Aastra IP Phone: Web Recovery: Firmware Download Failed

If you find your Aastra IP phone in Web Recovery Mode and you need to get firmware from your PBX you may have issues configuring the TFTP server using Chrome.

The trick is to use Firefox and NOT press the "Download Firmware" button at the bottom but use Enter on the keyboard instead.

Magic!

Powershell: Format-table -Autosize, must remember

I am typing this one out so I remember the -Autosize switch when using Powershell.  Dealing with data in Powershell is practically hopeless without it.  Example:

Sorry the AD tree is so large it can't show the users name, but the black space after the name feild is just offending.

How to fix this?

Powershell is an object based language, and most objects are going to have a lot of data, so when that data gets pushed to a terminal sometimes things don't look so pretty, and in the example above, completely worthless.  Thankfully the Powershell dev's had the same opinion and made the Format-Table command-let in order to help with displaying data on the console.  In this example, just add the Format-Table -Autosize switch to auto width the columns to show the entire string.  For short use ft for Format-Table, and pipe your commandlet to it:

| ft -Autosize

Usable data!

Windows 7/8/8.1: Shared Folders Showing as Disconnected, Why?

One day I noticed my network shares showing as disconnected and I chalked it up to quirks in the version of Windows 8.1 I am using.  I can browse the network shares just fine, so nothing was broken, but after awhile it started to bother me.  After searching around I found there can be many causes, some dating back it issues with Windows NT.  It wasn't until I tried the net use command that I realized something was wrong with my system:

This was actually the smoking gun that helped me realize the issue WAS client side and gave me a few places to look.  In this particular case it was the network provider order.  Under Control Panel\Network and Internet\Network Connections press ALT and go to advanced then advanced settings, then Provider Order tab.  Here an NFS client driver was taken precedence over the windows network:

I simply moved NFS down to below Microsoft Windows Network and the network shares instantly no longer showed as disconnected, no need to reboot.

Ghostery: Plugin for Chrome to see who is tracking you.

Ghostery for Chrome provides a way for you to see who and what is tracking you during your web browsing.  I installed this as a curiosity and found the results interesting.

I thought that I would see e-commerce sites do some heavy tracking, see what what products I look at and what I buy so they can build metrics and offer better items to help close the sale.

I do a LOT of reading on tech news sites and their tracking is pretty heavy as far as analytics and advertisement, fair enough, they have large costs for content writers and hosting.

How about blogs?  Some blog writers don't monetized, some do monetize a little, some writers make a career out of blogging, and some only use the platforms default page view tracking.  I looked at a bunch of the IT blogs I follow and mostly found the trackers to be less than 5.

However, I was rather surprised about the amount of tracking that is being done on some forums that I frequent, as much as 20 instances on some sites.  I suppose forums would have a niche group of readers so it is more difficult to advertise to them to help recoup costs.

iDRAC7 Express Remote Access with the Dedicated Nic, Not Possible

With the series of iDRAC7 (Dell remote access cards), the card + nic is built into the motherboard of PowerEdge generation 12 systems.  Instead of having different cards, they have multiple license options, the basic being the iDRAC Express license, with the ‘top’ tier being the Enterprise license.  The Express does NOT allow you to use the iDRAC dedicated nic for remote access:

"NIC Selection: Dedicated: A required license is missing or expired."

You have to use/”share” a motherboard LAN nic (LOM its called) for remote access.  This isn't terrible, but it can cause issues if you plan to team nics, or you may have your nics already allocated out and don't want to share iDRAC traffic with your normal traffic for performance or security reasons.  The Enterprise license allows you to use the iDRAC dedicated port.  Just like iDRAC6, Enterprise also allows access to the virtual terminal/screen, that reason alone may be worth the cost of Enterprise.  To get a 30 day trial of iDRAC7 Enterprise visit this page at the Dell website.
Source:

• [PDF] http://en.community.dell.com/cfs-file/__key/communityserver-components-postattachments/00-20-06-78-92/iDRAC7_5F00_Licensing_5F00_White_5F00_Paper_5F00_incl_5F00_ValueLine.pdf

Mouse without Borders - Microsoft Garage

Computer A is my primary computer and computer B I use for testing applications, group policies, etc.  I always thought I would have to spend money if I wanted to share the mouse and keyboard between the two machines ala KVM switch or application.  Recently I have been using Mouse without Borders by Microsoft Garage.  It uses the LAN to share a mouse and keyboard.

Download the MSI and run, Accept the license agreement and Install the app.  If its your first time running it will ask you if you have installed the app on your second machine.  I did not have it installed so it gave me a security key to use.  After installing on the second machine and punching the security key in, a settings panel will pop up that will allow some customization:

You can drag and drop the monitor images to match your physical monitor locations.

