session agent before joining an Internet Session.

DameWare Internet Proxy Installed with a Web ServerIf you install the DameWare Internet Proxy on a computer that already hosts a web server, ports 443 and 80 are open. Your network administrator must allow ports 6130, 6132, and 6133 to listen for incoming connections. See Installing the DameWare Internet Proxy with Another Web Server for more information.

Notes:

- 14 -

Page 21: DameWare Server Evaluation Guide

Chapter 3

l By design Apache cannot serve multiple sites out of port 443. If you are currently using HTTPS with Apache, you cannot co-locate the DameWare Internet Proxy on the same computer and use the same port number. see Installing the DameWare Internet Proxy with Another Web Server for more information.

l Do not use a URL for your Internet Session URL that is already in use.

Why Must You Open the Ports?443/80 (HTTPS/HTTP)

The DameWare Internet Proxy uses either port 443 (HTTPS) or port 80 (HTTP) to communicate with MRC and Internet Session agents on the end users' computers. The DameWare Internet Proxy also includes a web server, which allows end users to download the MRC or Internet Session agent. The port number used can be modified where you configure the Internet Session URL. If you choose to use port 443/HTTPS when you configure the DameWare Internet Proxy, the Configuration Wizard generates a self-signed certificate and installs it. If a certificate exists already, the Configuration Wizard uses that certificate and does not generate a self-signed certificate.

6130 (Mobile Gateway Communication Port)The Mobile Gateway listens to this port to allow communication between the Mobile Client and the agent on the remote computer. You can change this port number in the Configuration Wizard.

6132 (DameWare Central Server and DameWare Internet Proxy Communication Port)

DameWare Central Server and DameWare Internet Proxy listen to this port to allow communication between the MRC application and the remote agent. This is specific to Internet Sessions. You can change this port number in the Configuration Wizard or the Administration Console.

6133 (DameWare Service Port)DameWare uses this port to communicate between DameWare Server components. DameWare components listen to all communications inbound through this port. You can change this port number in the Configuration Wizard.

Common Issues When Configuring the Firewall or RouterOther websites may not start

If two or more websites are using port 443, non-DameWare products may not start. Change the port number on the other products, use different IP addresses, or install each product on separate computers.

Communication does not occurIf users cannot access the Internet Session URL or download agents, the ports may not be open. Check that changes were applied correctly and to the correct appliance. The Internet Session URL may also already exist on the computer.

- 15 -

Page 22: DameWare Server Evaluation Guide

Configuring the DameWare Server

Testing the Internet Session ConnectionTesting the Internet Session URL ensures that the URL is accessible to out-of-network users and that technicians can connect to MRC agents on off-network computers.

The Test connection button sends a request to a SolarWinds server, which then sends a TEST request to the Internet Session URL using TCP. If the request is successful, you receive a confirmation and the DameWare Internet Proxy is listed as verified. The Test connection button can only be used with ports 80 and 443.

If you do not want to use the automated Test connection button, you can manually test the Internet Session URL by initializing an Internet Session and then joining the session from outside your network. The Configuration Wizard does not list the DameWare Internet Proxy as verified using this method.

Troubleshooting the Internet Session URLIf you have installed the DameWare Internet Proxy and you cannot successfully create an Internet Session, check the following:

l Does another website use port 443 (HTTPS/SSL)?The websites may interfere with each other.

l Is Apache installed as the web server?Apache allows only one site to use port 443. See Installing the DameWare Internet Proxy with Another Web Server for more information.

l Are you using a URL that is already in use?You cannot use a URL that already exists on your server. For example, if you use https://yourdomain.com/support, you cannot use that URL as the Internet Session URL.

l Are the correct ports open on your router or firewall?See Modifying Your Firewall or Router for more information.

l Is the DameWare Internet Proxy running?The DameWare Internet Proxy may be turned off. Check the Central Server and use the Configuration Wizard to start it.

l Are there special characters in the URL?Users receive an error if there are special characters in the Internet Session URL. Remove the characters by using the Configuration Wizard.

- 16 -

Page 23: DameWare Server Evaluation Guide

Installing Centralized DRS or MRC

Before installing DRS or MRC, review the following information.

If a remote system is running the MRC client agent service, MRC only uses a single TCP port to connect to it. The default TCP port is 6129; however, you can specify any of the 65,000 valid TCP ports in the MRC application properties. Since TCP 6129 is a well known port for the MRC program, DameWare recommends you choose a different port to ensure the most secure connections.

If a remote system is not running the MRC client agent service, MRC attempts to install it over the remote operating system’s installed protocols for File & Printer Sharing.

Microsoft defines File & Printer Sharing as:

l UDP 137 (Name)

l UDP 138 (Datagram)

l TCP 139 (Session)

l TCP 445 (Direct Hosting)

If you do not want MRC to install the client agent service using these ports, or if MRC is unable to connect to the remote system using these ports, install the service using another installation method.

Installing the DRS or MRC ApplicationsDameWare provides an intuitive wizard to guide your installation. You can also install the application using the command line. See Installing DRS or MRC from the Command Line for more information.

The following procedure will complete your installation of DRS or MRC in centralized mode.

- 17 -

Chapter 4

Page 24: DameWare Server Evaluation Guide

Chapter 4

You need administrator privileges to install the applications. If the computer on which you are installing DRS or MRC has previously had a DameWare product installed on it, not including the MRC client service, the previous settings are applied until you delete the DameWare database. Delete the DameWareDB file generally located in C:\Program Files (x86)\SolarWinds\DameWare <product>.

To install the DameWare application using the installer:

1. Log on as an administrator

2. Navigate to your download location and launch the DameWareMRC or DameWareRS executable file.

3. Review the Welcome text, and then click Next to continue.

4. Select I accept the terms in the License Agreement, and then click Next.

5. If you want to install to a destination folder other than the default, click Browse, select an installation folder, and then click OK.

6. Select Centralized Install, and click Next.

7. If you do not have the DameWare Central Server connection details, select I do not have the connection details now; I will enter the details later, and click Next.

8. If you do have the DameWare Central Server connection details, select DameWare Central Server connection details (Recommended), and enter the IP address or host name of the Central Server and the port number. Click Next.

9. Select which application shortcuts you want the DameWare installer to create.

10. Click Install to begin the installation.

11. Enter the email address you provided to DameWare when you registered for the soft-ware, and then click Continue.

12. Click Finish to complete the installation wizard and exit.

After you have completed installing the DRS or MRC applications, launch the application by clicking DameWare Mini Remote Control or DameWare Remote Support in Start > Programs > SolarWinds.

Installing DRS or MRC from the Command LineYou can use command line options to install the MRC application without being prompted for license information.

