Objective
This document aims to describe the prerequisites to be implemented on a Microsoft Windows device in order to allow its monitoring by SNMP and WMI protocols with ServiceNav.
This procedure is applicable for Windows Server versions from 2003.
SNMP
This article describes step by step how to configure the Simple Network Management Protocol (SNMP) service. It describes how to configure SNMP agent properties and SNMP security.
Installation of SNMP functionality
On the 2003 version, you need the Windows installation CD to install SNMP.
Starting with Windows 2008, SNMP is a feature, which is installed as shown below:
Select the SNMP service functionality. The functionality WMI SNMP Provider is unnecessary. Then click on Next.
Then click on Install. Wait until the installation is complete and then proceed to the next step.
SNMP configuration
The configuration of the SNMP service is done from the services console.
Open from the home page (on Windows 2012 server) the Administration tools.
Then select the application Services.
To open this application, you can also run services.msc from the Start > Run prompt on Windows 2008.
Right-click in the list of services on SNMP service then select Properties :
Click on the tab Agent.
Under ServicesIf you are using a computer with a computer with an Internet connection, select the checkboxes next to the services your computer provides. The service options are as follows:
- Physicsindicates whether the computer supports physical devices, such as a hard disk partition.
- ApplicationsTCP/IP: indicates whether the computer uses programs that send data via the TCP/IP protocol.
- Data link and subnetworkindicates whether this computer manages a subnet or a TCP/IP data link, such as a bridge.
- Internetindicates whether this computer acts as an IP gateway (router).
- End to endindicates whether this computer is used as an IP host.
Click on Apply.
Click on the tab Security.
In the area Accepted community namesclick on Add to the list... then enter the name of the community and the associated right. The right READING ALONE is sufficient. The SNMP community name is case sensitive. It is recommended to use the same community name for all servers.
Then click on Add.
Then specify the IP address of the supervisor authorized to perform SNMP access on the server.
Click on Accept SNMP packets from these hostson Addand then type the host name, IP address, or IPX address in the Host name, IP address or IPX.
- Click on Add.
- Click on OK.
Then click on OK to validate the configuration.
Restart the SNMP service to take this configuration into account, by right-clicking on SNMP service in the list, then select Restart.
WMI
Creating the user in Active directory
Only a user who is a domain administrator or part of the Administrators local Windows equipment can query the status of Windows services with WMI.
Create a domain user dedicated to monitoring (for example: domain\servicenav) in your Active Directory domain.
This user must be a member of the local "Administrators" group.
GPO item to create to prevent the user from logging on to the device, in console mode and in Remote Desktop mode:
Start the WMI service
Run services.msc and start (by specifying an automatic start) the Windows Management Infrastructure (EN : Windows Management Instrumentation).
Add the user to the local "Performance Monitor Users" group
Configuring DCOM security
Run dcomcnfg.exe
Open DCOM properties
Right click on "My Computer" and select "Properties
Go to the tab COM Securityselect Edit Limits in the section Launch Activation Permissions
Allow remote execution and activation.
Configuring WMI security
Run wmimgmt.msc
Open WMI properties
Go to the tab Security
Expand the node Rootselect ICMM2 and click on Security
Add the previously created user and assign the rights Enable Account and Remote enable
Verification of access
From the ServiceNav Box terminal, execute this command:
wmic --user='login' --password='password' --workgroup='domain' --namespace='root\CIMV2' //server.IP.address "SELECT * FROM Win32_LogicalDisk"; echo $?the result should look like the following
CLASS: Win32_LogicalDisk
Access|Availability|BlockSize|Caption|Compressed|ConfigManagerErrorCode|ConfigManagerUserConfig|CreationClassName|Description|DeviceID|DriveType|ErrorCleared|ErrorDescription|ErrorMethodology|FileSystem|FreeSpace|InstallDate|LastErrorCode|MaximumComponentLength|MediaType|Name|NumberOfBlocks|PNPDeviceID|PowerManagementCapabilities|PowerManagementSupported|ProviderName|Purpose|QuotasDisabled|QuotasIncomplete|QuotasRebuilding|Size|Status|StatusInfo|SupportsDiskQuotas|SupportsFileBasedCompression|SystemCreationClassName|SystemName|VolumeDirty|VolumeName|VolumeSerialNumber
0|0|0|A:|False|0|False|Win32_LogicalDisk|3¢ inch floppy disk drive|A:|2|False|(null)|(null)|0|(null)|0|0|5|A:|0|(null)|NULL|False|(null)|(null)|False|False|0|(null)|0|False|Win32_ComputerSystem|COSVGRE14|False|(null)|(null)
0|0|0|C:|False|0|False|Win32_LogicalDisk|Local fixed disk|C:|3|False|(null)|(null)|NTFS|3661844480|(null)|0|255|12|C:|0|(null)|NULL|False|(null)|True|False|False|96266612736|(null)|0|True|True|Win32_ComputerSystem|COSVGRE14|False|0AF823EF
0|0|0|D:|False|0|False|Win32_LogicalDisk|D:|5|False|(null)|(null)|(null)|0|0|11|D:|0|(null)|NULL|False|(null)|(null)|False|False|0|(null)|0|False|Win32_ComputerSystem|COSVGRE14|False|(null)|(null)
0You can also perform a census with ServiceNav: this will allow you to check if the WMI user used to perform the census has remote access rights to WMI. The census queries the WMI class Win32_OperatingSystem with the user provided.
Known errors
Timeout of the WMI request
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT 1Ensure that the firewall rules allow WMI on this server.
Host not reachable
[librpc/rpc/dcerpc_connect.c:337:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c000023d) in dcerpc_pipe_connect_ncacn_ip_tcp_recv [librpc/rpc/dcerpc_connect.c:828:dcerpc_pipe_connect_b_recv()] failed NT status (c000023d) in dcerpc_pipe_connect_b_recv [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT_STATUS_HOST_UNREACHABLE - NT_STATUS_HOST_UNREACHABLE 1Ensure that the IP address entered is correct.
Wrong password
Checks that the password does not contain the '@' character, which is badly handled by WMI (found on Windows server 2019).
Workgroup servers - can't connect
If the connection is not possible with a local administrator account, this may be due to the fact that UAC (User Account Control) is activated when monitoring a node that belongs to a workgroup (outside the domain).
It is necessary to disable the remote UAC on this node. This does not disable local UAC.
To do so :
- With an administrator account, log on to the target machine
- Start > Accessories > Command Prompt
- Enter regedit
- Open the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Locate or create a DWORD entry named LocalAccountTokenFilterPolicy and assign it the value 1 (the value 0 allows to reactivate the UAC remotely)
