This Knowledgebase article provides more information about Neverfail Trusted Clients.
A 'trusted client' in Neverfail Heartbeat is a client that can issue Neverfail commands without prior authentication. When Neverfail Heartbeat is installed, two trusted clients are added: the User Heartbeat was installed under (with local or domain administrator rights) and the System account. Both these clients will be trusted only for the loopback IP (localhost or 127.0.0.1).
In order to allow Neverfail commands to be issued from a remote client system, a Trust Relationship must be created between the client system and the Neverfail server.
Trusted client(s) are stored within Neverfail Heartbeat’s persistent values so if a new trusted client is added, it will be replicated between the two servers in a pair.
Note: Using the Neverfail Heartbeat Management Client (either locally or from a remote machine) you are required to enter a password for Neverfail Heartbeat to double-check the identity of the user trying to connect. This mechanism is different than the 'trusted client' method – used for issuing commands without providing a password (usually for automated commands).
From a command prompt within <Neverfail_installation_folder>\R2\bin run the following command:nfcmd localhost addTrustedClient <client_system_IP_address> <user_name> <authority>
<user_name> will specify the user name that will be allowed to issue commands locally from the remote host indicated by <client_system_IP_address>
can be one of the following: administrator, operator, or monitor
Note: The <authority> parameter is not currently active but designed for future use.
Adding new trusted clients
In order to add a new trusted client to Neverfail Heartbeat, the addition must be done using an already trusted client. Initially, in order to add a new trusted client, the nfcmd command must be be issued using the currently trusted clients – System or the account that was used to install Neverfail Heartbeat (usually administrator) - only using the loopback addresses (127.0.0.1 or localhost). Nfcmd commands cannot be issued using other IP addresses from the server, for example:
Nfcmd localhost addTrustedClient myHostIP myUserName myPrivs - correct
Nfcmd 127.0.0.1 addTrustedClient myHostIP myUserName myPrivs - correct
Nfcmd <Public_IP> addTrustedClient myHostIP myUserName myPrivs - incorrect
Nfcmd <Channel_IP> addTrustedClient myHostIP myUserName myPrivs - incorrect
The above commands must be executed while logged in Windows with the same user Neverfail Heartbeat was installed with.
Example: How to make another user account (not the one used to install Neverfail Heartbeat) a trusted client on the loopback address.
- Login into Windows using the same user account which was used at install time.
- Open a cmd window, browse to <Neverfail_installation_folder>\R2\bin.
- Issue the following command:
nfcmd localhost addTrustedClient 127.0.0.1 <myUserName> administrator
Obtaining the list of trusted clientsFor all Heartbeat versions v5.3 and Later, the list of Neverfail Trusted Clients is saved in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs\Neverfail\current\/Manager\/Trusted/Clients\/Client[n]