ZenPack:Microsoft Windows

From Zenoss Wiki
Revision as of 20:17, 11 November 2016 by Dbouchillon (Talk | contribs)$7

Jump to: navigation, search
Organization
Zenoss, Inc.
License
GNU General Public License, Version 2, or later
ZenPack name
ZenPacks.zenoss.Microsoft.Windows
More Information
GitHub page/HomePage
Link to more docs
View Documentation
Git sources (for cloning)
Link


Applications Monitored: 



Microsoft Windows ZenPack

Monitoring for Microsoft Windows servers.

Warning

The ZenPack Catalog has moved to its new home at https://www.zenoss.com/product/zenpacks as of January 17, 2017. The following information may be out of date, and this page will eventually be removed.

Support

This is an Open Source ZenPack developed by Zenoss, Inc. Enterprise support for this ZenPack is available to commercial customers with an active subscription.

Releases

Version 2.6.7- Download
Released on 2016/11/11
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Core 5.1.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x, Zenoss Resource Manager 5.1.x
Version 2.6.4- Download
Released on 2016/09/19
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Core 5.1.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x, Zenoss Resource Manager 5.1.x
Version 2.5.13- Download
Released on 2016/05/10
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x
Version 2.4.9- Download
Released on 2015/09/09
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x
Version 2.3.2- Download
Released on 2015/03/05
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x
Version 2.2.1- Download
Released on 2015/01/09
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Resource Manager 4.2.x
Version 2.1.3- Download
Released on 2014/10/27
Requires PythonCollector ZenPack
Compatible with Zenoss Core 4.2.x, Zenoss Resource Manager 4.1.x, Zenoss Resource Manager 4.2.x

Background

This ZenPack provides support for monitoring Microsoft Windows. Monitoring is performed using the Windows Remote Management (WinRM) and Windows Remote Shell (WinRS) to collect Windows Management Instrumentation (WMI) and Perfmon data.

Bulbgraph.png Note: This ZenPack supersedes the earlier ZenPack named ZenPacks.zenoss.WindowsMonitor for Windows platforms that support WinRM. If you have ZenPacks.zenoss.WindowsMonitor installed on your system, please read the #Transitioning from WindowsMonitor section below.

Video

Gallery

Features

The features added by this ZenPack can be summarized as follows. They are each detailed further below.

  • Initial discovery and periodic remodeling of relevant components.
  • Performance monitoring.
  • Event management.
  • Custom Commands

Discovery

The following components will be automatically discovered through the Windows server address, username and password you provide. The properties and relationships will be periodically updated by modeling.

Device
File systems
Interfaces
Server (Device)
Attributes: Name, Contact, Description, Serial Number, Tag, Hardware Model, Physical Memory, Total Virtual Memory, Operating System, Cluster
Cluster (Device)
Attributes: Name, Contact, Description, Physical Memory, Total Virtual Memory, Operating System, Member Servers
Processors
Attributes: Name, Description, Model, Socket, Cores, Threads, Clock Speed, External Speed, Voltage, L1 Cache Size, L2 Cache Size and Speed, L3 Cache Size and Speed
File System
Attributes: Mount Point, Status, Storage Device, Type, Block Size, Total Blocks, Total Bytes, Maximum Name Length
Interfaces
Attributes: Name, Description, MAC Address, MTU, Speed, Duplex, Type, Administrative Status, Operational Status, IP Addresses
Network Routes
Attributes: Destination, Next Hop, Interface, Protocol, Type
Process Sets
Attributes: Name, Recent Matches, Process Class
Software
Attributes: Name, Vendor, Installation Date
Services
Attributes: Name, Display Name, Start Mode, Account
Cluster Services
Attributes: Name, Core Group, Owner Node, State, Description, Priority
Relationships: Cluster Resources
Cluster Resources
Attributes: Name, Owner Node, Description, Owner Group, State
Relationships: Cluster Service
Cluster Nodes
Attributes: Name, Assigned Vote, Current Vote, State
Relationships: Cluster Disks, Cluster Interfaces
Cluster Networks
Attributes: Name, Description, State
Cluster Disks
Attributes: Name, Owner Node, Volume Path, Disk Number, Partition Number, Capacity, Free Space, State
Relationships: Cluster Nodes
Cluster Interfaces
Attributes: Name, Owner Node, Network, IP Addresses, Adapter, State
Relationships: Cluster Nodes
IIS Sites
Attributes: Name, Status, App Pool
SQL Server Instances
Attributes: Name
Relationships: SQL Server Databases
SQL Server Databases
Attributes: Name, Version, Owner, Last Backup, Last Log Backup, Accessible, Collation, Creation Date, Default File Group, Primary File Path, Recovery Model, Is System Object
Relationships: SQL Server Instance
SQL Server Backups
Attributes: Name, Device Type, Physical Allocation, Status
Relationships: SQL Server Instance
SQL Server Jobs
Attributes: Name, Job ID, Description, Enabled, Date Created, Username
Relationships
SQL Server Instance


Performance Monitoring

Perfmon counters are collected using the PowerShell Get-Counter Cmdlet within a remove shell (WinRS). The following metrics will be collected every 5 minutes by default. Any other Windows Perfmon counters can also be collected by adding them to the appropriate monitoring template.

Device-level graphs
File systems
Device
  • \Memory\Available bytes
  • \Memory\Committed Bytes
  • \Memory\Pages Input/sec
  • \Memory\Pages Output/sec
  • \Paging File(_Total)\% Usage
  • \Processor(_Total)\% Privileged Time
  • \Processor(_Total)\% Processor Time
  • \Processor(_Total)\% User Time
  • \System\System Up Time
File Systems
  • \Disk Read Bytes/sec
  • \% Disk Read Time
  • \Disk Write Bytes/sec
  • \% Disk Write Time
  • \Free Megabytes
Interfaces
  • \Bytes Received/sec
  • \Bytes Sent/sec
  • \Packets Received Errors
  • \Packets Received/sec
  • \Packets Outbound Errors
  • \Packets Sent/sec
Active Directory
  • \NTDS\DS Client Binds/sec
  • \NTDS\DS Directory Reads/sec
  • \NTDS\DS Directory Searches/sec
  • \NTDS\DS Directory Writes/sec
  • \NTDS\DS Monitor List Size
  • \NTDS\DS Name Cache hit rate
  • \NTDS\DS Notify Queue Size
  • \NTDS\DS Search sub-operations/sec
  • \NTDS\DS Server Binds/sec
  • \NTDS\DS Server Name Translations/sec
  • \NTDS\DS Threads in Use
  • \NTDS\KDC AS Requests
  • \NTDS\KDC TGS Requests
  • \NTDS\Kerberos Authentications
  • \NTDS\LDAP Active Threads
  • \NTDS\LDAP Bind Time
  • \NTDS\LDAP Client Sessions
  • \NTDS\LDAP Closed Connections/sec
  • \NTDS\LDAP New Connections/sec
  • \NTDS\LDAP New SSL Connections/sec
  • \NTDS\LDAP Searches/sec
  • \NTDS\LDAP Successful Binds/sec
  • \NTDS\LDAP UDP operations/sec
  • \NTDS\LDAP Writes/sec
  • \NTDS\NTLM Authentications
  • \NTDS\DS Client Binds/sec
  • \NTDS\DS Directory Reads/sec
  • \NTDS\DS Directory Searches/sec
  • \NTDS\DS Directory Writes/sec
  • \NTDS\DS Monitor List Size
  • \NTDS\DS Name Cache hit rate
  • \NTDS\DS Notify Queue Size
  • \NTDS\DS Search sub-operations/sec
  • \NTDS\DS Server Binds/sec
  • \NTDS\DS Server Name Translations/sec
  • \NTDS\DS Threads in Use
  • \NTDS\LDAP Active Threads
  • \NTDS\LDAP Bind Time
  • \NTDS\LDAP Client Sessions
  • \NTDS\LDAP Closed Connections/sec
  • \NTDS\LDAP New Connections/sec
  • \NTDS\LDAP New SSL Connections/sec
  • \NTDS\LDAP Searches/sec
  • \NTDS\LDAP Successful Binds/sec
  • \NTDS\LDAP UDP operations/sec
  • \NTDS\LDAP Writes/sec
  • \DirectoryServices(NTDS)\DS Client Binds/sec
  • \DirectoryServices(NTDS)\DS Directory Reads/sec
  • \DirectoryServices(NTDS)\DS Directory Searches/sec
  • \DirectoryServices(NTDS)\DS Directory Writes/sec
  • \DirectoryServices(NTDS)\DS Monitor List Size
  • \DirectoryServices(NTDS)\DS Name Cache hit rate
  • \DirectoryServices(NTDS)\DS Notify Queue Size
  • \DirectoryServices(NTDS)\DS Search sub-operations/sec
  • \DirectoryServices(NTDS)\DS Server Binds/sec
  • \DirectoryServices(NTDS)\DS Server Name Translations/sec
  • \DirectoryServices(NTDS)\DS Threads in Use
  • \DirectoryServices(NTDS)\LDAP Active Threads
  • \DirectoryServices(NTDS)\LDAP Bind Time
  • \DirectoryServices(NTDS)\LDAP Client Sessions
  • \DirectoryServices(NTDS)\LDAP Closed Connections/sec
  • \DirectoryServices(NTDS)\LDAP New Connections/sec
  • \DirectoryServices(NTDS)\LDAP New SSL Connections/sec
  • \DirectoryServices(NTDS)\LDAP Searches/sec
  • \DirectoryServices(NTDS)\LDAP Successful Binds/sec
  • \DirectoryServices(NTDS)\LDAP UDP operations/sec
  • \DirectoryServices(NTDS)\LDAP Writes/sec

Bulbgraph.png Note: The Active Directory monitoring template will only be used when the server has the Primary or Backup Domain Controller role.

