Neverfail Trusted Clients

Neverfail Trusted Clients

Summary

This Knowledgebase article provides more information about Neverfail Trusted Clients.


More Information



A 'trusted client' in Neverfail Engine is a client/user that can issue Neverfail commands without prior authentication. When Neverfail Engine is installed, two trusted clients are added: the User under which Engine was installed (with local or domain administrator rights) and the LocalSystem user account. Both these clients will be trusted only for the loopback IP (localhost or 127.0.0.1).

In order to allow Neverfail commands to be issued from a remote client system, a Trust Relationship must be created between the client system and the Neverfail server.

Trusted client(s) are stored within Neverfail Engine's persistent values, so if a new trusted client is added, it will be replicated between the servers in a Neverfail cluster (pair or trio).

Note: Using the Neverfail Advanced Management Client (either locally or from a remote machine) you are required to enter a password for Neverfail Engine to double-check the identity of the user trying to connect. This mechanism is different than the 'trusted client' method – used for issuing commands without providing a password (usually for automated commands).

Adding New Trusted Clients

To add new trusted clients please follow the procedure below:
      1. Open an elevated command prompt
      2. Set the path to C:\Program Files\Neverfail\R2\Bin
      3. Run the following command:
            nfcmd localhost addTrustedClient <client_system_IP_address> <user_name> <authority>

            where

            <user_name> will specify the user name that will be allowed to issue commands to Neverfail 

            <client_system_IP_address> indicates the remote host 

            <authority> can be one of the following: administrator, operator, or monitor 

Example:

            nfcmd localhost addTrustedClient 102.275.122.220 JohnDoe administrator

Known Issue:
For adding a new trusted client to Neverfail Engine, the addition must be done using an already trusted client. Initially, in order to add a new trusted client, the nfcmd command must be issued using the currently trusted clients: LocalSystem or the account that was used to install Neverfail Engine (usually the local built-in administrator) - only using the loopback addresses (127.0.0.1 or localhost). Nfcmd commands cannot be issued using other IP addresses from the server, for example: 

      nfcmd localhost addTrustedClient <client_system_IP_address> <user_name> <authority> - correct 

      nfcmd 127.0.0.1 addTrustedClient <client_system_IP_address> <user_name> <authority> - correct 

      nfcmd <Public_IP> addTrustedClient <client_system_IP_address> <user_name> <authority> - incorrect 

      nfcmd <Channel_IP> addTrustedClient <client_system_IP_address> <user_name> <authority> - incorrect 

The above commands must be executed while logged in Windows with the same user Neverfail Engine was installed with.

Example: How to make another user account (not the one used to install Neverfail Engine) a trusted client on the loopback address.
  1. Login into Windows using the same user account which was used at install time.
  2. Open a cmd window, browse to C:\Program Files\Neverfail\R2\Bin
  3. Issue the following command:

            nfcmd localhost addTrustedClient 127.0.0.1 <myUserName> administrator

Obtaining the list of trusted clients

For seeing the list of all Neverfail Trusted Clients please check the following registry hive:

HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs\Neverfail\current\/Manager\/Trusted/Clients\/Client[n]


Applies To

All Versions


Related Information

None

KBID-1724