SiteScope User's Guide

Remote NT Servers

SiteScope can monitor other NT and Win 2000 servers remotely for certain statistics (such as CPU, Disk Space, Memory, or Services) without the installation of agent software on each server. SiteScope uses the registry interface to access information about remote servers. Remote NT Servers preferences allows you define separate logins for different domains or servers. Monitoring remote NT or Win 2000 servers requires that you have an user account defined on each server or for each domain you want to monitor. Then you need to define the server or domain and login that SiteScope should use to access servers in that domain. After you define a remote NT server preference you can create a monitor to watch the status of that server. Clicking the choose server link on an Add Monitor page will display a list of the remote servers you have defined. You can then select the server that you wish to monitor.

This section describes:

• Remote Servers Table
• Adding a remote NT or Win2K machine
• Technical notes

Remote NT Servers Table

From the General Preferences page click the NT Remotes link under the navigation bar at the top of the page. This brings up the Remote NT Servers page which lists in table format the currently defined remote NT and Win 2000 servers. The Remote NT Servers Table lists the following information on the currently defined servers.

Name

This shows the optional name assigned to the server definition. The default name is the server address.

Server

This item indicates the server address or UNC name.

Status

This column displays information regarding the connectivity with this server. The connection status message is from the most recent test of connectivity either when the server profile was created or using the Test feature in the Remote Servers Table.

OS

This shows the operating system that was defined for the server. For NT remote machines, this will be displayed as NT.

Method

The Method entry shows the connection method used to connect to the remote machine. For NT remotes this may be either NetBIOS or SSH. Secure Shell connectivity with WIndows NT machines requires that SSH libraries be installed on each machine you want to connect to. See the notes on Connection Method below for more information.

Edit

Click the Edit link to edit the specifications for communicating with the subject server.

Test

Click the Test link to test communication with the subject server.

Del

Click the X in this box to delete the subject server definition.

Index

Adding a Remote NT Machine

You can add remote NT servers by choosing the Add a Remote Machine link below the Remote NT Servers Table. This brings up the Add Remote NT Server page.

To create a remote server definition, you need to provide the following information:

NT Server Address

The IP address or UNC style name of the NT server you wish to monitor.

Connection Method

SiteScope can use one of two connection types for monitoring remote NT server resources. These are:

• NetBIOS - the default server-to-server communication protocol for Windows NT and 2000 networks.
• SSH - Secure Shell, a more secure communication protocol that can be installed on Windows NT/2000 based networks. This connection method normally requires installing SSH libraries on each server to which you want to connect. See the document on Secure Shell in the Advanced SiteScope Topics section for more information

Login

The login for the remote server. If the server is within the same domain as the SiteScope machine, include the domain name in front of the user login name. For example: domainname\user. If you are using a local machine login account for machines within or outside the domain, include the machine name in front of the user login name. For example: machinename\user.

Password

The password for user login specified above.

Title

A name by which the remote machine should be known. This name will appear in the drop-down list.

Trace

Check this box to have trace messages to and from the subject server recorded to the SiteScope RunMonitor.log file.

After defining the server for SiteScope, you can test the settings by clicking on the test link in the Remote NT Server table. SiteScope attempts to display the working directory of the remote machine (the "cd" on Windows NT), as a test to ensure that the remote machine can be accessed and can run commands properly.

Index

Technical Notes

The following is additional information relating to the setup of and troubleshooting SiteScope monitoring of remote Win NT and Win 2000 servers:

A general troubleshooting step in working with remote NT servers is to connect to remote machine using Perfmon. If a connection can not be made there is likely a problem involving the user access permissions that have been granted to the SiteScope account on the remote server. SiteScope requires certain administrative permissions to be able to monitor server statistics.

For security reasons, SiteScope may not be allowed to use the permissions of a full administrator account. SiteScope can be granted restricted monitoring access by editing certain Registry Keys. See the Enabling Non-Admin Users to Remotely Monitor with PERFMON support note on the Microsoft support site for more information.

When you need to monitor a server which is a stand-alone server or not part of a domain already visible to the SiteScope server, try entering the machine name followed by a slash and then the login name in the Login entry field.

Some problems have been found when trying to monitor Win 2000 servers from SiteScope running on Win NT4. In many cases the problem involves incompatibility of the DLL's used by the operating system to communicate between the servers.

Troubleshooting NT Event Log Access on Remote NTs

Problem
When viewing remote NT event logs or getting alerts relating to monitoring a remote NT machine, you see:
The description for Event ID ( XXXX ) in Source ( XXXX ) could not be found. It contains the following insertion string(s):
The operation has completed successfully.