Exchange 2003
  • \MSExchangeIS Mailbox(_Total)\Folder opens/sec
  • \MSExchangeIS Mailbox(_Total)\Local delivery rate
  • \MSExchangeIS Mailbox(_Total)\Message Opens/sec
  • \MSExchangeIS\RPC Averaged Latency
  • \MSExchangeIS\RPC Operations/sec
  • \MSExchangeIS\RPC Requests
  • \SMTP Server(_Total)\Local Queue Length
  • \SMTP Server(_Total)\Messages Delivered/sec
Exchange 2007 & 2010
  • \MSExchangeIS Mailbox(_Total)\Folder opens/sec
  • \MSExchangeIS Mailbox(_Total)\Local delivery rate
  • \MSExchangeIS Mailbox(_Total)\Message Opens/sec
  • \MSExchangeIS\RPC Averaged Latency
  • \MSExchangeIS\RPC Operations/sec
  • \MSExchangeIS\RPC Requests
  • \MSExchangeTransport Queues(_Total)\Active Mailbox Delivery Queue Length
  • \MSExchangeTransport SmtpSend(_Total)\Messages Sent/sec
Exchange 2013
  • \MSExchangeIS Store(_Total)\Folders opened/sec
  • \MSExchangeIS Store(_Total)\Messages Delivered/sec
  • \MSExchangeIS Store(_Total)\Messages opened/sec
  • \MSExchange Store Interface(_Total)\RPC Latency average (msec)
  • \MSExchange Store Interface(_Total)\RPC Requests sent/sec
  • \MSExchange Store Interface(_Total)\RPC Requests sent
  • \MSExchangeTransport Queues(_Total)\Active Mailbox Delivery Queue Length
  • \MSExchange Delivery SmtpSend(_Total)\Messages Sent/sec

Bulbgraph.png Note: If monitoring Exchange with a non-administrator user, the user must be a member of the Active Directory group "Exchange View-Only Administrators" for pre-2010 Exchange installations or "View Only Organization Management" for 2010 and later installations.

IIS
  • \Web Service(_Total)\Bytes Received/sec
  • \Web Service(_Total)\Bytes Sent/sec
  • \Web Service(_Total)\CGI Requests/sec
  • \Web Service(_Total)\Connection Attempts/sec
  • \Web Service(_Total)\Copy Requests/sec
  • \Web Service(_Total)\Delete Requests/sec
  • \Web Service(_Total)\Files Received/sec
  • \Web Service(_Total)\Files Sent/sec
  • \Web Service(_Total)\Get Requests/sec
  • \Web Service(_Total)\Head Requests/sec
  • \Web Service(_Total)\ISAPI Extension Requests/sec
  • \Web Service(_Total)\Lock Requests/sec
  • \Web Service(_Total)\Mkcol Requests/sec
  • \Web Service(_Total)\Move Requests/sec
  • \Web Service(_Total)\Options Requests/sec
  • \Web Service(_Total)\Other Request Methods/sec
  • \Web Service(_Total)\Post Requests/sec
  • \Web Service(_Total)\Propfind Requests/sec
  • \Web Service(_Total)\Proppatch Requests/sec
  • \Web Service(_Total)\Put Requests/sec
  • \Web Service(_Total)\Search Requests/sec
  • \Web Service(_Total)\Trace Requests/sec
  • \Web Service(_Total)\Unlock Requests/sec
IIS Sites
  • \Bytes Received/sec
  • \Bytes Sent/sec
  • \CGI Requests/sec
  • \Connection Attempts/sec
  • \Copy Requests/sec
  • \Connection Attempts/sec
  • \Delete Requests/sec
  • \Files Received/sec
  • \Files Sent/sec
  • \Get Requests/sec
  • \Head Requests/sec
  • \ISAPI Extension Requests/sec
  • \Lock Requests/sec
  • \Mkcol Requests/sec
  • \Move Requests/sec
  • \Options Requests/sec
  • \Other Request Methods/sec
  • \Post Requests/sec
  • \Propfind Requests/sec
  • \Proppatch Requests/sec
  • \Put Requests/sec
  • \Search Requests/sec
  • \Trace Requests/sec
  • \Unlock Requests/sec

Bulbgraph.png Note: The IIS monitoring template will only be used when IIS is found during modeling.

Bulbgraph.png Note: The IISAdmin service must be running in order to collect IIS data.

The following metrics are collected directly via WMI.

Processes (Win32_PerfFormattedData_PerfProc_Process)
  • PercentProcessorTime
  • WorkingSet
  • WorkingSetPrivate (not available on Windows 2003)


Bulbgraph.png Note: IIS 6 Management compatibility role no longer needs to be installed on the server side in order to use the IIS Sites component.

Bulbgraph.png Note: IIS Management Scripts and Tools role needs to be installed on the server side in order to use the IIS Sites component.

SQL Server

The following performance counters are monitored via Powershell script per database:

  • \SQLServer:Databases(<dbname>)\Active Transactions
  • \SQLServer:Databases(<dbname>)\Backup/Restore Throughput/sec
  • \SQLServer:Databases(<dbname>)\Bulk Copy Rows/sec
  • \SQLServer:Databases(<dbname>)\Bulk Copy Throughput/sec
  • \SQLServer:Databases(<dbname>)\Cache Entries Count
  • \SQLServer:Databases(<dbname>)\Cache Entries Pinned Count
  • \SQLServer:Databases(<dbname>)\Cache Hit Ratio
  • \SQLServer:Databases(<dbname>)\Cache Hit Ratio Base
  • \SQLServer:Databases(<dbname>)\DBCC Logical Scan Bytes/sec
  • \SQLServer:Databases(<dbname>)\Data File(s) Size (KB)
  • \SQLServer:Databases(<dbname>)\Log Bytes Flushed/sec
  • \SQLServer:Databases(<dbname>)\Log Cache Hit Ratio
  • \SQLServer:Databases(<dbname>)\Log Cache Hit Ratio Base
  • \SQLServer:Databases(<dbname>)\Log Cache Reads/sec
  • \SQLServer:Databases(<dbname>)\Log File(s) Size (KB)
  • \SQLServer:Databases(<dbname>)\Log File(s) Used Size (KB)
  • \SQLServer:Databases(<dbname>)\Log Flush Wait Time
  • \SQLServer:Databases(<dbname>)\Log Flush Waits/sec
  • \SQLServer:Databases(<dbname>)\Log Flushes/sec
  • \SQLServer:Databases(<dbname>)\Log Growths
  • \SQLServer:Databases(<dbname>)\Percent Log Used
  • \SQLServer:Databases(<dbname>)\Log Shrinks
  • \SQLServer:Databases(<dbname>)\Log Truncations
  • \SQLServer:Databases(<dbname>)\Percent Log Used
  • \SQLServer:Databases(<dbname>)\Repl. Pending Xacts
  • \SQLServer:Databases(<dbname>)\Repl. Trans. Rate
  • \SQLServer:Databases(<dbname>)\Shrink Data Movement Bytes/sec
  • \SQLServer:Databases(<dbname>)\Transactions/sec

You can enable/disable any of these or change the cycle time by editing the WinDatabase monitoring template.

The WinDBInstance monitoring template will monitor the status of a SQL Server instance to inform the user if it is up or down.

The WinSQLJob monitoring template will monitor the status of a job on a SQL Server instance to inform the user if it has succeeded, failed, unknown, or other state.

Thresholds

The following thresholds are set by default on the device monitoring template and will trigger an alert if they are reached

  • CPU Utilization - 90% used
  • Paging File Usage - 95% used
  • Memory - 90% of total memory used

Event Management

Events could be collected from the Windows event log using a WinRM subscription. Events collected through this mechanism will be timestamped based on the time they occurred within the Windows event log. Not by the time at which they were collected.

To monitor EventLog events you should add to monitoring template with "Windows EventLog" datasource. For the Event Log field put the name of event log (e.g. "System") that you are interested in, and in the EventQuery you could put the filter for events. The filter can be either a PowerShell Where-Object block or XPath XML taken from a Windows Event Viewer Custom View.

The default Get-WinEvent xml filter returns all events from the last polling cycle. This list can be searched for specific Ids, severity, or specific words in the message using PowerShell.

  • To target all events with a Warning or higher severity:
CustomViewOptions

For Windows 2003: { $$_.EntryType -le [System.Diagnostics.EventLogEntryType]::Warning}

$$_ is the event object of EventLogEntry class. EntryType is the attribute which determines severity, and could contain one of the following values: Error, Warning, Information, SuccessAudit,<code> or FailureAudit. Also it has such attributes as Message, MachineName, TimeGenerated, Source. Full list you could find at http://msdn.microsoft.com/en-us/library/vstudio/system.diagnostics.eventlogentry .

Note: This query is structured to look for "less than," although we are looking for events "greater than" in severity. This is because the EntryType is an enumeration where the integer values map to 1= Error, 2 = Warning, etc. This means lower numbers indicate higher severity.

For Windows 2008 & Later:

{ $$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning}

Or to look for a specific event id:

{ $$_.Id -eq 4001}

$$_ is the event object of EventLogRecord class. Level is the severity of the event. Id is the property to compare for specific event ids. You can find the full listing of properties at https://technet.microsoft.com/en-us/library/Hh849682.aspx.

Note: This query is structured to look for "less than or equal" although we are looking for events "greater than or equal" in severity. This is because the Level is an enumeration where the integer values map to 1 = Critical, 2 = Error, 3 = Warning, etc. This means lower numbers indicate higher severity. The LogAlways event level evaluates to 0, which is less than a Warning. These events are typically Informational and will display if using the sample powershell query above. To work around this, you could add -and $$_.Level -gt [System.Diagnostics.Eventing.Reader.StandardEventLevel]::LogAlways into your query or use the xml option.

CustomViewXML

The full list of event levels can be found at http://msdn.microsoft.com/en-us/library/system.diagnostics.eventing.reader.standardeventlevel%28v=vs.110%29.aspx

For more information about the System.Diagnostics.Eventing.Reader class, you could read http://msdn.microsoft.com/en-us/library/system.diagnostics.eventing.reader(v=vs.110).aspx

And to know more about writing PowerShell conditions, you could read http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-conditional-logic/

  • To use the xml query from a custom view in Windows Event Viewer, simply copy the xml and paste into the Event Query field of the event data source. Because we use a polling cycle to query the event log, any TimeCreated filter will be replaced by us to avoid duplicate events.

