Syed Jahanzaib Personal Blog to Share Knowledge !

July 31, 2012

Howto Add SNMP Service Remotely on Windows 7/xp


I am using Mikrotik’s the DUDE monitoring tool since many years to monitor my Company’s Server’s and devices health, Recently I decided to add users subnet also on the server’s sub map to view online/offline users, there CPU / Memory/ HDD usage, personnel printers health and tons of other info.

As we all knows that for this purpose SNMP service is required on the target Windows OS. The problem was that there were over 120 nodes and I didn’t wanted to visit them each physically or didn’t wanted to take there remote to install SNMP due to some permission issues. After some googling I found one way to install SNMP service right from my admin pc by doing some fine tuning and tweaks of various commands using pstools. It’s not neat and clean , also it requires some manual work to do, but it does the job. Once you get used to it, you will find it relatively easy to deploy snmp using various method, Either its dos base batch file (that I personally use) , OR its VBS file, or running it via GPO or any other method. ! Every method works for sure.

[Remember in this example , I am using this technique in Active directory domain environment, and using domain administrator account to login to my admin pc windows, ]

First download pstools utility from following location

http://download.sysinternals.com/files/PSTools.zip

Extract it any any folder, e.g
c:\pstools

Now open command prompt , and navigate to pstools directory , e.g
cd \pstools

Adding SNMP Service remotely on Windows 7 

Use the below command to initiate snmp service installation on remote windows 7 client pc.

PsExec.exe \\syedjz -s -i -d ocsetup.exe SNMP

After 2-3 minutes (depending on the remote PC hardware speed), snmp service will be installed with the default public string, and will be available to serve any snmp request, example via dude. You can verify it by login to that PC and open services console and look for SNMP Service. Now the important point is that SNMP service is installed without any community string by default & without defining any string and define allow monitoring hosts section, you will not be able to do any query via snmp.
You can use the following batch file to create public string on the client pc , right from your desktop.

First create a batch file name change_snmp_String.bat , open notepad , and paste the following text.

@echo off
 cls
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters" /v EnableAuthenticationTraps /t REG_DWORD /d 0 /f
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" /v 1 /t REG_SZ /d 10.1.1.1 /f
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\PermittedManagers" /v 2 /t REG_SZ /d 10.1.1.2 /f
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMP\Parameters\ValidCommunities" /v public /t REG_DWORD /d 4 /f
 cls

You can change the PUBLIC string to one of your own choice, as public is very common, Also you need to change the IP defined in above batch file script to match your pc from where you want to monitor the clients or where DUDE is installed. I have two monitoring servers , DUDE+LINUX, therefore I added two IP’s

Now save this file with the name of change_snmp_String.bat (Make sure file name ends with .bat, as notepad adds .txt extension, you have to remove it by selecting ALL FILES in file type, or rename it afterward, grrrrrrr)

Save this file in any shared folder of your system, a folder that every one can access easily , preferably file server location.

Now from command prompt and within pstools directory, use the below command to initiate above batch file so that it can change the snmp string from blank to public and allow our monitoring server IP’s to query the snmp service.

PsExec.exe \\syedjz -s -i -d \\fileserver\softwares\TOOLS_RELATED\snmp\change_snmp_String.bat

OR if you get access denied message, then try passing the admin credentials along with the command

PsExec.exe \\syedjz -u mydomain\administrator -p ponka cmd "/c \\fileserver\softwares\TOOLS_RELATED\snmp\change_snmp_String.bat"

All Done, Now lo-gin to that client PC , and check snmp service / security tab and verify that new public string have been added. The benefit of using PUBLIC string is that dude by default use public string, and if you use this string, then dude will auto fetch the snmp data and will show the cpu/mem/hdd on devices.

To install SNMP on local Windows 7 PC using CLI, use the below command

start /w ocsetup.exe SNMP

Adding SNMP Service remotely on Windows XP/2003

Adding snmp service on Remote Windows XP is a bit tricky and require some manual work to do, Once you manage to get it working, you can then wrap all command in one single file and use this file to install SNMP service via single file by monitoring target pc name only.  Ok Let’s Start . . .

Create new file name snmp.inf with the following contents
(This file will be used for ocsetup to instruct that it should install snmp service)

[Components]
NetOC=ON

[NetOptionalComponents]
SNMP=1

Copy this snmp.inf to any shared folder, preferably any file sharing server.

