Monitoring Windows Systems with

PowerShell
SL1 version 8.14.1
Table of Contents
Introduction 4
Monitoring Windows Devices in the ScienceLogic Platform 5
What is SNMP? 5
What is PowerShell? 5
PowerPacks 6
Configuring Windows Systems for Monitoring with SNMP 7
Configuring SNMP for Windows Server 2016 and Windows Server 2012 8
Configuring Ping Responses 8
Installing the SNMP Service 9
Configuring the SNMP Service 14
Configuring the Firewall to Allow SNMP Requests 19
Configuring Device Classes for Windows Server 2016 and Windows 10 19
Manually Align the Device Class 20
Edit the Registry Key 20
Configuring SNMP for Windows Server 2008 21
Configuring Ping Responses 21
Installing the SNMP Service 22
Configuring the SNMP Service 25
Configuring the Firewall to Allow SNMP Requests 30
Configuring Windows Servers for Monitoring with PowerShell 31
Prerequisites 32
Configuring PowerShell 32
Step 1: Configuring the User Account for the ScienceLogic Platform 33
Option 1: Creating an Active Directory Account with Administrator Access 33
Option 2: Creating a Local User Account with Administrator Access 34
Option 3: Creating a Non-Administrator User Account 34
Optional: Configuring the User Account for Remote PowerShell Access to Microsoft Exchange Server 36
Optional: Configuring the User Account for Remote PowerShell Access to Hyper-V Servers 36
Creating a User Group and Adding a User in Active Directory 36
Setting the Session Configuration Parameters and Group Permissions 37
Creating a PowerShell Credential 38
Optional: Configuring the User Account for Access to Windows Failover Cluster 38
Step 2: Configuring a Server Authentication Certificate 38
Option 1: Using the Microsoft Management Console to Create a Self-Signed Authentication Certificate 39
Option 2: Using the MakeCert Tool to Create a Self-Signed Authentication Certificate 41
Option 3: Using PowerShell Commands to Create a Self-Signed Authentication Certificate 41
Step 3: Configuring Windows Remote Management 42
Option 1: Using a Script to Configure Windows Remote Management 42
Option 2: Manually Configuring Windows Remote Management 47
Option 3: Using a Group Policy to Configure Windows Remote Management 50
Step 4: Configuring a Windows Management Proxy 68
Step 5: Increasing the Number of PowerShell Dynamic Applications That Can Run Simultaneously 69
SNMP and PowerShell Dynamic Applications for Windows Devices 70
SNMP Dynamic Applications for Windows Devices 71
PowerShell Dynamic Applications 71
Microsoft: Active Directory Server 71
Microsoft: DHCP Server 72
Microsoft: DNS Server 72
Microsoft: Exchange Server 73
Microsoft: Exchange Server 2010 73
 Microsoft: Hyper-V Server 74
Microsoft: IIS Server 75
Microsoft: Lync Server 2010 75
Microsoft: SharePoint Server 76
Microsoft: Skype for Business 76
Microsoft: SQL Server 77
Microsoft: Windows Server 78
Microsoft: Windows Server Event Logs 79
Microsoft: Windows Server Services 80
Run Book Automations and Actions Associated with PowerShell Dynamic Applications for Windows
Servers 80
Error Messages for PowerShell Collection 81
Relationships with Other Types of Component Devices 82
Creating SNMP and PowerShell Credentials for Windows Devices 83
Creating an SNMP Credential 83
Creating a PowerShell Credential 86
Testing Windows Credentials 89
SNMP Credential Test 89
PowerShell Credential Test 89
Running a Windows Credential Test 89
Discovering Component Devices on Hyper-V Systems 91
Viewing Component Devices 91
Manually Aligning the Microsoft: Print Server Dynamic Application 92
Executing the SL1 Agent with Windows PowerShell 94
What is an SL1 Agent? 94
Agent-Compatible PowerPacks 95
The Credential for the SL1 Agent 95
Configuring the SL1 Agent Device Template 96
Windows Dashboards 97
Installing the Microsoft Server Dashboards 97
Microsoft: Active Directory Server Performance 99
Microsoft: DNS Server Performance 102
Microsoft: Exchange Server 2010 Performance 104
Microsoft: Exchange Server 2013 Performance 107
Microsoft: IIS Server Performance 110
Microsoft: Lync Server 2010 Dashboards 112
Microsoft: Lync Server 2010 Performance 112
Microsoft: Lync Server 2010 Utilization 115
Microsoft: Skype for Business Dashboards 118
Microsoft: Lync Server 2013 Performance 118
Microsoft: Lync Server 2013 Utilization 121
Microsoft: SQL Server Performance 124
Troubleshooting 128
Troubleshooting WinRM Error Messages 128
Debugging Code 401 Errors 129
Debugging Code 500 Errors 130
Troubleshooting PowerShell Error Messages 131
 Chapter

1
Introduction

Overview
This manual describes how to monitor Windows systems in SL1 using SNMP and PowerShell credentials and
Dynamic Applications.

The following sections provide an overview of SNMP and PowerShell, as well as the PowerPacks you can use to
monitor Windows systems in SL1:

Monitoring Windows Devices in the ScienceLogic Platform 5

What is SNMP? 5
What is PowerShell? 5
PowerPacks 6

NOTE: ScienceLogic provides this documentation for the convenience of ScienceLogic customers. Some of
the configuration information contained herein pertains to third-party vendor software, which is
subject to change without notice to ScienceLogic. ScienceLogic makes every attempt to maintain
accurate technical information and cannot be held responsible for defects or changes in third-party
vendor software. There is no written or implied guarantee that information contained herein will work
for all third-party variants. See the End User License Agreement (EULA) for more information.

4
Monitoring Windows Devices in the ScienceLogic Platform
SL1 can monitor a Windows device using the following methods:

l Requesting information from the Windows SNMP agent

l Requesting information by executing a remote PowerShell command
l Requesting information from the Windows Management Instrumentation (WMI) agent
l Requesting information using the SL1 agent

NOTE: This manual describes how to monitor Windows with SNMP and PowerShell. For more information
about using WMI to monitor Windows devices, see the Monitoring Windows with WMI manual.

What is SNMP?
SNMP (Simple Network Management Protocol) is a set of standard protocols for managing diverse computer
hardware and software within a TCP/IP network. SNMP is the most common network protocol used by network
monitoring and management applications to exchange management information between devices. SL1 uses this
protocol and other protocols to collect availability and performance information.

SNMP uses a server-client structure. Clients are called agents. Devices and software that run SNMP are agents.
The server is called the management system. SL1 is the management system.

