Windows SNMP Service has missing tabs

So by now, you have gone though the process of installing the Windows SNMP Service  but when trying to configure, you realize that there are missing tabs!

2019-04-19 08_34_56-Window

This is a relatively simple but obnoxious change that seems to have changed from previous Windows versions and 2016.

To fix this, simply run the following command from a Windows Command prompt:

> Dism /online /enable-feature /featurename:Server-RSAT-SNMP /ALL

2019-04-23 16_06_55-Screen clipping taken_ 4_19_2019 9_10 AM - OneNote

This will install the complete features for the SNMP service and in the end will give you the familiar looking screen with all the tabs.

2019-04-19 14_15_34-Window

Install and configure SNMP in Windows

In order to configure a Windows Server for Monitoring (Discovery / Inventory and Alert Processing), first we have to install the SNMP service.

By default, it is turned off or not installed on most operating systems.

Installation Instructions for the Windows SNMP Service

  1. Open Server Manager
  2. Click on Add Roles and Features
    2019-04-19 13_47_02-Window
  3. Click Next (this will be a summary page)
  4. Click Next (by default, Role-based or feature-based installation
  5. Click Next (by default, it will select the server you are running the wizard on)
    2019-04-19 13_50_16-Window
  6. Click next on the Roles wizard (we are not installing a role)
  7.  Under Features, expand “Remote Server Administration tools  > Feature Administration Tools ” and select “SNMP Tools” then click Next
    2019-04-19 13_53_33-Window
  8. Click Install on the “Confirm installation selections “
  9. Click Close on the “Installation Progress”

The installation will take a couple of minutes to complete. After this, the SNMP service will be visible on the Services console.

2019-04-19 14_00_27-Window

Alternatively, you can also install the SNMP Service using Windows PowerShell:

Get-WindowsFeature SNMP-Service

 

Configuration instructions for the Windows SNMP Service

To configure the Windows SNMP service for SNMPv1/v2, there are two main tabs we will focus on. These are “Security” and “Traps”.

Security is to configure the SNMP agent, while, as the name states, Traps is to configure the SNMP destination for SNMP generated traps.

  1. Start by configuring the agent. First, click on Security and enter the community string under “Accepted Community Names”. In most instances, a “Read-Only” rights configuration will suffice.
  2. If this will be your host using for monitoring, select  “Accept SNMP packets from any  host”. Otherwise, specify which hosts to accept SNMP packets from.
    2019-04-19 14_15_34-Window
  3. Next, is configuring the trap destination. This configuration is done under Traps.  You will need to enter the community string and a destination IP (or DNS name) to where any generated alerts will be sent to.
    2019-04-19 14_18_10-Window

Once the above steps are completed, click OK. Then, right click on the SNMP service and click restart for settings to take effect.

At this point, you should be able to go to your Management Station (Monitoring Utility or Software) and inventory and monitor this Windows Server by providing the SNMP agent community String.

SNMP in terms of System Management

The Simple Network Management Protocol (SNMP for short) has two aspects.

One, is as an agent, which allows the device that is running SNMP to be discovered and inventoried by a Monitoring Agent. (Port 161)

The second, allows to send traps to a Monitoring Agent via port 162.

For our purposes, we won’t go into all the specifics of SNMP, just that it can be used by a Monitoring Software for discovery/ inventory and alert processing. More specifics can be found here:

https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol 

That being said, here are some pieces of how SNMP can be leveraged in multi-operating system environments:

Unrecognized / Unsupported Operating System or Architecture – OMSA install

Previously we discussed how to install Dell OpenManage Server Administrator on a Linux Server using the installation script ./setup.sh.

This can lead to the following error on Non-RHEL system (yes, even if they are RHEL variants). For this example, I used the packaged version of Dell  OMSA to install on a Linux CENTOS 7.5 M420 blade.

# ./setup.sh
Unrecognized / Unsupported Operating System or Architecture. This script cannot
continue with the installation. Select rpms from the OS folder in
the media that closely matches this Operating System to continue
with the manual install.