Now Copy windows CD contents to any shared folder on your file sharing server or local PC. Copy the whole CD, which will be required at the time of snmp service installation.
e.g:


Now create a registry file name winpath.reg with the following contents [This file will be used on remote xp to update the windows xp registry for XP setup source files , which will be required at the time of snmp service installation.]
Make sure you change the path defined in the below script to match your local location.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
"SourcePath"="\\\\file-server\\zaib-XP-LIC-SP2"
"ServicePackSourcePath"="\\\\file-server\\zaib-XP-LIC-SP2"

Now copy this winpath.reg file to the target Client Windows XP in root , e.g  C:\

Now execute the following command Which will add the windows source path to the client windows XP registry
(You must have pstools in c:\pstools folder, as explained in windows 7 section above)

PsExec.exe \\syedjz cmd "/c reg import C:\winpath.reg"

Now that the client XP now knows about the windows XP setup CD, its time to hit the road, (remote execution of snmp service installation on remote windows XP). Use the below command to execute the setup.

PsExec.exe \\syedjz -s -i -d sysocmgr /i:%windir%\inf\sysoc.inf /u:\\files-server\softwares\TOOLS_RELATED\snmp\snmp.inf /x /q

After 2-3 minutes (depending on the remote PC hardware speed), snmp service will be installed with the default public string, and will be available to serve any snmp request, usually I used DUDE 🙂

Remember, I only explained the raw method of doing snmp installation on remote pc’s. There are many other fine tuned method to perform this action. You can adopt whatever you like. Following are 2 batch files that do job via batch file, so you don’t’ have to type he whole commands, just type the batch file and the target PC name,

For Windows 7 , We will use two batch file.
1- win7_snmp_install.bat
2- win7_snmp_string.bat
One that will install SNMP Service on remote win 7,

PsExec.exe \\%1 -s -i -d ocsetup.exe SNMP

Second that will change the SNMP String

PsExec.exe \\%1 -s -i -d \\file-server\softwares\TOOLS_RELATED\snmp\change_snmp_String.bat

You can use this file by defining client pc name with the file
e.g: win7_snmp_install.bat clientpcname

For Windows XP, Single Batch file will be enough
1- winXP_snmp_install.bat

@echo off
cls
copy /Y "C:\snmp\winpath.reg" "\\%1\c$"
echo.
echo.
PsExec.exe \\%1 cmd "/c reg import C:\winpath.reg"
echo.
echo.
PsExec.exe \\%1 -s -i -d sysocmgr /i:%windir%\inf\sysoc.inf /u:\\file-server\softwares\TOOLS_RELATED\snmp\snmp.inf /x /q
echo.
echo.
echo All Done, Hopefully. Script by Syed Jahanzaib

You can use this file by defining client pc name with the file
e.g: winxp_snmp_install.bat  clientpcname

 

Regard’s

Syed Jahanzaib

Advertisements

July 25, 2012

Using snmptools to monitor Disk Read / Write Time [Win2008 64/32 bit]

Filed under: General IT Related, Linux Related, Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:35 AM

ITS OBSOLETE NOW I GUESS , MAY NOT WORK ANYMORE ————–

Disk Read Time in %

In the past, I was using erwans snmptool on windows 2003 base server’s to graph mrtg of any instance of remote pc including Windows Performance Monitor Counters, snmptools give the power to query any performance counter and taking that value, you can create nice graphs on mrtg or other monitoring system like Mikrotik base the DUDE
e.g: https://aacable.wordpress.com/2012/07/02/the-dude-show-us-your-map-series/
, but unfortunately it didn’t worked out for me on Windows 2008 64 bit base servers. When I try to query the 1.3.6.1.4.1.15.1 oid tree, I get no results, even after installing snmptools, I found at that I have to manually add the counters myself in the counters.ini file.

I did accomplish this task by using following method. Make sure you install SNMP service & configure it before continuing.

Automatic Installer is available at

http://erwan.labalec.fr/snmptools/snmptools64.exe

The Manual method is as below . . .

Download Erwan SNMPTOOLS from

http://erwan.labalec.fr/snmptools/snmptools2.zip

Unzip it to any folder. Copy snmptools.dll to c:\windows\ folder.
Now run regagentWow6432.reg
Restart SNMP Service.

Now query this box using snmpwalk or any other snmp browser. I usually use Linux [ubuntu] base OS for general purposes.

snmpwalk  -v2c  -c  public  10.0.0.1  1.3.6.1.4.1.15

You may see following result.

SNMPv2-SMI::enterprises.15 = STRING: “snmptools by erwan.l@free.fr”

Now open c:\counters.ini (If it doesn’t exists, create one) , Remove all lines and add following lines.

