The most efficient way to monitor Windows Servers is to use SNMP. In this article I will go over how to install quickly, setup, and mass deploy SNMP settings.
The monitoring of Windows Server performance requires the proper setup of SNMP. SNMP is used to monitor a server for example the monitoring software makes a request to a remote server’s current CPU usage. A SNMP trap is generated by the client being monitored when a certain event occurs for example when a hard drive corruption event log error is generated. The previous event log spawns an SNMP trap that was setup in evntwin. SNMP is polled by the monitoring server while an SNMP trap is generated by the client. The SNMP Trap Service cannot be running on the server doing the monitoring, but must be setup on the clients being monitored. The monitoring server has an snmp trap listener which takes up TCP port 162. That is why you cannot use the snmp trap service on the monitoring server. The SNMP service must be configured properly on the client servers being monitored.
This batch file script below will install SNMP on Windows Server 2008/2012:
Dism.exe /online /enable-feature /featurename:SNMP Dism.exe /online /enable-feature /featurename:"WMISnmpProvider"
If SNMP was just installed hit F5 to refresh and close services.msc and reopen. Sometimes the needed snmp configuration tabs are missing locally and a reboot of the server is needed. Alternatively, connect from another computer’s services.msc. The SNMP service is installed from the Add Remote Programs Add Components in Windows Server 2003 and Add Features in Server Manager for Windows Server 2008/2008 R2. I add the SNMP WMI option as well when installing. SNMP service is configured from services.msc.
Right Click on “SNMP Service” and click on properties
Click on Agent Tab and check mark all services.
Type in the Contact and Location of the Server.
Type the community name you use at your organization, or use public. (community is case sensitive)
Click on “Add to list”
Click on “Add…”
Type in the monitoring server IP Address or host name of the monitoring server (This is the server with the monitoring software installed WhatsUp Gold, Nagios, OpsView etc.).
Check mark send authentication trap
Add the community name used previously (community is case sensitive)
Click on “Accept SNMP packets from these hosts”
Click on Add and type in the host name or IP address of the monitoring server (The server with monitoring software installed).
Click on Apply
Click on OK
Restart the SNMP Service
Restart the SNMP Trap Service
Make the SNMP Trap Service Auto Start
Repeat these steps on every server you wish to be monitored using SNMP and SNMP Traps. The last step is to review what you want to monitor. On the clients needing to be monitored if you want to setup SNMP traps then you can change the SNMP trap service startup type to automatic and start the service.
On the server with the monitoring software installed (WhatsUp, etc.) the SNMP Service is configured as specified above except that the Traps tab can be ignored and the SNMP trap service needs to be disabled.
Command to Install SNMP on Windows Server 2008:
servermanagercmd -install SNMP-Services
SNMP Configuration using GPO:
You can configure SNMP settings already without an ADM under Computer Configuration > Admin Templates > Network > SNMP
- Trap destination server (server name) under the traps tab in the SNMP services
- Accepted community names under the security tab can be set but with only read only rights
- Under the traps tab, the community name is still set to public and cannot be changed in a GPO
To setup more options you can use the ADM below:
<code id="questionCommentsViewCode20-23154137-207324">CLASS MACHINE CATEGORY "Custom Windows Settings" CATEGORY "SNMP" POLICY "Communities" KEYNAME "Software\Policies\SNMP\Parameters\ValidCommunities" EXPLAIN !!SNMP_ListCommunities_Help PART "NAME1 Community" DROPDOWNLIST NOSORT VALUENAME "NAME1" ITEMLIST NAME "Remove NAME1 community" VALUE DELETE DEFAULT NAME "NONE" VALUE NUMERIC 1 NAME "NOTIFY" VALUE NUMERIC 2 NAME "READ-ONLY" VALUE NUMERIC 4 END ITEMLIST END PART PART "KRYSADMIN Community" DROPDOWNLIST NOSORT VALUENAME "KRYSADMIN" ITEMLIST NAME "Not added" VALUE DELETE DEFAULT NAME "NONE" VALUE NUMERIC 1 NAME "NOTIFY" VALUE NUMERIC 2 NAME "READ ONLY" VALUE NUMERIC 4 NAME "READ WRITE" VALUE NUMERIC 8 END ITEMLIST END PART END POLICY POLICY "Agent Service" KEYNAME "System\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent" EXPLAIN !!SNMP_AgentServices_Help PART "Agent Service List" DROPDOWNLIST NOSORT VALUENAME "sysServices" ITEMLIST NAME "Applications, Internet, End-to-End (DEFAULT)" VALUE NUMERIC 76 DEFAULT NAME "Physical, Applications, Internet, End-to-End" VALUE NUMERIC 77 NAME "Physical, Applications, Datalink and Subnetwork, Internet, End-to-End" VALUE NUMERIC 79 NAME "Physical, Applications, End-to-End" VALUE NUMERIC 73 END ITEMLIST END PART END POLICY END CATEGORY END CATEGORY [strings] SNMP_ListCommunities_Help="Enables a pre-defined list of communities (public & admin) to be given permissions.\n\nNote: This setting will 'Enable' the Communities policy found under Administrative Templates -> Network -> SNMP. Do not amend this or anything else to that policy if you use this one.\n\nSNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.\n\nA valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.\n\nIf you enable this setting, the SNMP agent only accepts requests from management systems within the communities it recognizes and gives them the relevant permissions you specify.\n\nIf you disable or do not configure this setting, the SNMP service takes the Valid Communities configured on the local computer instead.\n\nBest Practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.\n\nNote: This setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP settings: "Permitted Managers" and "Trap Configuration" found under Administrative Templates -> Network -> SNMP." SNMP_AgentServices_Help="Sets which services are enabled on the SNMP Agent.\n\nPhysical = Manages physical devices such as Hard Disk Partitions\n\nApplication = Should always be Enabled\n\nDatalink Subnetwork = Computer manages a Bridge\n\nInternet = Computer functions as an IP Gateway (router)\n\nEnd-to-End = Computer functions as an IP Host. Should always be Enabled\n\nSNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.\n\nBest Practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.\n\nNote: This setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP settings: "Permitted Managers" and "Trap Configuration" found under Administrative Templates -> Network -> SNMP."
Alternatively you can use a registry file to set your SNMP settings, or setup one server and extract “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters” from regedit. “regedit /s FILENAME.reg” can be used to script the loading of the registry settings:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters] "NameResolutionRetries"=dword:00000010 "EnableAuthenticationTraps"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers] "1"="localhost" "2"="MONITORING_SERVER_NAME" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent] "sysServices"=dword:0000004f "sysLocation"="LOCATION" "sysContact"="ADMINISTRATOR_EMAIL_ADDRESS" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration\CASE_SENSITIVE_SNMP_COMMUNITY_NAME] "1"="MONITORING_SERVER_NAME" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities] "CASE_SENSITIVE_SNMP_COMMUNITY_NAME"=dword:00000004
REM Script to finish setup and apply SNMP settings sc \\SERVER_NAME config SNMPTRAP start=auto sc \\SERVER_NAME stop SNMP sc \\SERVER_NAME start SNMP sc \\SERVER_NAME start SNMPTRAP
How to remotely install SNMP via a script: http://www.questiondriven.com/2015/04/26/install-snmp-on-windows-server-2008-or-newer/
Install SNMP Via Script in Windows Server 2012
SNMP Enabler from Solar Winds (Free tool that sets up multiple servers with SNMP)
SNMP Configuration script
Linux SNMP Install/Setup