Along with sharing the mouse and keyboard you can "drag and drop" files from one computer to the next, similarly to how you can drag and drop files in explorer.  It uses a network file transfer in the background to do this, pretty clever.

Powershell: Script to purge old files from a folder

So I need to backup the SQL DB of a mission critical app.  The app sits on a virtual machine and backups need to get written to a NAS device.  But if there is a network or NAS issue then the backups won't get written, so no current backups.  What I do in this scenario is write the backups locally first, to c:\DB_backups, then script a task to sync the backup directory to the NAS.  If I have daily backups then the NAS will store all of the daily rolling backups, but that will eat up space on the C drive, which is bad.  So I need to purge the DB_backups folder, there are a few ways to do this and the easiest I found is to use powershell:

 Get-ChildItem 'C:\DB_Backup' -Recurse | Where {$_.creationtime -lt (Get-Date).AddDays(-10)} | Remove-Item  

This is pretty clever on powershell's part, lets step through what it does.

Get-ChildItem 'C:\DB_Backup' -Recurse

What this does is list all of the items in this folder as objects, and I am recursing through all of the folders in this folder, but that is not necessarily needed for this job.

Where {$_.creationtime -lt (Get-Date).AddDays(-10)}

The objects in this folder is then piped to this line.  Where is an alias for Where-Object.  We are using where because we only want to select files with specific attributes from this directory.  These attributes are defined by the $_.creationtime.  The creation time is then compared to today's date (Get-Date) using -lt (less than).  But we only want the files older than 10 days ago, so we subtract 10 from Get-Date, using the AddDays modifier.  So now we are listing all of the files older than 10 days, pretty neat, now to delete them.

Remove-Item

The cmd way of doing things is using del, which is actually an alias for -Remove-Item, neat.  This will remove the 10 day old objects we piped to it in the previous line.

Save it all as a .ps1 file and schedule the job in task scheduler to run daily to keep your C drive to size.

Hyper-V Server: Enable firewall rule to allow Hyper-V Replica over HTTP or HTTPS

The server is Hyper-V Server 2012 r2 Core and we need to enable the inbound replica traffic on the firewall.  There is no firewall GUI in server core but there is predefined rules for Hyper-V Replica which we need to enable via powershell.  There are several ways for remote access to server core, this way will use RDP because of my wonderful RDP organization with mRemoteNG.  Log on to your Hyper-V Server, move the sconfig window to the side and use the command prompt to open a powershell session.

Powershell can be ran from any directory.  Once in powershell list the default firewall rules by using the Get-NetFirewallRule command-let:

 Get-NetFirewallRule | format-table name, displaygroup, action, direction, enabled -autosize  

The table is pretty long and you may have to widen your console window to show all of the rows, but you will be looking for something like this:

Hyper-V Replica HTTP and Hyper-V Replica HTTPS are the two rules, I went with HTTP in my Hyper-V settings so I will enable that rule by using the Enable-NetFirewallRule command-let:

 Enable-NetFirewallRule -DisplayGroup "Hyper-V Replica HTTP"  

And now we have flowing replica traffic:

Windows Protip: LockHunter to unlock or delete locked files

Once of my favorite tools is Unlocker, its used to show you which processes are locking files and allows you to unlock them, but I decided to look for a replacement because Chrome and MalwareBytes labels it as malicious.  After a quick search around I found LockHunter.  This freeware tool has some of the regular features: unlock, delete, copy locked file but also does some neat stuff:

Adds link to unlock in the context menu:

And if it cannot delete a locked file, it will automatically delete after the next system reboot!

So I copied the locked file to a new directory and set the locked original to delete on the next reboot (whenever that may be!)

Build Log: Shapeoko 2 inspired CNC Router - Part 1 Testing Electronics

I started working on a CNC Router project inspired by the Shapeoko 2.  Why inspired?  As an electronics hobbyist I have amassed a decent amount of electronics and hardware of which I am going to be using as much as I can in order to cut costs over buying the complete Shapeoko kit.  Why Shapeoko?  After some research I feel that the Shapeoko Wiki is an incredibly thorough guide for building a low cost desktop CNC router.  The wiki includes guides for electronics, hardware, and software, which coming from a single source means that everything will play nice together.  My goal is to keep the total cost below the Shapeoko 2 Full Kit AND provide a larger cutting area by scaling the X-Y axis linear motion from 500mm (19.6 inches) to 610mm (24 inches).  I am hoping for a cutting area of 18 x 18 inches.