;this file is optional
;you can define here the hardcoded oid for specific ms counters

[1.3.6.1.4.1.15.1]
counter=PhysicalDisk\% Disk Read Time\_Total

[1.3.6.1.4.1.15.2]
counter=PhysicalDisk\% Disk Write Time\_Total

[1.3.6.1.4.1.15.3]
counter=PhysicalDisk\Avg. Disk Queue Length\_Total
[1.3.6.1.4.1.15.4]
counter=PhysicalDisk\Avg. Disk Queue Length C:
[1.3.6.1.4.1.15.5]
counter=PhysicalDisk\Avg. Disk Queue Length\1 D:

Save & Exit.
Now use the following Query

For Disk Read in %
snmpwalk -v2c -c agp 10.0.0.1  1.3.6.1.4.1.15.1

For Disk Write Time in %
snmpwalk -v2c -c agp 10.0.0.1  1.3.6.1.4.1.15.2

and likewise.

To show Disk Read/Write time in the DUDE device appearance , use the following code:

Disk Read / Write Time C: & D: [string_substring(oid(“1.3.6.1.4.1.15.1”),0,3)] / [string_substring(oid(“1.3.6.1.4.1.15.2”),0,3)]

You can use same principal and hard code any OID you like, for example other performance counters.
On Windows 32 bit, simply installing http://erwan.labalec.fr/snmptools/snmptools32.exe will give you whole list under 1.3.6.1.4.1.15 oid tree.

July 16, 2012

Mikrotik Ver 5.18 Pre.Cracked With KEY

Filed under: Mikrotik Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 11:59 AM

Crack Link for Mikrotik  5.18  Have Been Removed on Community Request !

16th July, 2012 | Jz

One important note:

I personally condemn usage of illegal/cracked version of  MIKROTIK or any licensed software. I highly recommend that if you are using it just for learning purpose then its ok, otherwise if you are using it in commercial environment, then Please, Please, Please BUY it from the Mikrotik/Author WebSite. There are some grey area arguments you can make when using unlicensed software as an hobbyist individual or poor college student, but if you’re a commercial entity making money from said software, then you have little ground to stand on.

While I don’t have any problem when some very low sized network or individuals use unlicensed software when they can’t afford them But I’m personally not comfortable stealing software and it was one of my reasons to eventually move on to Licensed Versions. I’d rather not use a program at all or get by with a more restricted free version than pirate it. I would consider making an exception for tools that are outrageously expensive for an individual, like most of Microsoft’s  products, but only with the understanding that if a person makes money using those tools, they should eventually pay for them instead of riding the free piracy train.

Regard’s

Syed Jahanzaib

July 4, 2012

Howto power ON ESXi Guest machine using CLI & howto link it to the DUDE :)

Filed under: Mikrotik Related, VMware Related — Syed Jahanzaib / Pinochio~:) @ 10:08 AM

I recently developed a Centralized Network Monitoring System using Mikrotik’s base THE DUDE . It is an amazing free application through which you can completely monitor your network environment and can perform various task also using single screen via web or console. I added various advance monitoring probes , You can find its demo screenshot at following link.

https://aacable.wordpress.com/2012/07/02/the-dude-show-us-your-map-series/

I decided to upgrade it from simple networking monitoring system to monitoring+management system I was already using its tool menu through which I was able to do RDP to any target windows pc, or Shutdown / Power ON any PC on the map or run any custom script to restart service on specific server, but the problem was that guest machines on VMWARE ESXI 4.0 were not responding to WOL packets (Magic Packets to power ON machine over the network), I searched over the internet but couldn’t found any solution to this, so I made my own scripts to fulfill the task.

First you need to enable SSH on your vmware ESXi box, You can enables ssh by using following guide

https://aacable.wordpress.com/2012/07/04/howto-enable-ssh-in-vmware-esxi-4-0/

Once SSH is enabled, test it by using any ssh client , for example PUTTY.

After successful logged in to ESXi host using putty, we have to find the guest machine VM ID which we want to power on, use the following command to list all machines

vim-cmd vmsvc/getallvms

You will get result something like below, Look for the VMID of the machine you want to get,

Vmid       Name                                              File

112            vmserver1 – WSUS                     WSUS/WSUS.vmx
16              vmserver2 – Symantec             symantec/symantec.vmx
96             vmserver3 – SAMETIME         vmserver3/vmserver3.vmx

For example you want to power ON the vmware1 – WSUS machine having vmid 112 , use the below command

vim-cmd vmsvc/powen.on  112

Now we can use above command and wrap it in any script or batch file or link it with the DUDE tool menu

For example if you want to execute above command using PLINK (Which is used to execute command on remote ssh server using ssh tunnel) in any batch file, use the below command

\\dudepc\share\plink.exe -ssh -l root -pw zaibpass 10.0.0.1 “vim-cmd vmsvc/power.on 112”

If you want to link it to dude Tool menu, Follow below steps
Open DUDE console, from left menu, Goto TOOLS , Click on + sign to add Tool

Type: Executable
Name: Power ON ESXi Guess OS
Command:
\\dudepc\bin\plink.exe -ssh -l root -pw zaibpass 10.0.0.1 “vim-cmd vmsvc/power.on 112”

Click on OK to save , Now open your map, right click on your desired target (vm guest) and goto tools menu, and your new tool will be appearing there, click on it and the script will execute. Its recommended to test the command before putting it on any batch file or script.

