Windows Express Scan

Overview of AutoMonitor Windows Express Scan

Overview

AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.

Windows Express Scan provides a configuration wizard to guide you through and quickly discover Windows Active Directory computer objects (Hosts) within a given domain and automatically import them into Opsview Monitor.

Windows Express Scan

Hosts discovered by the Windows Express Scan will be imported into the following Host group Structure:
Opsview > Automonitor > Windows Express Scan > {Domain} > {Hostname}

The scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:

  • Network - Base
  • OS - Windows Base Agentless
  • Application - Microsoft Hyper-V Server Agentless
  • Application - Microsoft IIS Agentless
  • Database - Microsoft SQL Database States Agentless
  • Database - Microsoft SQL Performance Agentless
  • Database - Microsoft SQL System Agentless
  • Application - Microsoft DNS Agentless
  • Application - Microsoft Exchange - Status
  • Application - Microsoft Exchange - Mailflow
  • Application - Microsoft Exchange - Database
  • Application - Microsoft Exchange - Client Connectivity

Pre-Requisites

In order to access the AutoMonitor Application and run a Windows Express Scan, the following permissions are required:

📘

Depending on your organisation structure, you may prefer to NOT give user permissions to CONFIGUREHOSTGROUPS and/or have access to the Opsview Host Group. In this case, you need to create the Host Group Structure in advance (Opsview > Automonitor > Windows Express Scan > {Domain} ) and provide access only to the Domain Host Group to the user(s) running a Windows AutoMonitor Scan.

Domain Credentials:

  • Directory-level permission to perform PowerShell Get-ADComputer command on the Active Directory server
  • Access right to run PowerShell Get-WindowsFeature command on the discovered servers/hosts
  • Access right to run PowerShell Get-Service command on the discovered servers/hosts and permission to see the Microsoft Exchange Service in order to discover its presence on a server
  • Access right to run PowerShell Get-ChildItem command and access to read the IIS path to find details of the Microsoft IIS Service
  • Permission to read Windows Registry (using the RegistryKey.OpenRemoteBaseKey method) to inspect Microsoft SQL properties.

📘

If the Domain Account DOES NOT have the right permissions, Windows Express Scan will be limited in its ability to determine what services can be monitored

Running a Scan

AutoMonitor Windows Express Scan feature is accessible from the Configuration > AutoMonitor menu. When selecting this option you will be presented with the following screen:

970970

Select Windows to start with the AutoMonitor Windows Express configuration wizard

  • In the first step of the configuration wizard (Windows | Input your domain name), as per the screen shown below, you need to enter your Active Directory Domain name. Note that if you are using Kerberos authentication then this should be the same as the realm and is case sensitive.
  • Then click on Next
10491049
  • In the second step of the configuration wizard (Windows | Choose Active Directory Server), as per the screen shown below, you need to enter the following information:
10201020
  • Windows Active Directory Server: Fully qualified domain name (FQDN) or IP address of one of your Windows Active Directory Servers
  • Account Name and Password: Credentials for a Domain username with Active Directory access rights. (Just the username, neither Domain\Username nor [email protected], e.g. opsviewadmin). This username will be used to inspect Hosts and allocate relevant Host Templates

Once you have entered the relevant information for the required fields, the "Start Scan" button will be enabled for you to proceed when you are ready to start the scan.

10131013

When you start the scan, it will first validate the information you have entered by attempting to connect to the Active Directory server using the following Authentication Methods (from the most secure to the least secure):

  • Secure Kerberos (SSL)
  • Secure Basic (SSL)
  • Kerberos (non-SSL)

If the credentials are invalid/fail to be authorised, the following error message will be displayed:

979979

If the Connection timed out - service did not respond message appears, this indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded, that there is a network outage or there are no appropriate firewall rules in place. Alternatively, a "Connection has timed out" error indicates some other operational error has occurred during the authentication process.

10071007

Upon successful authorisation, the Scan starts by interrogating the Active Directory server for a list of hosts to scan. It then proceeds to scan those hosts to discover what services they are running, and therefore which host templates should be applied. Once the scan has started the progress bar will be displayed which indicates how many of the discovered hosts have been scanned:

966966

As the scan is being carried out, it can be aborted by hovering over the Abort button which displays a panel to confirm the aborting of the scan. Once the Yes button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.

444444

If an unrecoverable error occurs during the scan, the following error page will be displayed:

987987

A "connection timed out" message indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded or that there is a network outage. Alternatively, a "Sorry there was an error that we can't identify" message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than 1-hour the scan will time out and show this error message.

If such errors occur, you can click "Try again" to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.

When the scan completes the following screen will be displayed:

10011001

At this point, you can click on "Apply changes" to trigger a system reload and start monitoring the scanned hosts. Clicking on "New" will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:

986986

Clicking "View log" will display a detailed list of the steps completed by the scan:

883883

If the scan fails for some reason, "View log" is a good way to help diagnose the problem.

Once the scan has finished, you can see the pending hosts by clicking the "Host Settings" link. It is worth noting at this point, you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check (e.g. Microsoft Exchange username and passwords).

Host Certificates

The AutoMonitor scan does not use certificates for host checking. However several of the service checks do use certificates for host identification checks.

You should upload your certificates to the location below because if the scan used SSL for authentication, the AutoMonitor Scan overrides the WINRM_TRANSPORT variable in the host configuration to use the following filename for the Certificate Authority PEM file:

/opt/opsview/monitoringscripts/etc/certs/<AD domain>

The Certificate Authority and/or host certificates for the imported hosts can be placed in this folder and should be owned by user root, group opsview and mode 0440.

📘

Note:

In a clustered environment (multiple clusters/collectors) these certificates need to be uploaded to the Master Monitoring Server and ALL collectors. The easiest way to do this is to upload the certificate(s) to the Master Monitoring Server and stored in the location mentioned above. Then use the sync_monitoringscripts playbook to copy the files to all of the collectors.

Considerations

  • AutoMonitor Windows Express Scan now supports running on Master Monitoring Server or one of the Clusters. The cluster on which the scan is run is selected by an algorithm that probes the connectivity to the AD server being scanned and selects the Cluster that has the best connection. Once selected, the imported hosts are then monitored by the cluster that discovered them.