Notes:

l You must run the commands with Administrator permissions l Use %WINDIR%\System32 instead of relative paths l You cannot install through a proxy server that also requires authentication

To install DRS or MRC using the MSI installer:Use the following command at the command line or in an installer script. Replace the variables in this example according to the values in the Arguments section.

msiexec /i fileName.msi /qn APPDIR="C:\Program Files\DameWare programName\" reboot-t=reallysuppress SILENT=yes INSTALLSTANDALONE=0 CENTRALSERVERHOSTNAME-E=centralServerHostName

- 18 -

Page 25: DameWare Server Evaluation Guide

Installing Centralized DRS or MRC

To install DRS or MRC using the EXE installer:Use the following command at the command line or in an installer script. Replace the variables in this example according to the values in the Arguments section.

fileName.exe /args "/qn APPDIR=\"C:\Program Files\DameWare programName\" reboot-t=reallysuppress SILENT=yes" INSTALLSTANDALONE=0 CENTRALSERVERHOSTNAME-E=centralServerHostName

ArgumentsThe following is a list of arguments you can use on the command line.

l /args "argumentsHere" (EXE only) instructs the EXE installer to pass the argu-ments inside the quotation marks along to the MSI installer.

l APPDIR="C:\Program Files\DameWare programName\" specifies the installation directory. Enter Remote Support or Mini Remote Control in place of programName to use the default installation directory.

l SILENT=yes instructs the installer to install the program silently. l SA_KEY=licenseKey (licensed only) contains the license key for licensed install-

ations. Enter a valid license key in place of licenseKey. l SA_EMAIL=emailAddress (licensed only) contains the administrator's email address

for licensed installations. Enter a valid email address in place of emailAddress. l SA_FIRST_NAME=firstName (licensed - optional) contains the administrator's first

name. Enter the first name in place of firstName. l SA_LAST_NAME=lastName (licensed - optional) contains the administrator's last

name. Enter the last name in place of lastName. l SA_PHONE_NUMBER=phoneNumber (licensed - optional) contains the administrator's

phone number. Enter a valid phone number in place of phoneNumber. l SA_PROXY_ADDRESS=proxyAddress (licensed - optional) contains the address of the

proxy server the program should use to connect to the SolarWinds licensing server. If applicable, enter the proxy server's IP address or hostname in place of proxyAd-dress.

l SA_PROXY_PORT=proxyPort (licensed - optional) contains the port the program should use to connect to the proxy server. If applicable, enter the proxy port num-ber in place of proxyPort.

l INSTALLSTANDALONE=1 installs the standalone version. Use 0 to install the cent-ralized version.

l CENTRALSERVERHOSTNAME=centralServerHostName contains the DameWare Central Server's host name.

l CENTRALSERVERPORT=portNumber contains the port number to the DameWare Cen-tral Server. By default, this is 6133.

l CSUSER=centralServerUser contains the login name of a Central Server user. l CSPASSWORD=centralServerUserPassword contain the password of the Central

Server user.

- 19 -

Page 26: DameWare Server Evaluation Guide

Installing MRC agents

MRC Client Agent Service Installation MethodsYou can deploy the MRC client agent to a single computer as needed or you can deploy to multiple computers at once.

If you want to deploy a single instance, you can deploy it to a remote computer in one of the following ways:

l Install the service on-demand l Install the service from the MRC application l Manually install the service

If you want to deploy to multiple computers, you can deploy it in one of the following ways:

l Deploy your own MSI package

Note: The MRC application is backwards compatible with MRC client agents from version 7.0. If the MRC application connects to an unsupported agent, it prompts you to install a newer version of the client agent.

The Windows operating system requires location Administrator rights to install, remove, start, stop, or upgrade the MRC client agent service on remote systems.

Install the Service On-demandWhen MRC attempts to connect to a computer, it tries to connect through the client agent. If the client agent is not present on the remote computer, you are prompted to install the client agent.

- 20 -

Chapter 5

Page 27: DameWare Server Evaluation Guide

Chapter 5

Note:

l The remote operating system must have the File & Printer Sharing protocols and the File & Printer Sharing ports opened.

To install the client agent service on-demand:

1. Open a remote connection dialog by clicking File > Connect. 2. Enter the Host Name or IP Address and administrative credentials. 3. Click Connect. 4. When prompted to install the client agent service, click OK.

Install the Service from the MRC ApplicationYou can push the client agent to a computer using an option in the MRC application console.

Note:

l The remote operating system must have the File & Printer Sharing protocols and the File & Printer Sharing ports opened.

To install the service from the MRC application:

1. Click Install Service... from the File menu. 2. Enter the host name or IP address of the computer on which you want to install the

service. 3. If you want to manually start the service each time a connection is opened, select

Set Service Startup type to "Manual" default is "Automatic". 4. If you want to configure the settings of the MRC client agent service to copy to the

remote system, click the Configure... button. 5. If you want to copy the DWRCS.reg file from the local system to the remote system

with pre-configured MRC client agent service settings, select Include Con-figuration File (DWRCS.reg). This option is available after you have created con-figuration settings.

6. If you want to connect in FIPS Encryption Mode, select Copy FIPS Modules (approximately 9 MB).

7. Click OK.

The MRC application deploys the service to the remote computer.

Manually Install the ServiceTo manually install the MRC client agent service:

1. Navigate to your DameWare installation folder, usually located at C:\Program Files\SolarWinds\DameWare Mini Remote Control.

2. Copy the following files to a location or device you can access from the remote com-puter:

l DWRCWXL.dll

l DWRCST.exe

l DWRCSh.dll

l DWRCSET.dll

l DWRCS.exe

- 21 -

Page 28: DameWare Server Evaluation Guide

Installing MRC agents

l DWRCRSS.dll

l DWRCK.dll

3. On the remote computer, create a new folder in the Windows directory called "dwrcs" (C:\Windows\dwrcs).

4. Place the copied files in the new folder.

Deploy Custom MSI PackagesInstall the client agent on your local machine, and then use the DameWare MSI Builder to build a custom MSI package for the MRC client agent service, including custom settings. You can then send the file to the remote system via your normal distribution process, such as group policies, or download it from the remote system, and then execute the installer. This installation method also opens the necessary TCP port on the Windows Firewall when it starts up.

Note: Before you create your custom MSI package, you may want to pre-configure the client agent with host names, log settings, authentication choices, or other settings to deploy the custom configuration with the client agent.

To build a custom MSI package for the MRC client agent service:

1. Install and configure the client agent on the computer with the MRC application.

2. Open the DameWare Mini Remote Control Package Builder: Start > All Programs > SolarWinds > DameWare Mini Remote Control > DameWare Mini Remote Control Client Agent MSI Builder.