For example, a custom view that searches for events in the last hour, with severity of Warning or Critical, and Ids of 104, 110-115, 155 will result in the following XPath query:

EventDatasourceXML
   <QueryList>
     <Query Id="0" Path="Application">
       <Select Path="Application">*[System[(Level=1  or Level=3) and (EventID=104 or  (EventID >= 110 and EventID <= 115)  or EventID=155) and TimeCreated[timediff(@SystemTime) <= 3600000]]]</Select>
     </Query>
   </QueryList>

Simply copy this and paste into the eventlog datasource Event Query field and save. We will convert the TimeCreated query and the following filter will be used:

   <QueryList>
     <Query Id="0" Path="Application">
       <Select Path="Application">*[System[(Level=1  or Level=3) and (EventID=104 or  (EventID >= 110 and EventID <= 115)  or EventID=155) and TimeCreated[timediff(@SystemTime) <= {time}]]]</Select>
     </Query>
   </QueryList>

'{time}' will be replaced by the number of milliseconds since the last query.

Bulbgraph.png Note: The script to search for events and return relevant data is approximately 3700 characters. Due to the Windows 8192 character limit on the shell, any XML or PowerShell queries will need to be less than 4400 characters.

Bulbgraph.png Note: The query for Windows 2008 and later uses the Get-WinEvent PowerShell cmdlet. In order to use this cmdlet, PowerShell on your Windows server must use .NET 3.5 or higher. If it does not, we will report a critical error as it is not recommended to continue querying for events. To remedy this, install .NET version 3.5 SP1 or higher. Version 4.0 is not recognized by Powershell 2.0, so you must use this Microsoft script to have it recognized: http://gallery.technet.microsoft.com/scriptcenter/Allow-PowerShell-V2-access-525799cc

To change event severity follow the steps:

  1. go to IIS Site events, and click on '/Status' event class.
  2. find 'EventClass Mappings' section and click on 'IISSiteStatus' link
  3. click the Edit button
  4. in the 'Transform' section, add "evt.severity = NUM" where NUM is one of (0: Clear, 1: Debug, 2: Info, 3: Warning, 4: Error, 5: Critical) at the bottom
  5. click the Save button

Custom Commands

You can use the custom command datasource in the Windows ZenPack to create custom data points, graphs and thresholds.

  • Use either DOS shell commands or Powershell script
    • Use any valid Windows executable or Powershell cmdlet
    • Powershell commands separated by ';'. Always end script with ';'
    • For tales eval, surround by single quotes. e.g. '${here/id}'
    • For Powershell variables, use 2 '$'. e.g. $$myvar = 10
    • There is a character limit of 8192 imposed by Microsoft. Zenoss header is ~450 characters so you have about 7500 characters for your script.
  • Use standard parser to parse the output or create your own
    • Nagios have the form <key>=<value>
    • JSON - script must put data into JSON format
    • Auto will save a returned value into a data point.
    • Create custom parser in $ZENOSS_HOME/Products/ZenRRD/parsers/
  • Viewing script output
    • Create datapoint(s) to collect the data for graphing
    • Create custom parser to send event or transform data

Example usage

Script with TALES expression
  1. Select a windows target device
  2. Navigate to Device (/Server/Microsoft)
  3. On the right side panel, click '+' to add a 'Windows Shell' datasource
  4. Provide name (eg. custom) and type (Windows Shell) for the datasource
  5. View Edit and Details
  6. Set strategy to custom command
  7. Set parser to Nagios
  8. Uncheck Use Powershell
  9. Set script to echo 'OK^|value1=${here/zWinPerfmonInterval}'
  10. Add data point to data source called value1 which can be graphed
Using a custom parser

Logon to the zenoss server and create a python file called test1.py in /opt/zenoss/Products/ZenRRD/parsers and restart zenoss

The content of test1.py

from Products.ZenRRD.CommandParser import CommandParser
 class test1(CommandParser):
    def processResults(self, cmd, result):
        result.events.append({
            'summary':'test1 parser event',
            'severity': 5,
            'test1.detail': cmd.deviceConfig.name,
            })

  1. Select a windows target device
  2. Navigate to Device (/Server/Microsoft)
  3. On the right side panel, click '+' to add a 'Windows Shell' datasource
  4. Provide name (eg. custom) and type (Windows Shell) for the datasource
  5. View Edit and Details : strategy ->custom command and parser is test1
  6. Run zenpython to collect the data zenpython run -v10 -d <devicename>
  7. Check events after 5 minutes for the test1 event
Powershell Scripting using Auto parser
  1. Select a windows target device
  2. Navigate to Device (/Server/Microsoft)
  3. On the right side panel, click '+' to add a 'Windows Shell' datasource
  4. Provide name (eg. custom) and type (Windows Shell) for the datasource
  5. View Edit and Details : strategy ->custom command, parser is Auto, and tick the Use Powershell box
  6. Enter script. Be sure to use a double dollar sign, '$$', in order to distinguish any powershell specific variables from a TALES expression.
  7. Add a datapoint to collect the return value from the script which you can then graph

Configuring Service Monitoring

There are multiple ways to configure Windows service monitoring depending on if you want to configure for a single service on a single server, a specific service across all Windows servers, all 'Auto' start services, or somewhere in between.

WinService

Options

  • Name - Enter a name for the data source
  • Enabled - Enable or disable the data source
  • Severity - Choose the severity of the alert
  • Cycle Time - Frequency of how often the datasource will query service status
  • Update services immediately - Changes will be picked up during modeling. To have changes take effect immediately, check this box to start a job to index all services on all devices
  • Service Options - Select the start type(s) to monitor. Add any services to include/exclude using a regex
  • Service Status - Choose to be alerted if a service is either not Running or not Stopped

See the following examples:

Manually Enable or disable monitoring for a single service on a single server.
  1. Navigate to the service on the server.
  2. Click to select it.
  3. Select Details in the lower component pane.
  4. Choose the Fail Severity.
  5. Choose Monitoring from the gear menu.
  6. Choose Yes or No depending on what you want.

Bulbgraph.png Note: Once monitoring has been enabled or disabled for a service, no monitoring template will apply. To reset this option for a service, uncheck the 'Manually Selected Monitor State' box in the Details of the service and save the change.

Enable monitoring by default for the WinRM service wherever it is enabled.

Option 1

  1. Navigate to Advanced -> Monitoring Templates.
  2. Verify the list of templates is grouped by template.
  3. Expand the WinService tree.
  4. Click once to select the /Server/Microsoft copy.
  5. Choose Copy / Override Template from the Template gear menu at the bottom left of the page.
  6. Select /Server/Microsoft (Create Copy) from the target list then click submit.
  7. Expand the resulting copy_of_WinService tree.
  8. Select the /Server/Microsoft copy.
  9. Choose View and Edit Details from the Template gear menu at the bottom left of the page.
  10. Change the template's name to WinRM.
  11. Edit the datasource and optionally select the Update services immediately option.
  12. Tick the Auto checkbox under Service Options and click save.

Option 2

  1. Navigate to Infrastructure -> Windows Services
  2. Locate the WinRM service
  3. Select the start modes desired for this service
  4. Enable monitoring by setting a Local Value
  5. Optionally select a Local Failure Severity
  6. Save

Bulbgraph.png Note: Setting a service to be monitored in this fashion will enable monitoring for the service regardless of device class.

Enable/Disable monitoring by default for the WinRM service for a select group of servers.
  1. Create a new device class somewhere under /Server/Microsoft/Windows for the select group of servers.
  2. Move the servers to the new device class.
  3. Follow steps 1-5 from the previous section to create a copy of the WinService template.
  4. Choose your new device class as the target then click submit.
  5. Expand the WinService tree then select the copy in your device class.
  6. Choose View and Edit Details from the gear menu at the bottom left of the page.
  7. Change the template's name to WinRM then click submit.
  8. Double-click to edit the DefaultService' datasource.
  9. Optionally select the Update services immediately option.
  10. Tick/Untick the Auto checkbox under Service Options and click save.
Enable monitoring of all services with a start mode of 'Auto'.
  1. Navigate to Advanced -> Monitoring Templates.
  2. Verify the list of templates is grouped by template.
  3. Expand the WinService tree.
  4. Select /Server/Microsoft.
  5. In the Data Sources pane, click the + button to add a new data source, give it a name, and choose Windows Service as the type.
  6. Choose View and Edit Details from the Data Sources gear menu.
  7. Optionally select the Update services immediately option.
  8. Tick the Auto checkbox under Service Options and click save.
Create an organizer to monitor auto start SQL Server services.
  1. Navigate to Advanced -> Monitoring Templates.
  2. Verify the list of templates is grouped by template.
  3. Expand the WinService tree.
  4. Select /Server/Microsoft.
  5. In the Data Sources pane, click the + button to add a new data source, give it a name such as MSSQLSERVER, and choose Windows Service as the type.
  6. Choose View and Edit Details from the Data Sources gear menu.
  7. Optionally select the Update services immediately option.
  8. Tick the Auto checkbox under Service Options.
  9. Enter +MSSQLSERVER.* into the "Inclusions(+)/Exclusions(-)" text box and click save.

The order of precedence for monitoring a service is:

  1. User manually sets monitoring
  2. 'DefaultService' datasource from the WinService template associated with the service
  3. Datasource other than the DefaultService in the WinService template associated with the service
  4. Monitoring is enabled via the Infrastructure -> Windows Services page
Windows Service Startmodes (Template vs Windows Services)
Startmodes Template includes Service startmode Template excludes Service startmode
Windows Service Class includes Service startmode monitored monitored
Windows Service Class excludes Service startmode monitored NOT monitored

Bulbgraph.png Note: The Windows Service Template (default WinService) must have at least one datasource enabled for monitoring to function.

You can optionally include or exclude certain services to be monitored when selecting the Auto, Manual, and/or Disabled start mode(s) by entering a comma separated list of services. These can be the service names or a valid regular expression. Entered names and expressions are case insensitive. To exclude services, you must specify a '-' at the beginning of the name or regular expression. To include services, specify a '+' at the beginning of the name or regular expression. Exclusions will take precedence over inclusions, but the exclusions must be placed before the wildcard +.* inclusion.

Bulbgraph.png Note: To enable monitoring by default of a service or services, you must choose a start mode by ticking the appropriate box. Unticking all three boxes disables monitoring by default.

Bulbgraph.png Note: When saving changes to a service template and you choose to update services immediately, this will create a job to index all services on all devices. These changes may take several minutes to propagate to all of your devices depending upon the size of your organization. Updating is not recommended if you are making several changes in a short period of time. Updates are automatically applied at the time of the next model.

Bulbgraph.png Note: The Windows Service datasource no longer depends on the 'DefaultService' data source name. User defined datasources are now honored.

DCDiag

Beginning with version 2.4.0, you can now monitor the output of DCDiag. By default all dcdiag tests are enabled in the Active Directory monitoring template. If a test fails an error event is issued. You can also add other tests, such as DNS, and supply specific test parameters.

See https://technet.microsoft.com/en-us/library/cc731968.aspx for more information on DCDiag.

Bulbgraph.png Note: DCDiag must be run as a user with Administrator permissions. If you will be monitoring a Domain Controller with a non administrator user, you should disable these tests.

PortCheck

Beginning with version 2.4.0, you can now monitor specific ports in the Windows Zenpack. By default, the ZenPack will monitor ports 9389, 3268, 3269, 88, 464, 389, 636, 445, 135, and 3389, as part of the Active Directory monitoring template.

You can add and remove any port you wish to be monitored by editing the PortCheck datasource in the Active Directory monitoring template.

To monitor ports on a Windows server that is not a domain controller, simply create a new datasource and choose Windows PortCheck as the type. Then add the ports you wish to monitor with a short description of each.

See https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx for more information on Active Directory port usage.

WinRM Ping

WinRM Ping is a simple datasource that will attempt to retrieve basic data over winrm. If the device cannot return a simple query, then Zenoss will view this device as being down. An event will appear in the /Status/Winrm/Ping event class with any resulting error message. This is a more comprehensive test than using a ping. A simple ping test could easily result in a false positive in many scenarios. The following are just a few:

  • A target's IP has been reassigned to a non-Windows device between models.
  • The winrm service has stopped and cannot be restarted.
  • The monitoring user account password has expired.

This datasource is not enabled by default.

Requirements

This ZenPack has the following requirements.

PythonCollector ZenPack
This ZenPack depends on PythonCollector being installed, and having the associated zenpython collector process running.
System Kerberos RPM
The operating system's kerberos RPM must be installed. See the #Installing_Kerberos_Dependency section for details.

Installing Kerberos Dependency

To use kerberos authentication the operating system's kerberos package must be installed on all Zenoss servers. On Enterprise Linux (Red Hat and CentOS) this is the krb5-workstation RPM and can typically be installed by running the following command as the root user.

yum -y install krb5-workstation

Usage

Monitoring User Account

A monitoring user account must be either an Administrator or a least privileged user.

The Least Privileged User requires the following privileges and permissions:

  • Enable, Method Execute, Read Security, Remote Access to the following WMI namespaces
    • "Root"
    • "Root/CIMv2"
    • "Root/DEFAULT"
    • "Root/RSOP"
    • "Root/RSOP/Computer"
    • "Root/WMI"
    • "Root/CIMv2/Security/MicrosoftTpm"
  • Permission to use the winrm service
  • ReadPermissions, ReadKey, EnumerateSubKeys, QueryValues rights to the following registry keys
    • "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib",
    • "HKLM:\system\currentcontrolset\control\securepipeservers\winreg",
    • "HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}",
    • "HKLM:\SYSTEM\CurrentControlSet\Services\Blfp\Parameters\Adapters",
    • "HKLM:\Software\Wow6432Node\Microsoft\Microsoft SQL Server",
    • "HKLM:\Software\Microsoft\Microsoft SQL Server"
  • “List Contents” and “Read all Properties” permissions in the Machine Access and Launch Restrictions of DCOM, set in the following registry keys
    • “HKLM:\software\microsoft\ole\MachineAccessRestriction”
    • “HKLM:\software\microsoft\ole\MachineLaunchRestriction”
    • If the value exists, “Remote Access” is set in “HKLM:\software\microsoft\ole\DefaultAccessPermission”
  • Membership in the following local groups or domain level groups for a Domain Controller
    • "Performance Monitor Users",
    • "Performance Log Users",
    • "Event Log Readers",
    • "Distributed COM Users",
    • "WinRMRemoteWMIUsers__"
  • “Read Folder” access to "C:\Windows\system32\inetsrv\config" if it exists
  • Each service needs the following permissions
    • SERVICE_QUERY_CONFIG
    • SERVICE_QUERY_STATUS
    • SERVICE_INTERROGATE
    • READ_CONTROL
    • SERVICE_START

Bulbgraph.png Note: An Administrator level user can be denied local logon and remote desktop access through a group policy object.

Port Requirements

The ZenPack communicates with a Windows device over port 5985 for HTTP or 5986 for HTTPS requests. For domain authentication, Kerberos communicates with the KDC on port 88 and the Admin Server on port 749.

Adding a Windows Device

Use the following steps to start monitoring a Windows server using local authentication in the Zenoss web interface.

  1. Navigate to the Infrastructure page.
  2. Select the Server/Microsoft/Windows device class.
    • The Windows server must be added to this class or to a child of this class.
  3. Click Details and set the configuration properties for zWinRMUser and zWinRMPassword.
  4. Click See All.
  5. Choose Add Single Device from the add device button.
  6. Fill out the form.
    • Name or IP must be resolvable and accessible from the collector server chosen in the Collector field.
  7. Click ADD.

Alternatively you can use zenbatchload to add Windows servers from the command line. To do this, you must create a text file with hostname, username and password of all the servers you want to add. Multiple endpoints can be added under the same /Devices/Server/Microsoft/Windows section. Here is an example...

/Devices/Server/Microsoft/Windows
win2008-1d.example.com zWinRMUser="Administrator", zWinRMPassword="password"
Win2012-1d.example.com zWinRMUser="Administrator", zWinRMPassword="password"

You can then load the Windows servers into Zenoss Core or Resource Manager as devices with the following command.

zenbatchload <filename>

Configuration Options

The #Adding a Windows Device steps shown above are for the simplest case of using Windows local authentication. The following configuration properties can be used to support monitoring other environments.

zWinRMUser
The syntax used for zWinRMUser controls whether Zenoss will attempt Windows local authentication or domain (kerberos) authentication. If the value of zWinRMUser is username, local Windows authentication will be used. If zWinRMUser is username@example.com, domain authentication will be used. The zWinKDC and potentially the zWinRMServerName properties become important.
zWinRMPassword
Password for user defined by zWinRMUser.
zWinKDC
The zWinKDC property must be set if domain authentication is used. It must be the IP address or resolvable name of a valid Windows domain controller.
zWinTrustedRealm
Enter the name of the domain which is trusted by the user's domain. This can be a child or other domain which has a trust relationship with the user's domain. For example, if zWinRMUser is username@example.com, and austin.example.com is a child of the example domain, enter austin.example.com into zWinTrustedRealm.
zWinTrustedKDC
This property must be set if zWinTrustedRealm is set. It must be the IP address or resolvable name of a valid Windows domain controller for the trusted realm.
zWinRMServerName
This property should only be used in conjunction with domain authentication when the DNS PTR record for a monitored server's managed IP address does not resolve to the name by which the server is known in Active Directory. For example, if myserver1 is known as myserver1.ad.example.com by Active Directory and is being managed by IP address 192.51.100.21, but 192.51.100.21 resolves to www.example.com, you will have to set zWinRMServerName to myserver1.ad.example.com for domain authentication to work.
If many Windows servers in your environment don't have DNS PTR records that match Active Directory, it is recommended that you set the name of the Zenoss device's to be the fully-qualified Active Directory name and set zWinRMServerName to ${here/titleOrId} at the /Server/Microsoft/Windows device class. This avoids the necessity of setting zWinRMServerName on every device.
It is recommended to leave zWinRMServerName blank if local authentication is used, or DNS PTR records match Active Directory. This allows Zenoss to not rely on DNS resolution while monitoring, and avoids the overhead of configuring zWinRMServerName.
If the server name cannot be resolved and you are using domain authentication, it is recommended that you set the Id of the device to the IP address and the Title to the server name it is known by in Active Directory. Then use ${here/title} for zWinRMServerName. This situation can occur when no DNS server is available.
zWinScheme
This must be set to either http or https. The default is http.
zWinRMPort
The port on which the Windows server is listening for WinRM or WS-Management connections. The default is 5985. It is uncommon for this to be configured as anything else.
zWinPerfmonInterval
The default interval in seconds at which Windows Perfmon datapoints will be collected. The default is 300 seconds or 5 minutes. It is also possible to override the collection interval for individual counters.
zWinKeyTabFilePath
This property is currently used and reserved for future use when keytab files are supported.
zDBInstances
This setting is only relevant when the zenoss.winrm.WinMSSQL modeler plugin is enabled. Multiple instances can be specified to monitor multiple SQL Server instances per server using different credentials. The default instance is MSSQLSERVER. Fill in the user and password to use SQL authentication. Leave the user and password blank to use Windows authentication. The default MSSQLSERVER credentials will be used for all instances not specified.

Bulbgraph.png Note: HyperV and MicrosoftWindows ZenPacks share krb5.conf file as well as tools for sending/receiving data. Therefore if either HyperV or Windows device has a correct zWinKDC setting, it will be used for another device as well.


Configuring MSSQL Server Modeling/Monitoring

Supported SQL Server versions
SQL Server 2005
SQL Server 2008
SQL Server 2008 R2
SQL Server 2012
Support for SQL Server and Windows Authentication
  • Windows Authentication: In zDBInstances property specify only SQL instances names, leave user and password fields blank.
  • SQL Server Authentication: In zDBInstances property provide user name and password for each SQL instance.
  • Specifying authentication per instance is no longer required with version 2.4.2 and above. We will use the credentials specified for the MSSQLSERVER instance by default.

