SiteScope User's Guide

Monitoring Remote NT Servers

Today's business networks are often a mix of applications and services that may be run on more than one operating systems. Monitoring operation and performance across multiple platforms is both imperative and a challenge. SiteScope can monitor systems and services running on remote Windows servers for a large number of statistics without the installation of agent software on each server. This includes monitoring server resource such as CPU, Disk Space, Memory, and services as well as Windows specific Performance Counter data.

This section describes:

• About Monitoring Remote NT Servers
• About Remote NT Server Connection Profiles
• About Setting Domain Privileges for SiteScope Monitoring
• The Remote NT Servers Table
• Adding a Remote Windows Server Profile
• Technical Notes on Remote NT Monitoring
• Troubleshooting NT Event Log Access on Remote NT Servers
• Using Perfex for Troubleshooting Remote NT Connections

About Monitoring Remote NT Servers

SiteScope can monitor many applications independent of the platform they are run on by using Internet and other standard protocols such as SMTP, FTP, LDAP, and so forth,. These types of systems and services can usually be monitored by sending requests using these platform-independent protocols. For example, checking that a Web server is responsive can be done using by making HTTP requests such as used by URL monitor types.

An important part of effective system monitoring involves monitoring resources at the server level. This is usually done by running commands specific to the operating system running on the server. This level of monitoring can be done using a login connection to the remote server.

SiteScope automates monitoring of server resources on remote NT servers by running tools that access data on the remote machine. To do this SiteScope must be able to establish a connection to the servers you want to monitor and be authenticated as a user having permissions to permission to access the NT performance registry on the remote machine.

For SiteScope running on Windows NT/2000, there are two methods for enabling SiteScope to monitor data on remote Windows NT/2000 servers:

• Define an individual Remote NT Server connection profile for each server
• Permit SiteScope to access remote servers by setting domain privileges

These two methods are described in the following sections.

About Remote NT Server Connection Profiles

Monitoring of remote NT server data requires authenticated access to the remote server. A Remote NT Server connection profile provides the necessary address and login credentials for SiteScope to login to a remote server and to access the NT performance registry on that remote machine. To be able to use this method you will also need to create or modify a user account on the remote server that corresponds with the connection method and login permissions used in the SiteScope connection profile for that server. This applies for monitoring servers running Windows NT/2000 from SiteScope running on Windows NT/2000 and when using an SSH connection from SiteScope running on UNIX.

About Setting Domain Privileges for SiteScope Monitoring

SiteScope for Windows NT/2000 will automatically populate a list of servers that are visible in the local domain for selection for the Choose Server page for monitor types that require that a server be specified. SiteScope running on Windows may be able to use this list to monitor remote NT/2000 servers without having to create individual connection profiles for each server. There are three options that can be used to enable monitoring in this environment:

1. Set the SiteScope service to run as a user in the Domain Admin group - By default SiteScope is installed to run as a Local System account. You can set the SiteScope Service to log on as a user with domain administration privileges. This will give SiteScope access to monitor server data within the domain.
2. Add the server where SiteScope is running to the Domain Admin group in ActiveDirectory (for Windows 2000 or later). With this option, the SiteScope Service is set to log on as a Local System account but the machine where SiteScope is running is added to a group having domain administration privileges.
3. Edit the registry access permissions for all machines in the domain to allow non-admin access. See the Microsoft Knowledge Base Article - 158438 for details on Enabling Non-Admin Users to Remotely Monitor with PERFMON. This option requires changes to the registry on each remote machine that you want to monitor. This means that while the list of servers in the domain will include all machine in the domain, only those where the registry has been modified can be monitored without use of a connection profile.

After you provide the necessary domain administration privileges or define a remote NT connection profile, you can create monitors to watch the resources and performance counters for that server. Multiple monitors can use the same connection profile.

The Remote NT Servers Table

You use the Remote NT Servers table to view and manage profiles for connecting to and monitoring services and resources on remote servers running Microsoft Windows NT/2000 operating systems. From the General Preferences page click the Remote NT link under the navigation bar at the top of the page. This brings up the Remote NT Servers page which lists in table format the currently defined remote NT server profiles. The following is an example of the Remote NT Servers page showing several server connection profiles.

The Remote NT Servers Table lists the following information on the currently defined server connection profiles.