Most network hardware is configured for SNMP and can be SNMP-enabled. Many enterprise software applications
are also SNMP-compliant. When SNMP is running on a device, it uses a standard format to collect and store data
about the device and/or software. For example, SNMP might collect information on each network interface and
the traffic for each interface. SL1 can then query the device to retrieve the stored data.

What is PowerShell?
Windows PowerShell is a command-line shell and scripting language for administration of Windows systems. SL1
can execute PowerShell requests on target Windows devices via WinRM (Windows Remote Management). For an
overview of Windows PowerShell, see https://docs.microsoft.com/en-us/powershell/scripting/powershell-
scripting?view=powershell-6.

SL1 supports the following PowerShell versions for monitoring Windows devices:

l PowerShell 3.0
l PowerShell 4.0
l PowerShell 5.1

5 Monitoring Windows Devices in the ScienceLogic Platform

PowerPacks
This manual describes content from the following PowerPack versions:

l Microsoft: Active Directory Server, version 100

l Microsoft: DHCP Server, version 1.0
l Microsoft: DNS Server, version 100
l Microsoft: Exchange Server, version 100
l Microsoft: Exchange Server 2010, version 1.2
l Microsoft: Hyper-V Server, version 100
l Microsoft: IIS Server, version 101
l Microsoft: Lync Server 2010, version 1.0
l Microsoft: SharePoint Server, version 1.0
l Microsoft: Skype for Business, version 100
l Microsoft: SQL Server, version 100
l Microsoft: Windows Event Logs, version 100
l Microsoft: Windows Server, version 108
l Microsoft: Windows Server Cluster, version 101
l Microsoft: Windows Server Services, version 101

PowerPacks 6
 Chapter

2
Configuring Windows Systems for Monitoring
with SNMP

Overview
The following sections describe how to configure Windows Server 2016, Windows Server 2012, and Windows
Server 2008 for monitoring by SL1 using SNMP:

Configuring SNMP for Windows Server 2016 and Windows Server 2012 8
Configuring Ping Responses 8
Installing the SNMP Service 9
Configuring the SNMP Service 14
Configuring the Firewall to Allow SNMP Requests 19
Configuring Device Classes for Windows Server 2016 and Windows 10 19
Manually Align the Device Class 20
Edit the Registry Key 20
Configuring SNMP for Windows Server 2008 21
Configuring Ping Responses 21
Installing the SNMP Service 22
Configuring the SNMP Service 25
Configuring the Firewall to Allow SNMP Requests 30

7
Configuring SNMP for Windows Server 2016 and Windows
Server 2012
To configure SNMP on a Windows 2016 Server or a Windows 2012 Server, you must:

1. Configure "ping" responses.

2. Install the SNMP service.
3. Configure the SNMP service.
4. Configure the firewall to allow SNMP requests.
5. Configure Device Classes. (Windows Server 2016 only)

Configuring Ping Responses

For SL1 to discover a device, including SNMP-enabled devices, the device must meet one of the following
requirements:

l The device must respond to an ICMP "Ping" request.

l One of the ports selected in the Detection Method & Port field for the discovery session must be open on
the device. If the Default Method option for the Detection Method & Port field is selected, SL1 scans TCP
ports 21, 22, 23, 25, and 80.

The default configuration for a Windows Server does not allow ICMP "Ping" requests and does not allow
connections to TCP ports 21, 22, 23, 25, or 80. Therefore, to discover a Windows Server in SL1, you must
perform one of the following tasks:

l Reconfigure the firewall on the Windows Server to allow ICMP "Ping" requests. This section describes how to
perform this task.
l Reconfigure the firewall on the Windows Server to allow connections to port 21, 22, 23, 25, or 80. If you
have already configured your Windows Server to accept SSH, FTP, Telnet, SMTP, or HTTP connections, this
task might have been completed already. You should perform this task only if you were already planning to
allow SSH, FTP, Telnet, SMTP, or HTTP connections to your Windows Server.
l When you create the discovery session that will discover the Windows Server, select at least one port in the
Detection Method & Port field that is open on the Windows Server. For example, if your Windows Server is
configured as an MSSQL Server, you could select port 1433 (the default port for MSSQL Server) in the
Detection Method & Port field.

To reconfigure the firewall on a Windows Server to allow ICMP "Ping" requests, perform the following steps:

1. In the Start menu search bar, enter "firewall" to open a Windows Firewall with Advanced Security
window.
2. In the left pane, select Inbound Rules.
3. If you want SL1 to discover your Windows Server using an IPv4 address, locate the File and Printer Sharing
(Echo Request - ICMPv4-In) rule.

8 Configuring SNMP for Windows Server 2016 and Windows Server 2012
 4. If you want SL1 to discover your Windows Server using an IPv6 address, locate the File and Printer Sharing
(Echo Request - ICMPv6-In) rule.
5. Right click on the rule that you located, then select Enable Rule:

Installing the SNMP Service

To install the SNMP service on a Windows 2012 Server or Windows 2016 Server, perform the following steps:

1. Open the Server Manager utility.

2. In the upper-right of the window, select [Manage] > Add Roles and Features. The Add Roles and
Features window is displayed.

Configuring SNMP for Windows Server 2016 and Windows Server 2012 9
 3. If the server does not skip the Before you begin page, click the [Next >] button to manually skip it. The
Select installation type page is displayed:

10 Configuring SNMP for Windows Server 2016 and Windows Server 2012
 4. Click the [Next >] button to continue with Role-based or feature-based installation. The Select destination
server page is displayed:

Configuring SNMP for Windows Server 2016 and Windows Server 2012 11
 5. Ensure the Windows 2012 server or Windows 2016 Server is selected and then click the [Next >] button.
The Select server roles page is displayed.
6. Click the [Next >] button without selecting any additional roles. The Select features page is displayed:

12 Configuring SNMP for Windows Server 2016 and Windows Server 2012
 7. Select the SNMP Service checkbox. The following confirmation window is displayed:

8. Click the [Add Features] button.

9. In the Select features page, expand SNMP Service and select the SNMP WMI Provider checkbox.

Configuring SNMP for Windows Server 2016 and Windows Server 2012 13
10. Click the [Next >] button. The Confirm installation selections page is displayed:

11. Click the [Install] button.

12. After the installation is complete, click the [Close] button.

Configuring the SNMP Service

To configure the SNMP service on a Windows 2012 Server or Windows 2016 Server, perform the following steps:

NOTE: If you recently installed the SNMP service, you must wait for the Server Manager window to refresh to
allow the SNMP service snap-in to be added. You can manually refresh the Server Manager
window by closing the Server Manager and then re-opening the Server Manager.