Use the following steps to configure SQL Server Authentication on your SQL Server:

  1. Connect to SQL Instance using MSSQL Management Studio.
  2. Select instance Properties > Security and make sure that SQL Server and Windows Authentication mode is enabled.
  3. Open Security > Logins, select the user you specified in zDBInstances property or the zWinRMUser property if using Windows Authentication.
  4. Check user Properties > Status and make sure that the user is Enabled.
  5. Check user Properties > Server Roles and make sure that the user has the public role.
    1. If using an Administrator user, make sure it has the sysadmin role.
    2. If not using an Administrator user, check user Properties > Securables and make sure the user has been granted View server state rights.
Support for Local and Failover Cluster SQL instances

This ZenPack adds support for both local and failover cluster SQL Server instances. Local SQL Server instances can be modeled/monitored within windows devices (devices in Server/Microsoft/Windows device class). SQL Server failover cluster instances can be modeled/monitored within cluster devices (devices in Server/Microsoft/Cluster device class).

Use the following steps to model/monitor SQL Server instances:
  1. Create a device in Server/Microsoft/Windows device class if you intend to model local SQL instances, or in Server/Microsoft/Cluster device class if you intend to model failover cluster instances.
  2. Optionally specify the instance names to be modeled in zDBInstances zProperty. Provide user names and passwords if SQL Server Authentication is to be used.
  3. Enable zenoss.winrm.WinMSSQL modeler plugin.
  4. Remodel device.
SQL Server Monitoring

The monitoring templates for SQL Server are component templates so there is no need to perform a bind. They will automatically be used to monitor databases, instances, and jobs.

Bulbgraph.png Note: The default instance of MSSQLSERVER appears as the host name.

Bulbgraph.png Note: The authenticated user will need to be granted permission to view the server state. For example, "GRANT VIEW SERVER STATE TO 'MYDOMAIN\zenoss_user'" or through the GUI in SQL Server Management Studio. The user must also be interactive, i.e. the account must not be denied local logon rights.

Working with WinCommand Notification Action

This ZenPack adds a new event notification action that can be used by the zenactiond daemon to allow an arbitrary command to be executed on the remote windows machine.

Use the following steps to set up a notification:

  1. Select Events > Triggers from the Navigation Menu.
  2. Create a trigger, selecting the rules that define it.
  3. Select Notifications from the left panel. Add a new notification, enter a name for it and select WinCommand Action from the drop-down menu. Click Submit.
  4. In the Edit Notification dialog on the Notification tab associate the trigger with the notification and optionally select the notification properties (Enabled, Send Clear, Send only on Initial Occurrence, Delay, Repeat).

On the Content tab of the notification specify the 'Windows CMD Command to run when configured triggers are matched. You may optionally specify Clear Windows CMD Command to run when the triggering event clears.

  1. Submit changes.

For more information please refer to Working with Triggers and Notifications

Setting up WinRM Service for Target Windows Machines

Group Policy

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Remote Management

WinRMClient

  • No setting changes required for client

WinRMService

  • Allow remote server management through WinRm

- HTTP (Windows default is HTTPS see note below for more information)

  • Allow unencrypted Traffic (Only necessary when using basic authentication)

- Basic Authentication (Windows default is Kerberos see note below for more information)

  • Allow Basic Authentication

WinRS Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Remote Shell

  • Allow Remote Shell Access
  • Max number of processes per shell = 4294967295
  • Max number of shells per user = 2147483647
  • Shell Timeout = 7200000

Individual Machine configuration

  • Open ports 5985 (http)/5986(https) for WinRM
  • Run command prompt as Administrator
  • winrm quickconfig
  • winrm s winrm/config/service '@{MaxConcurrentOperationsPerUser="4294967295"}'
  • winrm s winrm/config/winrs '@{MaxShellsPerUser="2147483647"}'
  • winrm s winrm/config/winrs '@{IdleTimeout="7200000"}'

Basic Authentication (Windows default is Kerberos see note below for more information)

  • winrm s winrm/config/service/auth '@{Basic="true"}'
  • winrm s winrm/config/service '@{AllowUnencrypted="true"}'

Bulbgraph.png Note: The above instructions use the max values for MaxConcurrentOperationsPerUser and WinRS MaxShellsPerUser. If you do not want to set these to the max, then a value of 50 should be adequate. The default is 5 on both, which will cause problems because Zenoss will open up concurrent requests for each WQL query and set of Perfmon counters.

Bulbgraph.png Note: If you choose to use Basic authentication it is highly recommended that you also configure HTTPS. If you do not use the HTTPS protocol your user name and password will be sent over in clear text. If you have challenges setting up HTTPS on the Windows clients but require the user name and password to be encrypted, then using the Kerberos authentication is the best option. HTTPS is not required for Kerberos but is recommended. If you choose to use Kerberos authentication, then your payload will be encrypted.

Bulbgraph.png Note: If you are using kerberos on EL6 and higher to connect to your Windows Server, your data will be encrypted over HTTP. For kerberos on EL5, encryption is not supported so you must set the winrm AllowUnencrypted option to true.

Bulbgraph.png Note: If you choose to take the WinRM default configurations you must supply Kerberos authentication settings in the zProperties. The Kerberos authentication process requires a ticket granting server. In the Microsoft Active Directory environment the AD Server is also the KDC. The zWinKDC value must be set to the IP address of the AD Server and the collector must be able to sent TCP/IP packets to this server. Once this is set your zWinRMUserName must be a FQDN such as jsmith@Zenoss.com and the zWinRMPassword must be set correctly for this user account.

Bulbgraph.png Note: In order to use a single domain user in a child domain or other trusted domain, set zWinKDC to the AD server of the user's domain. Then enter the trusted domain name and associated AD server in the zWinTrustedRealm and zWinTrustedKDC properties, respectively.

Bulbgraph.png Note: The HTTPS setup must be completed on each client. At this time we do not have notes on automating this task but are currently in the process of testing several options. To successfully encrypt your payload between the Zenoss server and the Windows client you must install a Server Authentication certificate on the client machine. The process for requesting and installing the appropriate certificate can be found at the following URL. http://blogs.technet.com/b/meamcs/archive/2012/02/25/how-to-force-winrm-to-listen-interfaces-over-https.aspx Once the client has the correct certificate installed you only need to change the zWinScheme to HTTPS and zWinRMPort to 5986. If you are still having challenges setting up HTTPS on the client you can execute the following command on any AD server to verify the appropriate SPN record exists for Kerberos authentication.

c:\>setspn -l hostname1

If you do not see a record with HTTPS/ at the beginning of the hostname you can create the record, but this is not typically necessary as Windows will use the HOST/ record as the default for most built in services.

c:\>setspn -s HTTPS/hostname1.zenoss.com hostname1

Transitioning from WindowsMonitor

If you are installing this ZenPack on an existing Zenoss system or upgrading from an earlier Zenoss version you may have a ZenPack named ZenPacks.zenoss.WindowsMonitor already installed on your system. You can check this by navigating to Advanced -> ZenPacks.

This ZenPack functionally supersedes ZenPacks.zenoss.WindowsMonitor for Windows platforms that support WinRM, but does not automatically migrate monitoring of your Microsoft Windows resources when installed. The ZenPacks can coexist gracefully to allow you time to manually transition monitoring to the newer ZenPack with better capabilities.

  1. Navigate to the Infrastructure page.
  2. Expand the Server/Windows/WMI device class.
  3. Single-click to select a Windows device.
  4. Click the delete (-) button in the bottom-left.
  5. Click OK to confirm deleting the Windows device.
  6. Add the device back using the #Adding a Windows Device instructions above. Be sure to select the /Server/Microsoft/Windows device class and not the /Server/Windows/WMI device class.
  7. Repeat steps 3-6 for each Windows device.

Bulbgraph.png Note: It is also possible to drag and drop selected Windows devices from one class to another. You will need to remodel the devices after the move.

Old Windows ZenPacks:

  • PySamba
  • WindowsMonitor
  • ActiveDirectory
  • IISMonitor
  • MSExchange
  • MSMQMonitor
  • MSSQLServer

New Windows ZenPacks:

  • PythonCollector is a requirement for this ZenPack. It provides the polling facility through the zenpython collector daemon.
  • This ZenPack (all the functionality of the old Windows ZenPacks is rolled into this one ZenPack)

The old ZenPacks come as part of the Zenoss Core 4.2.x RPM. They can be installed on top of an RM install with the msmonitor RPM

Using Old and New Windows ZenPacks Together

There are some scenarios where it may be useful to use the old and new Windows ZenPacks together. In most cases this is as simple as putting servers you wish to be monitored by the new ZenPack in the /Server/Microsoft/Server device class and servers you wish to be monitored by the old ZenPack in the /Server/Windows/WMI device class.

Due to this ZenPack's dependency on WinRM 2.0 it is not possible to monitor Windows versions earlier than Windows 2003 SP1. If you have a requirement to monitor these earlier Windows versions you must use the older WindowsMonitor ZenPack that uses DCOM/RPC instead of WinRM.

There are also circumstances where you may currently be using the old Windows ZenPack and only want to initially use the new ZenPack for its new functionalities such as the Windows Shell datasource. This can be achieved using the following steps.

  1. Keep the servers under the /Server/Windows/WMI device class.
  2. Verify that all of the following configuration properties are set:
    • zWinUser: In DOMAIN\Username format for DCOM/RPC collection.
    • zWinPassword: Password for zWinUser account.
    • zWinRMUser: In username@example.com format for WinRM collection.
    • zWinRMPassword: Password for zWinRMUser account.
  3. Create a monitoring template containing a Windows Shell datasource and bind it to the server.

Limitations of Current Release

The current release is known to have the following limitations.

  • Support for team NICs is limited to Intel and Broadcom interfaces.
  • The custom widget for MSSQL Server credentials is not compatible with Zenoss 4.1.x, therefore the zDBInstances property in this version should be set as a valid JSON list (e.g. [{"instance": "MSSQLSERVER", "user": "", "passwd": ""}] ).
  • When upgrading to version 2.2.0, you may see a segmentation fault during the install. This occurs when upgrading from versions 2.1.3 and previous. To ensure a successful installation, run the install once more and restart Zenoss.
  • Payload encryption is not supported on EL5 systems. This is due to the fact that the default kerberos library on EL5 systems does not contain the necessary functionality.
  • With the ending of support by Microsoft for Windows 2003, we will no longer support Windows 2003 starting with version 2.5.0 of the ZenPack. Current functionality for monitoring Server 2003 has not been removed from the ZenPack, but no future development will be done around it.
  • Starting with version 2.6.0 of the ZenPack, existing Windows Service components are no longer compatible. These will be removed upon installation. Once the device is modeled with the Services plugin enabled, Windows Service components will be discovered. Any existing monitoring templates will still apply. Any services that were manually selected to be monitored will not. See the section on Configuring Service Monitoring.