The way to install OMSA if you are getting this error, is to by-pass the script. One way to do it (for a typical install) is to change to the RPM directory (after extracting the OMSA tar.gz file) and install all available RPMS.

For example:

# cd Downloads/OMSA/linux/RPMS/supportRPMS/srvadmin/RHEL7/x86_64/

and then installing all available packages:

# rpm -ivh *.rpm
Preparing... ################################# [100%]
Updating / installing..

Once this is completed, the Dell OpenManage Server Administrator application will be installed on your system.

The rest of the steps will be the “usual”, such as starting the OMSA services and adding port 1311 to your firewall exceptions.

Configure AD using RACADM on Dell RAC 7/8/9

Active Directory Integration in a Dell Remote Access Cards is relatively simple.

One requirement to watch out for, is the need of Active Directory root certificate on your Active Directory Server.  Without it, many devices and appliances will be unable to communicate with your AD Server, as is the case of Dell RACs and OpenManage Enterprise

There are multiple ways to configure Active Directory integration, such as RACADM, through the Web Interface, via Template deployments, and even scripts that leverage RACADM or the Redfish REST API.

In this example, I will show a relatively straightforward way of configuring your Dell RAC for integration with AD.

Note: The commands below can be executed from a “Remote” Command Line, however, for simplicity’s sake, I have connected to the DRAC using SSH.

How to configure AD using RACADM

Pre-configuration Steps:

Check if AD has ever been configured. This is just for reference only to get an idea of what is configured on the environment already or may have been misconfigured.

Obtain Active Directory information for the Domain Controller and Global Catalog

#racadm get IDRAC.ActiveDirectory.DomainController1
#racadm get IDRAC.ActiveDirectory.DomainController2
#racadm get IDRAC.ActiveDirectory.GlobalCatalog1
#racadm get IDRAC.ActiveDirectory.GlobalCatalog2

Obtain Group information

Check if group has been configured for the DRAC to authenticate against AD
#racadm get IDRAC.ADGroup.1.Name

Configuration steps:

These steps will overwrite any settings that were found using the commands provided above.

The example commands below have the following settings:

  • DC Host Name: WIN-1HRHC8JTEF5.Sysman.local
  • DNS/Global Catalog Server: 10.0.157.231 (Same as Domain controller)
  • Domain Sysman.local

In most instances, the Domain Controller (DC) has the role of Global Catalog (GC) server and has the domain information.

 

Enable and Configure the DRAC for Active Directory

1. Enable AD
#racadm set IDRAC.ActiveDirectory.Enable 1
[Key=IDRAC.Embedded.1#ActiveDirectory.1]
Object value modified successfully
2. Specify DC
#racadm set IDRAC.ActiveDirectory.DomainController1 WIN-1HRHC8JTEF5.Sysman.local
[Key=IDRAC.Embedded.1#ActiveDirectory.1]
Object value modified successfully
3. Specify Global Catalog
#racadm set IDRAC.ActiveDirectory.GlobalCatalog1 WIN-1HRHC8JTEF5.Sysman.local
[Key=IDRAC.Embedded.1#ActiveDirectory.1]
Object value modified successfully

Configure the DRAC for AD Standard Schema integration

4. Standard Schema Setting
#racadm set iDRAC.ActiveDirectory.Schema 2
[Key=iDRAC.Embedded.1#ActiveDirectory.1]
Object value modified successfully

Configure Standard Schema Settings (group)

5. Specify the Group to authenticate with to  your AD server
#racadm set IDRAC.ADGroup.1.Name "Domain Admins"
[Key=IDRAC.Embedded.1#ADGroup.1]
Object value modified successfully
6. Configure the Domain Group in the DRAC
/admin1-> racadm set IDRAC.ADGroup.1.Domain Sysman.local
[Key=IDRAC.Embedded.1#ADGroup.1]
Object value modified successfully
7. Set Admin privilege level, in this case, as an admin role
#racadm set iDRAC.ADGroup.1.Privilege 0x1ff
[Key=iDRAC.Embedded.1#ADGroup.1]
Object value modified successfully

Set user Domain

8.  This will allow your domain as the default log on selection (optional)
#racadm config -g cfgUserDomain -i 1 -o cfgUserDomainName Sysman.local
Object value modified successfully

Troubleshooting

This section has information on what things to look if there are problems logging after following the steps provided above.

