×


Service Not Listed in WMI Wizard in Nagios - Fix it Now ?

Sometimes while running WMI wizard in Nagios, we often notice that not all the services in the server are listed in it.

Nagios supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Nagios queries.

In this context, we shall look into methods to fix Server Monitoring issues.


Reasons for Service Not Listed in WMI Wizard in Nagios

Windows Management Instrumentation (WMI) allows for agentless monitoring of Windows machines. At times, when running the Windows WMI wizard, it does not find all the services on the server.

Some of the common reasons for this behavior include:

  • The lower value of Truncate Output Length.
  • The user account used for WMI does not have SERVICE_QUERY_STATUS (LC) permissions on the service.


How to fix Service Not Listed in WMI Wizard in Nagios ?

The first solution here is to try increasing the Truncate output length.

In Nagios XI, wizards can be used to perform the configuration of hosts and services through the Web UI. Wizards take the complicated matter of creating hosts and services, defining configuration parameters, assigning contacts, contact groups, host groups, service groups, etc, into an easy 6 step form in the Nagios XI UI.

In WMI wizard, there is a field called Truncate Output Length. 

Try increasing this value to a larger number such as 65536 and see if the wizard displays the service we are trying to monitor.

The second solution would be to add SERVICE_QUERY_STATUS (LC) permissions to our Windows machine. 

For this, we can follow the steps below:

On the Windows machine in a command prompt (with Administrator permissions), execute the following command:

wmic useraccount where name='wmiagent' get sid

That command assumed the user account for WMI is wmiagent.

The output will be something like this:

SID
S-1-5-21-3480785720-802978297-2857457638-1002

This is the SID number.


Now execute the following command to get the current security descriptor (SD) for the service, this command is going to query the WinDefend service:

sc sdshow WinDefend

Thus, the output will be something like:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

In the SD string, you can see it begins with D: and has sets of access control lists (ACL) which are separated by round brackets ().

We will also see there is an S: section that also has ACLs which are separated by round brackets ().

Now, we need to add an entry to the end of the D: section that contains our SID:

(A;;LC;;;<SID>)

For example, using the SID above:

(A;;LC;;;S-1-5-21-3480785720-802978297-2857457638-1002)

We need to insert it to the end of the SD after the last ACL before S: using the example above it looks like:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LC;;;S-1-5-21-3480785720-802978297-2857457638-1002)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Now that we have altered the SD, execute the following command using our new SD. This applies the SD on the WinDefend service:

sc sdset WinDefend D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LC;;;S-1-5-21-3480785720-802978297-2857457638-1002)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

After executing the command, we should re-run the configuration wizard and see if the problem is resolved.

If the above solutions do not resolve our problem, then we may need to look at an alternative agent like NCPA to perform our monitoring.


[Need urgent assistance in fixing Nagios errors? – We're available 24*7. ]


Conclusion

This article covers methods to tackle Service Not Listed in WMI Wizard in Nagios. Basically, Service may not get listed in WMI Wizard in Nagios due to reasons like lower value of Truncate Output Length or insufficient permission of the user account. Windows Management Instrumentation (WMI) is a part of Windows operating systems and can provide management data and operational information about those system. WMI can be used to automate administrative tasks on remote Windows-based computers. Nagios Core and Nagios XI are capable of monitoring Windows machines via WMI. .


To Check the permissions of the files, use this command:

ls -ls /tmp/*.state

Here you can see that the root user/group is the owner of the file:

-rw-r--r-- 1 root root 91 Apr 24 16:10 /tmp/cwpss_checkcpu__1025143___.state

The simplest option is to delete the files with this command:

rm -rf /tmp/*.state