Monitoring Status and Flow

As we've seen, when the Remote Tools Client Agent is configured, SMS status messages are generated at the site server by the site update process— Hierarchy Manager, Site Control Manager, and so on. These status messages will help you determine whether the Remote Tools Client Agent is available for installation on the client. Additionally, status messages are generated for each Remote Tools session between a user at an SMS Administrator Console and a client computer. Status messages will provide the necessary information for tracking Remote Tools sessions. Unfortunately, no log files are generated for the Remote Tools session itself.

Monitoring Installation

Two log files can be viewed at the SMS site server to verify that the Remote Tools Client Agent is ready for installation at the client: SMS\Logs\Cidm.log (Client Install Data Manager) and SMS\Logs\Inboxmgr.log (Inbox Manager). These log files can be viewed using a text editor or the SMS Trace utility. Search for entries with the text string "Remctrl," as shown in the sample log in Figure 10-25.

Figure 10-25. Sample Cidm.log file with the reference to Remote Control selected.

Log activity is also generated at the client computer when the Remote Tools Client Agent is installed or updated, just as with any other client agent. At the Windows NT client, for example, you can view the \MS\Sms\Logs\Ccim32.log. Open this log using any text editor or SMS Trace, and search for a wake-up event. In other words, look for specific entries that record when the Remote Control Client Agent was found, when the offer for Remote Control was read, and when the offer was submitted to Advertised Programs Manager for installation (Launch32).

You can also view the Advertised Programs Manager log file for remote control activity. Open systemroot\MS\Sms\Logs\Smsapm32.log, and search for the string "remote control". You should see a request to schedule Remote Control, an attempt to execute Remctrl.exe for service context, and the reporting of installation status.

As we've seen, you can also open the Remote Control log file, \MS\Sms\Logs\Remctrl.log. You can use this log file to identify the following events that occur during the Remote Tools Client Agent installation:

• Detection of the operating system on an Intel processor
• Installation of appropriate language support for the client's installed languages
• Installation of the discovered platform's remote control files
• Configuration of registry settings, including security and permissions
• Configuration of hardware-specific Remote Tools settings from the registry
• Registration of the agent with the SMS application launcher (Launch32 or Launch16)
• Start-up of the agent

If you come across any problems during the installation of the Remote Tools Client Agent, remember to review this file on the client computer. You can also monitor the Remote Tools session itself, as we'll see in the next section.

Monitoring a Remote Tools Session

When the SMS administrator initiates a Remote Tools session of any kind with the client, the Remote Tools Client Agent will generate status messages. These messages can of course be viewed through the Status Message Viewer. However, while SMS log activity will be generated on the client computer as a result of installing the agent, the act of establishing and terminating a Remote Control session is recorded as part of the Windows NT Security Event log on Windows NT clients. Relying on the Status Message Viewer in this case will give you more useful information.

You can view status messages specific to a Remote Tools session by executing one of the following status message queries related to Remote Tools sessions:

• Remote Tools Activity Initiated At A Specific Site
• Remote Tools Activity Initiated By A Specific User
• Remote Tools Activity Initiated From A Specific System
• Remote Tools Activity Targeted At A Specific System

The status messages displayed by these queries are in the range 300xx and will provide you with the following details:

• The domain name and user account of the user that is viewing the client
• The machine name of the SMS Administrator Console that is being used
• The machine name of the client computer on which remote functions are being carried out
• The types of functions being performed

Figure 10-26 shows an example of the status messages returned by the status message query Remote Tools Activity Targeted At A Specific Site. Notice the entries in the Description column for initiating and ending each type of remote function.

Figure 10-26. Sample status message query results.

To view the client log activity generated by a Remote Tools session recorded in the Windows NT Security Event log, follow these steps:

1. In the SMS Administrator Console, navigate to the Collections folder, expand it, and then select All Windows NT Workstation Systems or another collection that contains the Windows NT client.
2. In the Details pane, right-click on the client entry, and choose All Tasks from the context menu.
3. Choose Start Windows NT Event Viewer. The Event Viewer window displays the System log from the client computer, as shown in Figure 10-27. Navigate the Windows NT Event Viewer as you normally would.
4. Choose Security from the Log menu to open the Security log, and display the details for Event ID 5. The Event Detail dialog box appears, as shown in Figure 10-28. Notice that the text for the event indicates a Remote Control session with the client started by the SMS administrator using Windows NT security.



Figure 10-27. The Event Viewer System log.



Figure 10-28. The Event Detail dialog box.

Table 10-2 shows the Remote Tools session events that can be recorded in the Windows NT Security log.

Table 10-2. Windows NT security events generated by a remote function