Check_AD Problem w/ NSClient++ and NRPE

I am running Nagios 2.10 on a Linux box and trying to run some service checks on Windows servers. I have installed NSClient++ on the Windows boxes and have been able to get results from other check_nrpe! service queries with another plugin (check_pdm) - so I know that NSClient++ and NRPE are working correctly.

I have the following in my NSC.ini configuration file on my Windows machine:

And this in the services.cfg on my Nagios server.

define service{ use generic-service host_name windowsserver1 service_description Active Directory is_volatile 0 check_period 24x7 max_check_attempts 3 normal_check_interval 3 retry_check_interval 1 contact_groups IT notification_interval 120 notification_period 24x7 notification_options n check_command check_nrpe!check_adir }

I can run the check_ad plugin from the client windows machine and it produces proper results. When I try to run it from the server it fails and gives me the following error:
UNKNOWN: No handler for that command.

Is the plugin not able to handle the results that are returned? Is there anyone else out there that has seen this message and fixed the problem? Anyone who is willing to help, I would appreciate it.

I actually fixed this error while I was working on installing other hosts. The check_ad plugin with the --dc flag runs dcdiag. I tested on the client machines that dcdiag would run, but I didn’t test if dcdiag was in C:\Windows\System32.

Once I copied dcdiag.exe over to that directory, check_ad worked the way I had expected it.

hi there,

I have a NSclient installed in my AD what other steps would i need in order to check_ad to work. Can you share you experience on this ?

Madal

On your AD machine, make sure dcdiag runs properly.

Open a command prompt and type dcdiag. If this runs and gives you the proper checks, then Nagios should recognize the output. If the system does not recognize the command - google it and find the download. Install it in Windows\System32 and you should be good to go.

can you post the steps ?

1- Install Nagios and add the NRPE plugins.
2- Configure the services.cfg with what is in my original post above.
3- Install the NRPE daemon on the Windows AD machine
4- Ensure that dcdiag runs on your Windows AD machine. To do this - open a command prompt and type dcdiag.
5- ??
6- Profit!

Don’t mind steps 5 and 6 too much, but you should get the idea.

for the NRPE daemon, do we need the windows based NRPE daemon found on the authors website?

Correct. Anytime you need to access a “service” that is located on the Windows machine you will need the Windows NRPE daemon running. This will allow Nagios to query the machine to get the appropriate information.

If the information can be accessed outside of the Windows machine (ie services like HTTP or DNS) then the Windows NRPE daemon is not required. Internal services like AD do require the Windows NRPE daemon.

Update:

I was able to get nrpe_nt properly installed on the windows AD controller, but I am at a stump here, maybe you can enlighten me.

On nagios it shows:

Active Directory CRTICICAL NRPE: Command ‘check_ad’ not defined.

My guess is that I am missing a line in nrpe.cfg?

I inserted a line under the hard coded commands of the nrpe.cfg file as:
command[check_ad]=c:\NSClient++\commands\check_ad -H $HOSTNAME$ --dc

Still didnt work

what you did was the correct thing to do; one thing though: did you restart NSClient after this modification ? if not, do it and it “should” work :slight_smile:

Can you post the nrpe demaon download link for widnows ?

Checking services on Windows is a complicated process and I tried answering the question as simple as possible because it was my understanding that others new the additional steps. Let me clear up as much as I can with what I did.

Windows AD Machine Instructions
1 - Install NSClient++ on the Windows AD server.
2 - Installed the necessary plugins for check_ad in the NSClient++ directory
3 - Configured NSC.ini with:

4 - Ensured that dcdiag runs on the Windows machine being checked

Nagios Server (assuming Nagios is already functional and running)
1 - Install the NRPE plugin
2 - Edit commands.cfg to include something like:
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -t 20 -c $ARG1$
}
3 - Edit Services.cfg to include something like:

define service{ use generic-service host_name <hostname> service_description Active Directory is_volatile 0 check_period 24x7 max_check_attempts 3 normal_check_interval 3 retry_check_interval 1 contact_groups IT notification_interval 120 notification_period 24x7 notification_options w,c,r check_command check_nrpe!check_adir }
4 - Restart the Nagios service

These are just examples taken from my current configuration - these will not work for everyone. However, they do give you a place to start from and hopefully have made the complete picture of how to establish a service check on a Windows machine. The following link is something I used to get myself started. My configs were put together from multiple sources, but this is at least where I learned about NSClient++.

Nagios and NSClient++

Windows based NRPE can be found here. miwi-dv.com/nrpent/

TheWired,

I greatly appreciate your response, thank you for the how to. I tried your method and worked perfectly.

Everything worked beautifully…

Also, you must configure the nrpe.cfg on the windows server and add the line

command[check_adir]=C:\Program Files\NSClient++\plugins\check_ad.exe -H $HOSTNAME$ --dc

if using the latest version of check_ad it will be check_ad. Mine looks like this:

The following examples use no command arguments…

#command[check_hallo]=D:\NRPE_NT\hallo.exe
#command[check_cmd]=D:\NRPE_NT\test.cmd
#command[check_perl]=D:\bin\perl.exe D:\NRPE_NT\test.pl
command[check_ad]=C:\NSClient++\commands\check_ad.exe -H $HOSTNAME$ -dc

That is correct. You can name it whatever you like as long as you are consistent across both the Windows AD machine and the Nagios machine.