3. Complete the following fields in the Package Builder dialog:

l Profile: Select a pre-defined MSI package profile to populate the rest of the fields with your preferred settings. To save a new profile, complete the rest of the Package Builder dialog, enter a new name in the Profile box, and then click the save icon.

l Target O/S: The operating system on the target system(s).

l Include FIPS Modules: Includes the FIPS Modules in the MSI package. These files are required to run the client agent service in FIPS Encryption Mode.

l Install the mirror driver: Includes the MRC Mirror Driver in the MSI package.

l Install the keyboard driver: Includes the MRC Virtual Keyboard Driver in the MSI package.

l Install the smart card driver: Includes the MRC Smart Card Driver in the MSI package.

l Client Agent Settings: Click the Client Agent icon to open the MRC client agent service settings dialog:

- 22 -

Page 29: DameWare Server Evaluation Guide

Chapter 5

l When you configure these settings through the Package Builder, the applic-ation saves the settings in the installer to deploy to one or more remote sys-tems.

l Output Folder: Enter or browse to the folder you want to install the service to on the remote system(s).

4. Click Build MSI to build the MSI package and save it to the output folder, which is the DameWare installation folder by default.

You can deploy the custom MSI package as you would any other MSI.

- 23 -

Page 30: DameWare Server Evaluation Guide

Logging on to the Admin Console

The Administration Console allows you to manage your DameWare Server installation, including managing user licenses and the Global Host List. You can manage the DameWare Central Server, the DameWare Internet Proxy, or the DameWare Mobile Gateway with the Administration Console.

If both the Central Server and the Mobile Gateway components run on the same computer, connect the Administration Console to that computer.

If the components run on different computers, use the IP address or host name of the computer with the server component you want to administer.

For example, if the DameWare Mobile Gateway is installed on 198.162.1.25 and the DameWare Central Server is installed on 198.162.2.50, enter 198.162.2.50 in the Server IP/Host Name field to connect the Administration Console to the DameWare Central Server. However, if both are installed on 192.168.3.75, enter that IP address to connect to both.

Connecting to the Central Server or Mobile GatewayThe Administration Console can be installed on any computer on your network that is capable of connecting to the computer(s) with DameWare Central Server and DameWare Mobile Gateway installed.

To connect to one of the DameWare Server components, you must have the following information:

l DameWare Administrator credentials

l The DameWare Central Server and/or DameWare Mobile Gateway IP address or host name

l The DameWare service port number (default is 6133)

- 24 -

Chapter 6

Page 31: DameWare Server Evaluation Guide

Chapter 6

DameWare Administrator credentials refer to DameWare specific user accounts that are independent of your other credentials. The default administrator name is admin and the default password is admin. If your DameWare user account does not have administrator privileges, you cannot logon to the Administrator Console.

If you have deployed the DameWare Mobile Gateway on a different computer than the DameWare Central Server, you must use connection details for the computer with the DameWare Mobile Gateway to connect to the DMG.

To connect to the DameWare Central Server or DameWare Mobile Gateway:

1. Open the Administration Console by navigating to Start > Programs > SolarWinds > DameWare Server > DameWare Server Administration Console.

2. On the Login details tab, enter your DameWare user credentials. 3. If you do not want to enter your credentials each time, select Remember

credentials.

4. Navigate to the Advanced settings tab.

5. Enter the DameWare Central Server or DameWare Mobile Gateway IP address or host name.

6. Enter the port number. The default port number is 6133. This correlates to the Service Port number in the Configuration Wizard.

7. If you do not want to enter the server information each time, click Save as default.

Note: When you click Reset to default, the last server's information that you have saved populates the fields.

8. Click Connect to server.

Default User AccountsDameWare Central Server establishes two default accounts on your Central Server and/or Mobile Gateway - the admin and user accounts. These accounts can be disabled or enabled, and you can change the password for both accounts.

Admin accountUse the admin account to administer the DameWare Central Server with the Administration Console and perform tasks such as:

l user creation l session management l password management l Global Host List management

This account does not count toward your license count and cannot be used in DRS, MRC, or Mobile Client.

User accountUse the default user account to login to the Central Server from DRS or MRC. This user account has the DRS & MRC license type which allows user to access both DRS and MRC.

- 25 -

Page 32: DameWare Server Evaluation Guide

Logging on to the Admin Console

User counts toward your license count and is editable.

- 26 -

Page 33: DameWare Server Evaluation Guide

Managing Users

User accounts are fundamental to DameWare Server. Each person must have an enabled user account on the Central Server or Mobile Gateway. You can manually add users or import them. Each enabled user counts towards your license count.

DameWare user accounts are independent of your AD accounts. Permissions for interacting with remote computers depend on the credentials the user enters on the remote computer when connecting with the MRC agent except when connecting using an Internet Session. Technicians initiating Internet Sessions connect with administrative credentials.

Use the following topics to learn more:

l Adding Users l Importing Users l Licensing Users l Administrator Permissions

Adding UsersA user account must be created before you can connect to DRS, MRC, or the Mobile Gateway. The DameWare Central Server and Mobile Gateway user accounts are separate from active directory accounts and are also separate from each other.

For example, a technician may be authorized to use MRC from the Central Server, but unless the technician also has a DameWare Mobile Gateway user account, the technician cannot connect to the DameWare Mobile Gateway and remotely manage computers from a mobile device.

Only enabled users can connect, and each enabled user counts toward your licensed user count.

- 27 -

Chapter 7

Page 34: DameWare Server Evaluation Guide

Chapter 7

To add a user:

1. In the Administration Console, select either Central Server or Mobile Gateway. 2. Click Users. 3. In the action toolbar, click the Add button. 4. Enter an optional description. 5. Click Add New User.

Importing UsersYou can import users directly from Active Directory or from a CSV file.

AD ImportYou can import users from Active Directory as Central Server users. This functionality is not available for DameWare Mobile Gateway users.

Note: Importing from AD can take up to an hour depending on how large the imported groups are.

To import from AD:

1. Navigate to Central Server > Users.

2. Click AD Import. 3. Click Browse to open the Active Directory Import Wizard, and select a group.

4. If you want to import a local work group,

1. Select Local workgroup, and click Next.

2. Select which groups you want to import.

3. Click Select.

5. If you want to import a group from a domain controller,

1. Select Custom domain controller.

2. Enter user credentials that have read only or administrative access to Active Directory.

3. Enter the IP address or FQDN of the domain controller.

4. Click Next.

5. Select which groups you want to import.

6. Click Select.

6. In the Password field, enter a default password for all imported users.

Note: Users are prompted to change this password when they first connect to the server.

7. Click Import.

8. Click OK to confirm the number of users to be imported.

9. Click OK to import.

User accounts are imported as disabled accounts.

- 28 -

Page 35: DameWare Server Evaluation Guide

Managing Users

CSV ImportDameWare provides a template to indicate how the data should be formatted in your CSV file.

To download the template:

1. Navigate to Central Server > Users or to Gateway > Users.

2. On the actions toolbar, click CSV Import.

3. Click Download template file.

4. Save the file to your computer or other device.

Note: You must keep the header from the template.

