SNMP Service Setup and SNMP Trap Setup

The most efficient way to monitor Windows Servers is to use SNMP.  The monitoring of Windows Server 2003/2008/2008 R2 performance requires the proper setup of SNMP.  SNMP is used to monitor a server for example the monitoring software makes a request to a remote server’s current CPU usage.  A SNMP trap is generated by the client being monitored when a certain event occurs for example when a hard drive corruption event log error is generated.  The previous event log spawns an SNMP trap that was setup in evntwin.   SNMP is polled by the monitoring server while an SNMP trap is generated by the client.  The SNMP Trap Service cannot be running on the server doing the monitoring, but must be setup on the clients being monitored.   The monitoring server has an snmp trap listener which takes up TCP port 162.  That is why you cannot use the snmp trap service on the monitoring server. The SNMP service must be configured properly on the client servers being monitored.

 

This batch file script below will install SNMP on Windows Server 2008/2012:

Dism.exe /online /enable-feature /featurename:SNMP
Dism.exe /online /enable-feature /featurename:"WMISnmpProvider"

If SNMP was just installed hit F5 to refresh and close services.msc and reopen.  Sometimes the needed snmp configuration tabs are missing locally and a reboot of the server is needed. Alternatively, connect from another computer’s services.msc.  The SNMP service is installed from the Add Remote Programs Add Components in Windows Server 2003 and Add Features in Server Manager for Windows Server 2008/2008 R2.   I add the SNMP WMI option as well when installing.   SNMP service is configured from services.msc.

Services SNMP Service

Right Click on “SNMP Service” and click on properties

SNMP Service Agent Tab

Click on Agent Tab and check mark all services.

Type in the Contact and Location of the Server.

SNMP Service Trap Tab

Type the community name you use at your organization, or use public. (community is case sensitive)

Click on “Add to list”

Click on “Add…”

Type in the monitoring server IP Address or host name of the monitoring server (This is the server with the monitoring software installed WhatsUp Gold, Nagios, OpsView etc.).

SNMP Service Security Tab

Check mark send authentication trap

Add the community name used previously (community is case sensitive)

Click on “Accept SNMP packets from these hosts”

Click on Add and type in the host name or IP address of the monitoring server (The server with monitoring software installed).

Click on Apply

Click on OK

Restart the SNMP Service

Restart the SNMP Trap Service

Make the SNMP Trap Service Auto Start

Repeat these steps on every server you wish to be monitored using SNMP and SNMP Traps.  The last step is to review what you want to monitor.  On the clients needing to be monitored if you want to setup SNMP traps then you can change the SNMP trap service startup type to automatic and start the service.

On the server with the monitoring software installed (WhatsUp, etc.) the SNMP Service is configured as specified above except that the Traps tab can be ignored and the SNMP trap service needs to be disabled.

 

Command to Install SNMP on Windows Server 2008:

servermanagercmd -install SNMP-Services

 

SNMP Configuration using GPO:

You can configure SNMP settings already without an ADM under Computer Configuration > Admin Templates > Network > SNMP

  • Trap destination server (server name) under the traps tab in the SNMP services
  • Accepted community names under the security tab can be set but with only read only rights
  • Under the traps tab, the community name is still set to public and cannot be changed in a GPO

To setup more options you can use the ADM below:

<code id="questionCommentsViewCode20-23154137-207324">CLASS MACHINE

	CATEGORY "Custom Windows Settings"

		CATEGORY "SNMP"

		POLICY "Communities"
			KEYNAME "Software\Policies\SNMP\Parameters\ValidCommunities"

			EXPLAIN !!SNMP_ListCommunities_Help

			PART "NAME1 Community" DROPDOWNLIST NOSORT

			VALUENAME "NAME1"
				ITEMLIST
					NAME "Remove NAME1 community" VALUE DELETE DEFAULT
					NAME "NONE" VALUE NUMERIC 1
					NAME "NOTIFY" VALUE NUMERIC 2
					NAME "READ-ONLY" VALUE NUMERIC 4
				END ITEMLIST
			END PART        

			PART "KRYSADMIN Community" DROPDOWNLIST NOSORT

			VALUENAME "KRYSADMIN"
				ITEMLIST
					NAME "Not added" VALUE DELETE DEFAULT
					NAME "NONE" VALUE NUMERIC 1
					NAME "NOTIFY" VALUE NUMERIC 2
					NAME "READ ONLY" VALUE NUMERIC 4
					NAME "READ WRITE" VALUE NUMERIC 8
				END ITEMLIST
			END PART

