|
|
| Subject: | Monitoring non-member Servers |
| Author: | [Not Specified] |
| Posted: | 2015-07-27 15:07 |
now that zenoss has gone the direction of kerberos based windows Remote Monitoring, how would someone monitor a server that is not a domain member server and as such has no kerberos SPN
our network has three DMZ's at various locations and the servers within the the DMZ s are not domain members, and per M$ standards, nor should they be.
Thanks,
| Subject: | For now, what i understand |
| Author: | [Not Specified] |
| Posted: | 2015-07-28 07:58 |
For now, what i understand you must do:
Individual Machine configuration:
Open ports 5985 (http)/5986(https) for WinRM
winrm quickconfig
winrm s winrm/config/service @{MaxConcurrentOperationsPerUser="4294967295"}
winrm s winrm/config/winrs @{MaxShellsPerUser="2147483647"}
winrm s winrm/config/winrs @{IdleTimeout="7200000"}
Basic Authentication (Windows default is Kerberos see note below for more information):
winrm s winrm/config/service/auth @{Basic="true"}
winrm s winrm/config/service @{AllowUnencrypted="true"}
You are forced yo enable Basic, and use local users.
| Subject: | Thank you for the advice. it |
| Author: | [Not Specified] |
| Posted: | 2015-08-28 09:44 |
Thank you for the advice. it works great. I was also able to use this method to get around the pesky problem i'm having with Kerberos after changing a computers name or using an Ip address that zenoss has seen before.
| < |
Previous Does Zenoss store LVM UUID info anywhere - linux box polled via SNMP |
Next /var/lib/docker partition reached 100% |
> |