Windows Express Scan
Overview Copied
AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.
Windows Express Scan provides a configuration wizard to guide you through and quickly discover Windows Active Directory computer objects (Hosts) within a given domain and automatically import them into Opsview Monitor.
Windows Express Scan Copied
Hosts discovered by the Windows Express Scan will be imported into the following Host group Structure:
Opsview > Automonitor > Windows Express Scan > {Domain} > {Hostname}
The scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:
- Network - Base
- OS - Windows Base Agentless
- Application - Microsoft Hyper-V Server Agentless
- Application - Microsoft IIS Agentless
- Database - Microsoft SQL Database States Agentless
- Database - Microsoft SQL Performance Agentless
- Database - Microsoft SQL System Agentless
- Application - Microsoft DNS Agentless
- Application - Microsoft Exchange - Status
- Application - Microsoft Exchange - Mailflow
- Application - Microsoft Exchange - Database
- Application - Microsoft Exchange - Client Connectivity
Prerequisites Copied
In order to access the AutoMonitor Application and run a Windows Express Scan, the following permissions are required:
Note
Depending on your organisation structure, you may prefer to not give user permissions to CONFIGUREHOSTGROUPS and/or have access to the Opsview Host Group. In this case, you need to create the Host Group Structure in advance (Opsview > Automonitor > Windows Express Scan > {Domain}) and provide access only to the Domain Host Group to the user(s) running a Windows AutoMonitor Scan.
Domain credentials: Copied
- Directory-level permission to perform
PowerShell Get-ADComputer
command on the Active Directory server. - Access right to run
PowerShell Get-WindowsFeature
command on the discovered servers/hosts. - Access right to run
PowerShell Get-Service
command on the discovered servers/hosts and permission to see the Microsoft Exchange Service in order to discover its presence on a server. - Access right to run
PowerShell Get-ChildItem
command and access to read the IIS path to find details of the Microsoft IIS Service. - Permission to read Windows Registry (using the
RegistryKey.OpenRemoteBaseKey
method) to inspect Microsoft SQL properties.
Note
If the Domain Account does not have the right permissions, Windows Express Scan will be limited in its ability to determine what services can be monitored.
Running a Scan Copied
AutoMonitor Windows Express Scan feature is accessible from the Configuration > AutoMonitor menu. When selecting this option you will be presented with the following screen:
Select Windows to start with the AutoMonitor Windows Express configuration wizard.
-
In the first step of the configuration wizard (Windows > Input your domain name), as per the screen shown below, you need to enter your Active Directory Domain name. Note that if you are using Kerberos authentication then this should be the same as the realm and is case sensitive.
-
Then click on Next.
-
In the second step of the configuration wizard (Windows > Choose Active Directory Server), as per the screen shown below, you need to enter the following information:
-
Windows Active Directory Server: Fully qualified domain name (FQDN) or IP address of one of your Windows Active Directory Servers
-
Account Name and Password: Credentials for a Domain username with Active Directory access rights. (Just the username, neither
Domain\Username
norusername@domain
, e.g.opsviewadmin
). This username will be used to inspect Hosts and allocate relevant Host Templates
Once you have entered the relevant information for the required fields, the “Start Scan” button will be enabled for you to proceed when you are ready to start the scan.
When you start the scan, it will first validate the information you have entered by attempting to connect to the Active Directory server using the following Authentication Methods (from the most secure to the least secure):
- Secure Kerberos (SSL)
- Secure Basic (SSL)
- Kerberos (non-SSL)
If the credentials are invalid/fail to be authorised, the following error message will be displayed:
If the Connection timed out - service did not respond
message appears, this indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded, that there is a network outage or there are no appropriate firewall rules in place. Alternatively, a “Connection has timed out” error indicates some other operational error has occurred during the authentication process.
Upon successful authorisation, the Scan starts by interrogating the Active Directory server for a list of hosts to scan. It then proceeds to scan those hosts to discover what services they are running, and therefore which host templates should be applied. Once the scan has started the progress bar will be displayed which indicates how many of the discovered hosts have been scanned:
As the scan is being carried out, it can be aborted by hovering over the Abort
button which displays a panel to confirm the aborting of the scan. Once the Yes
button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.
If an unrecoverable error occurs during the scan, the following error page will be displayed:
A connection timed out
message indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded or that there is a network outage. Alternatively, a “Sorry there was an error that we can’t identify” message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than 1-hour the scan will time out and show this error message.
If such errors occur, you can click Try again to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.
When the scan completes the following screen will be displayed:
At this point, you can click on Apply changes to trigger a system reload and start monitoring the scanned hosts. Clicking on New will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:
Clicking View log will display a detailed list of the steps completed by the scan:
If the scan fails for some reason, View log is a good way to help diagnose the problem.
Once the scan has finished, you can see the pending hosts by clicking the Host Settings link. It is worth noting at this point, you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check (e.g. Microsoft Exchange username and passwords).
Host Certificates Copied
The AutoMonitor scan does not use certificates for host checking. However several of the service checks do use certificates for host identification checks.
You should upload your certificates to the location below because if the scan used SSL for authentication, the AutoMonitor Scan overrides the WINRM_TRANSPORT variable in the host configuration to use the following filename for the Certificate Authority PEM file:
/opt/opsview/monitoringscripts/etc/certs/<AD domain>
The Certificate Authority and/or host certificates for the imported hosts can be placed in this folder and should be owned by user root, group opsview and mode 0440.
Note
In a clustered environment (multiple clusters/collectors) these certificates need to be uploaded to the Master Monitoring Server and all collectors. The easiest way to do this is to upload the certificate(s) to the Master Monitoring Server and stored in the location mentioned above. Then use the sync_monitoringscripts playbook to copy to the collectors.
Considerations Copied
AutoMonitor Windows Express Scan now supports running on Master Monitoring Server or one of the Clusters. The cluster on which the scan is run is selected by an algorithm that probes the connectivity to the AD server being scanned and selects the Cluster that has the best connection. Once selected, the imported hosts are then monitored by the cluster that discovered them.