Name

This shows the optional name assigned to the server definition. The default name is the server address.

Server

This item indicates the server address or UNC name.

Status

This column displays information regarding the connectivity with this server. The connection status message is from the most recent test of connectivity either when the server profile was created or using the Test feature in the Remote Servers Table.

OS

This shows the operating system that was defined for the server. For NT remote machines, this will be displayed as NT.

Method

The Method drop-down list shows the connection method used to connect to the remote machine. For NT remotes this may be either NetBIOS or SSH. Secure Shell connectivity with WIndows NT machines requires that SSH libraries be installed on each machine you want to connect to. See the notes on Connection Method below for more information.

Edit

Click the Edit link to edit the specifications for communicating with the subject server.

Test

Click the Test link to test communication with the subject server.

Del

Click the X in this box to delete the subject server definition.

Index

Adding a Remote Windows Server Profile

You can add remote NT server profile by choosing the Add a Remote Machine link below the Remote NT Servers Table. This brings up the Add Remote NT Server page. The following is an example of the Add Remote Server page for adding a connection to a remote Win NT/2000 machine.

To create a remote server definition, you need to provide the following information:

NT Server Address

The IP address or UNC style name of the NT server you wish to monitor. An IP hostname will also work provided that the SiteScope server has a way to resolve this common name into an IP address (for example, by the use of a hosts file, DNS, or WINS/DNS integration).

To use the same login credentials to configure multiple servers at the same time, enter the server addresses separated by commas. For example, if you are using NetBIOS to connect to other servers in an NT domain, you can enter a comma-separated string of server addresses such as: \\server1,\\server2,\\server3,\\server4. When you complete the other required entries on the form and click Add Remote NT Server, SiteScope creates a new remote connection profile for each server address in the list.

Note: When adding multiple servers in a single operation, SiteScope does not automatically test connectivity with each server. You can use the Test links in the Remote NT Server Table to test connectivity after the profiles have been added.

Connection Method

SiteScope can use one of two connection types for monitoring remote NT server resources. These are:

• NetBIOS - the default server-to-server communication protocol for Windows NT and 2000 networks.
• SSH - Secure Shell, a more secure communication protocol that can be installed on Windows NT/2000 based networks. This connection method normally requires installing SSH libraries on each server to which you want to connect. See the document on Secure Shell in the Advanced SiteScope Topics section for more information

Login

The login for the remote server. If the server is within the same domain as the SiteScope machine, include the domain name in front of the user login name. For example: domainname\user. If you are using a local machine login account for machines within or outside the domain, include the machine name in front of the user login name. For example: machinename\user.

Password

The password for the remote server or the passphrase for the SSH key file. Note: When using SSH authentication with public/private key based authentication enter the passphrase for the identity file here.

Title

A name by which the remote machine should be known. This name will appear in the drop-down list.

Trace

Check this box to have trace messages to and from the subject server recorded to the SiteScope RunMonitor.log file.

Index

SSH Advanced Options

The SSH Advanced Options section presents a number of settings and options for configuring SSH connections to remote NT/2000, UNIX, and Linux servers. Use of the SSH connection method requires installation and configuration of SSH clients and daemons. See the section on SiteScope Monitoring via Secure Shell (SSH) for more information on how to configure SiteScope for monitoring via SSH.

SSH Client

The client to use for this connection. The currently supported clients are:

Client	Description
Internal Java Libraries	Connect using the Java SSH client integrated with SiteScope.
Plink/External SSH Client	Connect using an external SSH client. On NT, SiteScope ships with Plink on UNIX or Linux SiteScope will use an installed client such as OpenSSH.

Port

Enter the port that the remote SSH server is listening on.

Disable Connection Caching

Check this option to turn off connection caching for this remote. By default SiteScope caches open connections.

Connection Limit

This setting controls the number of open connections that SiteScope will allow for this remote. If you have a large number of monitors configured to use this connection then set this number high enough to relieve the potential bottleneck. Note: This setting does not effect the running of tests for a remote, tests will always create a new connection.

SSH Authentication Method

The authentication method to use for SSH connections. The currently supported methods are:

Authentication	Description
Password	Authenticate using a password.
Key File	Authenticate using public/private key authentication. When this option is selected SiteScope uses the private key in the file SiteScope/groups/identity to authenticate. The corresponding public key must be listed in the authorized_keys file on the remote host. See the document on Secure Shell in the Advanced SiteScope Topics section for more information on SSH requirements.