Regard’s
Syed Jahanzaib

Howto Enable SSH in VMWARE ESXi 4.0

Filed under: VMware Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:16 AM

Today I was in need to execute some scripts on ESXi 4.0 server via remote to power ON the VM guest machine , but there is no menu to enable ssh  in ver 4.0, so I followed below steps to enable ssh on esxi 4.0
Free version of ESXi do have ssh service available but its disabled by default.

Goto your ESXI server, At the console , press ALT-F1 ,

Type unsupported in the console and then press Enter. The text typed will not be show over the screen, so be careful while typing ,  If you typed in unsupported correctly, you will see the password prompt.
Now Enter the password for the root login.

# You should then see the prompt of ~ #
Now we need to Edit the file inetd.conf in order to enable ssh service, Open it in vi editor

vi /etc/inetd.conf

Find the lines that begins with #ssh and remove the #
Then save the file.
by pressing ESC and type in :wq  ,

Once you’ve closed the vi editor, you can either restart the esxi server
OR
Restart the inetd process only by following steps.

To restart inetd run , we first need to find the pid of inetd process by following command

ps | grep inetd

The output of the above ps command will be something like

4886     4886     busybox          inetd

the process ID in this example is 4886. Now run

kill -HUP 4866 

Now try to login to your ESXI 4.0 via putty or any other ssh client, Hopefully It will work fine 🙂

Good thing about new ESXI 4.1 version is that it supported enabling SSH via main console, no need to go back to black screen, i mean cli.

http://www.ceyhunkirmizitas.net/vmware/tech-support-mode-has-been-disabled-by-the-administrator-on-esxi-4-1/
http ://www.youtube.com/watch?v=x1X29hOviBs

Regard’s
Syed Jahanzaib

July 2, 2012

The Dude | Show Us Your Map Series ;) !!!

Filed under: Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 11:42 AM

CNMS – Centralized Network Monitoring & Management System !!! – JZ

Some customized probes used in this map:

  • Voice / Speak Alert on various target / devices down/up events
  • NOC Room temperature (It alerts when temperature goes above 25)
  • Vmware ESXi 4.0 Guest VM Power ON/Shutdown from Dude using Tool Menu with customized scripts*
  • UPS Load / Voltages / UPS Internal Temperature
  • IBM Lotus Number of Mail Waiting / DB Connected Users / Availability Index
  • HP Printers Toner Remaining in %
  • No. of Connected Users on each A.P
  • Disk Free/Total Statics, Alerts when Specified partition goes above 90%
  • Disk Read/Write Monitoring / Alert
  • High Memory Monitoring Alert
  • Windows Service Monitor on SAP Servers
  • Cisco ASA / Switches CPU Load/ Up-time / Temperature
  • Cisco Access Point Active Connected Users
  • Wireless Link Usage Monitoring
  • Internet / LAN Link Monitor, If the link is in full utilization i.e 4mb, the link color changes to Orange, indicating Load on the link. very useful to monitor load.

Mikrotik’s “The DUDE” LIVE Monitoring System , It shows Live View of all devices and server’s on screen, Auto Refreshes at defined intervals,

GREEN
icon shows target is Active & Healthy,
ORANGE shows one or more probes failed to poll query any specific counter/oid,
RED means the target device is not reachable via network or powered off.

With some my of my Customized Advance Monitoring Probes Like UPS Temperature, KESC Voltages IN , NOC Room Temperature, HDD Monitor, I have also made some Custom Alerts, For Example if NOC Room Temperature Goes above 25 Degree, It will show Visual Alert, Email or SMS. or if D: drive space on mail server goes above 80% it will alert me, If a targeted service on specific server stop, it visually alerts. Voice Speak Alert for various counters.

Very good and advance Monitoring System, It can Shutdown and POWER ON any system on MAP using tools and custom scripts, Also I have added some customize tools/scripts to run on target device using custom command , added in tool menu.

We call it CNMS, Centralized Network Monitoring System
Thanks to DUDE 😉

Dude Guide , Probes/Scripts info for above map . . .
https://aacable.wordpress.com/tag/aacable-mikrotik-dude/

Regard’s

Syed Jahanzaib

%d bloggers like this: