Monitor a non-domain windows box

[thomasj]

Hi all,

I have a bit of an odd question...
My Nagios xi box (Centos box) is a Domain member.
I have a Windows 2008 R2 box that is connected to our network but has the requirement to not be a domain member.
I am finding that Nagios can ping the tagret box (non-domain member) but returns the error message "CRITICAL - Socket timeout after 10 seconds" for all services I am trying to monitor.
I would imagine this is because the non-domain windows server doesnt have a trust relationship an therefore doesnt trust the nagios box to run the commands passed by it (nagios).
I was wondering if you have come across this requirement before and know how to get a non-domain member monitored by nagios (domain member)

Thanks in advance

Joe

[scottwilkerson]

What kind of checks are you trying to run? NSClient, NRPE, WMI, SNMP?

[thomasj]

For now just the default checks through the monitoring wizard so NSclient checks. This may grow in time. But this will be good enough to start with.

[scottwilkerson]

Couple things that come to mind as possibilities

Is the NSClient ++ service running?
Is their any firewall blocking port 12489 on the Windows machine or off?
In the NSC.ini is the allowed_hosts set to your nagios XI servers IP address?
In the NSC.ini is the following line uncommented

Code: Select all

NSClientListener.dll

Do you see anything in the nsclient.log?

[thomasj]

Nsclient is running
Firewall exception is set and allowing inbound traffic from the nagios box on port 12489
nsc.ini allowed_hosts is set to the IP address of the nagios box
nsc.ini NSClientListener.dll is uncommented (wasnt previously)

Still not working. "No route to host could not fetch information from server"

[scottwilkerson]

After fixing the nsc.ini, you need to restart Nsclient service.

Also, "no route to host" leads me to believe that you don't have the correct IP address for the host in Nagios....

[thomasj]

Restarting the service - No joy
The IP address is correct. - Still no joy

Scratching my head
Just thinking in type....
because there is no trust relationship, would there need to be a local "nagios" user on the Windows box (non-domain member)?

[scottwilkerson]

Restarting the service - No joy
The IP address is correct. - Still no joy

Scratching my head
Just thinking in type....
because there is no trust relationship, would there need to be a local "nagios" user on the Windows box (non-domain member)?

The domain thing shouldn't matter, Nagios doesn't talk to windows directly, it only talks to NSClient.

From your XI machine can you telnet to the client on port 12489 ?

Code: Select all

telnet <clientIP> 12489

You should see something like this:

Code: Select all

Trying 192.168.5.15...
Connected to 192.168.5.15 (192.168.5.15).
Escape character is '^]'.

If not, you are not able to reach NSClient from the XI machine (like a firewall).