1. In the upper-right of the Server Manager window, select [Tools] > Services. The Services window is
displayed.

14 Configuring SNMP for Windows Server 2016 and Windows Server 2012
 2. In the Services window, right-click on SNMP Service, and then select Properties. The SNMP Service
Properties window appears:

3. In the Startup type: field, select Automatic.

Configuring SNMP for Windows Server 2016 and Windows Server 2012 15
 4. Select the [Security] tab. The security settings are displayed:

16 Configuring SNMP for Windows Server 2016 and Windows Server 2012
 5. In the Accepted community names panel, click the [Add...] button. The SNMP Service Configuration
pop-up window is displayed:

6. Enter a value in the following fields:

l Community rights. Select one of the following options from the drop-down list:

o READ ONLY. Select this option to allow SL1 to request information from this Windows 2012 Server
or Windows 2016 Server using this SNMP community string. This option does not allow SL1 to
perform write operations on this Windows 2012 Server or Windows 2016 Server using this SNMP
community string.
o READ WRITE. Select this option to allow SL1 to request information from this Windows 2008 server
and to perform write operations on this Windows 2012 Server or a Windows 2016 Serve using this
SNMP community string.

Configuring SNMP for Windows Server 2016 and Windows Server 2012 17
 l Community name. Enter the SNMP community string that SL1 will use when making SNMP requests
to this Windows 2012 Server or Windows 2016 Server. When you create a credential for this
Windows 2012 Server or Windows 2016 Server in SL1, you will enter this community string in one
the following fields in the Credential Editor modal page:

o SNMP Community (Read-Only). Enter the SNMP community string in this field if you selected READ
ONLY in the Community rights drop-down list.
o SNMP Community (Read/Write). Enter the SNMP community string in this field if you selected
READ WRITE in the Community rights drop-down list.

7. Click the [Add] button to add the community string to the list of community strings this Windows 2012 Server
or Windows 2016 Server accepts.
8. In the Accept SNMP packets from these hosts panel, click the Add... button. The SNMP Service
Configuration pop-up window is displayed:

9. In the Host name, IP or IPX address field, enter the IP address of the All-In-One Appliance or Data
Collector that will monitor this server.

18 Configuring SNMP for Windows Server 2016 and Windows Server 2012
 10. Click the [Add] button to add the appliance to the list of authorized devices.
11. If you are using SL1 with a distributed architecture, repeat steps 8–10 for each Data Collector in the collector
group that will monitor this server.
12. Click the [Apply] button to apply all changes.

Configuring the Firewall to Allow SNMP Requests

To configure the Windows Firewall to allow SNMP requests on a Windows 2012 server or Windows 2016 Server,
perform the following steps:

1. In the Start menu search bar, enter "firewall" to open a Windows Firewall with Advanced Security
window.
2. In the left pane, click Inbound Rules.
3. Locate the two SNMP Service (UDP In) rules.
4. If one or both of the rules is not enabled, right-click on the rule and then select Enable Rule:

Configuring Device Classes for Windows Server 2016 and Windows

10
There is a known problem with the Microsoft OID that contains the version number for the operation system. This
problem prevents SL1 from using SNMP to automatically align device classes to Windows 10 devices and
Microsoft Server 2016 devices.

Configuring SNMP for Windows Server 2016 and Windows Server 2012 19
 Because Microsoft has deprecated support of SNMP on Microsoft Server 2016 and Windows 10, users who want
to use SNMP to monitor Windows 10 and Microsoft Server 2016 should use one of these workarounds:

l After discovering a Microsoft Server 2016 or Windows 10 device, manually align the device class and
disable nightly auto-discovery
l Edit the registry key

Both workarounds are described in the following sections.

Ma nua l l y A l i g n the Devi ce Cl a ss

After discovering Microsoft Server 2016 devices and Windows 10 devices, you can manually align a device class
with the discovered devices. To preserve your manual changes, you must disable nightly auto-discovery for those
devices. You can manually align the discovered devices with one of these device classes:

l Windows Server 2016

l Windows Server 2016 Domain Controller
l Windows 10 Workstation

For details on manually assigning a device class to a device, follow the steps in the section on Manually Changing
the Device Class for a Device in the Device Management manual chapter on Managing Device Classes and
Device Categories. For details on disabling nightly auto-discovery for a device, see the section on Maintaining the
New Device Class During Auto-Discovery in the Device Management manual chapter on Managing Device
Classes and Device Categories.

Ed i t the Reg i stry Key

You can log in to the device that you want to monitor and manually edit the Windows Registry Key "HKEY_LOCAL_
MACHINE\Software\Microsoft\Windows NT\CurrentVersion". You can define the value CurrentVersion as either
"2016" or "10.0". To do this:

1. Click the Start menu and choose Run.

2. In the Run dialog box, type regedit and then click OK.
3. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
4. In the right pane, double click on the Default key.
5. Enter the appropriate value:

l For Microsoft Server 2016, change the Value to 2016

l For Windows 10, change the Value to 10.0

20 Configuring SNMP for Windows Server 2016 and Windows Server 2012
Configuring SNMP for Windows Server 2008
To configure SNMP on a Windows 2008 Server, you must:

1. Configure "ping" responses.

2. Install the SNMP service.
3. Configure the SNMP service.
4. Configure the firewall to allow SNMP requests.

Configuring Ping Responses

For SL1 to discover a device, including SNMP-enabled devices, the device must meet one of the following
requirements:

l The device must respond to an ICMP "Ping" request.

l One of the ports selected in the Detection Method & Port field for the discovery session must be open on
the device. If the Default Method option for the Detection Method & Port field is selected, SL1 scans TCP
ports 21, 22, 23, 25, and 80.

The default configuration for a Windows Server does not allow ICMP "Ping" requests and does not allow
connections to TCP ports 21, 22, 23, 25, or 80. Therefore, to discover a Windows Server in SL1, you must
perform one of the following tasks:

l Reconfigure the firewall on the Windows Server to allow ICMP "Ping" requests. This section describes how to
perform this task.
l Reconfigure the firewall on the Windows Server to allow connections to port 21, 22, 23, 25, or 80. If you
have already configured your Windows Server to accept SSH, FTP, Telnet, SMTP, or HTTP connections, this
task might have been completed already. You should perform this task only if you were already planning to
allow SSH, FTP, Telnet, SMTP, or HTTP connections to your Windows Server.
l When you create the discovery session that will discover the Windows Server, select at least one port in the
Detection Method & Port field that is open on the Windows Server. For example, if your Windows Server is
configured as an MSSQL Server, you could select port 1433 (the default port for MSSQL Server) in the
Detection Method & Port field.

To reconfigure the firewall on a Windows Server to allow ICMP "Ping" requests, perform the following steps:

1. In the Start menu search bar, enter "firewall" to open a Windows Firewall with Advanced Security
window.
2. In the left pane, select Inbound Rules.
3. If you want SL1 to discover your Windows Server using an IPv4 address, locate the File and Printer Sharing
(Echo Request - ICMPv4-In) rule.
4. If you want SL1 to discover your Windows Server using an IPv6 address, locate the File and Printer Sharing
(Echo Request - ICMPv6-In) rule.

