Now that is really weird!!!!
If I add the shortname to the /etc/hosts if works...
10.146.20.181 csdev95.mcis.washington.edu
69.91.248.222 its-bmc-app02 its-bmc-app02.amc.uwmedicine.org
[root@csdev95 ~]# /usr/local/nagios/libexec/check_wmi_plus.pl -H its-bmc-app02 -u 'www\myacct' -p 'mysecret' -m checkeventlog -a 'System' -o 1 -3 1 -w '10' -c '15'
OK - 0 event(s) of at least Severity Level "Error", were recorded in the last 1 hours from the System Event Log.|'Event Count'=0;10;15;
But still will not use fqdn.
[root@csdev95 ~]# /usr/local/nagios/libexec/check_wmi_plus.pl -H its-bmc-app02 -u 'www\myacct' -p 'mysecret' -m checkeventlog -a 'System' -o 1 -3 1 -w '10' -c '15'
UNKNOWN - The WMI query had problems. The target host (its-bmc-app02) might not be reachable over the network. Is it down? Is its-bmc-app02 the correct hostname?. The host might even by up but just too busy. Wmic error text on the next line.
[librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
dcerpc_connect
Re: dcerpc_connect
Wonder what order does the hostname get resolved by, and what it does if it didn't find it in the DNS. Is the short name in WINS?
could you show us what's in /etc/nsswitch.conf and /etc/resolv.conf?
could you show us what's in /etc/nsswitch.conf and /etc/resolv.conf?
Re: dcerpc_connect
Well your last question got me to thinking...and I had forgot to add the amc.uwmedicine.org to the domain search field within resolv.conf
I therefore removed the entry for this specific host in /etc/hosts and forced the system to use dns to determine the host's location...which then caused the query to fail.
I then added the domain search amc.uwmedicine.org to the /etc/resolv.conf which then allowed the query to succeed.
I am still not sure why that matters when the host definition includes the FQDN within it and doesn't really require the need to determine the domain when it queries DNS. If anyone can explain what this all means I would be greatly appreciative because it obviously means there is something more about the way DNS functions then I understand. Or new WMI monitors for whatever reason are using the short name when it passes the %HOSTNAME% to the query???
So this has solved the problem of adding new WMI monitors to existing hosts...
I am just not sure I understand the difference between having all the monitors added initially and they work.
Adding a new monitor to an existing host and it fails unless the domain for the host is added within the resolv.conf search field.
Perhaps someone with a thorough understanding of this could explain the differences of what I just described...because I still don't really understand the actual workings of this.
Thanks in advance to all that have helped resolve this dilemma,
Danny
I therefore removed the entry for this specific host in /etc/hosts and forced the system to use dns to determine the host's location...which then caused the query to fail.
I then added the domain search amc.uwmedicine.org to the /etc/resolv.conf which then allowed the query to succeed.
I am still not sure why that matters when the host definition includes the FQDN within it and doesn't really require the need to determine the domain when it queries DNS. If anyone can explain what this all means I would be greatly appreciative because it obviously means there is something more about the way DNS functions then I understand. Or new WMI monitors for whatever reason are using the short name when it passes the %HOSTNAME% to the query???
So this has solved the problem of adding new WMI monitors to existing hosts...
I am just not sure I understand the difference between having all the monitors added initially and they work.
Adding a new monitor to an existing host and it fails unless the domain for the host is added within the resolv.conf search field.
Perhaps someone with a thorough understanding of this could explain the differences of what I just described...because I still don't really understand the actual workings of this.
Thanks in advance to all that have helped resolve this dilemma,
Danny
Re: dcerpc_connect
I'm left scratching my head on this on. We could turn on the -d (debug option) on the check and see what wmic is invoking. Although the original error would have pointed us to a dns error:
http://www.edcint.co.nz/checkwmiplus/?q ... adproblems
http://www.edcint.co.nz/checkwmiplus/?q ... adproblems