Ensure the DRAC is enrolled to a DNS server to resolve names, such as the domain name Fully Qualified Name (FQDN)

1. Enter Domain Name Server IP Address for name resolution
#racadm config -g cfgLanNetworking -o cfgDNSServer1 10.0.157.231
Object value modified successfully
2. Register DRAC on DNS
#racadm config -g cfgLanNetworking -o cfgDNSRegisterRac 1
Object value modified successfully

Additional Settings

1. Change the root account password to prevent unauthorized access (this depends on your user account index #)
# racadm config -g CfgUserAdmin -o CfgUserAdminPassword -i 2 P@ssw0rd
Object value modified successfully
2. Configure Certificate validation if you will be providing an AD certificate for authentication
#racadm -config -g cfgActiveDirectory -o cfgADCertValidationEnable 1

Additional Troubleshooting Notes:

If there are issues logging on with AD credentials, run the “Test AD settings” option through the DRAC GUI under Directory Services .

Also, ensure that the Group Name for the user in the IDRAC AD configuration page is using the same capitalization as the Group Name from the Domain Controller. This is the only part that I have found to be case sensitive.

 

How to Setup a Windows NFS Share to use with a Linux Appliance

interoperability betwen Linux and Windows environments has long been a matter of endless discussions and quite a bit of confusion.

NFS shares in Linux just seem to work, as in the case (mostly) of CIF shares in Windows.  However, getting Windows to have a proper NFS share that communicates with a Linux appliance can bie a bit of a headache.

I explain below what sections to allow for this to work correctly.  By default, NFS shares are not an option in Windows, so there’s a bit of work involved.

Install NFS role in Windows

  1. Install NFS role for Server in Server Manager
  2. Go to Server Manager > File and Storage Services > Shares

Configure a NFS Share in Windows

  1. Right click and create a new share  – In this example, I created one labeled “3111” on my c: drive
  2. Create the share with the following settings
    1. Authentication – Disable all Kerberos authentication, and ensure “allow unmapped user access by UID” is selected
    2. Share Permissions – whitelist your Linux appliance ip address
    3. NTFS permissions – give “Everyone” full control

Manual installation of Dell OpenManage Server Administrator in Linux

Dell OpenManage Server Adminitrator is a utility that allows to manage a standalone sever. Some of its features are the ability  to check firmware and driver versions, as well as configuration of BIOS settings, Remote Access Card (DRAC) and Storage Configuration.

In this guide, we will show a simple straightforward of installing the application in a RHEL/RHEL variant environment.

Download Information

Find an appropriate package, such as 9.1 https://downloads.dell.com/FOLDER04637708M/1/OM-SrvAdmin-Dell-Web-LX-9.1.0-2757_A00.tar.gz

Note: The appropriate version for your system will vary by OS version and System type. The product information page can be found here: https://www.dell.com/support/article/us/en/19/sln312492/openmanage-server-administrator-omsa?lang=en 

Download Instructions

  1. SSH to your Linux host
  2. Make a directory for the installation and switch to it. For example, I will switch to the root user account and make a OMSA directory on my Downloads path
    #su root
    # cd ~
    #cd Downloads
    #mkdir OMSA 
    #cd OMSA/
  3. Use WGET command to download the tar.gz package
 #wget https://downloads.dell.com/FOLDER04637708M/1/OM-SrvAdmin-Dell-Web-LX-9.1.0-2757_A00.tar.gz

 