		END POLICY

		POLICY "Agent Service"
			KEYNAME "System\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent"

			EXPLAIN !!SNMP_AgentServices_Help

			PART "Agent Service List" DROPDOWNLIST NOSORT

			VALUENAME "sysServices"
				ITEMLIST
					NAME "Applications, Internet, End-to-End (DEFAULT)" VALUE NUMERIC 76 DEFAULT
					NAME "Physical, Applications, Internet, End-to-End" VALUE NUMERIC 77
					NAME "Physical, Applications, Datalink and Subnetwork, Internet, End-to-End" VALUE NUMERIC 79
					NAME "Physical, Applications, End-to-End" VALUE NUMERIC 73
				END ITEMLIST
			END PART

		END POLICY

	END CATEGORY
END CATEGORY

[strings]
SNMP_ListCommunities_Help="Enables a pre-defined list of communities (public & admin) to be given permissions.\n\nNote: This setting will 'Enable' the Communities policy found under Administrative Templates -> Network -> SNMP. Do not amend this or anything else to that policy if you use this one.\n\nSNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.\n\nA valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.\n\nIf you enable this setting, the SNMP agent only accepts requests from management systems within the communities it recognizes and gives them the relevant permissions you specify.\n\nIf you disable or do not configure this setting, the SNMP service takes the Valid Communities configured on the local computer instead.\n\nBest Practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.\n\nNote: This setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP settings: "Permitted Managers" and "Trap Configuration" found under Administrative Templates -> Network -> SNMP."
SNMP_AgentServices_Help="Sets which services are enabled on the SNMP Agent.\n\nPhysical = Manages physical devices such as Hard Disk Partitions\n\nApplication = Should always be Enabled\n\nDatalink Subnetwork = Computer manages a Bridge\n\nInternet = Computer functions as an IP Gateway (router)\n\nEnd-to-End = Computer functions as an IP Host. Should always be Enabled\n\nSNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.\n\nBest Practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.\n\nNote: This setting has no effect if the SNMP agent is not installed on the client computer.\n\nAlso, see the other two SNMP settings: "Permitted Managers" and "Trap Configuration" found under Administrative Templates -> Network -> SNMP."

 
Alternatively you can use a registry file to set your SNMP settings, or setup one server and extract “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters” from regedit. “regedit /s FILENAME.reg” can be used to script the loading of the registry settings:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters]
"NameResolutionRetries"=dword:00000010
"EnableAuthenticationTraps"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers]
"1"="localhost"
"2"="MONITORING_SERVER_NAME"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\RFC1156Agent]
"sysServices"=dword:0000004f
"sysLocation"="LOCATION"
"sysContact"="ADMINISTRATOR_EMAIL_ADDRESS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration\CASE_SENSITIVE_SNMP_COMMUNITY_NAME]
"1"="MONITORING_SERVER_NAME"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities]
"CASE_SENSITIVE_SNMP_COMMUNITY_NAME"=dword:00000004

 

REM Script to finish setup and apply SNMP settings
sc \\SERVER_NAME config  SNMPTRAP start=auto
sc \\SERVER_NAME stop SNMP
sc \\SERVER_NAME start SNMP
sc \\SERVER_NAME start SNMPTRAP

How to remotely install SNMP via a script: http://www.questiondriven.com/2015/04/26/install-snmp-on-windows-server-2008-or-newer/

 

Resources:

Install SNMP Via Script in Windows Server 2012

http://www.questiondriven.com/2015/04/26/install-snmp-on-windows-server-2008-or-newer/

http://technet.microsoft.com/en-us/library/bb726987.aspx

SNMP Enabler from Solar Winds (Free tool that sets up multiple servers with SNMP)

http://www.youtube.com/watch?v=zbaVKbrWmkk

SNMP GPO

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_23974300.html

 

SNMP Configuration script

http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2management/thread/06b48ced-1bb1-4adf-91e1-2dc8502e0273

Linux SNMP Install/Setup

http://www.it-slav.net/blogs/2008/11/11/install-and-configure-snmp-on-rhel-or-centos/

https://help.ubuntu.com/community/SNMPAgent

http://www.linuxquestions.org/questions/linux-networking-3/how-to-enable-snmp-on-redhat-box-190277/

2 thoughts on “SNMP Service Setup and SNMP Trap Setup

  1. Pingback: Windows Server Recommended Event Log SNMP Traps | Question Driven

  2. Pingback: Windows Server 2003/2008 Event Log SNMP Traps | Question Driven

Leave a Reply

%d bloggers like this: