Prerequisites for the Nodinite Monitoring Service
Prepare your environment for a seamless Nodinite Monitoring Service deployment. This page provides a comprehensive checklist and best practices to ensure a successful installation and secure operation in any environment.
✅ Complete prerequisites checklist for fast deployment
✅ Covers SMTP, MSDTC, Windows rights, SQL permissions, and firewall settings
✅ Troubleshooting tips for complex, distributed, or secure environments
This page describes the prerequisites for installing and running the Nodinite Monitoring Service. The Monitoring Service is a Windows Service installed as part of the Core Services package.
Nodinite Monitoring Service Checklist
The Monitoring Service is easy to install on a single server, but in distributed or locked-down environments (with load balancing, firewalls, network zones, domains, DNS, group policies, antivirus, etc.), you may need to address additional requirements for a smooth setup.
| Verified | Topic |
|---|---|
| SMTP - Monitoring Service must be allowed to send emails | |
| MSDTC | |
| Windows rights | |
| Database rights | |
| Firewall |
Use the checklist above to verify that you have performed all steps required to get Nodinite flying (most probably already managed when you performed similar tasks for the Configuration Database).
SMTP Settings
Alerts are sent using Alarm Plugins and it is very common to use any of the Nodinite e-mail plugins.
The Nodinite Monitoring Service must be allowed to send emails and this is often governed by your organization's policies.
Microsoft Distributed Transaction Coordinator (DTC)
The Monitoring Service is involved in SQL Server related operations and Nodinite uses the Windows Service Microsoft Distributed Transaction Coordinator (DTC) that is responsible for coordinating transactions that span multiple resource managers. We have written a dedicated tutorial for Nodinite with our best practices for how to install and configure the DTC Windows Service.
You must configure the DTC as documented, otherwise Nodinite will not be able to function.
What Windows rights does the Monitoring Service require?
The Nodinite Monitoring Service is a Windows Service (not an IIS application) that runs under a configured service account. The v7 PowerShell installation scripts automatically configure the service during installation.
Service Account Requirements:
- The service account must have
Logon as a Servicerights - see How to set Logon as a Service right - The service account must have appropriate SQL Server rights (see next section)
- This service should always be running
- This service should not be clustered - contact support if you need technical assistance
- DCOM Local Activation Permission is required for the service to function properly
How It Works:
The v7 PowerShell installation scripts create and configure the Monitoring Service Windows Service with the specified service account. This service coordinates with Monitoring Agents, executes Remote Actions, and delivers alerts through various Alert Plugins.
What SQL Rights does the Monitoring Service require?
The Windows domain account being used for the Monitoring Service must have the following SQL rights assigned (least privileges):
Master
The grants depend on the type of SQL Server instance:
| >= SQL Server 2016 | < SQL Server 2016 |
|---|---|
| db_owner | db_datareader |
Grant VIEW SERVER STATE rights.
GRANT VIEW SERVER STATE TO [Domain\user]
Replace [Domain\user] with the Windows account being used for the Monitoring Service.
If applicable, repeat the grant on all nodes part of an AOAG environment.
Nodinite Databases
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially true for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
All databases on all SQL Instance(s)—where Configuration Database and Log Databases databases are located:
| Scope | Permission / Role | Description | Microsoft Docs Link |
|---|---|---|---|
| Instance/Database | public | Right to log on to SQL instances and databases used by Nodinite | public role |
| Database | db_ddladmin | Required so the service account can run necessary DDL (and read statistics) for performance-sensitive operations, especially across linked servers | db_ddladmin |
Important
db_ddladmin is required for the service account to have proper rights to read statistics. Without this permission, performance may be degraded, especially for remote servers (linked servers). Read more here. Contact our support if you have any questions about this.
All Nodinite specific databases
| Database | Permission | Description | Microsoft Docs Link |
|---|---|---|---|
| Configuration Database | db_datareader | Grants read access to all tables and views | db_datareader |
| Configuration Database | db_datawriter | Grants write access to all tables and views | db_datawriter |
| Configuration Database | db_ddladmin | Allows running DDL statements (e.g., create/alter/drop objects) | db_ddladmin |
| Configuration Database | sysadmin/db_owner | Required for certain administrative tasks (e.g., shrinking databases) | sysadmin, db_owner |
| NodiniteLog_* | db_datareader | Grants read access to all tables and views | db_datareader |
| NodiniteLog_* | db_datawriter | Grants write access to all tables and views | db_datawriter |
| NodiniteLog_* | db_ddladmin | Allows running DDL statements (e.g., create/alter/drop objects) | db_ddladmin |
| NodiniteLog_* | sysadmin/db_owner | Required for certain administrative tasks (e.g., shrinking databases) | sysadmin, db_owner |
This table lists the minimum SQL Server permissions required for the Nodinite Monitoring Service's Configuration Database and Log Databases. Ensure these grants are set for uninterrupted operation, maintenance, and automation.