Electronics
I wanted to get the electronics hammered out first for a couple reasons:

1. Large portion of the cost is the controller boards, stepper motors and power supply.  Getting large costs out of the way is nice for projects.
2. If electronics do not work, and the project is a failure, I am not stuck with custom cut hardware to build a CNC, which could be resold at a loss, it would be easier to flip stepper motors and reuse the Arduino for a different project.

Following the Shapeoko recommendations I purchased a Arduino Uno ($25) and a Synthetos gShield v5 ($49.99).  The Arduino is a micro-controller that takes G-Code (more on that later) and converts it to the individual movements that the motors need to make.  The gShield is a stepper motors driver which processes the movements and applies the proper voltages to the stepper motors so they can move.

Stepper Motors: I needed something that will mill wood, acrylic, and any type of plastic sheet.  After some research I decided on Nema 23, because even the smallest Nema 23 motors are 2-3 times stronger than Nema 17 motors.  This will be enough strength to mill hardwoods and in the future possibly aluminum.  The Shapeoko 2 uses something called Dual Drive Y which means the Y axis has two stepper motors, one for each side of the gantry.  The X axis uses a single stepper motor, and the Z axis uses a motor for moving the milling rotary tool up and down.  I already have a smaller stepper motor I am going to use for the Z axis.

Power Supply: Shapeoko recommends a 90-120 Watt 24V power supply.  I have a much smaller 24v power supply I am going to be using for testing the electronics, it should push the small Z motor fine.

Software

Disclaimer: I am using a PC, follow the links for instructions on the platform you are using.  Once I had my electronics purchased it was time to test the steppers motors out.  First you will need to install the Arduino development suite which includes the USB driver so you can flash/program your Arduino.  Download and install the Arduino IDE 1.0.5 and make sure USB driver is selected during the install.  Plug your Arduino into your computer using a USB Type A to B cable and it should show up under Device Manager:

Note that my Arduino is connected to COM3, you will need to know your port.  Next download and extract XLoader.  This tool allows you to flash the Arduino with the GRBL interpreter.  GRBL is what takes the g-code and turns it into "steps" that control the stepper motors.  Retrieve the GRBL hex file from the github.  Scroll down to Downloads and right click save-as to save the .hex file.  Open up Xloader, select the com port your arduino is hooked up to, select 115200 baud rate, browse to the GRBL .hex file you downloaded and click upload to flash the Arduino:

The TX and RX LED's on the Arduino will blink.  Once completed Xloader will say how many bytes have been written to the Arduino.  We will now finish preparing the electronics for testing:

Unplug the Arduino's USB and connect the gShield (you can flash the Arduino with the gShield installed), then connect a stepper motor to one of the axis'.  I read to always connect the stepper motors with the gShield and Arduino unplugged in order to potentially prevent any hot wires from touching anything.  Next connect the USB back into the Arduino and connect the 24v power supply to the gShield.  Red (positive) hooks to the Vmot side and black (negative) connects to the GND side.  An LED will turn on:

The power supply alligator clips are actually farther apart that what the picture implies.

I did not have instructions for wiring this motor, I just paired the wires together and connected them to the axis keeping the wires in order, at this point I am not worried about polarity.

We can now send g-code commands to it using Universal G-Code Sender (UGS).  Download the latest version and extract (I have a CNC folder on the desktop to keep all of these tools in).  Browse to the UGS folder and edit the start-windows.bat, changing the 'x' in the jar file name to the version you downloaded, in my case 64 bit:

 java -jar -Xmx256m UniversalGcodeSender-all64.jar  

Save and close.  Open Command Prompt, browse to the UGS folder, and run start-windows.bat:

The jar will launch and open up the UGS gui.  If your Arduino is plugged in it should show up under the correct COM port, leave the baud rate at 9600 and click Open.  UGS is now connected to your Arduino:

Whichever axis you plug your stepper motor(s) into, Z in my case, you can send movement command(s) by using the controls under the Manual Control tab.  Do not send commands to an axis that does not have a motor connected to it, you can overload your gShield.

Your stepper motor should be rotating and your electronics testing is completed.  Next up I will be shopping out the Nema 23 motors, power supply and parts to build the Y and X axis.

Nagios: SNMP checks for a Synology Diskstation

Because Synology uses embedded linux it is difficult to get the nagios-plugins package installed to do nrpe monitoring.  I tried the ipkg method then building the nagios-plugins from source, and while that site was helpful, I kept getting compile errors, probably a missing or outdated library issue.  That is OK because nagios has SNMP checks, and going one step further, has community plugins for Synology.  We are going to be using this community plugin from the user deegan199.

