Skip to main content

Centreon version:

v. 24.04.10

command:

/usr/lib/centreon/plugins/centreon_windows_snmp.pl --plugin=os::windows::snmp::plugin --mode=service --hostname=x.x.x.x --snmp-version='2c' --snmp-community='xxxxx-xxxxx'  --filter-name='.*xxxxx.*' --critical-active='1:'  --verbose

 

hello there!

This morning, the OiDs for part of one of our Windows Servers disappeared. There's nothing in the server logs or the Centreon logs. I have uninstalled and reinstalled SNMP on the Windows Server, but nothing has changed. On the other servers, the service checks work perfectly with the same template/command and all the other SNMP checks are working normally (cpu, memory, disk, etc.).

 

Does anyone know how to resolve this issue?

 

Best Regards,

System and Network Administrator

ATIE

 

snmpwalk -v 2c -c xxxxx-xxxxx x.x.x.x  1.3.6.1.4.1.77.1.2.3

iso.3.6.1.4.1.77.1.2.3.1.1.5.80.111.119.101.114 = STRING: "Power"
iso.3.6.1.4.1.77.1.2.3.1.1.6.83.101.114.118.101.114 = STRING: "Server"
iso.3.6.1.4.1.77.1.2.3.1.1.6.84.104.101.109.101.115 = STRING: "Themes"
iso.3.6.1.4.1.77.1.2.3.1.1.7.77.121.83.81.76.53.55 = STRING: "MySQL57"
iso.3.6.1.4.1.77.1.2.3.1.1.7.83.121.115.77.97.105.110 = STRING: "SysMain"
iso.3.6.1.4.1.77.1.2.3.1.1.8.78.101.116.108.111.103.111.110 = STRING: "Netlogon"
iso.3.6.1.4.1.77.1.2.3.1.1.8.83.121.115.109.111.110.54.52 = STRING: "Sysmon64"
iso.3.6.1.4.1.77.1.2.3.1.1.9.73.80.32.72.101.108.112.101.114 = STRING: "IP Helper"
iso.3.6.1.4.1.77.1.2.3.1.1.9.83.78.77.80.32.84.114.97.112 = STRING: "SNMP Trap"
iso.3.6.1.4.1.77.1.2.3.1.1.10.68.78.83.32.67.108.105.101.110.116 = STRING: "DNS Client"
iso.3.6.1.4.1.77.1.2.3.1.1.10.84.101.97.109.86.105.101.119.101.114 = STRING: "TeamViewer"
iso.3.6.1.4.1.77.1.2.3.1.1.11.68.72.67.80.32.67.108.105.101.110.116 = STRING: "DHCP Client"
iso.3.6.1.4.1.77.1.2.3.1.1.11.84.105.109.101.32.66.114.111.107.101.114 = STRING: "Time Broker"
iso.3.6.1.4.1.77.1.2.3.1.1.11.87.111.114.107.115.116.97.116.105.111.110 = STRING: "Workstation"
iso.3.6.1.4.1.77.1.2.3.1.1.12.83.78.77.80.32.83.101.114.118.105.99.101 = STRING: "SNMP Service"
iso.3.6.1.4.1.77.1.2.3.1.1.12.85.115.101.114.32.77.97.110.97.103.101.114 = STRING: "User Manager"
iso.3.6.1.4.1.77.1.2.3.1.1.12.87.105.110.100.111.119.115.32.84.105.109.101 = STRING: "Windows Time"
iso.3.6.1.4.1.77.1.2.3.1.1.13.67.111.114.101.77.101.115.115.97.103.105.110.103 = STRING: "CoreMessaging"
iso.3.6.1.4.1.77.1.2.3.1.1.13.80.108.117.103.32.97.110.100.32.80.108.97.121 = STRING: "Plug and Play"
iso.3.6.1.4.1.77.1.2.3.1.1.13.80.114.105.110.116.32.83.112.111.111.108.101.114 = STRING: "Print Spooler"
iso.3.6.1.4.1.77.1.2.3.1.1.14.78.105.110.106.97.82.77.77.32.65.103.101.110.116 = STRING: "NinjaRMM Agent"
iso.3.6.1.4.1.77.1.2.3.1.1.14.83.101.110.116.105.110.101.108.32.65.103.101.110.116 = STRING: "Sentinel Agent"
iso.3.6.1.4.1.77.1.2.3.1.1.14.84.97.115.107.32.83.99.104.101.100.117.108.101.114 = STRING: "Task Scheduler"
iso.3.6.1.4.1.77.1.2.3.1.1.15.83.116.111.114.97.103.101.32.83.101.114.118.105.99.101 = STRING: "Storage Service"
iso.3.6.1.4.1.77.1.2.3.1.1.17.67.78.71.32.75.101.121.32.73.115.111.108.97.116.105.111.110 = STRING: "CNG Key Isolation"
iso.3.6.1.4.1.77.1.2.3.1.1.17.67.79.77.43.32.69.118.101.110.116.32.83.121.115.116.101.109 = STRING: "COM+ Event System"
iso.3.6.1.4.1.77.1.2.3.1.1.17.87.105.110.100.111.119.115.32.69.118.101.110.116.32.76.111.103 = STRING: "Windows Event Log"
iso.3.6.1.4.1.77.1.2.3.1.1.18.73.80.115.101.99.32.80.111.108.105.99.121.32.65.103.101.110.116 = STRING: "IPsec Policy Agent"
iso.3.6.1.4.1.77.1.2.3.1.1.19.71.114.111.117.112.32.80.111.108.105.99.121.32.67.108.105.101.110.116 = STRING: "Group Policy Client"
iso.3.6.1.4.1.77.1.2.3.1.1.19.82.80.67.32.69.110.100.112.111.105.110.116.32.77.97.112.112.101.114 = STRING: "RPC Endpoint Mapper"
iso.3.6.1.4.1.77.1.2.3.1.1.19.87.101.98.32.65.99.99.111.117.110.116.32.77.97.110.97.103.101.114 = STRING: "Web Account Manager"
iso.3.6.1.4.1.77.1.2.3.1.1.20.68.97.116.97.32.83.104.97.114.105.110.103.32.83.101.114.118.105.99.101 = STRING: "Data Sharing Service"
iso.3.6.1.4.1.77.1.2.3.1.1.20.78.101.116.119.111.114.107.32.76.105.115.116.32.83.101.114.118.105.99.101 = STRING: "Network List Service"
iso.3.6.1.4.1.77.1.2.3.1.1.20.83.121.115.116.101.109.32.69.118.101.110.116.115.32.66.114.111.107.101.114 = STRING: "System Events Broker"
iso.3.6.1.4.1.77.1.2.3.1.1.20.85.115.101.114.32.80.114.111.102.105.108.101.32.83.101.114.118.105.99.101 = STRING: "User Profile Service"
iso.3.6.1.4.1.77.1.2.3.1.1.21.65.67.83.84.82.77.73.71.82.69.66.68.68.32.54.52.32.98.105.116.115 = STRING: "ACSTRMIGREBDD 64 bits"
End of MIB

