Here is an example You can then load the Windows servers into Zenoss Core or Resource Manager as devices with the following command. The Adding a Windows Device steps shown above are for the simplest case of using Windows local authentication.
The following configuration properties can be used to support monitoring other environments. If the server name cannot be resolved and you are using domain authentication, it is recommended that you set the Id of the device to the IP address and the Title to the server name it is known by in Active Directory.
This situation can occur when no DNS server is available. Kerberos always performs a reverse lookup when obtaining a ticket to use a service on a computer. If your servers are known by multiple names, the reverse lookup may return the wrong name and you will see "Server not found in kerberos database" errors.
See the troubleshooting section on this topic for a solution. List of regular expressions for services to model. If zWinServicesNotModeled is set, we will skip services from it first. List of regular expressions for services to ignore during modeling process.
Availability Replicas performance data location windows node. Possible values: "local", "separate". Default: "separate". Operation timeout for Powershell long running command. Default value is slightly greater than zWinPerfmonInterval to allow each step of long running command to finish. Time when WinRM connections exist before it being closed.
Needed for existing GSS client to decrypt leftover encrypted requests. Used only for domain Kerberos authentication. The monitoring templates for SQL Server are component templates so there is no need to perform a bind. They will automatically be used to monitor databases, instances, and jobs.
Note: The authenticated user will need to be granted permission to view the server state. A Windows user must also be interactive, i. This ZenPack adds a new event notification action that can be used by the zenactiond daemon to allow an arbitrary command to be executed on the remote windows machine.
Use the following steps to set up a notification:. Note: For Zenoss 5. The master may or may not have the same dns lookup capabilities as the collector s. If using the winrs command with kerberos authentication, be sure to set the remote hostname to the FQDN of the device and use the --ipaddress option of winrs to specify the IP address of the device.
For more information please refer to Working with Triggers and Notifications. Basic Authentication Windows default is Kerberos see note below for more information.
It should be between minutes. The winrshost. If you do not want to set this value to the max, then a value of 50 should be adequate. The default is 5, which will cause problems because Zenoss will open up concurrent requests for a set of Perfmon counters and any other shell based datasource.
Note: Starting from Windows ZenPack v. Hence, the number of WinRM shells may be increased. It may need to increase the MaxShellsPerUser to meet the new requirements. This is especially applicable for large environments. If you have challenges setting up HTTPS on the Windows clients but require the user name and password to be encrypted, then using the Kerberos authentication is the best option. If you choose to use Kerberos authentication, then your payload will be encrypted.
For kerberos on EL5, encryption is not supported so you must set the winrm AllowUnencrypted option to true. Note: If you choose to take the WinRM default configurations you must supply Kerberos authentication settings in the zProperties. The Kerberos authentication process requires a ticket granting server. The domain name MUST be the name of the domain, not an alias for the domain. Note: In order to use a single domain user in a child domain or other trusted domain, set zWinKDC to the AD server of the user's domain.
At this time we do not have notes on automating this task but are currently in the process of testing several options. To successfully encrypt your payload between the Zenoss server and the Windows client you must install a Server Authentication certificate on the client machine.
The process for requesting and installing the appropriate certificate can be found in the following technet article Once the client has the correct certificate installed you only need to change the zWinScheme to HTTPS and zWinRMPort to WindowsMonitor already installed on your system. This ZenPack functionally supersedes ZenPacks. WindowsMonitor for Windows platforms that support WinRM, but does not automatically migrate monitoring of your Microsoft Windows resources when installed.
The ZenPacks can coexist gracefully to allow you time to manually transition monitoring to the newer ZenPack with better capabilities. Note: It is also possible to drag and drop selected Windows devices from one class to another. You will need to remodel the devices after the move.
You must be logged into JIRA to run this query. If you don't already have a JIRA account, you can create one here. The ZenPack will automatically generate a kerberos configuration file, krb5. In Zenoss 5. Upgrading Zenoss will lose these changes, so you will need to update your container after upgrade. The file name can be anything that contains alphanumeric, dashes, and underscores.
To add a permanent location for you configuration file, you can make use of the zWinRMKrb5includedir property. This must be a location accessible from within a container and contain ONLY kerberos configuration file s. If the location is invalid or contains files other than kerberos configuration files, it will be ignored and not added to the main krb5. Example:A common problem with Kerberos is that a reverse DNS lookup will result in multiple records returned, and not always the correct one.
Kerberos by default always performs a forward and reverse lookup when establishing a ticket. To disable the reverse lookup, create a file in either the default location or in a user specified location and add the following:.
See krb5. This can be used if a KDC is no longer in service or if the wrong address was entered previously. This can be removed from zWinKDC once a ticket granting ticket for the user has been obtained and the krb5. If none is provided, the first kdc in the list will be used.
Note: Removing one or more errant KDCs from the system can be a time consuming process, so we recommend double-checking that the addresses are valid when entering them into the zWinKDC property. The ZenPack uses individual credential cache files in order to support multiple users across multiple domains. The caches for individual users are located in separate files based on the user name.
