I have Windows Server 2008 R2, 2012 R2, 2016 and 2019 servers, as of today I have nagios NCPA agent installed in version 2.4.0 and 2.3.1 on different servers. My problem is that certain time the "NCPA Listener" service stops and therefore my services in Nagios XI go to Unknown status.
I share the screens...
NCPA Listener stopped (Windows Server)
-
- Posts: 11
- Joined: Mon Apr 19, 2021 10:18 am
NCPA Listener stopped (Windows Server)
You do not have the required permissions to view the files attached to this post.
Re: NCPA Listener stopped (Windows Server)
Hi
Is there anything in the Windows Event logs showing when the service dies?
Who is the service running as?
Thanks
Is there anything in the Windows Event logs showing when the service dies?
Who is the service running as?
Thanks
-
- Posts: 11
- Joined: Mon Apr 19, 2021 10:18 am
Re: NCPA Listener stopped (Windows Server)
The only log I have is: "[13080] 2021/12/29 18: 56: 18.513 starting logging at level ERROR"
Re: NCPA Listener stopped (Windows Server)
Hi
1. What is the name of the log file that has that entry?
2. On the Services, Properties for "NCPA Listener - ncpalistener"can you get a screenshot of the Log On tab please? 3. Is there any anti-virus software installed/running?
Thanks
1. What is the name of the log file that has that entry?
2. On the Services, Properties for "NCPA Listener - ncpalistener"can you get a screenshot of the Log On tab please? 3. Is there any anti-virus software installed/running?
Thanks
You do not have the required permissions to view the files attached to this post.
-
- Posts: 11
- Joined: Mon Apr 19, 2021 10:18 am
Re: NCPA Listener stopped (Windows Server)
1. The file name is: "win32service_ncpalistener" located in "C: \ Program Files (x86) \ Nagios \ NCPA \ var \ log"
2. Already append the capture of the service in "Log On"
3.- Yes, in all windows servers we have ESET server security, additionally the OS firewall is deactivated as well as windows defender.
Regards...
2. Already append the capture of the service in "Log On"
3.- Yes, in all windows servers we have ESET server security, additionally the OS firewall is deactivated as well as windows defender.
Regards...
You do not have the required permissions to view the files attached to this post.
Re: NCPA Listener stopped (Windows Server)
Hi
Thanks for those answers.
Could you please look in the Windows Event Viewer at both the System and Application logs around the time the NCPA listener
fails and report any messages related to NCPA ?
Thank you!
Thanks for those answers.
Could you please look in the Windows Event Viewer at both the System and Application logs around the time the NCPA listener
fails and report any messages related to NCPA ?
Thank you!
-
- Posts: 11
- Joined: Mon Apr 19, 2021 10:18 am
Re: NCPA Listener stopped (Windows Server)
Hello gsmith!
This week I monitor the NCPA agent and it presented the same problem of stopping, I was checking the windows event viewer, it has nothing registered, I also checked the logs in Nagios /NCPA/var/log and there is also nothing.
Today NCPA service started again.
This week I monitor the NCPA agent and it presented the same problem of stopping, I was checking the windows event viewer, it has nothing registered, I also checked the logs in Nagios /NCPA/var/log and there is also nothing.
Today NCPA service started again.
You do not have the required permissions to view the files attached to this post.
Re: NCPA Listener stopped (Windows Server)
Hi
From what I was able to interpret from some research it looks like ESET is most likely the culprit.
Please try to prevent ESET from monitoring the ncpalistener service and it's supporting files. We do not
have a license for ESET so I was unable to verify this on my test system.
You could also create a "test" Windows server without ESET, install the NCPA agent on it, and see if
the service dies.
Solving the root cause (ESET) is the best course of action, but I was able to come up with a band-aid.
I had Nagios XI monitor the ncpalistener service on a Windows server, and if the ncpalistener service dies,
an event handler will try to restart the ncpalistener. It seems the Window user called out in the script for
the event handler must be a Domain Admin. Here are the (rough) steps:
enable this in Windows firewall:
Remote Service Management (NP-In)
install samba on XI server:
yum -install -y samba
use the "net rpc" command to test command from XI. It seems the user must be a Domain Admin
[root@localhost ~]# net rpc -I 192.168.254.233 -U nagios/gsmith%8324PHrjw! service start ncpalistener
....
Successfully started service: ncpalistener
create /usr/local/nagios/start_ncpalistener.sh as:
#!/bin/bash
echo `date` >> /tmp/ncpa_remote.log
echo 'Trying to start ncpa listener service' >> /tmp/ncpa_remote.log
echo '' >> /tmp/ncpa_remote.log
net rpc -I 192.168.254.233 -U nagios/gsmith%8324PHrjw! service start ncpalistener
Create command in Nagios XI as misc_commands Create event handler:
Thanks
From what I was able to interpret from some research it looks like ESET is most likely the culprit.
Please try to prevent ESET from monitoring the ncpalistener service and it's supporting files. We do not
have a license for ESET so I was unable to verify this on my test system.
You could also create a "test" Windows server without ESET, install the NCPA agent on it, and see if
the service dies.
Solving the root cause (ESET) is the best course of action, but I was able to come up with a band-aid.
I had Nagios XI monitor the ncpalistener service on a Windows server, and if the ncpalistener service dies,
an event handler will try to restart the ncpalistener. It seems the Window user called out in the script for
the event handler must be a Domain Admin. Here are the (rough) steps:
enable this in Windows firewall:
Remote Service Management (NP-In)
install samba on XI server:
yum -install -y samba
use the "net rpc" command to test command from XI. It seems the user must be a Domain Admin
[root@localhost ~]# net rpc -I 192.168.254.233 -U nagios/gsmith%8324PHrjw! service start ncpalistener
....
Successfully started service: ncpalistener
create /usr/local/nagios/start_ncpalistener.sh as:
#!/bin/bash
echo `date` >> /tmp/ncpa_remote.log
echo 'Trying to start ncpa listener service' >> /tmp/ncpa_remote.log
echo '' >> /tmp/ncpa_remote.log
net rpc -I 192.168.254.233 -U nagios/gsmith%8324PHrjw! service start ncpalistener
Create command in Nagios XI as misc_commands Create event handler:
Thanks
You do not have the required permissions to view the files attached to this post.
-
- Posts: 11
- Joined: Mon Apr 19, 2021 10:18 am
Re: NCPA Listener stopped (Windows Server)
Hello,
Checking with the staff that manages the ESET antivirus, it can be seen that there is a blockage in the NCPA processes. Today request the exclusion of the processes on all Windows servers. I proceed to lift the Nagios processes again and monitor if this problem no longer presents. I'll confirm next Monday at the latest.
Regards
Checking with the staff that manages the ESET antivirus, it can be seen that there is a blockage in the NCPA processes. Today request the exclusion of the processes on all Windows servers. I proceed to lift the Nagios processes again and monitor if this problem no longer presents. I'll confirm next Monday at the latest.
Regards
You do not have the required permissions to view the files attached to this post.
Re: NCPA Listener stopped (Windows Server)
Hi
Sounds good. Please let me know what happens.
Thank you!
Sounds good. Please let me know what happens.
Thank you!