Вы находитесь на странице: 1из 7

Blink: How to change Blink and REM communication port for Central Policy.

Last Updated: 01/22/09

Summary:
Sometimes after troubleshooting or from pre-existing knowledge, it becomes necessary to change the Central Policy (CP) port that Blink and
the Application Bus use for communication to the REM Console. The default CP port is 2000. The instructions below indicate how to modify
REM and REM deployment packages to communicate via an alternate port. This is commonly used in environments that use the CISCO VOIP
Solutions that generally run on port 2000, or on any network that is already using port 2000 for other software.

Procedure:

1. Change the registry keys below. These are an example for using port 2001.

[HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\AnonClient]
"Port"=dword:000007d1

[HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\AnonServer]
"Port"=dword:000007d1

[HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Client]
"port"=dword:000007d1

[HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Deployment]
"port"=dword:000007d1

[HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Server]
"port"=dword:000007d1

Note: Please ensure when adding your values use the decimal radial.

2. Edit the 'eeyeremoteinstall.ini' file in 'C:\Program Files\Common Files\eEye Digital Security\Shared Services Host\data\remoteservice'

3. Search for the portion that says 'port=2000' and change the numbered section to the port you wish to use. e.g. 'port=2001'

4. Edit the Package File for the Blink installation manually this file is located by default in 'C:\Program Files\Common Files\eEye Digital
Security\Shared Services Host\data\Packages' and will have the name of the package within the XML files. Please make sure you change the
one you're attempting to deploy. You will want to add the 'APPBUSPORT=XXXX' portion to the command parameter XML tag within this file.

Example:
Here is an example of an unmodified 'eeyeremoteinstall.ini'

<process order="2" method="run" name="Blink" exename="BlinkSetup.exe" version="4.0.0" versionSerial="4194304" crc32="D136414B">


<installScript />
<updaterSettings>
<url>https://sec.eeye.com/UpdateServer/</url>
</updaterSettings>
<installDir>C:\Program Files\eEye Digital Security\Blink</installDir>
<installLog>C:\Program Files\eEye Digital Security\Blink\bsetup.Log</installLog>
<commandparams>INSTALLDIR="C:\Program Files\eEye Digital Security\Blink" /qn REBOOT=ReallySuppress CONSOLEDEPLOY=1 /Liom
"C:\Program Files\eEye Digital Security\Blink\bsetup.Log"</commandparams>
<logRegEx>
<success>completed successfully.</success>
<failure />
</logRegEx>
<RunOnce>

Here is an example of a modified 'eeyeremoteinstall.ini'

<process order="2" method="run" name="Blink" exename="BlinkSetup.exe" version="4.0.0" versionSerial="4194304" crc32="D136414B">


<installScript />
<updaterSettings>
<url>https://sec.eeye.com/UpdateServer/</url>
</updaterSettings>
<installDir>C:\Program Files\eEye Digital Security\Blink</installDir>
<installLog>C:\Program Files\eEye Digital Security\Blink\bsetup.Log</installLog>
<commandparams>INSTALLDIR="C:\Program Files\eEye Digital Security\Blink" /qn REBOOT=ReallySuppress APPBUSPORT=2001
CONSOLEDEPLOY=1 /Liom "C:\Program Files\eEye Digital Security\Blink\bsetup.Log"</commandparams>
<logRegEx>
<success>completed successfully.</success>
<failure />
</logRegEx>
<RunOnce>

Keywords: Blink, Remote Deployment, Remote, Deployment, Port Change, Cisco Skinny
Deployment Troubleshooting Checklist

Last updated: 6/26/2009

Summary: The below steps are technical steps to assist in identifying reasons for an unsuccessful Blink deployment from the REM

Management Console or 3rd Party Package utility. Unsuccessful deployments from REM typically relate to environmental specific security

settings like firewall settings, Windows GPO settings, proxy settings, and more.

Step 1: Identify the deployment method and symptoms that you are seeing.

Step 2: Perform the suggestions made below according to the deployment method and the symptom.

Step 3: If symptom cannot be remedied by the given suggestions, perform the tests indicated (see TESTS section below).

Step 4: Depending on outcome of Tests, collect logs by following the Collecting Logs section.