While monitoring, we will renew the main kerberos ticket granting ticket 5 minutes before it is set to expire. This will ensure that you receive no "The referenced context has expired" events or errors and will have no collection interruptions due to this error. When combined with the Zenoss Service Dynamics product, this ZenPack adds built-in service impact capability for services running on Microsoft Windows.
The following service impact relationships are automatically added. These will be included in any services that contain one or more of the explicitly mentioned entities. Please refer to the Zenoss Service Dynamics documentation if you run into any of the following problems:. If you cannot find the answer in the documentation, then Resource Manager Service Dynamics users should contact Zenoss Customer Support. Core users can use the zenoss IRC channel or the community.
Adding this group to your domain should fix this problem. It is a known error from Microsoft, kb There are many reasons for kerberos authentication not to work, and a lot of them result in the following unhelpful error message. First install Wireshark on your system. It's GUI is easier to use than the command line equivalent. Next you will need to create a packet capture file on your Zenoss collector.
Assuming the Windows server you're trying to monitor is This will start capturing all packets to or from those two IP addresses. Now you should attempt to remodel the Windows server where you're encountering the error. Once it completes, and fails, again you should go back to the terminal where tcpdump is running and type CTRL-C. You will now have a kerberdebug.
Copy kerberdebug. Start Wireshark and open kerberdebug. You should see something like the following. Searching for this specific error code will quickly show that it occurs when the kerberos client and server don't have their time's synchronized. There's a tolerance for some difference, but in this case it was a big difference due to misconfiguration.
There are some kerberos errors you'll see in the packets that a completely normal part of negotiation and won't lead to any problems. You should ignore the following errors shown in Wireshark:. You'll also see other kerberos messages that are normal. You should ignore these kerberos messages shown by Wireshark:. A clock synchronization issue. This will also be the error if you don't enter a zWinRMServerName and the reverse resolution of the device's manage IP address resolves to a name that doesn't match the server's name in Active Directory.
The first step in troubleshooting any monitoring issues is to scan the zenpython log for errors. If you see OperationTimeout errors in the zenpython log, this is normal. The reason for this is that we run the Get-Counter PowerShell cmdlet over the course of two polling cycles and pull 2 samples by default. There is a 60 second timeout when attempting to receive data. If the receive request does not finish within 60 seconds, you will see an OperationTimeout. You can decrease zWinPerfmonInterval to a lower value, which will pull samples more frequently.
Other timeout issues on a domain could involve having a large Kerberos token. This could be caused by the user belonging to a large number of groups. See kb for more information on the cause and resolution. Possible side effects of a large token include high CPU usage on the Windows server. If you see a corrupt counters error event, this indicates that the specified counters have been corrupted on the Windows device.
No data will be collected for the specified counters until the counters have been repaired on the device and zenpython has been restarted. If you see the following error, check the zenhub log for errors:. If you see an event stating that a plugin was disabled due to blocking, see the PythonCollector ZenPack documentation for steps to remedy this.
Version 2. This option will save the results returned from a Windows server from a modeler or datasource plugin. Note: Be sure to unset the environment variable to avoid unwanted pickle files. If you see an event error that shows "The maximum number of concurrent operations for this user has been exceeded", you will need to increase the number of concurrent operations per user in the winrm config. For example:. If you see 'HTTP status: If you see ' HTTP status: The WS-Management service cannot process the request.
The maximum number of concurrent shells for this user has been exceeded If you see errors containing text similar to "The term 'New-Object' is not recognized as the name of a cmdlet, function, script file, or operable program", this could indicate a problem with the loading of Powershell modules.
Zenoss uses common best practice to execute powershell scripts with the -NoProfile option for efficency. Powershell will fall back on the default system PSModulePath in this case. You must ensure that the default PSModulePath environment variable is valid. If there is a UNC path in the default system path, no modules will load due to double-hopping. Because no modules were loaded, even the most basic powershell cmdlets will not run. Must be a valid Zenoss object ID.
Widgeter no string "" empty string is equivalent to Products. Device datasources Datasources to add to the template. See Datasource Types. Must be specified. This is the reference class and its properties are documented here. See Threshold Types. Values below this will raise an event. Values above this will raise an event. Used as the vertical axis label. See GraphPoint Types. Ideally both area AREA types. Alternative to specifying color. Value larger than this will be nulled.
Not used if negative. Value for the component field on events generated by the datasource. Value for the eventClass field on events generated by the datasource. Value for the eventKey field on events generated by the datasource. Value for the severity field on events generated by the datasource.
Value for the eventClass field on events generated by the threshold. Value for the severity field on events generated by the threshold. Set to true will prevent ZenPack installation if type isn't a valid type. Should this graphpoint be stacked added to the last? Maximum permitted value. Should thresholds associated with dpName be automatically added to the graph? Data Access. Collection Zones. Installing collectors. Managing devices. Process monitoring. Event management.
Triggers and notifications. User management. UI reference. Reports reference. Cisco UCS Reports. Enterprise Reports. Graph Reports. Multi-Graph Reports. User access. Client access. Update notes. Zenoss API. Action service. Trigger resources. Data receiver service. User management service. On this page Creating templates Copying templates Renaming templates Template binding Device templates Binding a device template Resetting bindings Component templates Interface templates.
Monitoring templates Collection Zone stores performance configuration data in templates.
0コメント