To import users:

1. Navigate to Central Server > Users or to Gateway > Users.

2. On the actions toolbar, click CSV Import.

3. Click Browse and select the CSV file.

Licensing DRS or MRC UsersDameWare Central Server users are each assigned their own license. They can logon to any centralized install of DRS or MRC and are not restricted to the three computer activations allowed per user on standalone installs. Users can only logon to a single console at a time.

The DameWare Central Server handles the product activation for DRS and MRC. Central Server administrators create user accounts and assign licenses to them. Users can then authenticate through the DameWare Central Server and logon to any DRS or MRC console in Centralized mode.

DameWare Central Server has two license types - DRS and MRC.

The DRS license type corresponds to a DRS license and allows users to access both DRS and MRC.

The MRC license type corresponds to an MRC license and allows users to access MRC. The MRC license type cannot use the Internet Session feature.

When you edit or create a new user, your available license count is displayed. This is the number of unassigned licenses you have. If you need more licenses, contact your sales representative for purchasing options.

DameWare Central Server Administrator PermissionsUsers with administrator privileges have all rights and privileges in the DameWare Central Server and DameWare Mobile Gateway. Administrators have full privileges to manage users and sessions and to modify the DameWare Central Server, DameWare Internet Proxy, or DameWare Mobile Gateway settings. You cannot restrict or reduce administrator privileges.

- 29 -

Page 36: DameWare Server Evaluation Guide

Chapter 7

The default administrator user does not consume a license because it is not licensed to use DRS, MRC, or the DameWare Mobile Client.

Other accounts with administrator privileges enabled do consume a license can be used to logon to DRS, MRC, or the Mobile Client.

Enabling administrator privileges grants a user administrative privileges within the DameWare Central Server or DameWare Mobile Gateway. These privileges do not override privileges that come from your directory service or from local user rights on a computer. Administrative privileges for the Central Server and the Mobile Gateway are marked separately in each component's Users section.

- 30 -

Page 37: DameWare Server Evaluation Guide

Managing the Global Host List

The Global Host List is the host list that is available to all centralized DRS and MRC users and to users connecting to the Mobile Gateway with version 11 of the Mobile Client. This list is created by the DameWare Server Administrator in the Administration Console. Non-DameWare Administrators cannot edit the Global Host List.

Use the following topics to learn more about the Global Host List:

l Creating the Global Host List

l Importing to the Global Host List

Creating the Global Host ListThe Global Host List is the host list that is available to all DRS and MRC users and to users connecting to the Mobile Gateway with version 11 of the Mobile Client. This list is created by the DameWare Server Administrator in the Administration Console. Non-DameWare Administrators cannot edit the Global Host List.

You can manually enter hosts into the Global Host List or you can import hosts from a CSV, DWHL, or XML file or from AD. See Importing to the Global Host List for more information. Only DameWare Server Administrators can modify the Global Host List.

To add a host to the Global Host List:

1. In the Administration Console, select Central Server. 2. Click Global Hosts. 3. In the action toolbar, click the Add Host button. 4. Enter the host name or IP address. 5. Select the Protocol Type. 6. Click Add Host.

- 31 -

Chapter 8

Page 38: DameWare Server Evaluation Guide

Chapter 8

To add a folder to the Global Host List:

1. In the Administration Console, select Central Server. 2. Click Global Hosts. 3. Select the base folder in which you want to add another folder. 4. In the action toolbar, click the Add Folder button. 5. Enter the folder name. 6. Click Add New Folder.

Importing to the Global Host ListA Global Host List allows all DameWare technicians to access a common host list. A Central Server administrator creates a Global Host List on the Central Server, and this list is displayed when a technician logs in to DRS or MRC in centralized mode. Global Host Lists can only be edited in the Administration Console.

You can import using Active Directory groups or using a file.

AD ImportYou can import hosts from Active Directory to populate your Global Host List.

Note: Importing from AD can take up to an hour depending on how large the imported groups are.

To import from AD:

1. Navigate to Central Server > Global Hosts.

2. Click AD Import. 3. Click Browse to open the Active Directory Import Wizard, and select a group.

4. If you want to import a local work group,

1. Select Local workgroup, and click Next.

2. Select which groups you want to import.

3. Click Select.

5. If you want to import a group from a domain controller,

1. Select Custom domain controller.

2. Enter user credentials that have read only or administrative access to Active Directory.

3. Enter the IP address or FQDN of the domain controller.

4. Click Next.

5. Select which groups you want to import.

6. Click Select.

6. Click Import.

7. When prompted with the number of hosts to import, click Yes.

File ImportYou can import XML, CVS, and DWHL files.

- 32 -

Page 39: DameWare Server Evaluation Guide

Managing the Global Host List

To import a host list:

1. Under Central Server, click Global Hosts.

2. On the actions toolbar, click Import from File.

3. Click Browse, and select the host list file.

4. Click Import.

CVS files must use the following format:

Hostname, IP-address, AliasHostname, IP-address, Alias

Each host is contained in a single line, and each host field is separated by a comma.

- 33 -

Page 40: DameWare Server Evaluation Guide

Managing Internet Sessions

You can connect to users outside of your network by opening an Internet Session. This feature is only available with the Centralized version of DameWare Mini Remote Control(version 11.0 or later).

To enable this feature you must configure the DameWare Internet Proxy and also open a port in your organization's firewall to allow connections between the MRC application and the MRC client agent on the computer outside of your internal network.

Use the following topics to learn more about Internet Sessions:

l Limitations to Internet Sessions l Internet Session Troubleshooting Guide

Limitations to Internet SessionsWhile the Internet Session uses the MRC agent, due to the way it communicates, it cannot use all of the features provided with the agent.

Notes:

l You cannot connect to an MRC client agent that is connected to the Internet through a proxy.

l You cannot connect to the computer running the MRC client agent on Windows XP using RDP to join an Internet Session.

The following is a list of frequently used MRC features that you cannot use in an Internet Session.

l Technician credentials/authentication

l Simple File Transfer

- 34 -

Chapter 9

Page 41: DameWare Server Evaluation Guide

Chapter 9

l Alternative connection protocols (RDP, VNC, AMT KVM)

l Ping

l Install, upgrade, or downgrade the MRC client agent

l Lock Remote Keyboard and Mouse

l Wake on LAN

The following table is a list of all MRC agent features the Internet Session supports.

Tab Setting Notes

General Session Cannot connect to an agent with Shared Secret enabled.

Absolute Timeout

Additional Settings

Show Tray Icon If this is disabled, users cannot manually join a session.

Only Allow Connection When at the Logon Desktop

Enabling this setting prevents Internet Session connections.

Notify Dialog Notify on Connection

Notify Dialog Timeout

Play Sound on Notify

Notify on Disconnection

Notify Dialog Caption

Notify Dialog Text 1

Notify Dialog Text 2 - Remote Control

Internet Session Troubleshooting GuideIf you cannot successfully connect to another user with an Internet Session, please check the following.