Configuring SNMP for Windows Server 2008 21

 5. Right click on the rule that you located, then select Enable Rule:

Installing the SNMP Service

To install the SNMP service on a Windows 2008 Server, perform the following steps:

1. Open the Server Manager utility.

22 Configuring SNMP for Windows Server 2008

 2. In the left pane of the Server Manager window, select Features. The Features Summary is displayed:

3. If the Features Summary displays "SNMP Service" and "SNMP WMI Provider" in the list of installed services
(as shown above), you can skip to the section on configuring the SNMP service. If "SNMP Service" and
"SNMP WMI Provider" are not included in the list of installed services, select Add Features:

Configuring SNMP for Windows Server 2008 23

 4. In the Select Features window, select SNMP Services:

5. Click the [Next >] button. The Confirm Installed Selections window is displayed with "SNMP Service" and
"SNMP WMI Provider" in the list of features that will be installed:

24 Configuring SNMP for Windows Server 2008

 6. Click the [Install] button. After the installation is completed, the Installation Results window will be
displayed:

7. Click the [Close] button.

Configuring the SNMP Service

To configure the SNMP service on a Windows 2008 Server, perform the following steps:

NOTE: If you recently installed the SNMP service, you must wait for the Server Manager window to refresh
before it will display the SNMP service snap-in. You can manually refresh the Server Manager
window by closing the Server Manager and then re-opening the Server Manager.

1. In the left pane of the Server Manager window, expand the Configuration section, and then select Services.

Configuring SNMP for Windows Server 2008 25

 2. In the list of services, right-click on SNMP Service, and then select Properties. The SNMP Service Properties
window appears:

3. In the Startup type: field, select Automatic.

26 Configuring SNMP for Windows Server 2008

 4. Select the [Security] tab. The security settings are displayed:

Configuring SNMP for Windows Server 2008 27

 5. In the Accepted community names panel, click the [Add...] button. The SNMP Service Configuration
pop-up window is displayed:

6. Enter a value in the following fields:

l Community rights. Select one of the following options from the drop-down list:

o READ ONLY. Select this option to allow SL1 to request information from this Windows 2008 Server
using this SNMP community string. This option does not allow SL1 to perform write operations on
this Windows 2008 Server using this SNMP community string.
o READ WRITE. Select this option to allow SL1 to request information from this Windows 2008 server
and to perform write operations on this Windows 2008 Server using this SNMP community string.

28 Configuring SNMP for Windows Server 2008

 l Community name. Enter the SNMP community string that SL1 will use to make SNMP requests to this
Windows 2008 Server. When you create a credential for this Windows 2008 Server in SL1, you will
enter this community string in one the following fields in the Credential Editor modal page:

o SNMP Community (Read-Only). Enter the SNMP community string in this field if you selected READ
ONLY in the Community rights drop-down list.
o SNMP Community (Read/Write). Enter the SNMP community string in this field if you selected
READ WRITE in the Community rights drop-down list.

7. Click the [Add] button to add the community string to list of community strings this Windows 2008 Server
accepts.
8. In the Accept SNMP packets from these hosts panel, click the Add... button. The SNMP Service
Configuration pop-up window is displayed:

9. In the Host name, IP or IPX address field, enter the IP address of the All-In-One Appliance or Data
Collector that will monitor this server.
10. Click the [Add] button to add the appliance to the list of authorized devices.

Configuring SNMP for Windows Server 2008 29

11. If you are using SL1 with a distributed architecture, repeat steps 8–10 for each Data Collector in the collector
group that will monitor this server.
12. Click the [Apply] button to apply all changes.

Configuring the Firewall to Allow SNMP Requests

To configure the Windows Firewall to allow SNMP requests on a Windows 2008 server, perform the following
steps:

1. In the Start menu search bar, enter "firewall" to open a Windows Firewall with Advanced Security
window.
2. In the left pane, click Inbound Rules.
3. Locate the two SNMP Service (UDP In) rules.
4. If one or both of the rules is not enabled, right-click on the rule and then select Enable Rule:

30 Configuring SNMP for Windows Server 2008

 Chapter

3
Configuring Windows Servers for Monitoring
with PowerShell

Overview
The following sections describe how to configure Windows Server 2016, 2012, 2012 R2, or 2008 R2 for
monitoring by SL1 using PowerShell:

Prerequisites 32
Configuring PowerShell 32
Step 1: Configuring the User Account for the ScienceLogic Platform 33
Option 1: Creating an Active Directory Account with Administrator Access 33
Option 2: Creating a Local User Account with Administrator Access 34
Option 3: Creating a Non-Administrator User Account 34
Optional: Configuring the User Account for Remote PowerShell Access to Microsoft Exchange Server 36
Optional: Configuring the User Account for Remote PowerShell Access to Hyper-V Servers 36
Creating a User Group and Adding a User in Active Directory 36
Setting the Session Configuration Parameters and Group Permissions 37
Creating a PowerShell Credential 38
Optional: Configuring the User Account for Access to Windows Failover Cluster 38
Step 2: Configuring a Server Authentication Certificate 38
Option 1: Using the Microsoft Management Console to Create a Self-Signed Authentication Certificate 39
Option 2: Using the MakeCert Tool to Create a Self-Signed Authentication Certificate 41
Option 3: Using PowerShell Commands to Create a Self-Signed Authentication Certificate 41
Step 3: Configuring Windows Remote Management 42

31
 Option 1: Using a Script to Configure Windows Remote Management 42
Option 2: Manually Configuring Windows Remote Management 47
Option 3: Using a Group Policy to Configure Windows Remote Management 50
Step 4: Configuring a Windows Management Proxy 68
Step 5: Increasing the Number of PowerShell Dynamic Applications That Can Run Simultaneously 69

Prerequisites
Before configuring PowerShell, ensure the following:

l Forward and Reverse DNS should be available for the target Windows server from the SL1 Data Collector.
Port 53 to the domain's DNS server should thus be available.
l When using an Active Directory user account as the SL1 credential, port 88 on the Windows Domain
Controller, for the Active Directory domain, should be open for Kerberos authentication.
l If encrypted communication between the SL1 Data Collector and monitored Windows servers is desired, port
5986 on the Windows server should be open for HTTPS traffic. If unencrypted communications is being
used, then port 5985 on the Windows server should be opened for HTTP traffic
l If multiple domains are in use, ensure that they are mapped in the [domain_realm] section of the Kerberos
krb5.conf file.