First we need to enable SNMP.  In DSM 5.x open the control panel and browse to Terminal & SNMP then the SNMP tab:

And that is all for the synology, no ports to open nor restart needed.

Grab the synology snmp check from the previous link and throw it into your plugins folder.  You may need to change the permissions to executable for your nagios user, something like:

 # chmod +x check_snmp_synology  

If this is your first SNMP check for nagios, you need the snmpget and snmpwalk programs, in redhat/centos get them from the net-snmp-utils package:

 # yum install net-snmp-utils  

Next run the plugin from your nagios server to do a test, change -h for your Synology's IP address:

 # ./check_snmp_synology -h 192.168.1.30 -v  

Next we will set up our nagios configs to get this check on the nagios panel.  First we will add the synology command definition to our commands.cfg:

 ################################################################################  
 #  
 # SYNOLOGY  
 #  
 ################################################################################  
 define command{  
      command_name check_synology  
      command_line /usr/lib64/nagios/plugins/check_snmp_synology -h $HOSTADDRESS$ -v  
 }  

I am leaving the -v (verbose) switch in because its nice to have the entire output on the Nagios panel, its up to you.  Next create a config for your Synology device inside your nagios/etc/servers directory and assign this new command to it, I also added SSH, for the heck of it:

 ###############################################################################  
 ###############################################################################  
 #  
 # HOST DEFINITION  
 #  
 ###############################################################################  
 ###############################################################################  
 define host{  
     use            linux-server      ; Name of host template to use  
     host_name      synology1
     alias          synology1
     address        192.168.1.30  
     }  
 ###############################################################################  
 ###############################################################################  
 #  
 # SERVICE DEFINITIONS  
 #  
 ###############################################################################  
 ###############################################################################  
 define service{  
   use                  generic-service  
   host_name            synology1
   service_description      System Health  
   check_command        check_synology  
   }  
 define service{  
   use                  generic-service  
   host_name            synology1
   service_description      SSH  
   check_command        check_ssh  
   }  

Save and do a service nagios restart and soon you will have your checks in your Nagios panel:

Initialized Disks
If your Synology is provisioned with hot-spares then Synology reports the disks as "initialized" and this plugin will create a critical alert for these initialized disks.  This was the case for one of my Synology devices, luckily in the comments for this plugin user mtominsk provides a fix.  Change the following in the check_snmp_synology plugin:

Original:

 if [ "${diskStatus[$i]}" != "1" ] ; then  
         if [ "${diskStatus[$i]}" = "2" ] ; then    diskStatus[$i]="Initialized";            fi  
     if [ "${diskStatus[$i]}" = "3" ] ; then    diskStatus[$i]="NotInitialized";        fi  
     if [ "${diskStatus[$i]}" = "4" ] ; then    diskStatus[$i]="SystemPartitionFailed";        fi  
     if [ "${diskStatus[$i]}" = "5" ] ; then    diskStatus[$i]="Crashed";            fi  
         healthStatus=2  
         healthString="$healthString, problem with ${diskID[$i]} (model:${diskModel[$i]}) status:${diskStatus[$i]} temperature:${diskTemp[$i]} C "  
 else  
     diskStatus[$i]="Normal"  
     fi  
     if [ "$verbose" = "yes" ] ; then  echo "${diskID[$i]} (model:${diskModel[$i]}) status:${diskStatus[$i]} temperature:${diskTemp[$i]} C" ; fi  
 done  

Modified:

 if [ "${diskStatus[$i]}" != "1" ] && [ "${diskStatus[$i]}" != "2" ] ; then  
     # if [ "${diskStatus[$i]}" = "2" ] ; then diskStatus[$i]="Initialized"; fi  
     if [ "${diskStatus[$i]}" = "3" ] ; then diskStatus[$i]="NotInitialized"; fi  
     if [ "${diskStatus[$i]}" = "4" ] ; then diskStatus[$i]="SystemPartitionFailed"; fi  
     if [ "${diskStatus[$i]}" = "5" ] ; then diskStatus[$i]="Crashed"; fi  
         healthStatus=2  
         healthString="$healthString, problem with ${diskID[$i]} (model:${diskModel[$i]})   status:${diskStatus[$i]} temperature:${diskTemp[$i]} C "  
 elif [ "${diskStatus[$i]}" = "2" ] ; then diskStatus[$i]="Initialized";  
 else  
     diskStatus[$i]="Normal"  
     fi  
     if [ "$verbose" = "yes" ] ; then echo "${diskID[$i]} (model:${diskModel[$i]}) status:${diskStatus[$i]} temperature:${diskTemp[$i]} C" ; fi  
 done  

Brilliant!  Thanks deegan199 and mtominsk!