Did you close the connection dialog?The connection dialog must remain open while you wait for the End User to connect to the Internet Session. If it is closed, the Internet Session also closes.

Are the DameWare Central Server and the DameWare Internet Proxy successfully paired?Open the Configuration Wizard on both the computer with the Central Server running and the one with the DameWare Internet Proxy running. Ensure that the component pairing password from the Internet Proxy matches the component pairing password entered in the Configuration Wizard on the Central Server.

- 35 -

Page 42: DameWare Server Evaluation Guide

Managing Internet Sessions

Are the ports you use for the Internet Proxy open?Ensure that the ports used for communication are open on the computer running DameWare Central Server and the DameWare Internet Proxy. Also ensure that the appropriate ports are open on your outward facing firewall and router. See Modifying Your Firewall or Router for more information.

Are the DameWare communication ports open on your DMZ?If you have installed the DameWare Internet Proxy in your DMZ, you must open the DameWare communication ports on your firewall or router. See Port Requirements or Modifying Your Firewall or Router for more information.

Can you access the DameWare Internet Proxy from the Internet?Open the Configuration Wizard on the computer with the DameWare Internet Proxy running. Click Next, and then click Advanced Configuration. Under DameWare Internet Proxy click Edit Details, and then click the Test connection button.

If the test fails, try one of the following:

l If you have changed any settings, click Save in the Internet Proxy Connection details screen.

l Try to connect to the agent download page from both the internal network and the external network, located at https://<Internet Session URL>/dwnl/ where <Internet Session URL> is your Internet Session URL, including the custom path. If you cannot connect to the agent download page, try one of the other solutions on this page.

l Open a command prompt and use tracert to see if the DameWare Internet Proxy IP address or host name is accessible from outside your internal network.

l Open a command prompt and use netstate -a to see if another program is listening to the DameWare Internet Proxy port.

l See if another web server is bound to the port number.

- 36 -

Page 43: DameWare Server Evaluation Guide

Connecting to MRC

When you have installed DRS or MRC in centralized mode, you must first connect to the DameWare Central Server. This allows you to login and use your personal host list or a global host list.

You need the following information to connect to the DameWare Central Server:

l DameWare Central Server user name

l DameWare Central Server password

l DameWare Central Server IP address or host name

l Service Port Number

The DameWare Central Server user name and password are independent of your other credentials and are established by your DameWare Central Server administrator. The Central Server administrator must also provide the DameWare Central Server IP address or host name and the port number to use.

Notes:

l If this is your first time connecting, you can change your password after you logon by navigating to File > Change Password.

l If you forget your password, contact your DameWare Central Server administrator to have it reset.

To connect to the DameWare Central Server:

1. On the Login details tab, enter your DameWare Central Server credentials.

2. If you do not want to enter your credentials each time, select Remember credentials.

3. Navigate to the Advanced settings tab.

- 37 -

Chapter 10

Page 44: DameWare Server Evaluation Guide

Chapter 10

4. Enter the DameWare Central Server IP address or host name.

5. Enter the port number. The default port number is 6133.

6. If you do not want to enter the server information each time, click Save as default.

Note: When you click Reset to default, the last saved server information populates the fields.

7. Click Connect to server.

Troubleshooting Your Central Server ConnectionBefore you can logon to the DameWare Central Server and use DRS or MRC in centralized mode, the DameWare Central Server administrator must create an account for you to use and provide you with the Central Server information.

To logon you need the following information:

l DameWare Central Server user name and password

l IP address or host name of the DameWare Central Server

l Port number used to communicate with the DameWare Central Server (by default, this is 6133)

Note: Use an IPv4 address or a hostname. If you must use an IPv6 address, you must add the address and host name to your host file. See KB 400151 for more information.

If you cannot logon to the Central Server and your user name and Central Server information are correct, you may have exceeded the number of licensed users or your account may be disabled. Contact your DameWare Central Server administrator to resolve this issue.

Each time you logon to DameWare Central Server from DRS or MRC in centralized mode, you create a Central Server session. You can create multiple sessions from a single computer, but you cannot create sessions from different computers. If you open a second session from another DRS or MRC console located on a different computer, your previous Central Server sessions are closed. Other reasons for your session to close include a Central Server administrator closing it or because you were idle for too long.

- 38 -

Page 45: DameWare Server Evaluation Guide

Connecting to Agents with MRC

After you have installed both the MRC application in Centralized mode and the client agents, you may need to make other modifications to establish successful connections between them. Use the following sections to help you connect between the application and client agents.

l What privileges do I need to connect with DMRC l Connecting through a Firewall l Connecting with an Internet Session l Internet Session Properties l VNC Setup

What privileges do I need to connect with DMRC?After the client agent is installed, you do not need administrator privileges to access the remote computers. However, if you wish to modify the client agent service, you must connect with an administrator account.

Note: You must use an administrator account to connect to a 32-bit agent that has been installed on a 64-bit computer.

Non-Administrator ModeBy default, the remote user is prompted to allow a non-administrator access to their computer. If permission is not explicitly granted by the remote user each time you attempt to connect to the computer, you cannot connect to the remote computer through the MRC client agent. You can configure the client agent to allow non-administrator users to connect without the remote user's permission.

To allow non-administrators to connect without prompting:

1. On the remote computer, open the client agent's properties by right-clicking the ser-vice in the system tray and selecting Settings...

- 39 -

Chapter 11

Page 46: DameWare Server Evaluation Guide

Chapter 11

2. Navigate to the Access tab. 3. Clear the checkbox on Permission required for these account types. 4. Click OK.

When a user connects to the client agent without administrator privileges, a non-dismissible dialog informs users that the client is running in "Non-Administrator Mode".

Administrators Only ModeYou can configure the client agent to require an administrator account. Administrators are any user who is part of the local administrator group.

To allow only administrators to connect:

1. On the remote computer, open the client agent's properties by right-clicking the ser-vice in the system tray and selecting Settings...

2. Navigate to the Access tab. 3. Select Allow only administrators to connect. 4. Click OK.

Connecting through a FirewallIf you connect to remote sites through a firewall, you should pre-install the client agent. After the client agent is installed, you only need one port open in your firewall or router. If you install the client agent when you first attempt to connect to the remote computer, you must open multiple ports to install the client agent and open the TCP port used to connect the application to the client agent. The client agent is installed using the same ports used to access shared resources, and DameWare does not recommend opening these ports on any perimeter firewall.

The default TCP port for communication is 6129 but can be set to anything from both the application and the client agent.

The TCP ports required for connecting through a firewall are documented by Microsoft and depend on the Operating System version (Windows NT/2000/XP/2003/Vista/Windows 7/2008), the Network protocol installed, and how the network is configured.