Grant Execute rights on all existing and future stored procedures for the account used by the Monitoring Service:
GRANT EXECUTE TO [Domain\\user]
Replace [Domain\user] with the Windows account being used for the Monitoring Service.
What Firewall settings are required for the Monitoring Service?
The Monitoring Service is a Windows Service that executes monitor checks and distributes alerts. It communicates with Monitoring Agents, the Web API, Alarm Plugins, and SQL Server. Proper firewall configuration is required for these interactions.
Four types of servers commonly participate in Monitoring Service deployments:
| Server | Role |
|---|---|
| Monitoring Service Server | Hosts the Monitoring Service (Application Server role) |
| Agent / Node Servers | Host the Monitoring Agents and any remote resources being monitored |
| Web Server | Hosts the Web API and Web Client (IIS) |
| SQL Server | Hosts the Configuration and Log Databases |
Plan firewall rules for communication between these servers (Monitoring Service ↔ Agent servers, Monitoring Service ↔ Web Server, Monitoring Service ↔ SQL Server, Agents ↔ Domain Controller).
[!NOTE] Nodinite v7 Port Configuration: Internal Core Services communication ports (like port 8000) are configured in the Nodinite Portal during installation. The v7 PowerShell installation scripts automatically configure these ports.
Required Firewall Ports
- TCP Ports between Monitoring Service and Monitoring Agents The following ports must be allowed on the Windows server where the agent is installed and running:
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file) |
And further with 'Option 1' or 'Option 2' as documented next:
Option 1 (Local network)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 8000 | RPC | Communication is initiated by the Monitoring Service |
Option 2 (Cloud/Hybrid)
Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.
Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.
The following Ports must be open for outbound communication with '*.servicebus.windows.net' from both on-premise and off-site:
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic | ||||
| 5671, 5672 | Secure AMQP | |||||
| 9350 - 9354 | Net.TCP |
- TCP Ports between Monitoring Service and Web API
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 8000 | RPC | Communication is initiated by the Monitoring Service |
- Monitoring Service and Alarm Plugins
- 25 – SMTP as described in RFC 5321
- 443 – SSL
- 587 – SMTP-MSA as described in RFC 6409
- 465 – SMTPS as described in RFC8314 (Not common any more)
- Any other port your custom built Alarm Plugin may require
- TCP Ports between Monitoring Service and SQL Server
1. TCP Ports between Monitoring Service and Monitoring Agents
2. TCP Ports between Monitoring Service and Web API
Nodinite shows the state of the Monitoring Service for Users within the Web Client. The Web Client asks the Web API which in turn queries the Monitoring Service. The Monitoring Service uses the Web API to provide all its features.
3. Monitoring Service and Alarm Plugins
Alerts are distributed by the Monitoring Service for Monitor Views when a configuration matches a changed state of Resources. The alert is pushed to each 'Alarm Plugin'. Nodinite ships with default alarm plugins and it is possible for you to add your own Alarm Plugins. These are DLLs written in any .NET language. Templates and SDK are intended for use with C#.
Important
Depending on what external services your custom built Alarm Plugin uses you may need to ensure open TCP ports according to the requirements of that external service provider.
Where do I add my custom built Alarm Plugin?
You simply copy the DLL to the 'Plugins' folder of the Monitoring Service. If the DLL is being replaced then you must restart the Monitoring Service.
Important
Make sure the DLL after the copy-paste operation is not blocked by Windows. Right-click on the DLL and select properties. Click the Unblock button if that option exists.
- TCP Ports between Monitoring Service and SQL Server
For performance reasons the Monitoring Service accesses the databases directly using the Windows Service Account configured.
The Monitoring Service communicates with SQL Server using Windows authentication, Kerberos, and distributed transactions (MSDTC). For comprehensive SQL Server firewall configuration, including:
- DNS resolution (port 53)
- Kerberos authentication (port 88)
- MSDTC/RPC (port 135 and dynamic ports)
- SQL Server instances (port 1433 and custom ports)
- Linked Servers configuration
- Azure SQL Managed Instance connectivity
- Always On Availability Groups (AOAG) requirements
See the comprehensive SQL Server Firewall Configuration guide.
Frequently asked questions
Additional solutions to common problems and the Nodinite Monitoring Service FAQ exist in the Troubleshooting user guide.
Next Step
Install Monitoring Service
Install Nodinite
System Parameters
Search Fields
Related Topics
Core Services Package
Configuration Database
Log Databases
Web API
Manage Alarm Plugins
Monitoring Agents
Monitor Views
Resources
Remote Actions
Users
MSDTC
SQL Server Firewall
Service Bus Relaying