Key File for SSH connections

Select the file that contains the private key for this connection. The default key file is SiteScope\groups\identity. This setting only applies when the authentication method is Key File .

SSH Version 2

Check this option to force SiteScope to use SSH protocol version 2 only. This option only applies when using the integrated Java Client in SiteScope. See the section on Configuring SSH Using an External Client for information on configuring an external SSH client to use SSH2 protocol.

Custom Commandline

Enter a custom commandline for a remote using the External Client. This option can be used when needing to pass specific options to the external client being executed. Valid substitution variable are

• $root$ : This will be translated to the SiteScope directory.
• $user$ : This will be translated to the username entered into the remote.
• $password$ : This will be translated to the password entered into the remote.
• $host$ : This will be translated to the hostname entered into the remote.

Use the following steps to add a remote NT server profile to SiteScope.

To add a Remote NT Server profile

1. Click the Remote NT link on the SiteScope navigation menu. The Remote NT Servers page is displayed.
2. Click the Add a Remote Machine link below the Remote UNIX Servers table. The Add Remote Server page is displayed.
3. Enter the address to the remote server you want to be able to connect to in the Server Address box.
4. Select the operating system that is running on the remote server using the drop down menu for the OS box.
5. Select the connection method for this profile using the drop down menu for the Connection Method box. For SiteScope running on Windows NT/2000 this can be either NetBIOS or SSH. For SiteScope running on UNIX you will need to use SSH to connect to remote NT servers.
6. Enter the login user name and password in the fields provided for the login account that has been created on the remote server.
7. Enter an optional Title used to identify this connection profile in other parts of SiteScope. If you do not provide a title, the server address is used.
8. Select the Add and Test radio button to add and test the connection profile or select the Add Only radio button to only add the profile without testing.
9. Click the Add Remote Server button to complete the action.

After defining the server for SiteScope, you can have SiteScope test the settings by clicking on the Test link for the applicable server in the Remote NT Server table.

Index

Technical Notes on Remote NT Monitoring

The following is additional information relating to the setup of and troubleshooting SiteScope monitoring of remote Windows NT, Windows 2000, and Windows 2003 servers:

A general troubleshooting step in working with remote NT servers with SiteScope for Windows NT/2000 is to connect to remote machine using Perfmon. If a connection can not be made using this tool there is likely a problem involving the user access permissions that have been granted to the SiteScope account on the remote server. SiteScope requires certain administrative permissions to be able to monitor server statistics.

For security reasons, SiteScope may not be allowed to use the permissions of a full administrator account. SiteScope can be granted restricted monitoring access by editing certain Windows Registry Keys. See the Enabling Non-Admin Users to Remotely Monitor with PERFMON support note on the Microsoft support site for more information.

When you need to monitor a server which is a stand-alone server or not part of a domain already visible to the SiteScope server, try entering the machine name followed by a slash and then the login name in the Login box. For example, loneserver\sitescope.

Some problems have been found when trying to monitor Windows 2000 servers from SiteScope running on Win NT4. In many cases the problem involves incompatibility of the DLL's used by the operating system to communicate between the servers.

Troubleshooting NT Event Log Access on Remote NT Servers

Problem
When viewing remote NT event logs or getting alerts relating to monitoring a remote NT machine, you see:
The description for Event ID ( XXXX ) in Source ( XXXX ) could not be found. It contains the following insertion string(s):
The operation has completed successfully.

Cause:
When you view the event log on a computer from a remote computer, if the required registry keys (and referenced files) are not present on the remote computer, SiteScope is unable to format the data; hence it displays the data in a generic format.