----------------------------------------------------

REM Events Manager Symptoms (REM GUI)

----------------------------------------------------

1. Files are not copied over to the remote machine and Blink is not installed.

-Verify if Administrators can access shares on the remote agent system

-Verify if the Network Access: Sharing and Security model is set to Classic mode (not on Guest Mode )

-Verify if is not the Windows Firewall or some other firewall stopping the file copy.

-If nothing works or if problem is not fixed, collect SSH logs while deploying (see Collecting Logs below)

2. Files are copied and the eeyeremoteinstall service is running on the agent

-Perform Tests: Step A, Step B, and Step C.

-If nothing works or if problem is not fixed, collect SSH Logs, RdLogs and Application Bus Logs

3. Blink starts unlicensed / asks for Registration / Doesnt take the policy

-Perform Tests: Step A, Step B, Step C, and Step D


-If nothing works or if problem is not fixed, collect SSH Logs, RdLogs and Application Bus Logs.

----------------------------------------------------

3rd Party Deployment Symptoms

----------------------------------------------------

1. Blink is not installed on the remote system.

-Verify Windows Scripting Host 5.0 installed and running properly by opening a command prompt and typing "cscript".

-If 5.0 or higher is not installed, download and install it from Microsoft.com. Next retry the installer.

-If 5.0 or higher is already installed, collect all .log files from c:\Windows\Temp and any subdirectories in c:\Windows\Temp.

2. Blink starts unlicensed or asks for registration or doesn't obtain the policy.

-Perform Tests: Step A, Step B, Step C, and Step D

-After performing the above tests, recreate the deployment package with the same settings as before and deploy (install) this new package.

-If problem is not fixed, collect SSH Logs, RdLogs and Application Bus Logs

----------------------------------------------------

TESTS

----------------------------------------------------

Step A: Telnet Test

Summary - Connect from the Blink machine to REM on port 2000

HOW TO -

1.) Start > Run > cmd.exe

2.) Enter the command (without quotes): "telnet [insert REM SERVER hostname] 2000" and press enter.

3.) You should be at a blank screen with a blinking cursor.

4.) Press Enter three times.

5.) If it does not disconnect, something along the route is stopping data packets on port 2000 (VPN, firewalls, etc.) The appropriate network

personel will need to investigate the issue.


Step B: Check for another application using port 2000 on both the Blink machine and REM machine

HOW TO -

1.) Start > Run > services.msc

2.) Locate eEye Application Bus, right click, chose Stop.

3.) Start > Run > cmd.exe

4.) Enter the command (without quotes): "netstat -ano".

5.) If there is anything listening on port TCP 2000, it needs to be stopped for deployment and Blink to function properly.

Sample netstat -ano:

TCP 0.0.0.0:2000 0.0.0.0:0 LISTENING 2896

Step C: Verify that NTLM settings match on REM and the Blink machine. See Microsoft's explanation here for the appropriate setting and

ensure all machines have the same setting.

HOW TO -

1.) Go to the REM machine

2.) Start > Run > secpol.msc

3.) Expand Local Policies

4.) Click on Security Options

5.) View the setting for "Network Security: LAN Manager Authentication Level"

6.) Go to the Blink machine

7.) Repeat steps 2-5 and ensure the setting is the same.

Step D: Check Proxy settings on REM server

HOW TO -

1.) In REM go to: Setup > Options > Proxy Settings and verify if the correct HTTP proxy settings are entered.

----------------------------------------------------

Collecting Logs

----------------------------------------------------

Summary: In order to collect logs (as asked for above), you must follow all sections A-C below to turn on log collection, then reproduce the

problem (ie redeploy), then go back and obtain the logs from the result of the reproduced issue. Once the logs have been obtained, you may
undo the actions asked as to not degrade your system performance. Once you obtain the logs, upload to your ticket on the Clients Portal.

A. SSH (Shared Services Host) Logs

1.) Go to the REM Machine

2.) Start > Run > services.msc

3.) Locate eEye Shared Services Host, right click, and Stop

4.) Open Notepad and File - Open to C:\Program Files\Common Files\eEye Digital Security\Shared Services Host\eeyessh.exe.config

5.) Replace the line: <add name="TraceLevelSwitch" value="0" /> With: <add name="TraceLevelSwitch" value="4" />

6.) Start the eEye Shared Services Host service.