Example:Windows 2000/XP/2003/Vista/Windows 7/2008 uses NetBIOS over TCP/IP to communicate with prior versions of Windows NT and other clients, such as Windows 95/98/Me. The Windows 2000/XP/2003/Vista/Windows 7/2008 implementation of NetBIOS over TCP/IP is referred to as NetBT. NetBT uses the following TCP and UDP ports:

l Name Services port 137/TCP and UDP l Datagram Services port 138/UDP l Session Services port 139/TCP

The Windows 2000/XP/2003/Vista/Windows 7/2008 redirector and server components support Direct Hosting over SMB for communicating with other computers running these Operating Systems. Direct Hosting over SMB does not use NetBIOS for name resolution. DNS is used for name resolution and the Microsoft networking communication is sent

- 40 -

Page 47: DameWare Server Evaluation Guide

Connecting to Agents with MRC

directly over TCP without a NetBIOS header. Direct Hosting of SMB over TCP/IP uses TCP & UDP port 445 instead of the NetBIOS session TCP port 139. DNS Direct Hosting also uses port 445 (TCP and UDP).

By default, both NetBIOS and Direct Hosting are enabled on Windows 2000/XP/2003/Vista, and both are tried in parallel when a new connection is established. The first to succeed in connecting is used for any given attempt. NetBIOS over TCP/IP support can be disabled to force all traffic to use TCP/IP Direct Hosting.

Direct hosting of SMB over TCP/IPhttp://support.microsoft.com/default.aspx?scid=kb;en-us;Q204279

Changing the Default PortYou must change the default port to the same port number on both the application and the client agent.

To change the port settings on the application:

1. Click the Default Host Properties... button in the View menu. 2. On the Remote Options tab, change the port number. 3. Click OK.

To change the port settings on the client agent:

1. Right-click on the client agent in the system tray, and select Properties. 2. On the General tab, change the port number. 3. Click OK.

Connecting with an Internet SessionThe Internet Session dialog allows you to open an Internet Session and control how you interact with the end user's computer. See Internet Session Properties for more information.

Open the Internet Session dialog by clicking on the Internet Session icon next to the connect icon or by clicking File > Internet Session...

After the Internet Session is open, another dialog displays the current status of the Internet Session and the steps you and the End User must take so that the End User can also join the session.

If you have an email client on the computer running the MRC application, you can click the E-mail details button to send the Internet Session Link and instructions to the End User.

If you do not have an email client, click Copy details to Clipboard or copy the session link, and communicate the Internet Session Link to the End User. If the MRC client agent is not installed on the End User's computer, it must be downloaded to successfully join

- 41 -

Page 48: DameWare Server Evaluation Guide

Chapter 11

the Internet Session. The End User can also download an Internet Session specific client agent.

Internet Session PropertiesMRC uses the settings you configure in the Internet Session Properties window when it connects to remote systems using an Internet Session.

Internet Session Properties Dialog OptionsThe following sections describe the options on each tab of the Internet Session Properties dialog.

Remote Options tab

l View Only: Allows the MRC user to connect to the remote machine desktop but not send any keyboard or mouse input.

l Show Remote Cursor: Displays the remote cursor in the MRC window during a connection.

l Enable Remote Clipboard: Allows a variety of types of data to be copied and pasted from the local machine to the remote machine and vice versa.

l Lock Remote Keyboard & Mouse: Locks the remote keyboard and mouse during the MRC session.

l Enable Blank Monitor: Blanks the monitor on the remote machine during the MRC session.

l Disable Keyboard Translation: Enabling this option sends the local keyboard’s scan code to the remote machine instead of translating it to the ASCI character first.

l Enable Foreign Keyboard Mapping: Enables support for the remote keyboard layout if it is of a different layout (language) than the local keyboard.

l Compression Level: The amount of compression placed on each scan block before it is sent to the local machine.

l Scan Blocks (Scan Lines/Blocks): The number of segments of the remote machine’s screen the program scans prior to sending the data to the local machine.

l Delay Between Scan Block Updates: The length of time, in milliseconds, that the MRC program waits before it scans another block of the remote machine’s screen.

l Port Number: The TCP Port number on which the MRC program communicates with the MRC Client Agent Service on the remote machine. ***The TCP Port number specified here must match the TCP Port on which the MRC Client Agent Service is running on the remote machine.

l Use Slow Link Optimization: Allows the MRC program to perform additional processing in order to minimize the amount of data that is sent across the wire.

l Set Screen Resolution To: Allows the remote machine’s resolution to be temporarily reset to the selected screen size during the MRC session.

l Desktop Effects: Allows the MRC user to temporarily disable certain features and/or characteristics of the remote machine’s desktop to increase performance during the MRC session.

- 42 -

Page 49: DameWare Server Evaluation Guide

Connecting to Agents with MRC

Inactivity Options tab

l Enable Sleep on Inactivity: Allows the MRC program to stop sending screen updates during periods of inactive input from the local machine’s keyboard and mouse.

l Sleep When Inactive for: The number of minutes that must pass before the Sleep on Inactivity setting is applied.

l Enable Disconnect on Inactivity: Allows the MRC session to be automatically disconnected after a designated period of inactive input from the local machine’s keyboard and mouse.

l Disconnect When Inactive for: The number of minutes that must pass before the MRC session is disconnected due to inactivity.

Display Options tabThese settings are NOT used when using the MRC Mirror Driver.

l Mirror Driver button: Opens the Mirror Driver tab. When using the MRC Mirror Driver, display settings are configured on the Mirror Driver tab.

l Remote Default Display: Uses the same color depth as the remote display.

l Force 4 bit Display: Uses 16 colors during the MRC connection.

l Force 8 bit Display: Uses 256 colors during the MRC connection.

l Gray Scale: Forces the MRC connection display to gray scale. This can only be enabled when using the Force 4-bit or Force 8-bit displays.

l Force 16 bit Display: Uses 32,000 colors during the MRC connection.

l Force 24 bit Display: Uses 16 Million colors during the MRC connection.

l Force 32 bit Display: Uses 4 Billion colors during the MRC connection.

Encryption Options tab

l Enable FIPS Mode: Enables FIPS level encryption during the MRC session. When enabled, the MRC session encryption uses RSA’s BSAFE Crypto-C ME FIPS 140-2 validated cryptographic library.

l Encrypt General Data: Encrypts information such as keystrokes and mouse input.

l Encrypt Images: Encrypts graphical data sent from the remote machine.

l Enable Encryption: Encrypts files that are transferred using the Simple File Transfer feature.

Mirror Driver tabThese settings are used when connecting with the MRC Mirror Driver.

l Remote Default Display: Uses the same color depth as the remote display.

l Force 8 bit Display: Uses 256 colors during the MRC connection.

l Force 16 bit Display: Uses 32,000 colors during the MRC connection.

l Force 24 bit Display: Uses 16 Million colors during the MRC connection.

l Force 32 bit Display: Uses 4 Billion colors during the MRC connection.