Nagios: A linux disk space check that matches the default Window disk space check.

Pretty:

Not so pretty:

The first one is a Windows Server VM with the default disk check from NSClient++, the second is a CentOS VM with the default check_disk from the yum nagios-plugins package.  Which one tells me more info?

Looking for a linux check disk plugin that can give me more info I came across this plugin by radumar1001 on the Nagios Exchange.  Lets change up our nrpe check on the CentOS vm to use it and see what it looks like.

First download the plugin and drop it on your linux client in your plugins folder, in my case it is /usr/lib64/nagios/plugins but yours might be different.  Next you need to change the plugin permissions so your root or nagios user can run it:

Next browse to the location of nrpe.cfg (/etc/nagios in my case) and open it up in your favorite editor.  In my case I am already using the default check_disk plugin like so:

 command[check_disk]=/usr/lib64/nagios/plugins/check_disk --units GB -M -w 20% -c 10% -p /dev/mapper/vg_centos-lv_root  

What we will do is modify this so we check check_disk_space instead.  It has three requirements, a warning threshold and a critical threshold, both of which are defined by USED space and a third to define which partition to check.  Comment out the old check, or modify it so it looks something like this:

 command[check_disk]=/usr/lib64/nagios/plugins/check_disk_space -w 80 -c 90 -p /  

Save it and since we changed nrpe.cfg we need to restart nrpe on the client by using service nrpe restart.  Since we did not need to change any configs on the nagios server, there is no need to restart Nagios on it.  Once Nagios runs that check again we will have a nicely formatted disk check:

Very pretty!

Resources

• the linux check_disk_space plugin

Nagios: Dell Server OpenManage to Monitor Dell Hardware

If you have a Dell server you would be crazy not to have OpenManage Server Administrator on it.  It provides a web interface to keep an eye on the system including hardware and the RAID health.  Ideally we will be notified via email if a disk in an array pops and even though OpenManage has a built in tool that can be scripted to do this it can get hacky and inconsistent.  After trying a few ways for Nagios to monitor OpenManage I came across the incredible check_openmanage plugin by Trond Hasle Amundsen.  Take one look at his detailed tutorial and it might be intimidating to someone new to Nagios, but its actually very easy to get a simple check set up that will cover all of the important stuff.  Soon you will have lovely Dell hardware alerts in your email inbox.

This how-to is going to cover getting check_openmanage working on a Dell server with Windows (Part 2) and a Dell server with CentOS (Part 3).  On the Windows box we will use the NSClient++ program to pass NRPE checks from the Nagios server to the windows client.  On the CentOS server we will also use NRPE, but the NRPE service from a yum repository.

1. nagios server
Since we are using NRPE all we need to do is set up our configs so the Nagios server can pass a check_nrpe request to the Dell server.  That's it, assuming check_nrpe is already installed on the Nagios server and a host config for the Dell server is made, we should be good, no additional plugins needed on the Nagios server.  Inside my host config I will define the check_openmanage service:

 define service{  
   use generic-service  
   host_name servername.local  
   service_description Dell OpenManage  
   check_command check_nrpe!check_openmanage!30  
 }  

I am already using check_nrpe for other checks, but for reference here is how mine is defined, you made need to add something similar to your commands.cfg:

 define command{  
   command_name check_nrpe  
   command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t $ARG2$  
 }  

Remember to service nagios restart after any config changes to Nagios.

2. windows server host
Now that the Nagios server is set up we can take care of the Dell servers.  First we will implement a solution for Windows Server.  Here is what we will need on our Windows box:

• Dell OpenManage Server Administrator
• NSClient++
• check_openmanage

The plugin requires OpenManage Server Administrator, if you don't have it installed go ahead and grab the latest version and install, the x86 has always worked for me.  The install takes a while, be patient and once it's done pull up the panel (https://localhost:1311) to test it out, you will get cert errors, that's OK.

Install NSClient++.  I wrote a quick and dirty guide here on it.  Next we will install the check_openmanage plugin.  Download the bits from the above link, technically for the windows box you only need the exe file, but I downloaded the zip so I can store it on my file server for use on the CentOS box, the zip contains the exe you need.  Extract the zip, and put the exe in in your NSClient++ directory:

With the plugin in place we can open a command prompt and test it.  We can run the plugin by hand and pass it the location of omreport.exe (which is installed with OpenManage) and have it return the omreport data in a pretty console line.  My omreport.exe is located at: C:\Program Files x86)\Dell\SysMgt\oma\bin\omreport.exe.  If you installed 64 bit OpenManage then you will use Program Files and not Program Files x86 within your omreport.exe location.