A current list of known issues related to this ZenPack can be found with this JIRA query. You must be logged into JIRA to run this query. If you don't already have a JIRA account, you can create one here.

Manually Establishing Kerberos Tickets

In version 2.2.0 of the ZenPack it is now possible to add custom kerberos configurations if your settings differ from the default settings used by Zenoss. To use a custom configuration file, place it in the $ZENHOME/var/krb5/config/ directory. This option requires kerberos 5 release 1.10 and higher.

In version 2.0.0 of the ZenPack there is a problem in the automatic establishment of kerberos tickets required for monitoring Windows devices using kerberos authentication. This is only a problem on Enterprise Linux 5 (Red Hat or CentOS). It is not a problem on Enterprise Linux 6. The problem will typically manifest as the following error when attempting to model a Windows device.

Bulbgraph.png Note: Note that these manual steps are not necessary in version 2.0.1 and later of the ZenPack.

kerberos authGSSClientStep failed (None)

It is possible to workaround this error by manually establishing the tokens using the following steps.

  1. Edit $ZENHOME/var/krb5/krb5.conf.
    1. Remove the includedir line.
    2. Add the following to the bottom of the file.
[realms]
 EXAMPLE1.COM = {
  kdc = 192.168.77.77 #KDC IP Address or FQDN
  admin_server = 192.168.77.77 #KDC IP Address or FQDN
 }
 EXAMPLE2.COM = {
  kdc = 192.168.88.88 #KDC IP Address or FQDN
  admin_server = 192.168.88.88 #KDC IP Address or FQDN
 }

[domain_realm]
 .example1.com = EXAMPLE1.COM
 example1.com = EXAMPLE1.COM
 .example2.com = EXAMPLE2.COM
 example2.com = EXAMPLE2.COM

This is an example of what would be required if you had two domains: example1.com and example2.com with domain controllers at 192.168.77.77 and 192.168.88.88 respectively. You can use a single domain or more than two. Be sure to use the same capitalization scheme.

Service Impact

When combined with the Zenoss Service Dynamics product, this ZenPack adds built-in service impact capability for services running on Microsoft Windows. The following service impact relationships are automatically added. These will be included in any services that contain one or more of the explicitly mentioned entities.

Service Impact Relationships
  • The Windows server is impacted by the Processors and File Systems.

Troubleshooting

Please refer the Zenoss Service Dynamics documentation if you run into any of the following problems:

  • ZenPack will not install
  • Adding a device fails
  • Don't understand how to add a device
  • Don't understand how to model a device

If you cannot find the answer in the documentation, then Resource Manager (Service Dynamics) users should contact Zenoss Customer Support. Core users can use the #zenoss IRC channel or the community.zenoss.org forums (there is a forum specific to Windows monitoring).

Troubleshooting Windows

If you see 100% CPU usage on a domain controller and your forest functional level is Windows 2003 or Windows 2008, you could be missing the WinRMRemoteWMIUsers__ security group. Adding this group to your domain should fix this problem. It is a known error from Microsoft, https://support.microsoft.com/en-us/kb/3118385.

Troubleshooting Kerberos Error Messages

Cannot determine realm for numeric host address
  • If you enter an IP address for the device id, make sure that the address is resolvable to a name. Common solutions to this is to use the zWinRMServerName property.
Server not found in Kerberos database
  • More often than not, this error indicates a DNS issue in which the domain controller is unable to locate the specified server by either IP address or name. The best solution varies over different domains and it is left to the user to decide which is best for their environment.
Preauthentication failed while getting initial credentials.
  • This typically indicates a bad or expired password.

Troubleshooting Kerberos Authentication with Wireshark

There are many reasons for kerberos authentication not to work, and a lot of them result in the following unhelpful error message.

kerberos authGSSClientStep failed (None)

While Zenoss is unable to extract a useful error message when this occurs, it turns out that Wireshark can get useful errors by looking at the kerberos packets sent between Zenoss, your domain controller (zWinKDC) and the monitored Windows server. Let's walk through an example of using Wireshark to resolve an authGSSClientStep failed error.

  1. First install Wireshark on your system. It's GUI is easier to use than the command line equivalent.
  2. Next you will need to create a packet capture file on your Zenoss server. Assuming the Windows server you're trying to monitor is 192.0.2.101 and the domain controller (zWinKDC) is 203.0.113.10, you would run the following command as the root user on your Zenoss server.
    tcpdump -s0 -iany -w kerberdebug.pcap host 192.0.2.101 or host 203.0.113.10
    This will start capturing all packets to or from those two IP addresses. It will continue to capture these packets until you type CTRL-C.
  3. Now you should attempt to remodel the Windows server where you're encountering the error. Once it completes, and fails, again you should go back to the terminal where tcpdump is running and type CTRL-C. You will now have a kerberdebug.pcap file in the directory where you ran the command.
  4. Copy kerberdebug.pcap to your system where you installed Wireshark. Start Wireshark and open kerberdebug.pcap. You should see something like the following.
    Windows-kerberos-wireshark.png

You'll see that there's a KRB5KRB_AP_ERR_SKEW error. Searching for this specific error code will quickly show that it occurs when the kerberos client and server don't have their time's synchronized. There's a tolerance for some difference, but in this case it was a big difference due to misconfiguration.

There are some kerberos errors you'll see in the packets that a completely normal part of negotiation and won't lead to any problems. You should ignore the following errors shown in Wireshark:

  • KRB5KRB_API_ERR_TKT_EXPIRED: Zenoss will subsequently request a new ticket when this occurs.
  • KRB5KRB_ERR_PREAUTH_REQUIRED: This is a normal part of kerberos negotiation.
  • KRB5KRB_ERR_RESPONSE_TOO_BIG: Most requests won't fit in UDP. Zenoss will automatically switch to TCP.

You'll also see other kerberos messages that are normal. You should ignore these kerberos messages shown by Wireshark:

  • TGS-REQ
  • AS-REQ

The following are the most common errors:

  • KRB5KRB_AP_ERR_SKEW: As shown in the above example. A clock synchronization issue.
  • KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: This can happen if zWinRMServerName resolves to the server's IP address, but is not the name the server is known by in Active Directory. This will also be the error if you don't enter a zWinRMServerName and the reverse resolution of the device's manage IP address resolves to a name that doesn't match the server's name in Active Directory. Typical solutions to this are to add the name to the /etc/hosts file or to directly use the IP address of the server.

Troubleshooting on Resource Manager 4.1.1

In some cases updating the Microsoft Windows ZenPack on Zenoss Resource Manager 4.1.1 may result in the zenhub daemon not starting. The error message will contain AttributeError: zDBInstancesPassword. If you encounter this issue, install the ZenPack again.

If there are existing SQL server instances being monitored, make sure to reconfigure zDBInstances property since the zDBInstancesPassword property no longer exists.

Troubleshooting Services

If you see an event error that shows "The maximum number of concurrent operations for this user has been exceeded", you will need to increase the number of concurrent operations per user in the winrm config. For example:

  • winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="5000"}'

If you see an "Index out of range" error, this could indicate a low number of available file handles in Linux. The default is 1024. To view this information on your system, enter 'ulimit -n'. To increase this limit, edit your /etc/sysctl.conf file and set fs.file-max to a sufficiently large number. For example:

  • vi /etc/sysctl.conf
  • fs.file-max=10000

Troubleshooting monitoring

The first step in troubleshooting any monitoring issues is to scan the zenpython log for errors.

While monitoring, possible network connectivity issues may occur while trying to complete the Get-Counter command. If you experience OperationTimeout errors, it may be a solution to decrease value of zWinPerfmonInterval property to 30 seconds.

Other timeout issues on a domain could involve having a large Kerberos token. This could be caused by the user belonging to a large number of groups. See https://support.microsoft.com/en-us/kb/970875 for more information on the cause and resolution. Possible side effects of a large token include high CPU usage on the Windows server.

If you see a corrupt counters error event, this indicates that the specified counters have been corrupted on the Windows device. No data will be collected for the specified counters until the counters have been repaired on the device and zenpython has been restarted.

If you see the following error, check the zenhub log for errors:

  • Configuration for 10.111.5.171 unavailable -- is that the correct name?

Troubleshooting modeling/monitoring

Version 2.6.0 introduces a command line option to save modeling/monitoring results for troubleshooting. This option will save the results returned from a Windows server from a modeler or datasource plugin. This data can then be viewed/tested using unit tests to determine issues.

Usage:

export ZP_DUMP=1;zenmodeler run -d server1.example.com --collect=Interfaces; unset ZP_DUMP

This will unload a pickle of the results to a file in the /tmp folder called Interfaces_process_XXXXXX.pickle.

Bulbgraph.png Note: Be sure to unset the environment variable to avoid unwanted pickle files.

Zenoss Analytics

This ZenPack provides additional support for Zenoss Analytics. Perform the following steps to install extra reporting resources into Zenoss Analytics after installing the ZenPack.

  1. Copy analytics-bundle.zip from $ZENHOME/ZenPacks/ZenPacks.zenoss.Microsoft.Windows*/ZenPacks/zenoss/Microsoft/Windows/analytics/ on your Zenoss server.
  2. Navigate to Zenoss Analytics in your browser.
  3. From the Zenoss Instance list of options, select Internal Authentication.
  4. Login as an Analytics user with superuser privileges.
  5. Remove any existing Microsoft Windows ZenPack folder.
    1. Choose Repository from the View menu at the top of the page.
    2. Expand Public in the list of folders.
    3. Right-click on Microsoft Windows ZenPack folder and choose Delete.
    4. Confirm deletion by clicking OK.
  6. Add the new Microsoft Windows ZenPack folder.
    1. Choose Server Settings from the Manage menu at the top of the page.
    2. Choose Import in the left page.
    3. Remove checks from all check boxes.
    4. Click Choose File to import a data file.
    5. Choose the analytics-bundle.zip file copied from your Zenoss server.
    6. Click Import.

