TECHZEN Zenoss User Community ARCHIVE  
FORUMS / Configuration & Administration / DISCUSSION

New deployment after crash of old deployment

Subject: New deployment after crash of old deployment
Author: Chad Bryan
Posted: 2021-05-10 16:50

I recently stood up a new instance of Zenoss 6.3.2 as a VMware appliance.  I was previously running 6.3.2 for quite a while until the database got corrupted after a system failure.  With the new deployment stood up, I am unable to model Windows devices that were previously being monitored.  No matter how I configure the "zWinRM" settings, I keep getting errors when modeling. 

Error on server.name.removed: kinit: Cannot contact any KDC for realm 'MYDOMAIN.COM' while getting initial credentials

I obviously removed my server/domain info from the above error but has anyone had any issues getting Windows devices to model on a new VMware appliance deployment?


Subject: RE: New deployment after crash of old deployment
Author: Michael Rogers
Posted: 2021-05-10 18:13

Hi, Chad!

The bare minimum zWinRM settings you'll need are:

zWinRMUser - the username for your monitoring user account configured in AD
zWinRMPassword - password for said user
zWinKDC - the Key Distribution Center (typically the AD server) for the domain that the zWinRMUser belongs to

If those are all good to go, a lot of times it'll come down to name resolution.  Did you add the device by:

IP address
hostname
fully-qualified domain name
some other identifier

FQDN is typically going to work the best.  When zenpython (the monitoring service responsible for Windows devices) attempts to log in, it needs to request a Kerboros auth ticket from the KDC.  This request is going to consist of the username, password, and the hostname/FQDN of the device to be logged into.  If the AD server doesn't recognize the hostname/FQDN, or if the AD server knows that device by a different name, it won't grant the auth ticket.  

If zenpython cannot contact the KDC, I would check the following:

From the VMware appliance, can you ping the KDC and resolve the name of the KDC?  Is the Kerberos port (88 UDP, by default) blocked between the appliance and the KDC?

Let me know what you find?



------------------------------
Michael J. Rogers
Senior Instructor - Zenoss
Austin TX
------------------------------

Subject: RE: New deployment after crash of old deployment
Author: Chad Bryan
Posted: 2021-05-11 09:10

Thanks for the reply Michael.  You can disregard my post.  I had a brain fart during deployment.  When I looked at the interface config it showed the broadcast address the same as the IP of the server.  It appears that when I did the initial configuration, I didn't specify the network size so it set it as a /32 instead of a /24.  Once I got my head out of my butt, everything starting working.  Thanks again!

------------------------------
Chad Bryan
Director of IT Infrastructure and Security
University of Northwestern Ohio
Lima OH
------------------------------


< Previous
Zenoss CE 1.6.3/6.3.2 r317 - Zenoss Core Web UI - CC tab - HTTPError - HTTP Erro ... 		  Next
How does Zenoss monitor Oracle ASM storage. 		>