The Industry Standard in IT Infrastructure Monitoring
Purpose
This document describes how to monitor Windows machines with Nagios® XI™ using WMI.
WMI (Windows Management Instrumentation) allows for agentless monitoring of Windows machines.
Nagios XI supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.
Target Audience
This document is intended for use by Nagios XI Administrators who want to monitor Windows servers and workstations without having to install an agent.
XI Server Requirements
Before you can monitor Windows machines using WMI, you must install the WMI client on the Nagios XI server. For instructions on doing this, read the following document from the Nagios Library:
Installing The WMI Client For XI
http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf
Windows Machine Requirements
You will need to ensure you have the following requirements setup before you can use WMI to monitor and windows server or workstation.
• WMI service is running • WMI user account set up • Firewall rules set up
We will walk through each of these requirements for the window machine you wish to monitor. You will need to log in as a user with administrator privileges.
WMI Service
First, verify the WMI service is running on your windows machine: Click Start and choose Run.
The window to the right will appear and type “services.msc” in the Open field.
that the Windows Management Instrumentation service is running. You can configure and start the service in the Computer Management console under the Services section.
Verify the service Windows Management Instrument (WMI) is in a status of Started.
Configure A WMI User Account On The Windows Machine:
Next, configure a WMI user account on the local machine. We'll create a new user account called “wmiagent” with a password “wmiagent” as an example.
From the command prompt enter: net user wmiagent wmiagent /add
Setting WMI permissions
WMI requires a valid username and password on the target system. The following steps outline how to add only the permissions needed to the Windows user account. However, you can add the user to be a member of the local administrators group instead. Note: If you wish to monitor multiple computers across the domain, instead add the user to be a member of the “Distributed Com Users”, “Performance Log Users” and “Performance Monitor Users” groups.
Adding Remote Activation Privilege to Windows DCOM
Next, we need to give our newly created user access to DCOM on theSelect COM Security tab, and next choose the Edit Limits... button from the Launch Activation Permissions section.
Add the user that will be used by Nagios to monitor this machine, in our case the user is wmiagent.
Click Add. Enter “wmiagent” in the Enter the object name to select and click OK. You will now see wmiagent as a user.
Check the Remote Launch and Remote Activation check boxes under Allow. Click OK twice.
Adding Remote WMI Access
In order for our user to return data remotely from WMI, access to the WMI namespace CIMV2 must be added.
Click Start, choose Run, type “WMImgmt.msc”
Select the Security tab of the WMI Control Properties. Expand Root, and right click on CIMV2, select Properties
Note: In later version of Windows you need to select CMIV2 and click the Security button.
Click Add. Enter “wmiagent” in the Enter the object name to select and click OK. You may need to use the Check Names button to find the correct object.
You will now see “wmiagent” as a user.
Check the Enable Account and Remote Enable check boxes under Allow. Click OK twice.
Windows Firewall Settings
Next, configure the firewall rules specific to the version of windows being monitored. Windows Server 2008
Windows Server 2008 should by default have the correct firewall rules set.
Verify the Inbound Rules exist and are enabled for:
• DCOM
• WMI
If the WMI rule group does not exist as pictured above, the recommended settings are listed here as outlined by Microsoft. From the command prompt enter:
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot %\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135 netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot %\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot %\system32\wbem\unsecapp.exe action=allow
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot %\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
More details about 2008 firewall settings can be found at:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa822854(v=vs.85).aspx
Click Start, choose Run, type “DCOMCnfg.exe”
Expand Component Services, expand Computers, right-click My Computer, and select Properties.
Next, choose the Default Protocols tab Select Properties and click Add.
Allow the port range through the windows firewall. This command will open ports from 5000-5020 to match the COM Internet Services Range.
From the command prompt enter:
FOR /L %I IN (5000,1,5020) DO netsh fire wall add portopening TCP %I "COM"%I
Lastly, open DCOM port 135 From the command prompt enter:
netsh firewall add portopening TCP 135 "DCOM"
Windows XP
If you are running a firewall on the Windows machine, you must ensure that the Nagios server can contact the WMI service.
To do this, you must open TCP Port 135 on the Windows firewall. Navigate to Start→All Programs→Accessories→System Tools→Security Center
From the Windows Security Center click on the link to Manage Setting for: Windows Firewalls.
Switch to the Exception Tab and click the Add Port Button. The following window will open.
Enter WMI for the Name and Port number 135, then click OK.
Installing The WMI Monitoring Wizard (For users running Nagios XI 2012 r1.0 and earlier)
Now that we have the windows machine set up to connect with WMI, we can now set up Nagios XI to monitor it. To do so we will use the WMI Monitoring Wizard.To install the wizard in Nagios XI, go to Admin → Manage Config Wizards.
Browse for the windowswmi.zip that was downloaded above and click the Upload Wizard button.
Running The WMI Wizard
Once the wizard is installed in Nagios XI, it will be available when you navigate to Configure → Run the Monitoring Wizard → Windows WMI wizard.
The wizard will prompt you for the IP Address of the Windows machine, along with the Username and Password to access the machine.
Click Next.
The wizard will allow you to select what types of metrics and data should be monitored, along with warning and critical thresholds. New in XI5, WMI will detect disks, services, and processes that are on your machine. This makes it much easier to set up checks for those services. If XI5 is not able to communicate via WMI, the error information will also display.
Metrics and data that can be monitored using the WMI wizard include:
• CPU Usage
• Memory Usage • Page File Usage • Disk Usage • Service State • Process State • Event Log Data
enable, click Next to continue. Customize your monitoring setting as needed and click Finish.
The screen shot below shows disk, cpu, memory, service, and additional process monitoring capabilities of the WMI wizard.
Troubleshooting
If the status information on the Service Detail page is empty (null) or states “Install wmic”. The problem is probably that the WMIC plugins were not installed properly. Redo the installation steps outlined in the document below:
How To Install The WMI Client For Nagios XI
http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf
When the process that is trying to access the namespace does not have the required WMI privileges, you may see errors similar to this one:
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:212:main()] ERROR: Retrieve result data.
NTSTATUS: NT code 0x80041003 - NT code 0x80041003
To fix the issue, log in the remote Windows box (target machine), open the CMD Prompt as an Administrator, and run the following command in order to allow WMI queries:
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD) (AU;OIIOFA;GA;;;WD)
Sourced from here: http://support.microsoft.com/kb/907460
This command is proven to work on Windows 2003, 2008R2 and 2012R2 – no reboot is required.