Previous Section
 < Day Day Up > 
Next Section


Monitoring Status and Flow

As we've seen, when the Remote Tools Client Agent is configured, SMS status messages are generated at the site server by the site update process-Hierarchy Manager, Site Control Manager, and so on. These status messages will help you determine whether the Remote Tools Client Agent is available for installation on the client. Additionally, status messages are generated for each Remote Tools session between a user at an SMS Administrator Console and a client computer. Status messages will provide the necessary information for tracking Remote Tools sessions. Unfortunately, no log files are generated for the Remote Tools session itself.

Monitoring Installation

You can view two log files at the SMS site server to verify that the Remote Tools Client Agent is ready for installation at the client: SMS\Logs\Cidm.log (Client Install Data Manager) and SMS\Logs\Inboxmgr.log (Inbox Manager). You can view these log files using a text editor. Search for entries with the text string 'Remctrl,' as shown in the sample log in Figure 10.24.

Click To expand
Figure 10.24: Sample Cidm.log file with the reference to Remote Control selected.

Log activity is also generated at the client computer when the Remote Tools Client Agent is installed or updated, just as with any other client agent. At the Legacy Client, for example, you can view the %Windir%\MS\Sms\Logs\Ccim32.log. Open this log using any text editor or SMS Trace and search for a wake-up event. In other words, look for specific entries that record when the Remote Control Client Agent was found, when the offer for Remote Control was read, and when the offer was submitted to Advertised Programs Manager for installation (Launch32).

You can also view the Advertised Programs Manager log file for remote control activity. Open %Windir%\MS\Sms\Logs\Smsapm32.log on the Legacy Client and search for the string 'remote control.' You should see a request to schedule Remote Control, an attempt to execute Remctrl.exe for service context, and the reporting of installation status. On the Advanced Client, view the log files Ccmexe.log and PolicyAgent.log.

As we've seen, you can also open the Remote Control log file, Remctrl.log. You can use this log file to identify the following events that occur during the Remote Tools Client Agent installation:

  • Detection of the operating system on an Intel processor

  • Installation of appropriate language support for the client's installed languages

  • Installation of the discovered platform's remote control files

  • Configuration of registry settings, including security and permissions

  • Configuration of hardware-specific Remote Tools settings from the registry

  • Registration of the agent with the SMS application launcher (Launch32 or Launch16)

  • Start-up of the agent

If you come across any problems during the installation of the Remote Tools Client Agent, remember to review this file on the client computer. You can also monitor the Remote Tools session itself, as we'll see in the next section.

Monitoring a Remote Tools Session

When the SMS administrator initiates a Remote Tools session of any kind with the client, the Remote Tools Client Agent will generate status messages. You can, of course, view these messages through the Status Message Viewer. However, although SMS log activity will be generated on the client computer as a result of installing the agent, the act of establishing and terminating a Remote Control session is recorded as part of the Windows Application Event log on Windows clients. Relying on the Status Message Viewer in this case will give you more useful information.

You can view status messages specific to a Remote Tools session by executing one of the following status message queries related to Remote Tools sessions:

  • Remote Tools Activity Initiated At A Specific Site

  • Remote Tools Activity Initiated By A Specific User

  • Remote Tools Activity Initiated From A Specific System

  • Remote Tools Activity Targeted At A Specific System

The status messages displayed by these queries are in the range 300xx and will provide you with the following details:

  • The domain name and user account of the user that's viewing the client

  • The machine name of the SMS Administrator Console that's being used

  • The machine name of the client computer on which remote functions are being carried out

  • The types of functions being performed

Figure 10.25 shows an example of the status messages returned by the status message query Remote Tools Activity Targeted At A Specific System. Notice the entries in the Description column for initiating and ending each type of remote function.

Click To expand
Figure 10.25: Sample status message query results.

To view the client log activity generated by a Remote Tools session recorded in the Windows Application Event log, follow these steps:

  1. In the SMS Administrator Console, navigate to the Collections folder, expand it, and then select All Windows Workstation Systems or another collection that contains the Windows client.

  2. In the Details pane, right-click the client entry and choose All Tasks from the context menu.

  3. Choose Start Windows Event Viewer. Navigate the Windows Event Viewer as you normally would.

  4. Choose Application from the Log menu to open the Application log as shown in Figure 10.26 and display the details for Event ID 5.

    Click To expand
    Figure 10.26: The Event Viewer System log.

  5. The Event Properties dialog box appears, as shown in Figure 10.27. Notice that the text for the event indicates a Remote Control session with the client started by the SMS administrator using Windows security.

    Click To expand
    Figure 10.27: The Event Properties dialog box.

Table 10.2 shows the Remote Tools session events that can be recorded in the Windows Security log.

Table 10.2: Windows security events generated by a remote function

Event ID

Remote Function

1

Remote Reboot

2

Remote Chat

3

Remote File Transfer

4

Remote Execute

5

Remote Control Session Start

6

Remote Control Session End

7

Local User Granted Permission For Remote Session

8

Local User Denied Permission For Remote Session

You can also monitor remote session activity by enabling logging of Wuser32.exe. You do this by modifying the registry on the client computer. To enable logging for Wuser32.exe, set the value of LogToFile to 1 in the client's registry under \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS \Client\ Client Components\Remote Control. The resulting log file is named Wuser32.log, and it's stored in %Systemroot%\MS\SMS\Logs on Legacy Clients and %Systemroot%\system32\ccm\logs on Advanced Clients.



Previous Section
 < Day Day Up > 
Next Section