Using Filemon and Regmon to find security problems with IRM

Home	Sales	Crystal KB	Contact Us
RDP Support		Connect to Support with WebEx
RDPWin KB	IRM.Net	RDPWin3 & PCI Compliance	Search

Using Filemon and Regmon to
find security problems with IRM

Added 8/24/2004 - Article ID: KI0053

For the IRM to successfully fetch data from the data server, a number of security authentications must occur both on the IRM bridge workstation and the RDP Data server. Depending on which authentication fails a variety of different errors will occur, such as Pervasive Stat 94 or a given IRM web page will not display or the IRM will simply "Hang" (span without showing anything).

At present Microsoft does not have any utilities or tools to identify where the security failure occurs. This makes troubleshooting security problems from Internet Information Services (IIS) very difficult. There are some freeware utilities available from www.sysinternals.com which may help. The Regmon and Filemon utilities are explained here.

Download IRMUtils Folder

RDP has a variety of Utilities available for download as follows:

Login to the IRM Bridge computer as administrator
Right click the Start button and then left click "Explore" to start Windows Explorer
In the Address bar, enter "FTP.Resortdata.com"
In the right hand panel, right click the "IRMUtils" folder from and select "copy"
In the left hand panel, right click the "C" drive on the IRM server and select "Paste". This should copy the entire IRMUtils folder from the RDP FTP server to your IRM "C" drive.

Use IRMTOOLS.HTM to test IRM

When troubleshooting the IRM, always use the IRMTOOLS.HTM test program provided by RDP. See "Using IRMTOOLS.HTM". Use IRMTools to reproduce the error.

Using REGMON to Determine which Files Cannot be Opened

To use the Regmon utility from www.sysinternals.com to determine which registry entries cannot be opened, proceed as follows;

Login to the IRM Bridge computer as administrator.
Download the IRMUtils folder as described above.
Select | Start | Run | Browse and go to C:\IRMUtils\Regmon.exe. Right click this file and select open. Regmon should start, as follows:
Reproduce the error using IRMTOOLS.HTM. See "Using IRMTOOLS.HTM". Note, for performance reasons it is best to start IRMTools first and get to the point of failure before starting Filemon.
Stop RegMon by clicking the magnifying class Icon. Then save the file by selecting | File | Save as. Make sure to save the file in the C:\IRMUtils folder as file name "Regmon1.LOG.
Use Notepad to open the file C:\IRMUTILS\FILEMON1.LOG. Then search for the text "Denied", which should show the security problem:

Note: If REGMON does not show and "Denied" files, try "FILMON" as described above to test for denied files. If there are also not any "denied" files this usually means one of two things:

The passwords for the IIs annonymous user are not the same in all places. See IRM Installation Document - RDP Support Steps for steps to correct this problem
The Pervasive "SAT" entries may be wrong. See KI0009 Correcting a Stat 94 on the IRM Bridge Server - Changing SAT Entries

Using FILEMON to Determine which Files Cannot be Opened

To use the Filemon utility from www.sysinternals.com to determine which files cannot be opened, proceed as follows;

Login to the IRM Bridge computer as administrator.
Download the IRMUtils folder as described above.
Select | Start | Run | Browse and go to C:\IRMUtils\Filemon.exe. Right click this file and select open. Filemon should start, as follows:
Reproduce the error using IRMTOOLS.HTM. See "Using IRMTOOLS.HTM". Note, for performance reasons it is best to start IRMTools first and get to the point of failure before start Filemon.
Stop FileMon by clicking the magnifying class icon. Then save the file by selecting File | Save as Make sure to save the file in the C:\IRMTOOLS folder as file name "FILEMON1.LOG as displayed below.
Use Notepad to open the file C:\IRMUTILS\FILEMON1.LOG. Then search for the text "Denied", which should show the security problem.

Note: If FILMON does not show and "Denied" files, try "REGMON" as described above to test the Registry for denied access. If there are also not any "denied" entries with REGMON, this usually means one of two things:

The passwords for the IIS anonymous user are not the same in all places. See IRM Installation Document - RDP Support Steps for steps to correct this problem.
The Pervasive "SAT" entries may be wrong. See KI0009 Correcting a Stat 94 on the IRM Bridge Server - Changing SAT Entries
The IRM is not set to allow full control with Terminal Services. You must change the settings to allow full control of Pervasive over Terminal Services. See, "K000163 Problems Installing & Configuring Pervasive.SQL using Terminal Services - IRM Server & Data Server"

IRM Troubleshooting Links

Troubleshooting the Internet Reservation Module (IRM)

Eliminate Session Running Warning and Correct Linking to the IRM from your Marketing Website

Testing and Troubleshooting the IRM with IRMTOOLS.HTM

Limit Guest Requests on the IRM

Configure Room Types and Numbers

Troubleshooting DNS (Domain Name Services) with IRM

Using Filemon.exe and Regmon.exe to Find Security Problems with IRM and Data Server

Changing Pervasive Terminal Services Security with RegEdit

Correcting a Stat 94 - Editing IRM Bridge Server SAT Entries

Installation, Configuration & Troubleshooting Internal SMTP Outgoing E-mail Server

Windows Internal Firewall May Need to be Turned Off

Knowledge Base (IRM)

Links to RDP Data Server and Internet Reservation Module (IRM) documents

Support Home	RDPWin3 & PCI Compliance	Enhancement Requests	Open A Web Support Ticket
Training	3rd Party Interfaces	RDP Sales Website	Contact Us