- 43 -

Page 50: DameWare Server Evaluation Guide

Chapter 11

l Compression Level: The amount of compression placed on each scan block before it is sent to the local machine.

l Delay Between Screen Update: The length of time, in milliseconds, the MRC program waits before it retrieves another block of data from the MRC Mirror Driver installed on the remote machine.

VNC SetupThe connection settings, Use VNC Viewer and Use Intel AMT KVM, in the Remote Connect dialog allow MRC users to connect to remote systems running Linux and Mac operating systems as well as systems running on Intel vPro hardware that supports the AMT KVM feature. For this to work, the remote system must be running a VNC server, similar to the Remote Desktop service in Windows. In some cases, enabling VNC is as easy as enabling the option as a setting in the operating system. In other cases, you may have to install a separate VNC server application, such as Real VNC.

For additional information about Real VNC, visit their website: http://www.realvnc.com/.

Sample ProceduresThe procedure to set up a VNC server on a remote system will vary based on the operating system and version the system is running. However, the following procedures illustrate typical scenarios for Linux, Mac, and vPro operating systems.

Linux

To configure a VNC server in Linux using the Gnome Remote Desktop:

1. Open the Gnome desktop preferences. For example, in Fedora distros:

a. Click the Fedora icon.

b. Point to Desktop > Preferences, and then select Remote Desktop Preferences.

2. Configure the settings according to your preferences.

3. Click Close.

Mac OS XNote:

l A VNC server on Mac OS X 10.8 (Mountain Lion) may not work correctly as it has not been signed with an Apple developer certificate.

l VNC server 5.0.x may not be able to properly wake a Mac display from sleep under OS X 10.8.

l VNC server 5.0.x cannot interact with a retina display.

To configure a VNC server in Mac OS X 10.4 or 10.6:

1. Click the Apple menu, and then select System Preferences.

2. In the Internet and Network section, click the Sharing icon.

3. Select Apple Remote Desktop, and then click Start.

4. If necessary, set a password for VNC connections:

- 44 -

Page 51: DameWare Server Evaluation Guide

Connecting to Agents with MRC

a. Click Access Privileges.

b. Select VNC viewers may control screen with password, and then enter a password.

c. Click OK.

To configure a VNC server in Mac OS X 10.7:

1. Click the Apple menu, and then select System Preferences.

2. In the Internet and Network section, click the Sharing icon.

3. Select Screen Sharing.

4. If necessary, set a password for VNC connections:

a. Click Computer Settings...

b. Select VNC viewers may control screen with password, and then enter a password.

c. Click OK.

vPro hosts

To configure Intel vPro hosts for AMT KVM connections:

1. Reboot the host, and then enter its BIOS configuration menu.

2. Under AMT Options, select the following options:

l Firmware Verbosity

l AMT Setup Prompt

3. Reboot the host, and then enter the Management Engine BIOS Extension (MBEx): Just after the BIOS startup screen, press Ctrl+P.

4. If you are prompted for a password, enter the default password, admin, and then create a new password.

5. In the Intel ME Platform Configuration menu, select Activate Network Access.

6. In the Intel ME Network Setup menu, select Intel ME Network Name Settings.

7. Select Host Name, and then enter the hostname for the host.

8. Press Esc to return to the previous menu.

9. Select Manageability Feature Selection, and then ensure it is enabled in the lower pane.

10. Select SOL/IDER.

11. In the SOL/IDER menu, enable the following options:

l SOL

l IDER

l Legacy Redirection Mode

12. Return to the previous menu, and then select KVM Configuration.

13. In the KVM Configuration menu, select KVM Feature Selection, and then ensure it is enabled in the lower pane.

14. In the upper pane, select User Opt-in, and then select User Consent is

- 45 -

Page 52: DameWare Server Evaluation Guide

Chapter 11

required for KVM Session in the lower pane.

15. In the upper pane, select Opt-in Configurable from remote IT, and then select Enable Remote Control of KVM Opt-In Policy in the lower pane.

16. Press Esc until you are prompted to leave the MEBx menu.

Source: http://www.howtogeek.com/56538/

- 46 -

Page 53: DameWare Server Evaluation Guide

MRC Quick Tour

DameWare Mini Remote Control Quick TourThe following sections guide you through the most common task, such as enabling logging, using DMRC with terminal services, and saving host lists.

l Enabling Remote Logging l Using DameWare with Citrix or Other Terminal Services l Using Smart Cards l How to backup and restore the saved host list l Forcing Encryption Levels

Enabling Remote LoggingThe remote logging feature of the MRC client agent enables administrators to send a copy of the MRC entries recorded on the remote computer's Application Event log to a logging server. The log host must have a MRC client agent installed on it. Remote logging is often turned on to comply with PCI logging requirements.

Remote logging requires changes to the client agent and the log host and that both run the same version of the MRC client agent.

To enable remote logging:

1. Ensure that the MRC client agent server is running. 2. Make the following changes to the client agent:

l Select the "Enable Remote Logging" setting l Enter the IP address, Host Name, or FQDN of log host l Enter the TCP port that the MRC Client Agent Service is configured to listen on,

on the remote machine (Log Host Port Number) 3. Restart the service on the client.

- 47 -

Chapter 12

Page 54: DameWare Server Evaluation Guide

Chapter 12

4. On the log host, make the following changes to the client agent: l Select the "Enable Logging to this host" setting l Enter the Log Path for the local computer, such as C:\DameWare Log Files\ (a

UNC path is not valid) l Enter the Maximum Log File size in bytes

5. Restart the service on the log host.

When the MRC Client Agent Service on the machine sees an inbound logging request, it will take in the log entry and then append it to the DWRCS.CSV file in the specified log path folder. If the file does not exist, one will be created.

The DWRCS.CSV log file :All entries are then recorded or appended to the DWRCS.CSV log file, which is a standard CSV (Comma Separated Value) formatted file that can be opened using a third-party reporting tool (i.e. Excel, etc.).

Using DameWare with Citrix or Other Terminal ServicesDameWare software is not directly supported in Terminal Server/Citrix environments. However, if the network environment is configured properly, the MRC application allows multiple administrators to use the product.

Notes:

l Each user that runs the software, even on a Citrix/Terminal Server, must register the MRC application. You can create a .REG file containing the appropriate regis-tration information and place it into a login script for the users that need the soft-ware.

l By default, program shortcuts are created for one user account. l After MRC is installed on the Citrix/Terminal server, delete any settings that have

been created in the shadow register during installation before any users run the soft-ware for the first time.

Silently deploying the Registration informationTo deploy the registration information, a .REG file containing the following Registry keys can be created. Include this .REG file within your MST file to make this part of the installation process.

1. Register the software using one of the following methods: l Extract the dwabin.txt file included in your Registration email to your Desktop.

