Configure monitoring requirements on Windows devices

On the page

Do you need help?


This document aims to describe the prerequisites to be implemented on a Microsoft Windows device in order to allow its monitoring by SNMP and WMI protocols with ServiceNav.

This procedure is applicable for Windows Server versions from 2003.


This article describes step by step how to configure the Simple Network Management Protocol (SNMP) service. It describes how to configure SNMP agent properties and SNMP security.

Installation of SNMP functionality

On the 2003 version, you need the Windows installation CD to install SNMP.

Starting with Windows 2008, SNMP is a feature, which is installed as shown below:

Adding a Windows feature

Added Windows 2 functionalitySelect the SNMP service functionality. The functionality WMI SNMP Provider is unnecessary. Then click on Next.

Functionality - SNMP ServiceThen click on Install. Wait until the installation is complete and then proceed to the next step.

SNMP configuration

The configuration of the SNMP service is done from the services console.

Open from the home page (on Windows 2012 server) the Administration tools.

Windows Home - Administrative ToolsThen select the application Services.

Windows Service - SNMPTo open this application, you can also run services.msc from the Start > Run prompt on Windows 2008.

Right-click in the list of services on SNMP service then select Properties :

SNMP Service - Properties 1Click on the tab Agent.

Under ServicesIf you are using a computer with a computer with an Internet connection, select the checkboxes next to the services your computer provides. The service options are as follows:

  1. Physicsindicates whether the computer supports physical devices, such as a hard disk partition.
  2. ApplicationsTCP/IP: indicates whether the computer uses programs that send data via the TCP/IP protocol.
  3. Data link and subnetworkindicates whether this computer manages a subnet or a TCP/IP data link, such as a bridge.
  4. Internetindicates whether this computer acts as an IP gateway (router).
  5. End to endindicates whether this computer is used as an IP host.

Click on Apply.

SNMP Service - Properties 2

Click on the tab Security.

In the area Accepted community namesclick on Add to the list... then enter the name of the community and the associated right. The right READING ALONE is sufficient. The SNMP community name is case sensitive. It is recommended to use the same community name for all servers.

Then click on Add.

SNMP Service - Properties 3

Then specify the IP address of the supervisor authorized to perform SNMP access on the server.

Click on Accept SNMP packets from these hostson Addand then type the host name, IP address, or IPX address in the Host name, IP address or IPX.

  1. Click on Add.
  2. Click on OK.

SNMP Service - Properties 4

Then click on OK to validate the configuration.

SNMP Service - Properties 5

Restart the SNMP service to take this configuration into account, by right-clicking on SNMP service in the list, then select Restart.

SNMP Service - Restart


Creating the user in Active directory

Only a user who is a domain administrator or part of the Administrators local Windows equipment can query the status of Windows services with WMI.

Create a domain user dedicated to monitoring (for example: domain\servicenav) in your Active Directory domain.

This user must be a member of the local "Administrators" group.

GPO item to create to prevent the user from logging on to the device, in console mode and in Remote Desktop mode:

Start the WMI service

Run services.msc and start (by specifying an automatic start) the Windows Management Infrastructure (EN : Windows Management Instrumentation).

Add the user to the local "Performance Monitor Users" group

Configuring DCOM security

Run dcomcnfg.exe

Open DCOM properties

Right click on "My Computer" and select "Properties

Go to the tab COM Securityselect Edit Limits in the section Launch Activation Permissions

Allow remote execution and activation.

Configuring WMI security

Run wmimgmt.msc

Open WMI properties

Go to the tab Security

Expand the node Rootselect ICMM2 and click on Security

Add the previously created user and assign the rights Enable Account and Remote enable

Verification of access

From the ServiceNav Box terminal, execute this command:

wmic --user='login' --password='password' --workgroup='domain' --namespace='root\CIMV2' //server.IP.address "SELECT * FROM Win32_LogicalDisk"; echo $?

the result should look like the following

CLASS: Win32_LogicalDisk
0|0|0|A:|False|0|False|Win32_LogicalDisk|3¢ inch floppy disk drive|A:|2|False|(null)|(null)|0|(null)|0|0|5|A:|0|(null)|NULL|False|(null)|(null)|False|False|0|(null)|0|False|Win32_ComputerSystem|COSVGRE14|False|(null)|(null)
0|0|0|C:|False|0|False|Win32_LogicalDisk|Local fixed disk|C:|3|False|(null)|(null)|NTFS|3661844480|(null)|0|255|12|C:|0|(null)|NULL|False|(null)|True|False|False|96266612736|(null)|0|True|True|Win32_ComputerSystem|COSVGRE14|False|0AF823EF

You can also perform a census with ServiceNav: this will allow you to check if the WMI user used to perform the census has remote access rights to WMI. The census queries the WMI class Win32_OperatingSystem with the user provided.

Known errors

Timeout of the WMI request

[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT 1

Ensure that the firewall rules allow WMI on this server.

Host not reachable

[librpc/rpc/dcerpc_connect.c:337:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c000023d) in dcerpc_pipe_connect_ncacn_ip_tcp_recv [librpc/rpc/dcerpc_connect.c:828:dcerpc_pipe_connect_b_recv()] failed NT status (c000023d) in dcerpc_pipe_connect_b_recv [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT_STATUS_HOST_UNREACHABLE - NT_STATUS_HOST_UNREACHABLE 1

Ensure that the IP address entered is correct.

Wrong password

Checks that the password does not contain the '@' character, which is badly handled by WMI (found on Windows server 2019).

Workgroup servers - can't connect

If the connection is not possible with a local administrator account, this may be due to the fact that UAC (User Account Control) is activated when monitoring a node that belongs to a workgroup (outside the domain).

It is necessary to disable the remote UAC on this node. This does not disable local UAC.

To do so :

  • With an administrator account, log on to the target machine
  • Start > Accessories > Command Prompt
  • Enter regedit
  • Open the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • Locate or create a DWORD entry named LocalAccountTokenFilterPolicy and assign it the value 1 (the value 0 allows to reactivate the UAC remotely)

You may also be interested in

Configure IBM AS/400 monitoring requirements


Our next events

Our upcoming webinars

Our Previous Webinars

Welcome to ServiceNav!

Do you need some help? More information about our products? Write to us!
We will never sell or share your personal data with third parties. You have taken note of our privacy policy.
We use cookies to ensure the best experience on our site. If you continue to use this site, we will assume that you are satisfied with it.

Reserve your place

We will never sell or share your personal data with third parties. You have taken note of our privacy policy.