Resolution:
The required registry entries and DLL files must be copied to the remote computer on which the event viewer application is being run. Follow these steps to get the remote registry entries and DLL files onto the local SiteScope machine:

1. Locate on the remote machine which event you are not getting properly in SiteScope by finding the entry in the Event Viewer. Write down the information for the event id, source and description. (For example, Source: MSExchangeSA , Event ID: 5008, Description: The message tracking log file C:\exchsrvr\tracking.log\20020723.log was deleted.)
2. The open the: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application and click the Source (that is, MSExchangeSA)
3. Click the EventMessageFile and write down the data for where that DLL is located. (that is, C:\EXCHSRVR\bin\madmsg.dll)
4. Now, you need to locate the DLL on the remote and copy it to the SiteScope machine. You can copy this one of two ways:
   1. The Initlog.exe utility, in the "BackOffice Resource Kit, Second Edition," can be used to copy the required registry entries from the Exchange Server computer to the remote computer. This utility can also copy the required DLL files if you are logged on to Windows NT with an account that has Administrator privilege on the Exchange Server computer. (See Microsoft Article Q184719), OR
   2. Using ftp, mail, etc to get the file to your local drive.
5. SiteScope uses the data from the EventMessageFile field in step 3 to determine where to find the DLL on the local machine. So, you must create the same folder structure as in step 3 and place the file in that directory. Otherwise, you can change the directory structure to say c:\Windows\System32 (SiteScope looks in the ADMIN$ by default on the remote machine) and place the DLL In that folder but you MUST have this structure and DLL on BOTH machines. Also, if you do this, you will need to update the registry in step 3 to reflect the directory the DLL is in.

Using Perfex for Troubleshooting Remote NT Connections

Use the following steps to view the data is being returned when SiteScope is trying to access the remote registry:

1. Open a command window on the SiteScope server.
2. Change directory to the <SiteScope install path>\SiteScope\tools directory.
3. Type in the following command line:
   perfex \\MACHINE -u username -p password -d -elast "Application"

   This command will give you the number of entries in your Application log. For example:

     Connected to \\ex-srv as int-ss
     Next Record: 2369
   

4. Usually, you will want to list only the last 10 or 12 events in order to find the one you are looking for. For this example, the command is:

   perfex \\MACHINE -u username -p password -d -elog "Application" 2355 | more

   This will produce a lot of output so go through each entry until you find the one you need.

5. Once you find the record you are looking for, note the Record id for easier searching next time when using the command in Step 3.
6. This output will tell you what data SiteScope is receiving. For the example given, the following is an example of the data that typically would be returned:
   

   Type: Information
   Time: 02:00:24 08/01/102
   Source: MSExchangeMTA
   ID: 298
   Category: 1
   Record: 2342
   Machine: EX-SRV
   FILE=C:\EXCHSRVR\res\mtamsg.dll
   REMOTE FILE=
   String 835050d is: MTA
   Next String 835054d is: OPERATOR
   Next String 83505dd is: 34
   Next String 835060d is: 0
   Next String 835062d is:
   File: C:\EXCHSRVR\res\mtamsg.dll
   Remote Path:
   calling FormatMessage()
   Formatted Message 142 bytes long
   Raw message is: The most current routing information has been
   loaded by the  MTA,and a text copy was saved in the file
   GWART0.MTA. [MTA  OPERATOR 34 0] (12) Message: The most
   current routing information has been loaded by the  MTA,
   and a text copy was saved in the file GWART0.MTA.
   [MTA  OPERATOR 34 0] (12)
   
   The file path is where the remote file is being found.
   If you copy the DLL to the WINDOWS\SYSTEM,
   you will see the File and remote file path like this:
   Type: Information
   Time: 03:15:00 08/01/102
   Source: MSExchangeIS Public
   ID: 1221
   Category: 6
   Record: 2350
   Machine: EX-SRV
   FILE=C:\WINNT\SYSTEM32\mdbmsg.dll
   REMOTE FILE=\\ex-srv\ADMIN$\SYSTEM32\mdbmsg.dll
   String 835054d is: 0
   Next String 835056d is:
   File: C:\WINNT\SYSTEM32\mdbmsg.dll
   Remote Path: \\ex-srv\ADMIN$\SYSTEM32\mdbmsg.dll
   LOADING LIB REMOTE: \\ex-srv\ADMIN$\SYSTEM32\mdbmsg.dll
   calling FormatMessage()
   Formatted Message 89 bytes long
   Raw message is: The database has 0 megabytes of free space
   after online  defragmentation has terminated.
   Message: The database has 0 megabytes of free space after
   online  defragmentation has terminated.
   

Copyright © 2004 Mercury Interactive Corporation.
All rights reserved.

Documentation comments or suggestions?
Please send feedback to documentation@merc-int.com