WMI based Windows service monitor not working

I am in the process of setting up Windows Service monitoring via WMI, and I’m able to detect the service with my foreign source definition, but the poller is failing.

the following “checkwmi” command works successfully:

# checkwmi -wmiClass "Win32_Service" -wmiObject "State" -wmiWql "Select State From Win32_Service Where DisplayName='Application Host Helper Service'" -op "EQ" -value "Running" -matchType "all" -domain GMS WMI_USER HIDDEN_PASSWORD
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Checking: Select State From Win32_Service Where DisplayName='Application Host Helper Service' for State Op: EQ Val: Running
Check results: OK (1)
Result for (1) Win32_Service\State: Running

and in my provisioning requisition, I have the following detector which is working:

  <detector name="WMI-Application-Host-Helper-Service" class="org.opennms.netmgt.provision.detector.wmi.WmiDetector">
     <parameter key="wmiClass" value="Win32_Service"/>
     <parameter key="matchType" value="all"/>
     <parameter key="compVal" value="Running"/>
     <parameter key="wmiWqlStr" value="Select State From Win32_Service Where DisplayName='Application Host Helper Service'"/>
     <parameter key="compOp" value="EQ"/>
     <parameter key="retries" value="2"/>
     <parameter key="wmiObject" value="State"/>
     <parameter key="timeout" value="3000"/>

And in poller-configuration.xml, I have the following service defined:

  <service name="WMI-Application-Host-Helper-Service" interval="300000" user-defined="false" status="on">
     <parameter key="retry" value="6"/>
     <parameter key="timeout" value="5000"/>
     <parameter key="matchType" value="all"/> 
     <parameter key="wmiClass" value="Win32_Service"/>
     <parameter key="wmiWql" value="Select State From Win32_Service Where DisplayName='Application Host Helper Service'"/>
     <parameter key="wmiObject" value="State"/>
     <parameter key="compareOp" value="EQ"/>
     <parameter key="compareValue" value="Running"/>
  <monitor service="WMI-Application-Host-Helper-Service" class-name="org.opennms.netmgt.poller.monitors.WmiMonitor"/>

The service is discovered, but shortly after discovery, I’m receiving a nodeLostService event with the following description:

A WMI-Application-Host-Helper-Service outage was identified on interface x.x.x.x because of the following condition: Constraint 'all EQ Running' failed for value of Win32_Service\State.

I noticed the compOp ,compVal, and wmiWqlStr parameter keys were different between the detector and the poller, so I changed the poller to match, but that did not change the polling. I still have the same issue.

Any ideas how to get this working? What are the parameter values supposed to be for a service using org.opennms.netmgt.poller.monitors.WmiMonitor?

Note: I’m currently running OpenNMS 24.1.3. I thought I’d check out v25, but ran into an issue with the postgresql version.

I’m not familiar with the WmiPoller. TBH, I didn’t know we have one :slight_smile:

But Windows does need some configs afaik.

But I’m really interested in this topic because I don’t want to use SNMP anymore in Windows. But I think the better or more future-proof solution is WSMAN.

I also want to go the WSMAN solution to collect data. It also seems to be possible to use WSMAN for polling

Also @agalue blogged this which is really helpful.

We worked out the windows side of the config, and the checkwmi script returns successfully, and the detector discovers the service. The issue I’m having is that the poller is failing to poll the service, so it eventually marks the discovered services as down.

WSMAN isn’t currently an option in our environment, as we have too many servers we are trying to monitor that are running a version of windows that is too old to support WSMAN.

If you are using Java11 , we fixed a specific issue related to Java11 and WSMAN In 25.0.0.

We didn’t backport it to v24 as it already reached EOL

1 Like

Would this WSMAN issue have any bearing on the WMI poller?

My mistake. It shouldn’t be relevant.