-Follow Step 7 after reproducing issue

7.) Collect the file C:\Program Files\Common Files\eEye Digital Security\Shared Services Host\SharedServicesTraceLog.txt

B. RdLogs (Blink Remote deployment Logs)

Obtain the below files after reproducing your issue:

These files are in an RdLogs folder inside Blinks installation folder. Usually this is located at: c:\Program Files\eEye Digital Security\Blink\Rdlogs

If this folder does not exist, provide all .log files from C:\Windows\Temp (or C:\Windows\_Inst if it exists) and the file: "c:\Program Files\Common

Files\eEye Digital Security\SyncIt\debug_syncit.log"

If no file can be located, search the system for a debug_syncit.log file.

C. Application Bus debugging logs

1.) Go to the REM Machine

2.) Start > Run > services.msc

3.) Locate all eEye services, right click, and Stop them all

4.) Start > Run > regedit

5.) Browse to: HKEY_LOCAL_MACHINE\SOFTWARE\eEye

6.) Right click eEye and choose New > Key and name it "Diagnostics" (without quotes).

7.) Download the free DebugView utility from http://www.sysinternals.com

8.) Launch DebugView.exe

9.) Locate all eEye services, right click, and Start them all
10.) Leave debugview open and capturing.

-Follow Step 10 after reproducing issue

11.) Save output of Debugview to a .txt file for eEye Support.

Knowledge Base Article ID: KB000873

Blink & REM: How to Setup Blink and REM to communicate via the Internet using Fully Qualified Domain Name

REM & Blink: How to Setup Blink and REM to communicate via the Internet using FQDN

Last Updated: 12/16/2009

Summary:
Some customers because of their network environment, nature of doing business, or diverse network infrustructure, they require the ability for
Blink and REM to communicate over the internet using a fully qualified domain name (DNS name).

This article will discuss the steps for a software REM implementation to successfully communicate Blink policies and results to/from the REM
Console (Central Policy and REM Events). Some assumptions made in this article are basic networking knowledge and administrator rights on
the machine.

Please read this article in its entirety prior to completing.


For any questions or unique environments, please open a support ticket via the Customer Portal to discuss with support.

Procedure: To configure REM and Blink communication via the internet using FQDN perform the following:

On the REM Events Manager machine:


1) Go to Start > Run > Regedit
2) Browse to: [KEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Deployment]
3) Add a String Value, "ServerName" under this key with the value being your DNS name (ie "rem.company.com") (w/o quotes).
4) Browse to: [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\Protocols\RequestResponse\Deployment\seccomm]
5) Add a String Value, "ServerName" under this key with the value being your DNS name (ie "rem.company.com") (w/o quotes).
6) Browse to: [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\REM Events Manager\3.0\Config]
7) Add a String Value, "CentralPolicyURI" under this key with the value being your DNS name (ie "rem.company.com") (w/o quotes).
8) Next, ensure you have external DNS setup to route properly resolve to the external IP Address for the REM machine (ie
"rem.company.com").
9) Make sure your firewall allows TCP 2000 and TCP 21690 inbound to the REM machine.
10) If your firewall is NAT'ing or Port Forwarding, please perform the following:

• Go to Start > Run > Regedit

• Browse to: [HKEY_LOCAL_MACHINE\SOFTWARE\eEye\ApplicationBus\LocalList]

• Add 2 or more String Values using your external IP address and external DNS name under this key with the value being empty (ie
"rem.company.com" = "")

11) Go to Start > Run > Services.msc


12) Restart all eEye Services

If you have any existing Blink Policies:


13) Go to C:\Program Files\eEye Digital Security\REM Events Manager\Applications\Blink Manager\Central Policy\Groups\
14) Open _default.xml in Notepad
15) Search for rem:// and edit the default rem://machine_name to rem://rem.company.com (keep the full path as already specified there)

Note: You may have to repeat step 13-15 for each existing policy in your REM. New policies are addressed with Step 6-7 above.

On an existing external Blink machine:


1) Go to Blink GUI
2) Go to Options
3) Enable Central Policy
4) use REM protocol
5) input rem.company.com
6) enter the policy name
7) enter the central policy password (specified when you initially setup REM in REM Events Manager Configuration)
8) Click verify settings to validate Central Policy can update successfully.

Conclusion:
In the summary, the steps above will allow you to utilize a fully qualified domain name (DNS) to allow policy updates internally or externally.

For any questions or unique environments, please open a support ticket via the Customer Portal to discuss with support.

Keywords: FQDN, Central Policy, machine name, internet, external policy updates