As you can see I am getting an output from omreport.exe, it is telling me I am using non-certified hard drives, shame on me!  Now we know that check_openmanage works we can tell NSClient++ to run it.  Edit the nsclient.ini that is in the NSClient++ folder.  Add the following:

 [/settings/external scripts/scripts]  
 check_openmanage = check_openmanage.exe -b pdisk_cert=all --omreport "C:\Program Files (x86)\Dell\SysMgt\oma\bin\omreport.exe"  

You will need to make sure the line --omreport points to the location of omreport.exe on your system.  Notice the -b pdisk_cert=all?  "-b" is blacklist, and since I am using non-certified disks in this server I don't want that particular warning to show up in my Nagios panel.

Make sure CheckExternalScripts = 1 in the same file, and restart the nsclient service:

Since our Nagios server is all set up, we should be getting a report on our nagios admin panel:

If there are any issues at this point you can pass check_nrpe with the check_openmanage plugin from the Nagios server to the Windows server by running the following from your on Nagios server (make sure to browse to the plugins directory that has check_nrpe):

 # ./check_nrpe -H 192.168.1.100 -c check_openmanage -t 30  

You should see the omreport output, which will start with System - OK, if there are no OpenManage alerts.  Any other issues you will need to double check configs and firewall settings, typical Nagios stuff!

3. centos host
Since we can't use check_openmanage.exe on our CentOS server, we need to use the check_openmanage script, which is in the zip download from before, its the one that has NO .exe extension.  Of course we will need OpenManage Server Administrator installed, which comes packaged in a repository provided by Dell, how nice!  Log into your CentOS server and run the following, this comes right from the Dell page here, which may be updated so check that first.

 # wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash  
 # yum install srvadmin-all  
 # /opt/dell/srvadmin/sbin/srvadmin-services.sh start  

You can test the Server Administrator panel by visiting https://localhost:1311 or by opening port 1311 in iptables and visiting remotely using the IP address of the CentOS server.

The Dell binaries are stored in /opt/dell/srvadmin/sbin/.  In this directory we will find our omreport script, which is what the check_openmanage script will use.  Now install NRPE and the nagios-plugin package, if you haven't already.

 # rpm -Uvh http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm  
 # yum install nrpe nagios-plugins-all  

First we will put the check_openmanage script into the nagios plugins directory, located at /usr/lib64/nagios/plugins/.  This directory is owned by root so you many need to chmod 777 plugins/ in order to copy the file.  The file (check_openmanage) is found in the zip we downloaded before, use your favorite method copying files but if you are not that comfortable then I recommend trying out via WinSCP.  To test the plugin browse to the plugins folder and run it (you may need to chmod 777 the file first):

OK... good to know I need to fix some things!

Next we need to modify /etc/nagios/nrpe.conf.  Under the Allowed Host Addresses section add the IP of your nagios server like so:

 allowed_hosts=127.0.0.1,192.168.1.18  

Way at the bottom of the file are the service check commands, we will add one for check_openmanage:

 command[check_openmanage]=/usr/lib64/nagios/plugins/check_openmanage -b pdisk_cert=all  

Notice just like the Windows server I am adding -b pdisk_cert=all, because I don't mind to be reminded that I am using uncertified hard drives.

Now we need to start the NRPE service and add it to chkconfig so it runs on boot.  Also open port 5666, so the Nagios server can communicate to the CentOS server.

 # service nrpe start  
 # chkconfig nrpe on  

If the service fails to start there may be an issue with your config file, just run a tail /var/log/messages and see what it says.

At this point, with nrpe listening and port 5666 open we can manually run check_nrpe on the Nagios server to test the connection to our CentOS server:

Now, similar to testing the Windows server above, we can take it one step further and pass check_nrpe with a check_openmanage request:

Since our Nagios server is all set up from part 1, open your Nagios admin panel and look for some win:

Now need to get back to fixing servers...

resources:

• check_openmanage Plugin
• Dell OpenManage Linux Repository
• Dell OpenManage Server Administrator Windows Download
• NSClient++
• NRPE document [PDF!]

Nagios: Monitor Active Directory and Exchange 2010 Services

We have an SBS 2011 box that we want to monitor for a client.  Nagios was set up for them before to notify the managers of low disk space on their servers, and now they can be notified of any weird AD or Exchange issues on their SBS server.  We are going to be using a cocktail of technologies that will help us talk to the SBS box as well as a host of powershell plugins and Nagios default commands that will reply back with the health of the system.

