Hi,
We have 2 network zones, nagiosXI is hosted on Zone1. We have to monitor windows (2016) boxes in Zone2 using WMI. We have followed https://assets.nagios.com/downloads/nag ... ios-XI.pdf to setup monitoring.
Server level firewall is OFF. On Physical firewall we have enabled INBOUND and OUTBOUND TCP port 135 from Zone2 to Zone1 nagiosXI.
We are getting error:
[root@nagiosXI ~]# /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.x.x.x -u 'domain/username' -p 'password' -m checkcpu -w '80' -c '95' -d
Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.x.x.x -u USER -p PASS -m checkcpu -w 80 -c 9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Starting Keep State Mode
STATE FILE: /tmp/cwpss_checkcpu__10215750___.state
Round #1 of 1
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//10.x.x.x' 'select PercentProcessorTime,Timestam from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
UNKNOWN - Plugin Timed out (15 sec). There are multiple possible reasons for this, some of them include - The host 10.x.x.x might just be really busy, it might not even be running Windows.
Increased timeout to 90 sec, still the same.
Telnet from NagiosXI box to host 10.x.x.x : Connected to 10.x.x.x.
WMI output works fine for local network Zone1 systems. What are we missing here?
Thanks,
Vikram
Monitoring Windows Using WMI - Issues
Re: Monitoring Windows Using WMI - Issues
To monitor a Windows system using WMI, it needs more than port 135 to be open so I suspect that the Physical firewall is blocking the other needed ports.
It uses port 135 to authenticate and then a block of upper ports to transfer the data.
WMI communications use a random port between 1024 and 65535, per Microsoft Windows specifications. You must create firewall exceptions to allow TCP/UDP traffic on ports 1024 - 65535 or the monitored objects that use WMI will not be mapped.
Or an option is to setup a fixed port for WMI and the following link are instructions for doing that.
https://docs.microsoft.com/en-us/window ... rt-for-wmi
Try that and let us know if you have any further questions.
It uses port 135 to authenticate and then a block of upper ports to transfer the data.
WMI communications use a random port between 1024 and 65535, per Microsoft Windows specifications. You must create firewall exceptions to allow TCP/UDP traffic on ports 1024 - 65535 or the monitored objects that use WMI will not be mapped.
Or an option is to setup a fixed port for WMI and the following link are instructions for doing that.
https://docs.microsoft.com/en-us/window ... rt-for-wmi
Try that and let us know if you have any further questions.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Windows Using WMI - Issues
Instead of a random guessing the ports, How could we know the exact ports need to be opened to get WMI response. It would be a great difficulty to open TCP/UDP ports range 1024 and 65535 on a physical firewall.
Re: Monitoring Windows Using WMI - Issues
Take a look at the link from my previous post that has instructions on how to setup WMI to use a fixed port so you will not have to know which block of ports to open in the firewall.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Windows Using WMI - Issues
I found this information that would be helpful to you.
WMI uses ports 135, 445 / additional dynamically-assigned ports in 1024-1034 range.
So the range may be smaller than we thought.
WMI uses ports 135, 445 / additional dynamically-assigned ports in 1024-1034 range.
So the range may be smaller than we thought.
Be sure to check out our Knowledgebase for helpful articles and solutions!