Bobcares
Client Area
Emergency Support
Latest | Server Management

Service Not Listed in WMI Wizard in Nagios – How to resolve

by | May 15, 2021

While running WMI wizard in Nagios, we often notice that not all the services in the server are listed in it.

Nagios supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.

As a part of our Server Management Services, we help our customers with Nagios-related errors regularly.

Let us today discuss the possible reasons and fixes for it.

What makes Service Not Listed in WMI Wizard in Nagios

Windows Management Instrumentation (WMI) allows for agentless monitoring of Windows machines. At times, when running the Windows WMI wizard, it does not find all the services on the server.

Some of the common reasons for this behavior include:

  1. The lower value of Truncate Output Length
  2. The user account used for WMI does not have SERVICE_QUERY_STATUS (LC) permissions on the service.

Let us now discuss the possible methods to fix this error.

Solutions to fix Service Not Listed in WMI Wizard in Nagios

The first solution here is to try increasing the Truncate output length.

In Nagios XI, wizards can be used to perform the configuration of hosts and services through the Web UI. Wizards take the complicated matter of creating hosts and services, defining configuration parameters, assigning contacts, contact groups, host groups, service groups, etc, into an easy 6 step form in the Nagios XI UI. ]

In WMI wizard, there is a field called Truncate Output Length. Try increasing this value to a larger number such as 65536 and see if the wizard displays the service we are trying to monitor.

The second solution would be to add SERVICE_QUERY_STATUS (LC) permissions to our Windows machine. For this, we can follow the steps below:

On the Windows machine in a command prompt (with Administrator permissions), execute the following command:

wmic useraccount where name='wmiagent' get sid

That command assumed the user account for WMI is wmiagent.

The output will be something like this:

SID
S-1-5-21-3480785720-802978297-2857457638-1002

This is the SID number.

Now execute the following command to get the current security descriptor (SD) for the service, this command is going to query the WinDefend service.

sc sdshow WinDefend

Thus, the output will be something like:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

In the SD string, you can see it begins with D: and has sets of access control lists (ACL) which are separated by round brackets ().

We will also see there is an S: section that also has ACLs which are separated by round brackets ().

Now, we need to add an entry to the end of the D: section that contains our SID:

(A;;LC;;;<SID>)

For example, using the SID above:

(A;;LC;;;S-1-5-21-3480785720-802978297-2857457638-1002)

We need to insert it to the end of the SD after the last ACL before S: using the example above it looks like:

D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LC;;;S-1-5-21-3480785720-802978297-2857457638-1002)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Now that we have altered the SD, execute the following command using our new SD. This applies the SD on the WinDefend service:

sc sdset WinDefend D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU)(A;;LC;;;S-1-5-21-3480785720-802978297-2857457638-1002)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

After executing the command, we should re-run the configuration wizard and see if the problem is resolved.

If the above solutions do not resolve our problem, then we may need to look at an alternative agent like NCPA to perform our monitoring.

[Need any further assistance to fix Nagios errors? – We’re available 24*7]

Conclusion

In short, Service may not get listed in WMI Wizard in Nagios due to reasons like lower value of Truncate Output Length or insufficient permission of the user account. Today, we saw how our Support Engineers fix this error.

Related posts:

  1. How to send test SNMP trap in Nagios
  2. Alerting On Log Events With Nagios Log Server
  3. Configure SSL/TLS in Nagios Log Server – How do we do it
  4. Configure filters in Nagios log server – How we do it

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. How to send test SNMP trap in Nagios
  2. Alerting On Log Events With Nagios Log Server
  3. Configure SSL/TLS in Nagios Log Server – How do we do it
  4. Configure filters in Nagios log server – How we do it

Never again lose customers to poor
server speed! Let us help you.

GET STARTED