Configuring PowerShell
To monitor a Windows Server using PowerShell Dynamic Applications, you must configure the Windows Server to
allow remote access from SL1. To do so, you must perform the following general steps:

1. Configure a user account that SL1 will use to connect to the Windows Server. The user account can either
be a local account or an Active Directory account.

TIP: For ease of configuration, ScienceLogic recommends using an Active Directory account that is a member
of the local Administrators group on the Windows Server.

2. Configure a Server Authentication Certificate to encrypt communication between SL1 and the Windows
Server.

3. Configure Windows Remote Management.

4. Optionally, configure a Windows server as a Windows Management Proxy.

NOTE: If you are configuring multiple Windows servers for monitoring by SL1, you can apply these settings
using a Group Policy.

32 Prerequisites
 5. Optionally, you can increase the number of PowerShell Dynamic Applications that can run
simultaneously against a single Windows server.

Step 1: Configuring the User Account for the ScienceLogic

Platform
To enable SL1 to monitor Windows servers, you must first configure a user account on a Windows Server that SL1
can use to make PowerShell requests. You will include this user account information when creating the PowerShell
credential that SL1 uses to collect data from the Windows Server.

To configure the Windows Server user account that SL1 can use to make PowerShell requests, complete one of
the following options:

l Option 1: Create an Active Directory Account with Administrator access

l Option 2: Create a local user account with Administrator access
l Option 3: Create a non-administrator user account

TIP: For ease-of-configuration, ScienceLogic recommends creating an Active Directory user account.

After creating your Windows Server user account, depending on your setup and the servers you want to monitor,
you might also need to configure the user account for remote PowerShell access to the following server types:

l Microsoft Exchange Server

l Hyper-V Servers

Option 1: Creating an Active Directory Account with Administrator

Access
For each Windows server that you want to monitor with PowerShell or WinRM, you can create an Active Directory
account that is a member of the local Administrators group on each server. For instructions, consult Microsoft's
documentation. On Windows Domain Controller servers, you can use a domain account that is not in the Domain
Administrators group by following the configuration instructions for Option 3: Creating a Non-Administrator
User Account.

After creating your Active Directory account:

l If you use SL1 to monitor Microsoft Exchange Servers, you must configure the user account for remote
PowerShell access to Microsoft Exchange Server.
l If you use SL1 to monitor Hyper-V Servers, you must configure the user account for remote PowerShell
access to the Hyper-V Servers.
l Otherwise, you can skip the remainder of this section and proceed to Step 3.

Step 1: Configuring the User Account for the ScienceLogic Platform 33

Option 2: Creating a Local User Account with Administrator Access
If you have local Administrator access to the servers you want to monitor and are monitoring Windows Server
2016 or Windows Server 2012, you can alternatively create a local user account with membership in the
Administrators group instead of an Active Directory account. For instructions, consult Microsoft's documentation.

WARNING: This method does not work for Windows Server 2008.

After creating your local user account with Local Administrator access:

l If you use SL1 to monitor Microsoft Exchange Servers, you must configure the user account for remote
PowerShell access to Microsoft Exchange Server.
l If you use SL1 to monitor Hyper-V Servers, you must configure the user account for remote PowerShell
access to the Hyper-V Servers.
l Otherwise, you can skip the remainder of this section and proceed to Step 2.

Option 3: Creating a Non-Administrator User Account

If you do not have Local Administrator access to the servers that you want to monitor with PowerShell or WinRM, or
if the monitored Windows server is a Domain Controller that will not be in the local Administrators group, then you
must first create a domain user account or create a local user account on the Windows Server. For instructions,
consult Microsoft's documentation.

After creating your domain user account or local user account:

l You must configure the Windows servers to allow that non-administrator user access. To do so, follow the
steps in this section.
l If you use SL1 to monitor Microsoft Exchange Servers, you must also configure the user account for
remote PowerShell access to Microsoft Exchange Server.
l If you use SL1 to monitor Hyper-V Servers, you must also configure the user account for remote
PowerShell access to the Hyper-V Servers.

To configure Windows Servers to allow access by your non-administrator user account:

1. Start a Windows PowerShell shell with Run As Administrator and execute the following command:

winrm configsddl default

2. On the Permissions for Default window, click the [Add] button, and then add the non-administrator user
account.
3. Select the Allow checkbox for the Read (Get, Enumerate, Subscribe) and Execute (Invoke) permissions for
the user, and then click [OK].

34 Step 1: Configuring the User Account for the ScienceLogic Platform

 4. Access the Management console. To do this:
l In Windows Server 2008, click [Start], right-click [Computer], click [Manager], and then expand
[Configuration].
l In Windows Server 2016 and 2012, right-click the Windows icon, click [Computer Management],
and then expand [Services and Applications].

5. Right-click on [WMI Control] and then select Properties.

6. On the WMI Control Properties window, click the [Security] tab, and then click the [Security] button.
7. Click the [Add] button, and then add the non-administrator user or group in the Select Users, Service
Accounts, or Groups dialog, then click [OK].
8. On the Security for Root window, select the user o group just added, then in the Permissions section at the
bottom of the window, select the Allow checkbox for the Execute Methods, Enable Account, and Remote
Enable permissions.
9. Under the Permissions section of the Security for Root window, click the [Advanced] button.
10. In the Advanced Security Settings window, double-click on the user account or group you are modifying.
11. On the Permission Entry window, in the Type field, select Allow.
12. In the Applies to field, select This namespace and subnamespaces.
13. Select the Execute Methods, Enable Account, and Remote Enable permission checkboxes, and then click
[OK] several times to exit the windows opened for setting WMI permissions.
14. Restart the WMI Service from services.msc.

NOTE: To open services.msc, press the Windows + R keys, type "services.msc", and then press Enter.

15. In the Management console, go to System Tools > Local Users and Groups > Groups.
16. Right-click Performance Monitor Users, and then select Properties.
17. On the Performance Monitor Users Properties window, click the [Add] button.
18. In the Enter the object names to select field, type the non-administrator domain user or group name, and
then click [Check Names].
19. Select the user or group name from the list and then click [OK].
20. In the Performance Monitor Users Properties window, click [OK].
21. Perform steps 16-20 for the Event Log Readers user group and again for the Distributed COM Users user
group, the Remote Management Users user group, and if it exists on the server, the
WinRMRemoteWMIUsers__ user group.
22. If you intend to use encrypted communications between the SL1 collector host and your monitored Windows
servers, each Windows server must have a digital certificate installed that has "Server Authentication" as an
Extended Key Usage property. You can create a self-signed certificate for WinRM by executing the following
command:

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName

"myHost"

Step 1: Configuring the User Account for the ScienceLogic Platform 35

 23. Add an HTTPS listener by executing the following command:

New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -

CertificateThumbPrint $Cert.Thumbprint –Force

NOTE: This command should be entered on a single line.