• check_nt will allow us to check important processes and services.
• check_nrpe will allow us to run powershell monitor scripts on the client machine
• check_smtp will make sure exchange is listening for email.

check_nt
First we will tackle setting up everything on the client machine for check_nt.  First download the latest NSClient++ (the 64 bit works for me) and run.  Accept the licence.  Select Typical install.  On the NSClient++ Configuration window I like to check the box to Allow all users to write config file.  On the next window put your Nagios server IP in and I select everything except for NSCA (not needed for this server).

Next Next (or 1-3 Next's) then Install.

First thing you will want to do it is adds port 5666 (nrpe) and 12489 (check_nt) to the windows firewall so Nagios can talk to it.  Next thing open C:\Program Files\NSClient++\nsclient.ini and double check a couple things:

• CheckExternalScripts = 1
• allowed hosts = 192.168.1.18 #Nagios server IP
• NRPEServer = 1
• NSClientServer = 1

Any changes made to nsclient.ini require the NSClient++ service to be restarted in services.msc.  Restart it for good messure.

After the NSClient++ install and opening of the firewall we now should be able to see if check_nt is working so lets log into the Nagios server and test the check_nt checks.  Browse to your plugin folder, in my case it is /usr/local/nagios/libexec and run the following, looking for the proper output:

Notice that is a capitol H for host.  You can always do a .\check_nt -h to help troubleshoot.  Now lets open our Nagios configs and add the checks in.

Full disclosure: the way I organize my servers is to have a separate .cfg for each server sitting in the nagios config directory, in my case it is: /usr/local/nagios/etc/servers.  Inside the folder there are configs called servername.cfg and inside the configs I define the hostname and the service definitions to run against the client server.  There is more than one way to skin a grape and I prefer this way because some checks I want to run against some servers and some check I don't, so breaking it out by server makes sense to me.  If I had 1000 servers to monitor I would probably not do it this way, but I digress.  We will open our servername.cfg and add the check_nt checks:

 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Uptime  
      check_command check_nt!UPTIME  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description NSClient++ Version  
      check_command check_nt!CLIENTVERSION  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description CPU Load  
      check_command check_nt!CPULOAD!-l 5,80,90  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Memory Usage  
      check_command check_nt!MEMUSE!-w 80 -c 90  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description C:\ Drive Space  
      check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description D:\ Drive Space  
      check_command check_nt!USEDDISKSPACE!-l d -w 80 -c 90  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Drive Space H:\ Exchange Logs  
      check_command check_nt!USEDDISKSPACE!-l h -w 80 -c 90  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Drive Space I:\ Mailbox DBs  
      check_command check_nt!USEDDISKSPACE!-l i -w 80 -c 90  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Microsoft Exchange Active Directory Topology  
      check_command check_nt!PROCSTATE!-d SHOWALL -l MSExchangeADTopologyService.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Microsoft Exchange Protected Service Host  
      check_command check_nt!PROCSTATE!-d SHOWALL -l Microsoft.Exchange.ProtectedServiceHost.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Microsoft Exchange Service Host  
      check_command check_nt!PROCSTATE!-d SHOWALL -l Microsoft.Exchange.ServiceHost.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Microsoft Exchange System Attendant  
      check_command check_nt!PROCSTATE!-d SHOWALL -l mad.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Active Directory Domain Services  
      check_command check_nt!PROCSTATE!-d SHOWALL -l lsass.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description DNS Server Service  
      check_command check_nt!PROCSTATE!-d SHOWALL -l dns.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description DFS Namespace Service  
      check_command check_nt!PROCSTATE!-d SHOWALL -l dfssvc.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description DFS Replication Service  
      check_command check_nt!PROCSTATE!-d SHOWALL -l DFSRs.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Intersite Messaging Service  
      check_command check_nt!PROCSTATE!-d SHOWALL -l ismserv.exe  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Microsoft Exchange Forms Based Authentication Service  
      check_command check_nt!SERVICESTATE!-d SHOWALL -l MSExchangeFBA  
 }  
 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Microsoft Exchange Information Store  
      check_command check_nt!SERVICESTATE!-d SHOWALL -l MSExchangeIS  
 }

Yikes, that is a lot of content, we are checking system uptime, NSClient++ version, cpu load, memory usage, and drive spaces.  We are are also checking AD and Exchange services and processes.  Some of this you will need, some of it you won't, so customize for your environment.  These checks I found from several different sources, see below for those.  Next we need to add the check_nt command definition to commands.cgf, this may already be done, that's OK.

