Windows Express Scan

Overview Copied

AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.

Windows Express Scan provides a configuration wizard to guide you through and quickly discover Windows Active Directory computer objects (Hosts) within a given domain and automatically import them into Opsview Monitor.

Windows Express Scan Copied

Hosts discovered by the Windows Express Scan will be imported into the following Host group Structure:
Opsview > Automonitor > Windows Express Scan > {Domain} > {Hostname}

The scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:

Prerequisites Copied

In order to access the AutoMonitor Application and run a Windows Express Scan, the following permissions are required:

Note

Depending on your organisation structure, you may prefer to not give user permissions to CONFIGUREHOSTGROUPS and/or have access to the Opsview Host Group. In this case, you need to create the Host Group Structure in advance (Opsview > Automonitor > Windows Express Scan > {Domain}) and provide access only to the Domain Host Group to the user(s) running a Windows AutoMonitor Scan.

Domain credentials: Copied

Note

If the Domain Account does not have the right permissions, Windows Express Scan will be limited in its ability to determine what services can be monitored.

Running a Scan Copied

AutoMonitor Windows Express Scan feature is accessible from the Configuration > AutoMonitor menu. When selecting this option you will be presented with the following screen:

Run a scan

Select Windows to start with the AutoMonitor Windows Express configuration wizard.

Once you have entered the relevant information for the required fields, the “Start Scan” button will be enabled for you to proceed when you are ready to start the scan.

When you start the scan, it will first validate the information you have entered by attempting to connect to the Active Directory server using the following Authentication Methods (from the most secure to the least secure):

If the credentials are invalid/fail to be authorised, the following error message will be displayed:

Windows credentials error

If the Connection timed out - service did not respond message appears, this indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded, that there is a network outage or there are no appropriate firewall rules in place. Alternatively, a “Connection has timed out” error indicates some other operational error has occurred during the authentication process.

Windows connection timed out

Upon successful authorisation, the Scan starts by interrogating the Active Directory server for a list of hosts to scan. It then proceeds to scan those hosts to discover what services they are running, and therefore which host templates should be applied. Once the scan has started the progress bar will be displayed which indicates how many of the discovered hosts have been scanned:

Windows scanning

As the scan is being carried out, it can be aborted by hovering over the Abort button which displays a panel to confirm the aborting of the scan. Once the Yes button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.

Abort scan

If an unrecoverable error occurs during the scan, the following error page will be displayed:

Windows scan error

A connection timed out message indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded or that there is a network outage. Alternatively, a “Sorry there was an error that we can’t identify” message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than 1-hour the scan will time out and show this error message.

If such errors occur, you can click Try again to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.

When the scan completes the following screen will be displayed:

Windows scan completed

At this point, you can click on Apply Changes to trigger a system reload and start monitoring the scanned hosts. Clicking on New will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:

Clicking View log will display a detailed list of the steps completed by the scan:

Log for Windows Express Scan

If the scan fails for some reason, View log is a good way to help diagnose the problem.

Once the scan has finished, you can see the pending hosts by clicking the Host Settings link. It is worth noting at this point, you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check (e.g. Microsoft Exchange username and passwords).

Host Certificates Copied

The AutoMonitor scan does not use certificates for host checking. However several of the service checks do use certificates for host identification checks.

You should upload your certificates to the location below because if the scan used SSL for authentication, the AutoMonitor Scan overrides the WINRM_TRANSPORT variable in the host configuration to use the following filename for the Certificate Authority PEM file:

/opt/opsview/monitoringscripts/etc/certs/<AD domain>

The Certificate Authority or host certificates for the imported hosts can be placed in this folder using the orchestratorimportscripts helper tool. This command line tool will place the certs in the correct directory and signal that you need to execute the Apply Changes action in the Opsview Monitor user interface. For example, after giving your certificate file a filename matching your AD domain:

sudo -u opsview /opt/opsview/orchestrator/bin/orchestratorimportscripts etc-certs /path/to/cert/source/<AD domain>

Note

In a clustered environment (multiple clusters and collectors) these certificates should be distributed to ALL collectors. To do this, after following the steps above, run the Apply Changes process to copy to the collectors.

If you want to manage certificates in a sub-folder of /opt/opsview/monitoringscripts/etc/certs, the orchestratorimportscripts tool can also be pointed at a directory structure to replicate that in the right location with the right permissions. Then update the WINRM_TRANSPORT host variable paths and run an Apply Changes.

Considerations Copied

AutoMonitor Windows Express Scan now supports running on Master Monitoring Server or one of the Clusters. The cluster on which the scan is run is selected by an algorithm that probes the connectivity to the AD server being scanned and selects the Cluster that has the best connection. Once selected, the imported hosts are then monitored by the cluster that discovered them.

["Opsview On-premises"] ["User Guide"]

Was this topic helpful?