Startup MRC and then Open the Help/About dialog. Now drag and drop your dwabin.txt file into the Help / About dialog. The UDGANG Registry key should now be created.

l Right-click on your dwabin.txt file and select ?Copy?, then right-click in the Help / About dialog in MRC and select ?Paste?. The UDGANG Registry key should now be created.

l Place your dwabin.txt file in your DameWare Development installation folder on your local machine, and then startup the MRC software. After the software processes the Activation file, the UDGANG Registry key is created and the ori-ginal dwabin.txt file is deleted.

2. Once the software shows as Registered/Activated, export the Udgang Registry key:[HKEY_CURRENT_USER\Software\DameWare Development\Mini Remote Con-trol\Settings]

- 48 -

Page 55: DameWare Server Evaluation Guide

MRC Quick Tour

"Udgang"-"=hex:XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,XX,\

Now you can use the Udgang Registry key in your MST file, or you can manually import it under any other user account.

Program ShortcutsThe MRC application can be used by more than one user on any given machine, but program shortcuts are only created for the user who installed the software. Other users can use the software by navigating to the DameWareinstallation folder (i.e. C:\Program Files\SolarWinds\DameWare). The Start menu shortcuts can also be dragged to the All Users profile; be sure to right-click, drag, and select Copy Here. If you select Create Shortcut Here, you must re-create the shortcut each time a new version of the software is installed.

Shadow Registry:Occasionally, when using the software in a Citrix/Terminal Server environment and under a different user profile, the software tries to point to a database file under the Administrator's profile. This is due to the Shadow Registry under Citrix & Terminal Services. If this occurs, delete the DameWare Development Registry key from the Shadow Registry of the Citrix Server, and then from all other user profiles on the Citrix Server. Each user may also need to delete the DameWare Development Registry Key, [HKEY_CURRENT_USER\Software\DameWare Development], from the Registry on the local machine.

The Shadow Registry keys created by Citrix and Terminal Services for 32-bit and 64-bit Operating Systems are the following:

l [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Cur-rentVersion\Terminal Server\Install\Software\Dameware Development] (for 32-bit)

l [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\DameWare Devel-opment] (for 64-bit)

The next time the user logs on to the Citrix Server and runs the software, it will automatically recreate the DameWare Development Registry key

Using Smart CardsSmart cards provide a form of two-factor authentication to securely login. You can use smart cards with MRC to log in remotely and interactively. Interactive login allow users of the DMRC software toaccess remote machines and interactively login with their PIN while they are at the Logon Desktop, as if they were physically at the console of the remote machine. Remote Smart Card Authentication and Interactive Login within DameWare Development software also does not require any type of Smart Card middleware, and does not require a Smart Card reader attached to the remote machine.

RequirementsThe following is a list of requirements necessary for DameWare Mini Remote Control to authenticate successfully with smart cards.

- 49 -

Page 56: DameWare Server Evaluation Guide

Chapter 12

1. Smart Card Login & Authentication is only supported on Windows 2000 and above, including:

l Windows 2000 l Windows XP Professional l Windows 2003 Server l Windows Vista

2. Microsoft's Smart Card Services (scardsvr) must be installed. 3. The Operating System and network implementation must be configured properly for

Smart Card authentication. The Smart Card & PIN must have sufficient rights to Login to the remote machine. Unfortunately, DameWare's support department does not provide training seminars on how to implement and configure a Smart Card environment. However, the following Smart Card documentation on Microsoft's web-site may be helpful.

4. A Smart Card reader must be installed on the local machine. 5. According to Microsoft's Requirements, if the "Net Use" command can be suc-

cessfully executed to access a remote machine using a Smart Card, the user should also have the ability to install, remove, start, or stop the DMRC Client Agent Service, or successfully use DNTU's LogonAs feature, via Smart Card authentication.

6. According to Microsoft, Smart Card Authentication to Active Directory requires that Smart Card workstations, Active Directory, and Active Directory Domain Controllers be configured properly. Active Directory must trust a certification authority to authenticate users based on certificates from that CA. Both Smart Card workstations and Domain Controllers must be configured with correctly configured certificates.

Notes:

l A Smart Card reader is not required on the remote machine. l When using smart card authentication interactively, a "New Hardware

Found" notification may be displayed on the remote computer.

You can elect to use smart card authentication when you create your host entry on the MRC application, or you can choose to use smart card authentication in the client agent's settings.

How to Backup and Restore the saved host listThe Saved Host list and settings are saved to a MRC database file, MRCCv2.db. For security, DameWare uses Microsoft's Security APIs to encrypt and store the credentials associated with each host entry, and the credentials are not transferred or backed up with the saved host list.

The MRCCv2.dbf file is usually found in the application data folder under "DameWare Development" or in the DameWare installation folder. For example, you can find the file in the following places:

l For Vista, Windows 7, & 2008 this translates to: C:\Users\{Username}\Ap-pData\Roaming\DameWare Development

l For Windows 2000/XP/2003 this translates to: C:\Documents and Settings\{User-Name}\Application Data\DameWare Development..

l For NT4 it would be located under the Profiles Directory.

Hosts are automatically saved to the Saved Hosts lists. If you wish to ensure that all hosts are saved, click the save button when creating a new host.

- 50 -

Page 57: DameWare Server Evaluation Guide

MRC Quick Tour

Backup the Saved Host ListTo backup the saved host list, copy the MRCCv2.dbf file to your backup location.

Restore the Saved Host ListThe steps to restore or import the saved host list are the same.

1. Save the MRCCv2.db file to the computer. 2. Open the MRC application. 3. Open the Remote Connect dialog by clicking File > Open. 4. In the File menu, select Import... and click from MRCCv2.db File. 5. Browse to the location of the file, and click OK.

Forcing Encryption LevelsMRC encrypts all credentials and other session negotiation information using Microsoft’s built-in Cryptographic Service Providers & CryptoAPIs to support strong encryption for authentication and session negotiation (key exchange). MRC always uses multiple encryption algorithms and always tries to negotiate the strongest keys possible based on what the local and remote systems' Crypto Subsystem can agree upon.

You can choose to encrypt the following:

l General data l Images l Simple File Transfers

You can choose your encryption levels in both the MRC application and in the remote client agent. The encryption level selected on the client agent will supercede choices made in the MRC application.

These configurable options allow you to comply more easily with government regulations or your organization's security policy. It also provides a convenient default level of security for your remote computers.

To force encryption levels on the agent client:

1. Ensure that the MRC client agent server is running. 2. On the General tab, click the Sessions button. 3. Select Force Encryption. 4. Choose the appropriate encryption level. 5. Restart the service on the client.

If you want to force encryption levels on all your client agents, you can export the client agent settings to the remote computers using an MSI. See MRC Client Agent Service Installation Methods for more information.

- 51 -