24. Ensure that your local firewall allows inbound TCP connections on port 5986 if you are going to use
encrypted communications between the SL1 collector(s) and the Windows server, or port 5985 if you will be
using unencrypted communications between the two. You may have to create a new rule on Windows
Firewall if one does not already exist.

Optional: Configuring the User Account for Remote PowerShell Access

to Microsoft Exchange Server
If you use SL1 to monitor Microsoft Exchange Servers:

1. Follow the steps in the section Configuring the User Account for SL1.
2. Add the new user account to the “Server Management” Exchange security group in Active Directory.
3. The user account will then be able to connect to the relevant WinRM endpoint to use cmdlets installed with
the Exchange Management Shell. For example, this will give the user account access to the cmdlet “Get-
ExchangeServer”.

Optional: Configuring the User Account for Remote PowerShell Access

to Hyper-V Servers
To use PowerShell Dynamic Applications to monitor a Hyper-V server, you must:

l Create a user group in Active Directory

l Add the user account you will use to monitor the Hyper-V server to the group
l Set the session configuration parameters on the Hyper-V Server
l Set the group permissions on the Hyper-V Server
l Create a PowerShell credential using the new user account

Crea ti ng a User Group a nd A d d i ng a User i n A cti ve Di rectory

To create a group in Active Directory and add a user:

1. In Active Directory, in the same DC as the Hyper-V host you want to monitor, in the OU called Users, create
a group. For example, we called our group PSSession Creators.
2. Add a user that meets the requirements for monitoring a Windows server via PowerShell to the group. This is
the user that you will specify in the PowerShell credential.

36 Step 1: Configuring the User Account for the ScienceLogic Platform

 NOTE: For details on using Active Directory to perform these tasks, consult Microsoft's documentation.

Setti ng the Sessi on Confi g ura ti on Pa ra m eters a nd Group Perm i ssi ons

To set the Session Configuration and the Group Permissions on the Hyper-V Server:

1. Login to the Hyper-V server.

2. Open a PowerShell session. Enter the following command:

Set-PSSessionConfiguration -ShowSecurityDescriptorUI -Name Microsoft.PowerShell

3. When prompted, select A.

4. The Permissions dialog appears.

5. In the Permissions dialog, supply values in the following fields:

l Group or user names. Select the name of the group you created in Active Directory.
l Permissions for group. For Full Control (All Operations), select the Allow checkbox.

6. Click the [OK] button.

Step 1: Configuring the User Account for the ScienceLogic Platform 37

Crea ti ng a PowerShel l Cred enti a l

To create a PowerShell credential using the new user account, follow the instructions in the Creating a
PowerShell Credential section.

Optional: Configuring the User Account for Access to Windows

Failover Cluster
To configure Windows Servers to allow access to your Windows Failover Cluster:

1. Start a Windows PowerShell shell with Run As Administrator and execute the following command:

'Grant-ClusterAccess -User <domain>\<user> -ReadOnly'

Step 2: Configuring a Server Authentication Certificate

ScienceLogic highly recommends that you encrypt communications between SL1 and the Windows Servers you
want it to monitor.

If you have created a local account on the Windows Server that uses Basic Auth and that account will allow
communication between SL1 and the Windows server, the best practice for security is to enable HTTPS to support
encrypted data transfer and authentication. To do this, you must configure WinRM to listen for HTTPS requests. This
is called configuring an HTTPS listener.

NOTE: For details on configuring WinRM on your Windows servers to use HTTPS, see
https://support.microsoft.com/en-us/help/2019527/how-to-configure-winrm-for-https.

The sections below describe how to configure a Server Authentication Certificate on the Windows Server. This is
only one task included in configuring an HTTPS listener. However, not all users need to configure a Server
Authentication Certificate. You can find out if your Windows computer has a digital certificate installed for Server
Authentication by running 'Get-ChildItem -Path Cert:\LocalMachine\My -EKU "*Server
Authentication*"' from a PowerShell command shell.

To support encrypted data transfer and authentication between SL1 and the servers, one of the following must be
true:

l You have created an Active Directory user account on the Windows Server to allow communication
between SL1 and the server. In this scenario, Active Directory will use Kerberos and AES-256 encryption to
ensure secure data transfer and authentication, which means you do not need to configure a self-signed
Server Authentication Certificate. You can skip this section and proceed to Step 3.

38 Step 2: Configuring a Server Authentication Certificate

 l You have created a local account on the Windows Server that uses Basic Auth to allow communication
between SL1 and the server, and your network includes a Microsoft Certificate server. In this scenario, you
should work with your Microsoft administrator to get a certificate for your Windows Server instead of
configuring a self-signed Server Authentication Certificate. You can skip this section and proceed to Step
3.
l You have created a local account on the Windows Server that uses Basic Auth to allow communication
between SL1 and the server, and your network does not include a Microsoft Certificate server. In this
scenario, you must configure a self-signed Server Authentication Certificate on the Windows Server that you
want to monitor with SL1 using one of the following methods:

o Option 1: Use the Microsoft Management Console.

o Option 2: If your Windows Server includes Windows Software Development Kit (SDK), you can use
the makecert tool.
o Option 3: If you are running PowerShell 4.0 or later, you can use the New-SelfSignedCertificate
and Export-PfxCertificate commands.

NOTE: Self-signed certificates are appropriate for use on a trusted network, such as a LAN that includes both
a ScienceLogic Data Collector and the Windows Server to be monitored.

Option 1: Using the Microsoft Management Console to Create a Self-

Signed Authentication Certificate
To use the Microsoft Management Console to create a self-signed certificate:

1. Log in to the Windows Server that you want to monitor with SL1.
2. In the Start menu search bar, enter "mmc" to open a Microsoft Management Console window.

Step 2: Configuring a Server Authentication Certificate 39

 3. Select [File], then Add/Remove Snap-Ins. The Add or Remove Snap-ins window is displayed:

4. In the Available snap-ins list, select Certificates.

5. Click the [Add >] button. The Certificates snap-in window is displayed:

40 Step 2: Configuring a Server Authentication Certificate

 6. Select Computer account.
7. Click the [Next >] button.
8. Click the [Finish] button.
9. In the Add or Remove Snap-ins window, click the [OK] button.
10. In the left pane of the Microsoft Management Console window, navigate to Console Root > Certificates
(Local Computer) > Personal.
11. Right-click in the middle pane and select All Tasks > Request New Certificate.... The Certificate
Enrollment window is displayed.
12. Click the [Next] button. The Select Certificate Enrollment Policy page is displayed.
13. Select Active Directory Enrollment Policy.
14. Click the [Next] button. The Request Certificates page is displayed.
15. Select the Computer checkbox.
16. Click the [Enroll] button.
17. After the certificate is installed, click the [Finish] button.

