As we've seen, when the Remote Tools Client Agent is configured, SMS status messages are generated at the site server by the site update process— Hierarchy Manager, Site Control Manager, and so on. These status messages will help you determine whether the Remote Tools Client Agent is available for installation on the client. Additionally, status messages are generated for each Remote Tools session between a user at an SMS Administrator Console and a client computer. Status messages will provide the necessary information for tracking Remote Tools sessions. Unfortunately, no log files are generated for the Remote Tools session itself.
Two log files can be viewed at the SMS site server to verify that the Remote Tools Client Agent is ready for installation at the client: SMS\Logs\Cidm.log (Client Install Data Manager) and SMS\Logs\Inboxmgr.log (Inbox Manager). These log files can be viewed using a text editor or the SMS Trace utility. Search for entries with the text string "Remctrl," as shown in the sample log in Figure 10-25.
Figure 10-25. Sample Cidm.log file with the reference to Remote Control selected.
Log activity is also generated at the client computer when the Remote Tools Client Agent is installed or updated, just as with any other client agent. At the Windows NT client, for example, you can view the \MS\Sms\Logs\Ccim32.log. Open this log using any text editor or SMS Trace, and search for a wake-up event. In other words, look for specific entries that record when the Remote Control Client Agent was found, when the offer for Remote Control was read, and when the offer was submitted to Advertised Programs Manager for installation (Launch32).
You can also view the Advertised Programs Manager log file for remote control activity. Open systemroot\MS\Sms\Logs\Smsapm32.log, and search for the string "remote control". You should see a request to schedule Remote Control, an attempt to execute Remctrl.exe for service context, and the reporting of installation status.
As we've seen, you can also open the Remote Control log file, \MS\Sms\Logs\Remctrl.log. You can use this log file to identify the following events that occur during the Remote Tools Client Agent installation:
If you come across any problems during the installation of the Remote Tools Client Agent, remember to review this file on the client computer. You can also monitor the Remote Tools session itself, as we'll see in the next section.
When the SMS administrator initiates a Remote Tools session of any kind with the client, the Remote Tools Client Agent will generate status messages. These messages can of course be viewed through the Status Message Viewer. However, while SMS log activity will be generated on the client computer as a result of installing the agent, the act of establishing and terminating a Remote Control session is recorded as part of the Windows NT Security Event log on Windows NT clients. Relying on the Status Message Viewer in this case will give you more useful information.
You can view status messages specific to a Remote Tools session by executing one of the following status message queries related to Remote Tools sessions:
The status messages displayed by these queries are in the range 300xx and will provide you with the following details:
Figure 10-26 shows an example of the status messages returned by the status message query Remote Tools Activity Targeted At A Specific Site. Notice the entries in the Description column for initiating and ending each type of remote function.
Figure 10-26. Sample status message query results.
To view the client log activity generated by a Remote Tools session recorded in the Windows NT Security Event log, follow these steps:
Figure 10-27. The Event Viewer System log.
Figure 10-28. The Event Detail dialog box.
Table 10-2 shows the Remote Tools session events that can be recorded in the Windows NT Security log.
Table 10-2. Windows NT security events generated by a remote function
Event ID | Remote Function |
---|---|
1 | Remote Reboot |
2 | Remote Chat |
3 | Remote File Transfer |
4 | Remote Execute |
5 | Remote Control Session Start |
6 | Remote Control Session End |
7 | Local User Granted Permission For Remote Session |
8 | Local User Denied Permission For Remote Session |