Open /usr/local/nagios/etc/objects/commands.cfg and add the following:

 # 'check_nt' command definition  
 define command{  
      command_name     check_nt  
      command_line     $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$  
 }

At this point our check_nt checks should be working.  Do a service nagios restart on the Nagios server and make sure the configs are good and the service starts.  Back to your Nagios admin panel you will see a sea of new checks under your host, and will eventually be crunched by the Nagios server.  Any issues with this please check out the links below to go into more depth with Nagios, check_nt and how it all works together.

check_nrpe

With check_nrpe we can run some custom powershell scripts against the SBS box to help monitor Active Directory and Exchange.  Back to our SBS server, lets download and put the scripts in there new home.  I am using the following scripts I got from the very helpful telnetport25.com.

• Exchange2010BackupMonitoring.ps1
• Exchange2010ContentIndexMonitor.ps1

Drop them into C:\Program Files\NSClient++\scripts.  Please open them up and read the comments, you may need to change stuff to match your environment.  For example with the Backup script you may need to change how many days old you expect to see a backup, if you backup exchange once a week, then change to 7 or 8 days.

You will also want to set the powershell script execution policy to Bypass so that NSClient++ can run the script.  Once the scripts are in place open powershell, browse to the scripts folder and execute the scripts as a test:

If you have issues here make sure your user has access to the exchange shell plugin and exchange command-lets.  Once that is done its time to edit nsclient.ini.  Browse to C:\Program Files\NSClient++ and open nsclient.ini in your favorite editor and add the following to the end of the file:

 [/settings/external scripts/scripts]  
 check_exbackup=cmd /c echo scripts\Exchange2010BackupMonitoring.ps1 | PowerShell.exe -Command -  
 check_exindex=cmd /c echo scripts\Exchange2010ContentIndexMonitor.ps1 | PowerShell.exe -Command -  

What we are doing with this is going to call check_exbackup from the Nagios server and NSClient++ will know what to do with it based on these entries.  Save, close, and restart the NSClient++ service.

Back to the Nagios server lets test our new checks out.  Once again browse to where your plugins are, /usr/local/nagios/libexec, in my case and run the following:

We want to edit the servername.cfg and add the checks for these new scripts.  Add the following:

 define service{  
      use generic-service  
      host_name sbsserver.local  
      service_description Exchange DB Content Indexing  
      check_command check_nrpe!check_exindex!60  
 }
 define service{  
      use generic-service  
      host_name sbsserver.local
      service_description Microsoft Exchange Backups  
      check_command check_nrpe!check_exbackup!60  
 }

You will notice we are calling check_nrpe, and it might be added to commands.cfg by default, lets check by hand.  Browse to /usr/local/nagios/etc/objects and open commands.cfg and add/look for the following: 

 define command{  
      command_name check_nrpe  
      command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t $ARG2$  
 }

Notice we set a timeout (-t) of 60 but with the exchange scripts we may need to set it to 120, that is because powershell has to load the exchange command-lets and that could take extra time, so increasing the wait time might be needed.  Save and do a service nagios restart to check the configs.

Our nagios panel is looking nice (see title image!)  Now you are comfortable with check_nt and check_nrpe you can go crazy with plugins, there are a lot of options.  Check out the Exchange and Windows Server plugin sections of the Nagios Exchange for more goodness.  There are also some Active Directory scripts in the Windows Server section if you feel you want more monitor other than the check_nt services listed above.

check_smtp

The vanilla nagios-plugins package has a nice check_smtp plugin we are going to use to say "helo" to our exchange box.  Lets go back to our Nagios server and into the Nagios plugins folder (/usr/local/nagios/libexec) and test it out:

OK looks good to me, once again lets add it to our servername.cgf and make sure its in commands.cfg:

 define service{  
    use generic-service  
    host_name sbsserver.local
    service_description Check SMTP
    check_command check_smtp!60  
 }

And command definition:

 # 'check_smtp' command definition  
 define command{  
   command_name  check_smtp  
   command_line  $USER1$/check_smtp -H $HOSTADDRESS$ -t $ARG1$  
 }  

Save everything and do a nagios service restart.  With this we are running the plugin locally on the Nagios server and simply asking Exchange if its up, there is no need to check_nt, check_nrpe or NSCient++, its all happening on the Nagios server.  Once nagios gets around to it we should have a healthy reply:

thanks and resources:

Thanks to those who helped me get this going:

• nsclient.org - Getting Started Tutorial
• telnetport25.com - Exchange Monitoring Part 1
• telnetport25.com - Exchange Monitoring Part 2
• telnetport25.com - Exchange Monitoring Part 3
• telnetport25.com - Exchange Monitoring Part 4
• exchange.nagios.org - Windows Checks
• exchange.nagios.org - Exchange Server Checks