You can now navigate back to the Microsoft Windows ZenPack folder in the repository to see the following resources added by the bundle.

Domains
  • Microsoft Windows Domain
  • Microsoft Cluster Domain
Ad Hoc Views
  • Windows IIS Peak Usage
  • Windows Interfaces Peak Usage

Domains can be used to create Ad Hoc views using the following steps.

  1. Choose Ad Hoc View from the Create menu.
  2. Click Domains at the top of the data chooser dialog.
  3. Expand Public then Microsoft Windows ZenPack.
  4. Choose the Microsoft Windows Domain domain

Installed Items

Installing this ZenPack will add the following items to your Zenoss system.

Device Classes
  • /Server/Microsoft
  • /Server/Microsoft/Cluster
  • /Server/Microsoft/Windows
Configuration Properties
  • zWinRMUser
  • zWinRMPassword
  • zWinRMServerName
  • zWinRMPort
  • zDBInstances
  • zWinKDC
  • zWinKeyTabFilePath
  • zWinScheme
  • zWinPerfmonInterval
Modeler Plugins
  • zenoss.winrm.CPUs
  • zenoss.winrm.FileSystems
  • zenoss.winrm.IIS
  • zenoss.winrm.Interfaces
  • zenoss.winrm.OperatingSystem
  • zenoss.winrm.Processes
  • zenoss.winrm.Routes
  • zenoss.winrm.Services
  • zenoss.winrm.Software
  • zenoss.winrm.WinCluster
  • zenoss.winrm.WinMSSQL
Datasource Types
  • Windows EventLog
  • Windows IIS Site
  • Windows Perfmon
  • Windows Process
  • Windows Service
  • Windows Shell
  • Windows PortCheck
Monitoring Templates
  • Device (in /Server/Microsoft)
  • FileSystem (in /Server/Microsoft)
  • ethernetCsmacd (in /Server/Microsoft)
  • OSProcess (in /Server/Microsoft)
  • OSProcess-2003 (in /Server/Microsoft)
  • WinService (in /Server/Microsoft)
  • Active Directory (in /Server/Microsoft)
  • Active Directory 2008 (in /Server/Microsoft)
  • Active Directory 2008R2 (in /Server/Microsoft)
  • IIS (in /Server/Microsoft)
  • IISADMIN (in /Server/Microsoft)
  • IISSites (in /Server/Microsoft)
  • MSExchangeInformationStore (in /Server/Microsoft)
  • MSExchange2010IS (in /Server/Microsoft)
  • MSExchange2013IS (in /Server/Microsoft)
  • WinDBInstance (in /Server/Microsoft)
  • WinSQLJob (in /Server/Microsoft)
  • WinDatabase (in /Server/Microsoft)
  • Cluster (in /Server/Microsoft)
  • ClusterService (in /Server/Microsoft/Cluster)
  • ClusterResource (in /Server/Microsoft/Cluster)
  • ClusterNode (in /Server/Microsoft/Cluster)
  • ClusterNetwork (in /Server/Microsoft/Cluster)
  • ClusterDisk (in /Server/Microsoft/Cluster)
  • ClusterInterface (in /Server/Microsoft/Cluster)

