OS - WinRM Agentless Opspack
WinRM Agentless contains base Windows checks common to all Windows machines.
What You Can Monitor Copied
This Opspack allows you to monitor the status of Windows Updates.
Service Checks Copied
| Service Check | Description |
|---|---|
| Windows Updates | Check for pending Windows updates |
Prerequisites Copied
To use this Opspack, your Windows host must first be configured for Powershell Agentless Monitoring.
Setup Windows Host for Monitoring Copied
By default, Windows hosts will not allow remote PowerShell scripts to run,, which is required for Opsview Agentless Monitoring plugins to work.
This can be configured manually by the Windows Host administrator, or automatically using our recommended approach by running the ConfigureRemoting.ps1 Powershell script on the Windows Host.
Powershell Agentless Monitoring requires at least version 5.0 of Powershell. Check the Powershell version on your Windows Host by running:
$PSVersionTable.PSVersion
Run the ConfigureRemoting.ps1 script with Administrator privileges using a Powershell terminal. This will configure firewall rules, self-signed SSL certificates and authentication for PowerShell remoting.
Check this has been configured properly by running:
winrm quickconfig
You should get the following output:
WinRM service is already running on this machine.
WinRM is already set up for remote management on this computer.
By default, port 5985 must be opened from the Opsview monitoring server to the Windows host you wish to check. WinRM utilises the HTTP/HTTPS protocol and can be configured to use certificates to secure the data in transit.
Ensure the service is listening by running:
For HTTP: netstat -an | findstr 5985
For HTTPS: netstat -an | findstr 5986
When using basic authentication with WinRM, the following commands must also be run on the windows host:
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'
If you receive a 500 error, which is a known issue on Windows Server 2016, you may need to install WinRM-IIS-Ext. You can do so by running the following command:
Add-WindowsFeature winrm-IIS-Ext
Setup and Configuration Copied
Add the Host Template Copied
Add the OS - Windows WinRM Base Agentless Host Template to your Opsview Monitor host.
Note
For more information, refer to the documentation on Adding Host Templates to Hosts.
Add and configure variables required for this host Copied
| Variable | Description |
|---|---|
| WINRM_TRANSPORT | Used for authenticating with the remote host. The Value is the Authentication Transport Type - must be one of: Basic, Certificate, Kerberos or NTLM. NOTE: CredSSP is not supported. Override the Username and Password with the credentials to be used for authentication with the remote host. Scheme can be overridden to make the check use HTTP (defaults to https). Extra arguments can be used to pass extra arguments to check_by_winrm.py. If Basic or NTLM authentication is being used, then no further configuration than entering the name into the value needs to occur. |
| KERBEROS_REALM | Only required if authenticating using Kerberos. The Value is the Kerberos realm. |
Note
For more information, refer to the documentation on Adding Variables to Hosts.
Setting up Certificates Copied
Opsview Cloud
For Opsview Cloud customers, please contact ITRS Support for assistance with these steps, as they require Orchestrator access.
To use a Certificate for the authentication of WinRM, first, move it to the same directory on all Opsview machines running checks. Set the value of WINRM_TRANSPORT’s Extra Args to -c PATH_OF_CERTIFICATE.pem. This allows the script to use the certificate for authentication.
Apply Changes Copied
Apply Changes and the system will then be monitored:
Plugin help Copied
Secure Args
Thecheck_by_winrm.pyplugin uses the Secure Args feature for argument passing.