Option 2: Using the MakeCert Tool to Create a Self-Signed

Authentication Certificate
If your Windows system includes Windows Software Development Kit (SDK), you can use the MakeCert tool that is
included in the kit to create a self-signed certificate.

l For information on the MakeCert tool, see:

https://msdn.microsoft.com/library/windows/desktop/aa386968.aspx

l For details on creating a self-signed certificate with MakeCert and installing the certificate in the Trusted Root
Certification Authorities store, see:
https://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx

Option 3: Using PowerShell Commands to Create a Self-Signed

Authentication Certificate
If your Windows system includes PowerShell 4.0 or later, you can use the following PowerShell commands to
create a self-signed certificate:

l You can use the New-SelfSignCertificate command to create a self-signed certificate. For information on
New-SelfSignCertificate, see:
https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-
selfsignedcertificate?view=win10-ps

l You can use the Export-PfxCertificate command to export the private certificate. For information on the
Export-PfxCertificate, see:

Step 2: Configuring a Server Authentication Certificate 41

 https://docs.microsoft.com/en-us/powershell/module/pkiclient/export-pfxcertificate?view=win10-
ps

Step 3: Configuring Windows Remote Management

To provide SL1 remote access to the Windows Servers you want to monitor, you must configure Windows Remote
Management.

NOTE: This step is required regardless of the user account type that SL1 will use to connect to the Windows
Server.

There are three ways to configure Windows Remote Management:

l Option 1: Use the script provided by ScienceLogic.

l Option 2: Manually perform the configuration.
l Option 3: Use a group policy.

Option 1: Using a Script to Configure Windows Remote Management

ScienceLogic provides a PowerShell script on the ScienceLogic portal that automates configuration of Windows
Remote Management and permissions required for the user account that will be used in the SL1 credential. The
script configures all of the base Windows permissions required, except for opening up Windows Firewall ports for
HTTP and/or HTTPS traffic. The configuration performed by the script is useful primarily for running collection with
the Microsoft: Windows Server, Microsoft: Windows Server Services, Microsoft: Windows Server Event
Logs, and Microsoft: SQL Server Enhanced PowerPacks. (Microsoft: SQL Server Enhanced requires further
instance-specific permissions. See the Monitoring SQL Servers manual for more information.)

To use the PowerShell script, perform the following steps:

1. Log in to the ScienceLogic portal, go to Downloads > Miscellaneous, and download the PowerShell script
named WinRM Configuration Wizard Script (winrm_configuration_wizard.ps1). The link is :
https://portal-cdn.sciencelogic.com/powerpackextras/5819/18486/winrm_configuration_wizard.zip
2. Unzip the downloaded file.
3. Using the credentials for an account that is a member of the Administrator's group, log in to the Windows
server you want to monitor. You can log in directly or use Remote Desktop to log in.

4. Copy the PowerShell script named winrm_configuration_wizard.ps1 to the Windows server that you want
to monitor with SL1.
5. Right-click on the PowerShell icon and select Run As Administrator.
6. At the PowerShell prompt, navigate to the directory where you copied the PowerShell script named winrm_
configuration_wizard.ps1.
7. At the PowerShell prompt, enter the following to enable execution of the script:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process -Force

42 Step 3: Configuring Windows Remote Management

 NOTE: The execution policy setting persists only during the current PowerShell session.

8. After the warning text, select Y.

NOTE: If your Windows configuration requires further steps to allow execution of the script, PowerShell will
display prompts. Follow the prompts.

9. To run the script with interactive dialogs, enter the following at the PowerShell prompt:

.\winrm_configuration_wizard.ps1 -user <domain>\<username>

The user account you wish to use for SL1 collection must be specified with the -user command-line
argument regardless of other arguments used. You can obtain the full help for the PowerShell configuration
script by entering the following:

help .\winrm_configuration_wizard.ps1 -full

The most common way to run the script is silently:

.\winrm_configuration_wizard.ps1 -user <domain>\<username> -silent

10. If you start the script without using the -silent command-line argument, the WinRM Installation Wizard
modal page appears. Click [OK].

Step 3: Configuring Windows Remote Management 43

11. The Windows Account Type modal page appears. Select the appropriate choice for your environment.

12. The Set Encryption Policy modal page appears. Select the appropriate choice for your environment.

l Click YES to us only encrypted data. Click Yes to configure an HTTPS listener for using encrypted
communications between the SL1 collectors and the Windows server. Setting up an HTTPS listener requires
a digital certificate with Server Authentication EKU to be available on the server. For information on creating
a self-signed certificate, see Configuring a Server Authentication Certificate.
l Click NO to allow unencrypted data. For communication between SL1 collectors and the Windows
server, if unencrypted traffic is allowed, an HTTP listener will be configured for communication.

44 Step 3: Configuring Windows Remote Management

 13. The Change Max Requests modal page appears. Click [Yes].

14. The Set Ports for WinRM Traffic modal page appears, and it shows the current settings for the HTTP and
HTTPS ports. If you want to make a change to these, click [YES]; otherwise, click [NO] to continue.

Step 3: Configuring Windows Remote Management 45

15. Choose which port values you would like SL1 to use when communicating with the Windows server.

16. The Set HTTPS Thumbprint modal page appears. Enter the information for your certificate thumbprint,
which is used to create an HTTPS listener, then click [OK].

NOTE: If the certificate structure for your certificate thumbprint is incomplete or incorrect, an error message
appears indicating that the WinRM client cannot process the request. If you think you made an error,
click [OK] and try to correct it. Otherwise, contact a system administrator for help.

46 Step 3: Configuring Windows Remote Management

 17. The Confirm Settings modal page appears. If the settings are as you specified, click [OK].

18. The Complete modal page appears. If the settings are correct, click [OK].

19. Exit the PowerShell session.

Option 2: Manually Configuring Windows Remote Management

To configure a Windows server for monitoring via PowerShell directly, perform the following steps:

Step 3: Configuring Windows Remote Management 47

 1. Log in to the server with an account that is a member of the local Administrators group, or a Domain
Administrator's account if on a Windows server with the Domain Controller role installed.
2. Right-click on the PowerShell icon in the taskbar or the Start menu, and select Run as Administrator.
3. Execute the following command:
Get-ExecutionPolicy

4. If the output is "Restricted", execute the following command:

Set-ExecutionPolicy RemoteSigned

5. Enter "Y" to accept.

6. Execute the following command:
winrm quickconfig

7. Enter "Y" to accept.

8. If you are configuring this Windows server for encrypted communication, execute the following command:
winrm quickconfig -transport:https

9. Enter "Y" to accept.

10. Execute the following command:
winrm get winrm/config

The output should look like this (additional lines indicated by ellipsis):

Config
...
Client
...
Auth
Basic = true
...
Kerberos = true
...
...
Service
...
AllowUnencrypted = false
...
DefaultPorts
HTTP = 5985
HTTPS = 5986
...
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
...

