Nagios Support Forum

Hi,

We have 2 network zones, nagiosXI is hosted on Zone1. We have to monitor windows (2016) boxes in Zone2 using WMI. We have followed https://assets.nagios.com/downloads/nag ... ios-XI.pdf to setup monitoring.

Server level firewall is OFF. On Physical firewall we have enabled INBOUND and OUTBOUND TCP port 135 from Zone2 to Zone1 nagiosXI.

We are getting error:
[root@nagiosXI ~]# /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.x.x.x -u 'domain/username' -p 'password' -m checkcpu -w '80' -c '95' -d
Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.x.x.x -u USER -p PASS -m checkcpu -w 80 -c 9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Starting Keep State Mode
STATE FILE: /tmp/cwpss_checkcpu__10215750___.state
Round #1 of 1
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//10.x.x.x' 'select PercentProcessorTime,Timestam from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
UNKNOWN - Plugin Timed out (15 sec). There are multiple possible reasons for this, some of them include - The host 10.x.x.x might just be really busy, it might not even be running Windows.

Increased timeout to 90 sec, still the same.

Telnet from NagiosXI box to host 10.x.x.x : Connected to 10.x.x.x.

WMI output works fine for local network Zone1 systems. What are we missing here?

Thanks,
Vikram

To monitor a Windows system using WMI, it needs more than port 135 to be open so I suspect that the Physical firewall is blocking the other needed ports.
It uses port 135 to authenticate and then a block of upper ports to transfer the data.

WMI communications use a random port between 1024 and 65535, per Microsoft Windows specifications. You must create firewall exceptions to allow TCP/UDP traffic on ports 1024 - 65535 or the monitored objects that use WMI will not be mapped.

Or an option is to setup a fixed port for WMI and the following link are instructions for doing that.

https://docs.microsoft.com/en-us/window ... rt-for-wmi

Try that and let us know if you have any further questions.

Instead of a random guessing the ports, How could we know the exact ports need to be opened to get WMI response. It would be a great difficulty to open TCP/UDP ports range 1024 and 65535 on a physical firewall.

Take a look at the link from my previous post that has instructions on how to setup WMI to use a fixed port so you will not have to know which block of ports to open in the firewall.

I found this information that would be helpful to you.

WMI uses ports 135, 445 / additional dynamically-assigned ports in 1024-1034 range.
So the range may be smaller than we thought.