Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EndPointSecurity Section
  3. Articles

Unable to deploy GFI EndPointSecurity Agent due to Remote Registry error

Answer

PROBLEM

When attempting to deploy the GFI EndPointSecurity agent on a remote machine, either of the following error messages is received:

  • Failed to read from remote computer's registry
  • Failed to connect to remote registry

ENVIRONMENT

  • GFI EndPointSecurity
  • All Supported Environments 

SOLUTION

Remote Registry Service

Ensure that Remote Registry Service is enabled on the target computer:

  1. Open the Control Panel
  2. Select Administrative Tools
  3. Select Services
  4. Right click the Remote Registry Service and select Properties
  5. Under Startup Type select Automatic from the drop down menu

Local Firewall

If the target computer has a firewall installed locally, ensure that the firewall will allow connections from the machine that is trying to install the GFI EndPointSecurity agent.

Enable NetBIOS

From the target machine, perform the following to enable NetBIOS:

  1. Open the Properties of the network card
  2. Open the Properties of Internet Protocol (TCP/IP)
  3. From the General tab, click on the Advanced button
  4. Change to the WINS tab
  5. Select the option Enable NetBIOS over TCP/IP

Test Connection of Remote Registry

You are able to test if you are able to connect to the Remote Registry service of the target computer from the GFI EndPointSecurity server by performing the following:

  1. Click on Start and select Run
  2. Type regedit
  3. In the Registry Editor select File and then click Connect to Network Registry
  4. Enter the machine name or the IP Address of the target computer in the Select Computer dialogue box and click Ok

Should the connection of the remote registry be successful, you should be able to browse through the registry of the target machine. 

Check Permissions to Access the Remote Registry

Connect to the machine using remote desktop and check the following key: 

  • HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg  

Right-click the Winreg key and choose Permissions. The permissions on this key contol access to the remote registry. 

  • Make sure the account used for deploying has Full Access permissions on this key
  • Also the Local Service account must have Read permissions

See also the following Microsoft kbase articles on this: 

How to restrict access to the registry from a remote computer (Win 2000) : http://support.microsoft.com/kb/153183#appliesto

When you are specifying alternate logon credentials and using a local administrative account on the agent

  • Log on to the target machine and open the local group policy editor (gpedit.msc)
  • Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  • Insure the policy 'Network Access: Sharing and Security Model for Local Accounts' is set to Classic - local users authenticate as themselves

CAUSE

These errors are usually displayed when:
  • The remote registry service is disabled on the target computer
  • A firewall is started on the target computer denying access to EndPointSecurity deployment mechanism
  • Invalid credentials are issued for the deployment of the Agent on the target computer
  • NetBIOS is disabled on the remote computer
  • The accounts listed above do not have the proper permissions
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments