WMI to MVs Azure

This board serves as an open discussion and support collaboration point for Nagios XI. NOTE: Nagios XI customers should use the Customer Support forum to obtain expedited support.

WMI to MVs Azure

Postby Eudes87 » Tue Dec 03, 2019 1:47 pm

I need to monitor virtual machines on Azure through WMI.

Azure has a virtual machine that is the domain controller replica where the nagios server is.

We follow the documentation steps: https://assets.nagios.com/downloads/nag ... ios-XI.pdf

The user we are using has domain privileges and it works for machines that are out of the azure.

Server Nagios:
Code: Select all
$ nmap <MV  Azure> -p 135

Starting Nmap 6.47 ( http://nmap.org ) at 2019-12-03 14:14 -03
Nmap scan report for 10.x.x.x
Host is up (0.023s latency).
PORT    STATE SERVICE
135/tcp open  msrpc

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds


MV Azure:
Code: Select all
>sc query winmgmt

SERVICE_NAME: winmgmt
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0


Error:
Code: Select all
$ /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.x.x.x -u 'domain/user' -p 'passwd' -m checkcpu -w '80' -c '90'
UNKNOWN - Plugin Timed out (15 sec). There are multiple possible reasons for this, some of them include - The host 10.x.x.x might just be really busy, it might not even be running Windows.
Eudes87
 
Posts: 27
Joined: Wed Oct 09, 2019 8:37 am

Re: WMI to MVs Azure

Postby scottwilkerson » Tue Dec 03, 2019 3:25 pm

As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17419
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: WMI to MVs Azure

Postby mcapra » Tue Dec 03, 2019 4:57 pm

You could also try using the FQDN, if it's possible:
viewtopic.php?f=16&t=55317#p290869
Former Nagios employee
http://www.mcapra.com/
User avatar
mcapra
 
Posts: 3591
Joined: Thu May 05, 2016 3:54 pm

Re: WMI to MVs Azure

Postby scottwilkerson » Tue Dec 03, 2019 5:09 pm

Thanks for the added input @mcapra!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17419
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: WMI to MVs Azure

Postby Eudes87 » Wed Dec 04, 2019 9:11 am

scottwilkerson wrote:Are the ports open in your Azure network security group?
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal


Hello Scott How are you?
I appreciate the return, I checked with the internal teams, We found that there was a physical firewall.
I requested the release of the ports 135, 445/ additional dynamically-assigned ports in 1024-1034 range. (I saw about these ports here: viewtopic.php?f=6&t=52932)
worked perfectly.

in the documentation is quoted only 135 and 5000-5020 (win 2003).

Can you confirm all ports that are required to flush the communication to WMI?
This way I will document it for the security team.

Thanks
Eudes87
 
Posts: 27
Joined: Wed Oct 09, 2019 8:37 am

Re: WMI to MVs Azure

Postby Eudes87 » Wed Dec 04, 2019 9:12 am

mcapra wrote:You could also try using the FQDN, if it's possible:
viewtopic.php?f=16&t=55317#p290869

Hello @mcapra
Thanks, but the link topic is blocked for me.
Eudes87
 
Posts: 27
Joined: Wed Oct 09, 2019 8:37 am

Re: WMI to MVs Azure

Postby scottwilkerson » Wed Dec 04, 2019 9:17 am

Eudes87 wrote:
scottwilkerson wrote:Are the ports open in your Azure network security group?
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal


Hello Scott How are you?
I appreciate the return, I checked with the internal teams, We found that there was a physical firewall.
I requested the release of the ports 135, 445/ additional dynamically-assigned ports in 1024-1034 range. (I saw about these ports here: viewtopic.php?f=6&t=52932)
worked perfectly.

in the documentation is quoted only 135 and 5000-5020 (win 2003).

Can you confirm all ports that are required to flush the communication to WMI?
This way I will document it for the security team.

Thanks


I believe you have all the required ports.

Eudes87 wrote:Hello @mcapra
Thanks, but the link topic is blocked for me.


The meat of that post is here
There's also this general purpose WMI troubleshooting document with some steps:
https://support.nagios.com/kb/article/nagios-xi-wmi-troubleshooting-579.html

You might also try using the FQDN (it's complicated) for the address instead of the IP address. Sometimes with AD accounts used for authentication, Windows gets fussy if you're attempting to authenticate against the IP address rather than the domain.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17419
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: WMI to MVs Azure

Postby Eudes87 » Fri Dec 06, 2019 1:39 pm

I was able to solve all the problems with your support, thanks @mcapra and @scottwilkerson
Eudes87
 
Posts: 27
Joined: Wed Oct 09, 2019 8:37 am

Re: WMI to MVs Azure

Postby scottwilkerson » Fri Dec 06, 2019 1:50 pm

Eudes87 wrote:I was able to solve all the problems with your support, thanks @mcapra and @scottwilkerson

Great!

Locking thread
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17419
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises


Return to Nagios XI

Who is online

Users browsing this forum: cellactIT and 18 guests