hello

I made a few post about this here, to recap basically : Windows SNMP does not work correctly for services.

the service table is only populated with running services, if a service is not running the entry will disappear from that table

and also : the table is not populated in realtime

this is a windows issue, microsoft deprecated and stopped developping snmp with windows 2012.

 

the behaviour of the snmp table missing the oid is seen on windows 2019, 2022 and 2025, i didn’t try on windows 2016 but it’s easy to test,

do a snmpwalk like you did with ‘ |grep -i time’ you should have 1 or more line, at least 1 for windows time, we can start and stop that service without impact on servers, so I use it to play around:

  • stop the “windows time” service on the host
  • redo the snmpwalk, 2 cases can happen :
    • the service is not present, working as intended, you will get your alarm
    • the service is still present in the list, this is not normal, so you can’t check the service correctly
  • restart the snmp service
  • redo the snmpwalk, the service should be missing as intended
  • start the time service
  • redo the snmpwalk, 2 cases
    • service is present in the output, working as intended
    • service is not present, this is not normal

from my various tests, with or without restarting the snmp service, I never get consistent results, and I have switched to nsclient a few years ago because of that (and all the limitation snmp has to do custom check/command)

 

(I also don’t like that snmp service check as it cannot do the basic server manager check “are all automatic services running?” because snmp in windows has no awareness of the startup type of a service, only if it is running or not, not if it *should* be running because it is in automatic startup)

 

please try using a check process (if it is not a generic ‘svchost.exe’) if you want to monitor a specific service, like a specific sofware (backup agent, antivirus, database, etc...)

if you want the global status (all automatic service should be running, otherwise there is an error), you will need to use an agent like wmi (wsman) or nsclient.

Reply


Terms & ConditionsCookie settings