Cause:
When you view the event log on a computer from a remote computer, if the required registry keys (and referenced files) are not present on the remote computer, SiteScope is unable to format the data; hence it displays the data in a generic format.

Resolution:
The required registry entries and DLL files must be copied to the remote computer on which the event viewer application is being run. Follow these steps to get the remote registry entries and DLL files onto the local SiteScope machine:

1. Locate on the remote machine which event you are not getting properly in SiteScope by finding the entry in the Event Viewer. Write down the information for the event id, source and description. (For example, Source: MSExchangeSA , Event ID: 5008, Description: The message tracking log file C:\exchsrvr\tracking.log\20020723.log was deleted.)
2. The open the: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application and click on the Source (that is, MSExchangeSA)
3. Click on the EventMessageFile and write down the data for where that DLL is located. (that is, C:\EXCHSRVR\bin\madmsg.dll)
4. Now, you need to locate the dll on the remote and copy it to the SiteScope machine. You can copy this one of two ways:
   1. The Initlog.exe utility, in the "BackOffice Resource Kit, Second Edition," can be used to copy the required registry entries from the Exchange Server computer to the remote computer. This utility can also copy the required DLL files if you are logged on to Windows NT with an account that has Administrator privilege on the Exchange Server computer. (See Microsoft Article Q184719), OR
   2. Using ftp, mail, etc to get the file to your local drive.
5. SiteScope uses the data from the EventMessageFile field in step 3 to determine where to find the dll on the local machine. So, you must create the same folder structure as in step 3 and place the file in that directory. Otherwise, you can change the directory structure to say c:\Windows\System32 (SiteScope looks in the ADMIN$ by default on the remote machine) and place the dll In that folder but you MUST have this structure and dll on BOTH machines. Also, if you do this, you will need to update the registry in step 3 to reflect the directory the dll is in.

Other troubleshooting tips:

To see what SiteScope is getting when trying to access the remote registry:

1. Go to the SiteScope\tools directory.
2. Type in perfex \\MACHINE -u username -p password -d -elast "Application" This command will give you the number of entries in your Application log.
   For example:

    
   Connected to \\ex-srv as int-ss
   Next Record: 2369
   

3. Now, you will want to only list say the last 10 or 12 events, to find the one you are looking for, so the command is: perfex \\MACHINE -u username -p password -d -elog "Application" 2355 | more This will produce a lot of output so go through each entry until you find the one you need.
4. Once you find the record you are looking for, note the Record id for easier searching next time when using the command in Step 3.
5. This output will tell you what SiteScope is getting, for instance in the example given, this is what we get:

   Type: Information
   Time: 02:00:24 08/01/102
   Source: MSExchangeMTA
   ID: 298
   Category: 1
   Record: 2342
   Machine: EX-SRV
   FILE=C:\EXCHSRVR\res\mtamsg.dll
   REMOTE FILE=
   String 835050d is: MTA
   Next String 835054d is: OPERATOR
   Next String 83505dd is: 34
   Next String 835060d is: 0
   Next String 835062d is:
   File: C:\EXCHSRVR\res\mtamsg.dll
   Remote Path:
   calling FormatMessage()
   Formatted Message 142 bytes long
   Raw message is: The most current routing information has been loaded by the  MTA, 
   and a text copy was saved in the file GWART0.MTA. [MTA  OPERATOR 34 0] (12)
   Message: The most current routing information has been loaded by the  MTA, and a
            text copy was saved in the file GWART0.MTA. [MTA  OPERATOR 34 0] (12)
   
   The file path is where the remote file is being found.  If you copy the dll to the WINDOWS\SYSTEM, 
   you will see the File and remote file path like this:
   Type: Information
   Time: 03:15:00 08/01/102
   Source: MSExchangeIS Public
   ID: 1221
   Category: 6
   Record: 2350
   Machine: EX-SRV
   FILE=C:\WINNT\SYSTEM32\mdbmsg.dll
   REMOTE FILE=\\ex-srv\ADMIN$\SYSTEM32\mdbmsg.dll
   String 835054d is: 0
   Next String 835056d is:
   File: C:\WINNT\SYSTEM32\mdbmsg.dll
   Remote Path: \\ex-srv\ADMIN$\SYSTEM32\mdbmsg.dll
   LOADING LIB REMOTE: \\ex-srv\ADMIN$\SYSTEM32\mdbmsg.dll
   calling FormatMessage()
   Formatted Message 89 bytes long
   Raw message is: The database has 0 megabytes of free space after online  defragmentation has terminated.
   Message: The database has 0 megabytes of free space after online  defragmentation has terminated.
   

Copyright © 2003 Mercury Interactive Corporation.
All rights reserved.