Prerequisites for the Nodinite Windows Server Monitoring Agent
This page describes the prerequisites for installing and running the Nodinite Windows Server Monitoring Agent.
Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information MicrosoftServiceBusRelayingLink).
We recommend that you keep this agent close to Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite application server)
| Verified | Topic |
|---|---|
| Software Requirements | |
| What Windows User Rights does the Windows Server Monitoring agent require? | |
| What Firewall settings do the Nodinite Windows Server Monitoring agent require? |
Software Requirements
The Windows Server Monitoring Agent is a Windows Service and is usually installed on the Nodinite application server.
| Product | |
|---|---|
| Windows Server | Windows 2022Windows 2019Windows 2016Windows 2012 R2*Windows 2012* |
| .NET Framework | .NET Framework 4.8 or later New 6.0Our recommendation is .NET Framework 4.8.1 or later |
| Powershell WMF 5.1 or later | If you are using Windows 2012/2012 R2, you must install WMF 5.1 or later to make use of the PowerShell Monitoring feature |
| Web Server (IIS) - Management Tools |
|
Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and later make use of the .NET Framework 4.6.2 or later.
Versions prior to 5.4 make use of the .NET Framework 4.5.2 or later.
Remote Windows Servers with IIS to monitor must have this Windows feature installed 
If you have three servers with IIS to monitor, you must install this feature on three serversIf you see entries in the Event Log like while activating CLSID {2B72133B-3F5B-4602-8952-803546CE3344}, please review the prereqs, restart, and make sure the following settings have been applied: Setting DCOM Security to Allow a User to Access a Computer Remotely
Management Service
If the IIS is a remote server to the Monitoring Agent; You must also enable remote connections and make sure the WMSVC service is operational. Please review the Remote Administration for IIS Manager for additional details.
- Enable remote connections
- Make sure to auto-start the VMSVC service
Make sure to allow remote connections and set the 'WMSVC' service to start automatically.
Enable remote connections
- In the IIS MMC, click on the node, then, on Management Service.
- Check the Enable remote connections checkbox.
Click the Apply button to persist the changes.
Click Apply button to persist the changes.
Set WMSVC to start automatically
The WMSVC service installs with Startup Type set to Manual, which means that the service has to be manually restarted each time the server reboots or if HTTP.sys is stopped (WMSVC depends on HTTP.sys). Set the Startup Type to Automatic if you want WMSVC to start on system boot. Do this in the Services MMC console, or using this command line in an administrative command prompt:
sc.exe config WMSVC start= auto
Supported Versions
Windows Server is ever-evolving, and Microsoft sometimes adds new functionality and/or deprecates older SDKs, methods and adjust policies. For Nodinite, this means you need to update Nodinite and our Windows Server Monitoring Agent from time to time.
Make sure to subscribe to our Release Notes.
What Windows User Rights does the Windows Server Monitoring agent require?
You will install the monitoring agent as a Windows Service, usually on the Nodinite application server. Virtual machines are supported.
- Local named account or domain account (preferred).
- Access and run-time rights.
- Follow the 'How to set logon as a Windows service right' user guide for detailed instructions.
Important
To be operational, the Service Account running the Nodinite Windows Server Monitoring Agent must be the local administrator on all servers to monitor.
What Firewall settings do the Nodinite Windows Server Monitoring agent require?
Depending on where on the network you install the Windows Server Monitoring Agent and the Nodinite Monitoring Service; To monitor Windows Servers, you may need different firewall configurations on other servers. The following illustration shows the agent installed on a dedicated Windows Server.
The Windows Server Monitoring Agent has both inbound and outbound communication:
- Between the Monitoring Service and the Windows Server Monitoring Agent
- Between the Windows Server Monitoring Agent and monitored Windows Server(s)
- Local (no ports)
- Remote ports are used
1. Between the Monitoring Service and the Windows Server Monitoring agent
The following ports must be allowed on the Windows server where the agent is installed and running:
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file) |
And further with 'Option 1' or 'Option 2' as documented next:
Option 1 (Local network)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 8000 | RPC | Communication is initiated by the Monitoring Service |
Option 2 (Cloud/Hybrid)
Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.
Nodinite uses the same principle technique as the On-Premise data gateway; see 'Adjust communication settings for the on-premises data gateway' user guide.
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 443 | HTTPS | Secure outbound traffic | ||||
| 5671, 5672 | Secure AMQP | |||||
| 9350 - 9354 | Net.TCP |
2. Between the Windows Server Monitoring agent and Windows Servers
There is RPC and WMI traffic between the Windows Server Monitoring Agent and the monitored Windows Servers (1..*)
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| - | ICMP | ICMP. NoteAs per your user configuration; apply to the device/servers to ping | ||||
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved with user-defined entries in the hosts file in each Windows server instance), review the following 'Microsoft' user guide |
||||
| 88 | Kerberos | Review 'Microsoft Kerberos' user guide | ||||
| 135 | RPC | This port is shared between many Windows Services | ||||
| 445 | SMB, RPC/NP | Windows Performance Counters Access | ||||
| 1024-65535 | RPC dynamic ports WMI/RPC | Depends on policies and settings on target environment. Please review the How to configure RPC dynamic port allocation to work with firewalls user guide |
Add firewall rule
If you want to monitor the IIS, additional firewall exclusions may be required.
Please add a new firewall rule on the server to monitor to allow the dllhost.exe to accept incoming requests from the Nodinite Windows Server Monitoring Agent.
| Setting | Value |
|---|---|
| Rule type | Inbound |
| Rule type | Custom |
| Program | %systemroot%\system32\dllhost.exe |
| Protocol | TCP |
| Local port | RPC Dynamic Ports |
| Remote port | All Ports |
| Action | Allow connection |
| Profile | Domain |
netsh advfirewall firewall add rule name="Remote IIS inetinfo" dir=in action=allow description="Remote IIS Service Managment" program="%systemroot%\System32\inetsrv\inetinfo.exe" enable=yes
netsh advfirewall firewall add rule name="COM+ Remote Administration (All Programs)" dir=in action=allow description="" program="%windir%\system32\dllhost.exe" enable=yes localport=RPC protocol=tcp
Frequently asked questions
Additional solutions to common problems and the FAQ for the Nodinite Windows Server Monitoring Agent exist in the Troubleshooting user guide.
Next Step
Install Windows Server Monitoring Agent
Related
Add or manage a Monitoring Agent Configuration
Monitoring
Administration