- 0 minutes to read

Prerequisites for the Nodinite Windows Server Monitoring Agent

This page describes the prerequisites for installing and running the Nodinite Windows Server Monitoring Agent.

graph LR subgraph "Nodinite Instance" roNI(fal:fa-monitor-waveform Windows Server Monitoring agent) end subgraph "Windows Servers" roWS(fab:fa-windows Windows Server) roNI --- roWS end subgraph "Any pingable device/server" roDevice(fal:fa-router Device) roNI -.- |Ping| roDevice end

Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink).

We recommend that you keep this agent close to Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite application server)

Verified Topic
Software Requirements
What Windows User Rights does the Windows Server Monitoring agent require?
What Firewall settings do the Nodinite Windows Server Monitoring agent require?

Software Requirements

The Windows Server Monitoring Agent is a Windows Service and is usually installed on the Nodinite application server.

Product
Windows Server Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2*
Windows 2012*
.NET Framework .NET Framework 4.8 or later New 6.0
Our recommendation is .NET Framework 4.8.1 or later
Powershell WMF 5.1 or later If you are using Windows 2012/2012 R2, you must install WMF 5.1 or later to make use of the PowerShell Monitoring feature
Web Server (IIS) - Management Tools
  • IIS Management Console
  • IIS 6 Metabase Compatibility
  • IIS 6 Management Compatibility
  • IIS 6 WMI Compatibility
  • Management Service (Please review the additional heading)

Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and later make use of the .NET Framework 4.6.2 or later.
Versions prior to 5.4 make use of the .NET Framework 4.5.2 or later.

Remote Windows Servers with IIS to monitor must have this Windows feature installed
IIS 6
If you have three servers with IIS to monitor, you must install this feature on three servers
If you see entries in the Event Log like while activating CLSID {2B72133B-3F5B-4602-8952-803546CE3344}, please review the prereqs, restart, and make sure the following settings have been applied: Setting DCOM Security to Allow a User to Access a Computer Remotely

Management Service

If the IIS is a remote server to the Monitoring Agent; You must also enable remote connections and make sure the WMSVC service is operational. Please review the Remote Administration for IIS Manager for additional details.

  1. Enable remote connections
  2. Make sure to auto-start the VMSVC service
    Management Service
    Make sure to allow remote connections and set the 'WMSVC' service to start automatically.

Enable remote connections

  1. In the IIS MMC, click on the node, then, on Management Service.
  2. Check the Enable remote connections checkbox.

Click the Apply button to persist the changes.

Apply changes
Click Apply button to persist the changes.

Set WMSVC to start automatically

The WMSVC service installs with Startup Type set to Manual, which means that the service has to be manually restarted each time the server reboots or if HTTP.sys is stopped (WMSVC depends on HTTP.sys). Set the Startup Type to Automatic if you want WMSVC to start on system boot. Do this in the Services MMC console, or using this command line in an administrative command prompt:


sc.exe config WMSVC start= auto

Supported Versions

Windows Server is ever-evolving, and Microsoft sometimes adds new functionality and/or deprecates older SDKs, methods and adjust policies. For Nodinite, this means you need to update Nodinite and our Windows Server Monitoring Agent from time to time.

Make sure to subscribe to our Release Notes.

What Windows User Rights does the Windows Server Monitoring agent require?

You will install the monitoring agent as a Windows Service, usually on the Nodinite application server. Virtual machines are supported.

Important

To be operational, the Service Account running the Nodinite Windows Server Monitoring Agent must be the local administrator on all servers to monitor.

What Firewall settings do the Nodinite Windows Server Monitoring agent require?

Depending on where on the network you install the Windows Server Monitoring Agent and the Nodinite Monitoring Service; To monitor Windows Servers, you may need different firewall configurations on other servers. The following illustration shows the agent installed on a dedicated Windows Server.

graph TD subgraph "Nodinite Instance" roMonitoringService(fal:fa-watch-fitness Monitoring Service) roNI(fal:fa-monitor-waveform Windows Server Monitoring agent) roMonitoringService --> |"TCP/HTTPS"| roNI roWS1(fab:fa-windows Local Windows Server) end subgraph "Other Windows Servers" roAzureAPI(fab:fa-windows Remote Windows Server) roNI -.-> |WMI, RPC, ...| roAzureAPI roNI --> roWS1 end

The Windows Server Monitoring Agent has both inbound and outbound communication:

  1. Between the Monitoring Service and the Windows Server Monitoring Agent
  2. Between the Windows Server Monitoring Agent and monitored Windows Server(s)
    • Local (no ports)
    • Remote ports are used

1. Between the Monitoring Service and the Windows Server Monitoring agent

The following ports must be allowed on the Windows server where the agent is installed and running:

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1 (Local network)

Port Name Inbound Outbound TCP UDP Comment
8000 RPC Communication is initiated by the Monitoring Service

Option 2 (Cloud/Hybrid)

Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.

Nodinite uses the same principle technique as the On-Premise data gateway; see 'Adjust communication settings for the on-premises data gateway' user guide.

Port Name Inbound Outbound TCP UDP Comment
443 HTTPS Secure outbound traffic
5671, 5672 Secure AMQP
9350 - 9354 Net.TCP

2. Between the Windows Server Monitoring agent and Windows Servers

There is RPC and WMI traffic between the Windows Server Monitoring Agent and the monitored Windows Servers (1..*)

graph TD subgraph "Nodinite Instance" roNI(fal:fa-monitor-waveform Windows Server Monitoring agent) roWS1(fab:fa-windows Local Windows Server) end subgraph "Other Windows Servers" roAzureAPI(fab:fa-windows Remote Windows Server) roNI -.-> |135, 445, ...| roAzureAPI roNI --> roWS1 end
Port Name Inbound Outbound TCP UDP Comment
- ICMP ICMP. NoteAs per your user configuration; apply to the device/servers to ping
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide
88 Kerberos Review 'Microsoft Kerberos' user guide
135 RPC This port is shared between many Windows Services
445 SMB, RPC/NP Windows Performance Counters Access
1024-65535 RPC dynamic ports WMI/RPC Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide

Add firewall rule

If you want to monitor the IIS, additional firewall exclusions may be required.

Please add a new firewall rule on the server to monitor to allow the dllhost.exe to accept incoming requests from the Nodinite Windows Server Monitoring Agent.

Setting Value
Rule type Inbound
Rule type Custom
Program %systemroot%\system32\dllhost.exe
Protocol TCP
Local port RPC Dynamic Ports
Remote port All Ports
Action Allow connection
Profile Domain

netsh advfirewall firewall add rule name="Remote IIS inetinfo" dir=in action=allow description="Remote IIS Service Managment" program="%systemroot%\System32\inetsrv\inetinfo.exe" enable=yes 

netsh advfirewall firewall add rule name="COM+ Remote Administration (All Programs)" dir=in action=allow description="" program="%windir%\system32\dllhost.exe" enable=yes localport=RPC protocol=tcp


Frequently asked questions

Additional solutions to common problems and the FAQ for the Nodinite Windows Server Monitoring Agent exist in the Troubleshooting user guide.

Next Step

Install Windows Server Monitoring Agent

Add or manage a Monitoring Agent Configuration
Monitoring
Administration