Installation instructions

  1. First, find the name of the file that you have downloaded. This can be done by running the ls command to do a listing
    > ls
  2. Decompress the file using the tar command. On the file name, you can use tab to autocomplete the name of the package to be extracted
    #  tar -xvf OM-SrvAdmin-Dell-Web-LX-9.1.0-2757_A00.tar.gz
  3. Once the package is decompressed, you should see a setup file. In linux, most commonly it will be listed as a filename with the extension *.sh. For example
  4. #./setup.sh
  5. At this point, the installation will be like any typical program. There will be options for a typical installation, or customized installation. For most purposes, a typical installation is recommended.
  6. If you assumed that OMSA would install this easy on a RHEL variant, think again! However, look no further, here’s what you can do if you get an error that you are trying to install on an unsupported system. 

 

Post installation instructions

  1. Start the Dell OpenManage Server Administrator services.
    #services/opt/dell/srvadmin/sbin/srvadmin-services.sh start
  2. Dell OpenManage opens a webserver on port 1311. This port will need to be added to the Linux firewall
    #firewall-cmd --zone=public --add-port=1311/tcp --permanent
    #firewall-cmd --reload

At this point, you should be able to browse the OpenManage Server Administrator installation through any browser using the system’s ip address and port. Such as https://<hostip>:1311

In a future article, I will show how to to leverage Dell’s System Update Utility  (DSU) to install the OpenManage Server Administrator package.

How to Configure SNMP on ESX 5.x and 6.x

Looking at a ESX SSH CLI prompt can be a bit daunting for us folk who grew up with “Windows GUI’s”. One problem that I’ve often ran into in ESX monitoring from Third party utilities, is that the documentation and even terminology can be a bit confusing.

This is a simple straightforward way of configuring SNMP and trap forwarding to a Third Party monitoring utility.

Enable SSH in the ESX Host

  • In Vcenter, select your host. 
  • Once the host is selected, click on the Configure tab
  • Click Security Profile on the left menu
  • Scroll down to Services and click Edit

2019-04-12 00_36_23-vSphere Web Client

SNMP Configuration:

  1. First check if SNMP is already configured:
    #esxcli system snmp get

    2019-04-12 00_50_31-How To_ Configure SNMP on ESX - OneNote
  2. If SNMP is not configured most settings will show blank. We will start  by setting the community name (in this example we use public).
    Note: SNMP community strings are case sensitive 
    #  esxcli system snmp set -c public
  3. Configure the SNMP Agent to Send SNMP v1 or v2c Traps to your monitoring agent’s host IP using the following command:  esxcli system snmp set –targets target_address@port/community.
    Note: SNMP traps by default are sent on port 162
  4. # esxcli system snmp set -t 10.0.157.180@162/public
  5. Enable the SNMP service on the ESX host
    # esxcli system snmp set --enable true
  6. Verify SNMP is configured correctly via the GET command
    # esxcli system snmp get
    2019-04-12 00_54_13-How To_ Configure SNMP on ESX - OneNote
  7. Finally, end a test trap from your ESX host to the monitoring agent host
    #  esxcli system snmp test

    2019-04-12 00_56_01-How To_ Configure SNMP on ESX - OneNote

At this point, you should be able to go to your monitoring agent software and check that the test trap is received. 

Our next article will show how to configure and test a SNMPv3 trap. Stay tuned!

Reference: https://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.monitoring.doc/GUID-EA64297A-35FD-4226-A1B2-367C57D38CBD.html

Introduction

Isupedia is a site created to provide tips regarding Systems Management products. This includes out of band, in band monitoring through one to many server management applications, appliances and integration solutions.

Managing a multi-server environment can be a daunting and difficult task due to multi-layer configurations. My goal is to simplify this tasks by proving how to guides, tips, tricks and experiences.

I work for a international support company and deal with many of this technologies day in and day out. While there may be multiple ways to configure environments, I hope the information provided here will make your work life easier.

Sincerely,

Miguel Chavez