Changes

2.6.7
  • Fix TypeError during zenpython collection of a ShellDataSource (ZEN-25978)
2.6.6
  • Added additional event classes to cover connection errors (ZEN-25700)
  • Fix Windows Error Events come across as Info Events (ZEN-24633)
  • Fix Windows ZenPack - No "bad credentials" event for monitoring (ZEN-24726)
  • Fix MSSQL modeling doesn't pick up multiple instances if they're running different versions (ZEN-25851)
  • Fix Auto Creation of Windows Cluster Device doesn't copy over zWinKDC property (ZEN-25564)
2.6.5
  • Fix missing Process Set process title (ZEN-25311)
2.6.4
  • Fix Windows ZenPack incorrectly assumes that the first database returned is the master when modeling databases, backups, and jobs (ZEN-24519)
  • Fix WinRM ZenPack - WinService components disabled at template still show "Monitored" in component view (ZEN-24528)
2.6.3
  • Fix potential "clusternetworks" and "clusternodes" errors after upgrading (ZEN-24401)
  • Fix AttributeError: serviceclass on Windows Services after v515 update (ZEN-24347)
  • Fix duplicated "Interfaces" components after upgrade (ZEN-24401)
2.6.2
  • Fix WinRM ZenPack - Windows Services page elections conflict with WinService template exclusions (ZEN-24165)
  • Fix Modifying the WinService template causes parallel reindexing of the same components (ZEN-24375)
2.6.1
  • Fix Microsoft Windows ZenPack doesn't work with HyperV pack (ZEN-23967)
  • Fix Microsoft Windows: no collection when Processes are modeled (ZEN-24010)
  • Fix Editing a Windows Service (WinService) Locks Up Zope and Times Out (ZEN-23827)
2.6.0
  • Enabled the use of the Infrastructure -> Windows Services page
  • Enabled domain authentication without the need for DNS
  • Added ability to dump results from plugins for troubleshooting
  • Converted to use zenpacklib
  • Document Microsoft Windows Event Log Monitoring Returns Information Events (ZEN-22904)
  • Fix zWinRMServerName not resolving properly on remote collector (ZEN-22880)
  • Fix WinRM ZP Error about concurrent shells doesn't close when not reoccuring (ZEN-23010)
  • Fix Latest version of WinRM pack (2.5.12) causes "AttributeError: in_exclusions" tracebacks (ZEN-23063)
  • Fix WinRM Interface modeler does not account for HP NIC naming scheme (ZEN-20762)
  • Fix WinRM monitoring does not emit message for expired password (ZEN-23183)
  • Fix Windows kinit: Internal credentials cache error while storing credentials while getting initial credentials (ZEN-23238)
  • Fix MSSQL Queries wrong database for metric (ZEN-23228)
  • Fix Windows Service shows 'Up' when down if event class modified (ZEN-19615)
  • Fix Windows Installed on UCS shows 2 interfaces where there's only 1 (ZEN-23379)
  • Fix Windows ZenPack, doesn't send Datasource fields in 'cmd' to Parsers (ZEN-23739)
  • Fix Windows Zenpack Impact relationships are inconsistent (ZEN-18648)
  • Fix WinRMPing datasource should be disabled by default (ZEN-23517)
  • Fix Copy Override of Windows template breaks EventLogDataSource query attribute (ZEN-23157)
2.5.13
  • Fix Active Directory not correctly detected (ZEN-23137)
2.5.12
  • Fix Windows EvenLog Datasource causes CPU 100% utilization (ZEN-20232)
  • Fix Windows Zenpack is improperly setting the Active Directory Template (ZEN-22369)
2.5.11
  • Fix MSSQL Monitoring (ZEN-22476)
  • Document Microsoft Windows: High CPU usage when modeling domain controller (ZEN-22566)
  • Fix Windows Replication datasource fails for dcdiag user formatting (ZEN-22487)
  • Fix Microsoft Windows: failed collection - Couldn't bind: 24: Too many open files. (ZEN-22558)
  • Fix /Status/WinRM/Ping Event Class does not exist (ZEN-22407)
2.5.10
  • Fix Microsoft Windows Cluster datasources are sending datamaps too often and bogging down zenhub (ZEN-22345)
2.5.9
  • Fix Windows Team NIC Monitoring/Modeling Failure (ZEN-19588)
2.5.8
  • Fix ShellDataSource custom command does not send severity to custom parsers (ZEN-21928)
2.5.7
  • Fix Windows traceback during zenpack install (ZEN-21899)
2.5.6
  • Fix MicrosoftWindows - warning is generated if $$ is used in command datasource. (ZEN-20221)
  • Fix No event generated for failed modeling of Windows Device (ZEN-16195)
  • Fix Disabled WinRMService templates continue to event after disabling (ZEN-21603)
2.5.5
  • Fix WinRM Modeling Software Breaks if Installed Software Ends in Underscores(ZEN-20375)
  • Fix Microsoft Windows - monitoring cluster disks results in powershell error (ZEN-21325)
  • Fix Problem while executing plugin zenoss.winrm.FileSystems (ZEN-21351)
  • Fix Microsoft Windows - corrupt counters are not removed from collection (ZEN-21396)
  • Fix WinRM Polling causing partial Event Creation (ZEN-18757)
2.5.4
  • Fix Windows Service monitoring improvements
  • Fix WinRM Ping DataSource marks ping up devices down and stops all collection (ZEN-21270)
  • Fix WinCommand notification fails to run on WinRM ZP 2.5.1, 2.5.3 (ZEN-21272)
2.5.3
  • Fix Microsoft Windows - modeling cluster results in traceback error (ZEN-21242)
2.5.2
  • Fix IIS Site Failed connection when monitoring Windows Server 2012 with IIS 8.5 (ZEN-21029)
2.5.1
  • Fix MicrosoftWindows - Unbound Cluster Error when modeling cluster (ZEN-20931)
  • Fix MicrosoftWindows - list index out of range when modeling processes (ZEN-20932)
  • Fix MicrosoftWindows - Documentation typo mistakes (ZEN-20940)
2.5.0
  • Windows Service monitoring improvements
  • Added State column for MSSQL Databases
  • Improved EventLog querying to allow use of XPath XML
  • Enhancement Microsoft Windows - Update Cluster for failover cluster device (ZEN-18833)
  • Added ability to enter trusted domain information in order to use a single domain user
  • Documentation update: Microsoft Windows - zenpython causes max cpu on target machine (ZEN-20542)
  • Fix Analytics not extracting software data on windows devices (ZEN-19366)
  • Fix Zenoss Windows Monitoring Spawning Thousands of Processes on Monitored Hosts (ZEN-18770)
  • Fix Microsoft Windows ZenPack -> Blank page is displayed when open 'Instance name' link in new page for My SQL Device (ZEN-15464)
  • Fix WinRM - ProcessDataSource.py results in "list index out of range" (ZEN-18823)
  • Fix Microsoft Windows ZenPack - MSSQL Databases: Unable to monitor any databases if any databases have ' in name (ZEN-18838)
  • Fix Microsoft Windows - Remove file systems with 0.00B Used/Free Bytes in File Systems component (ZEN-19213)
  • Fix Microsoft Windows - Cluster event is in Unknown class (ZEN-18835)
  • Fix Microsoft Windows - Database event is in Unknown class (ZEN-18836)
  • Fix Microsoft Windows - Provide a better message if using an event log that does not exist (ZEN-19270)
  • Fix Microsoft Windows - Remove IIS from default selected list of plugins (ZEN-19620)
  • Fix Microsoft Windows - an event " WinRS: get-clusterservice : The term 'get-clusterservice' is not recognized..." (ZEN-20138)
  • Fix Microsoft Windows - 'RecoveryModel' property is not displayed for SQL Enterprise 2005 (ZEN-20094)
  • Fix error when modeling hosts with IPv6 addresses. (ZEN-20474)
  • Fix WinRM for Windows server - Device Status should not use /Status/Ping (ZEN-19813)
  • Fix Wiki page for MicrosoftWindows ZenPack - IISAdmin service (ZEN-19300)
  • Fix WinRM Leaves Connections Open When Collection Fails Due to Native Language (ZEN-20514)
  • Fix WinRM - "The referenced context has expired" (ZEN-18115)
  • Fix Microsoft Windows - Windows cluster fails modeling for Task Scheduler traceback (ZEN-20438)
2.4.9
  • Fix Windows ZenPack - Cluster device does not add cluster nodes as devices on model (ZEN-19085)
  • Fix WinService - "list index out of range" error (ZEN-19452)
2.4.8
  • Fix Microsoft Windows Zenpack - MSSQLSERVER service shows as down but received event saying db instance was down (ZEN-19323)
2.4.7
  • Fix Microsoft Windows ZenPack - no data returned for databases in MSSQLSERVER default instance (ZEN-19282)
  • Fix Microsoft Windows ZenPack - services are not being monitored (ZEN-19284)
2.4.6
  • Fix Microsoft Windows ZenPack doesn't create events for MS SQL Jobs/Instances (ZEN-18680)
  • Fix WinRM Polling causing partial Event Creation (ZEN-18757)
  • Fix Microsoft Windows - Connection count is high (ZEN-18947)
  • Fix Microsoft Windows: DCDiag reports Access Denied during tests (ZEN-19188)
2.4.5
  • Fix MSSQL Components Generate Clear Event When PowerShell Script Fails (ZEN-18234)
  • Fix WinRM ZenPack missing thresholds which should be available out-of-box (ZEN-16024)
  • Fix Microsoft Windows - modeling MSSQLSERVER instance on 2012 cluster does not return databases, jobs, backups (ZEN-18811)
  • Fix Microsoft Windows ZenPack - WinMSSQL plugin breaks modeling (ZEN-18533)
  • Windows 2003 will no longer be supported
2.4.4
  • Fix extra points being sent into "Windows Shell" datasource parsers. (ZEN-18049)
  • With the ending of support by Microsoft for Windows 2003, this is the last version of the ZenPack to support Windows 2003.
2.4.3
  • Fix Port Checker in Microsoft Windows ZP 2.4.2 Results in Errors (ZEN-17893)
2.4.2
  • Fix poor performance of SQL Server monitoring of large number of databases. (ZEN-17535)
  • Fix poor performance of SQL Server modeling of large number of databases. (ZEN-17669)
2.4.1
  • Fixed Data from MS Exchange monitoring template is written to MSExchangeIS service component (ZEN-17566)
2.4.0
  • Added DCDiag tests for Active Directory monitoring
  • Added Port checking ability for Active Directory and other monitoring
  • Improved Kerberos error messages
  • Improved Custom Command feedback from Powershell scripts (ZEN-16834)
  • Improved automatic selection of device class monitoring templates to be run (ZEN-17059)
  • Fix Windows service datasource does not clear collection errors (ZEN-16802)
  • Fix EventLogDatasource ignores $max_age (ZEN-16564)
  • Fix Event Log Datasource does not escape tab characters (ZEN-15911)
  • Fix EventLogDataSource processes events from newest to oldest (ZEN-16565)
  • Fix WindowsEventLog will continuously fetch the same events generating false positives if the last event doesn't contain a message/summary (ZEN-17366)
  • Fix IIS-Request Rate graph should be removed from Graphs as it was divided into two (ZEN-17045)
  • Fix txwinrm: Wrong number of arguments given (ZEN-16790)
  • Fix Some software is missing after model (ZEN-16574)
  • Fix OperatingSystem Modeler Broken (ZEN-16799)
  • Fix WinRM Software Modeler Parsing Traceback (ZEN-16224)
  • Fix Windows Zenpack Impact relationships are inconsistent (ZEN-16796)
  • Fix WinRM ZenPack missing thresholds which should be available out-of-box (ZEN-16024)
  • Fix No event generated for failed modeling of Windows Device (ZEN-16195)
  • Fix Microsoft Windows bad counter events in wrong event class (ZEN-16558)
  • Fix link is absent on Owner Node for Cluster/Services and Resources components (ZEN-15784)
  • Fix Microsoft Windows bad counter events in wrong event class (ZEN-16558)
  • Fix No event generated for failed modeling of Windows Device (ZEN-16195)
  • Fix WinRM ZenPack missing thresholds which should be available out-of-box (ZEN-16024)
  • Fix Microsoft.Windows - link is absent on Owner Node for Cluster/Services and Resources components (ZEN-15784)
  • Fix New Windows ZenPack - Working with templates throws 'NoneType' exception (ZEN-17318)
  • Fix Microsoft.Windows - unable to model device using Kerberos authentication on Centos 5 (ZEN-16546)
  • Fix Cannot "View and edit details" on datasource Windows Eventlog (ZEN-17240)
2.3.2
  • Fix traceback during Software modeling (ZEN-16224)
  • Fix Event Log datasource ignoring max age field (ZEN-16564)
  • Fix Event log datasource does not escape tab characters (ZEN-15911)
  • Fix wrong number of arguments given (ZEN-16790)
  • Fix Powershell script not showing feedback on Custom Command datasource (ZEN-16834)
  • Fix traceback during Operating System modeling (ZEN-16799)
2.3.1
  • Fix significant memory leak when using kerberos authentication. (ZEN-16261)
  • Support "Wow6432Node" uninstall key for software inventory. (ZEN-16574)
2.3.0
  • Update Windows Service monitoring template to allow for monitoring by start mode
  • Fix memory leak with kerberos
  • Fix moving device to a different class
2.2.1
  • Fix Windows 2003 modeling/monitoring
  • Add log message during install
  • Re-authenticate through kerberos if connection is broken
  • Small bug fixes
2.2.0
  • Payload encryption over kerberos connections
  • Updated Events to use Get-WinEvent cmdlet
  • Updated Software modeler to query registry instead of Win32_Product
  • Updated FileSystems to show mapped network drives and mounted volumes
  • Support for Zenoss Analytics
  • Numerous bug fixes
2.1.3
  • Zenoss 5 compatibility fixes.
2.1.2
  • Added WinCommand notification action
  • Support for monitoring fail-over clustered MSSQL instances
  • Support for monitoring Windows event logs
  • Numerous bug fixes
2.1.0
  • Support for Service Impact
  • Support for Microsoft Exchange 2010 and Microsoft Exchange 2013
  • Ability to monitor Microsoft SQL Server using Windows Authenticated user
  • Fix Exchange 2007 counters
  • Fix cluster and node relationship
  • Fix virtual network adapter monitoring
2.0.3
  • Reduce possibility of gaps in perfmon collection. (ZEN-10600)
  • Add zWinRMServerName property. (ZEN-9712)
  • Support for IIS 7-8 without IIS 6 compatibility.
  • Honor sequence in process monitoring. (ZEN-10777)
  • Fix cluster modeling for long server names. (ZEN-10572)
  • Support TALES in Windows Shell custom command script. (ZEN-10426)
  • Fix custom parser issue with Windows Shell datasource. (ZEN-10365)
  • Handle null software install date. (ZEN-10361)
  • Handle null process socket designation. (ZEN-10360)
  • Model interface speed as integer. (ZEN-9608)
  • Change WinRS success events from info to clear severity.
  • Fix leaking of active operations on Windows server.
  • Add missing counter details to missing counter events.
  • Fix Windows Shell collection on empty results.
  • Fix Windows Perfmon collection with cycletime > 600.
2.0.2
  • Fix build issue that made ZenPack unavailable from catalog.
2.0.1
  • Eliminate need for manual kerberos configuration on Enterprise Linux 5. (ZEN-9389)
  • Fix "WinServiceLog: failed collection" error. (ZEN-9607)
  • Provide more helpful error if AllowUnencrypted is disabled. (ZEN-9524)
2.0.0
  • Initial release of new Windows support using WinRM instead of DCOM/RPC.

Installation

Normal Installation (packaged egg)

  1. Download the appropriate egg file for the version of Zenoss you are running.
  2. Ensure you are logged in as the zenoss user:
    $ sudo su - zenoss
  3. Install the ZenPack:
    $ zenpack --install ZenPacks.zenoss.Microsoft.Windows-*.egg
  4. Restart these services:
    $ zenoss restart

Developer Mode Installation

In order to do a development mode installation you will want to clone the existing git repository, and then use the --link flag with the zenpack command:

  1. Ensure you are logged in as the zenoss user:
    $ sudo su - zenoss
  2. Start by cloning the upstream repository:
    $ git clone https://github.com/zenoss/ZenPacks.zenoss.Microsoft.Windows.git
  3. Next, perform the installation:
    $ zenpack --link --install ZenPacks.zenoss.Microsoft.Windows
  4. Finally, restart these serivices:
    $ zenoss restart

Discuss

Purplemarker.png New: Don't forget to add yourself to the Zenoss User Map!

blog comments powered by Disqus