11. In the Service section, if the parameter AllowRemoteAccess is set to false, execute the following command:

48 Step 3: Configuring Windows Remote Management

 NOTE: This setting does not appear for all versions of Windows. If this setting does not appear, no
action is required.

Set-Item WSMan:\Localhost\Service\AllowRemoteAccess -value true

12. In the Winrs section, if the parameter AllowRemoteShellAccess is set to false, execute the following
command:
Set-Item WSMan:\Localhost\Winrs\AllowRemoteShellAccess -value true

13. If you are configuring this Windows server for unencrypted communication and the parameter
AllowUnencrypted (in the Service section) is set to false, execute the following command:
Set-Item WSMan:\Localhost\Service\AllowUnencrypted -value true

14. If you are configuring this Windows server for unencrypted communication, verify that "HTTP = 5985"
appears in the DefaultPorts section.

NOTE: ScienceLogic recommends using encrypted communication, particularly if you are also using
an Active Directory account. Using an Active Directory account for encrypted authentication
enables you to use Kerberos ticketing for authentication.

15. If you are configuring this Windows server for encrypted communication, verify that "HTTPS = 5986" appears
in the DefaultPorts section.
16. If you are using an Active Directory account to communicate with this Windows server and in the Auth section,
the parameter Kerberos is set to false, execute the following command:
Set-Item WSMan:\Localhost\Service\Auth\Kerberos -value true

NOTE: ScienceLogic recommends using an Active Directory account.

17. If you are using a local account to communicate with this Windows server and in the Auth section, the
parameter Basic is set to false, execute the following command:
Set-Item WSMan:\Localhost\Service\Auth\Basic -value true

Step 3: Configuring Windows Remote Management 49

Option 3: Using a Group Policy to Configure Windows Remote
Management
You can use a group policy object (GPO) to configure the following Windows Remote Management settings on
Windows Server 2012 or Windows Server 2016:

l A registry key to enable Local Account access to Windows Remote Management

l Firewall rules
l Certificates
l HTTP and HTTPS listeners, including authentication and encryption settings
l Service start and recovery settings

To create the group policy object, perform the following steps:

1. Log in to the server as an administrator.

2. Right-click on the PowerShell icon in the taskbar and select Run as Administrator.
3. At the PowerShell prompt, use the change directory (CD) command to navigate to a folder where you can
create new files.

50 Step 3: Configuring Windows Remote Management

 4. Save the root Certification Authority certificate to the local directory by executing the following command:
certutil.exe –ca.cert ca_name.cer

TIP: You will import this certificate into the new group policy in step 21.

5. Exit the command prompt.

6. Log in to a domain controller in your Active Directory forest and navigate to the System Manager dashboard.

Step 3: Configuring Windows Remote Management 51

 7. Click the Tools menu, then select Group Policy Management.

8. On the Group Policy Management page, in the left panel, right-click the domain name where you want
the new group policy to resideand then select Create a GPO in this domain and Link it here.

52 Step 3: Configuring Windows Remote Management

 9. In the left panel, right-click the new group policy and select Edit. The Group Policy Management Editor
page for the new Windows Remote Management group policy appears.

10. In the left panel, navigate to Computer Configuration > Policies > Windows Settings > Security
Settings > System Services. In the right panel, locate the Windows Remote Management (WS-
Management) service. Right-click the service, then select Properties.

Step 3: Configuring Windows Remote Management 53

11. The Windows Remote Management (WS-Management) modal page appears. Select the Define this
policy setting check box and the Automatic radio button, then click [OK].

12. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security >
Windows Firewall with Advanced Security - LDAP > Inbound Rules. In the right panel, right-click and
select New Rule.

54 Step 3: Configuring Windows Remote Management

 13. The New Inbound Rule Wizard modal page appears. Click the Predefined radio button, select Windows
Firewall Remote Management from the list, and then click [Next].

14. Select the Windows Firewall Remote Management (RPC) and Windows Firewall Remote Management (RPC-
EPMAP) check boxes, then click [Next].

Step 3: Configuring Windows Remote Management 55

15. Select the Allow the connection radio button, then click [Finish].

16. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Policies > Windows Settings > Security Settings > Public Key Policies > Automatic Certificate
Request Settings. In the right panel, right-click and select New > Automatic Certificate Request.

56 Step 3: Configuring Windows Remote Management

 17. The Automatic Certificate Request Setup Wizard modal page appears. Click [Next].

18. Select the Computer certificate template. Click [Next], and then click [Finish].

Step 3: Configuring Windows Remote Management 57

19. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root Certification
Authorities. In the right panel, right-click and select Import.

20. The Certificate Import Wizard modal page appears. Click [Next].

58 Step 3: Configuring Windows Remote Management

 21. Browse to the Certification Authority certificate that you saved to your local directory in step 4, then click
[Next].

22. Select the Place all certificates in the following store radio button, then select the Trusted Root
Certification Authorities certificate store and click [Next].

Step 3: Configuring Windows Remote Management 59

23. Click [OK] to confirm that the certificate was successfully imported, and then click [Finish].

24. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Policies > Administrative Templates > Network > Network Connections > Windows Firewall
> Domain Profile. In the right panel, right-click Windows Firewall: Define inbound port exceptions and
select Edit.

25. The Windows Firewall: Define inbound port exceptions modal page appears. Under Options, click
[Show].

60 Step 3: Configuring Windows Remote Management

 26. The Show Contents modal page appears. Enter the following values:

l 5985:TCP:*:enabled:WSMan
l 5986:TCP:*:enabled:WSMan

27. Click [OK], then click [OK] again.

28. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Policies > Administrative Templates > Windows Components > Windows Remote Management
(WinRM) > WinRM Client. In the right panel, double-click the Allow Basic authentication setting.

Step 3: Configuring Windows Remote Management 61

29. Select the Enabled radio button, then click [OK].
30. Repeat steps 28 and 29 for the Allow unencrypted traffic setting.
31. Double-click the Trusted Hosts setting. Select the Enabled radio button, enter an asterisk (*) in the
TrustedHostsList field (under Options), and then click [OK].

32. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Policies > Administrative Templates > Windows Components > Windows Remote Management
(WinRM) > WinRM Service. In the right panel, double-click the Allow Basic authentication setting.

62 Step 3: Configuring Windows Remote Management

 33. Select the Enabled radio button, then click [OK].
34. Repeat steps 32 and 33 for the Allow unencrypted traffic setting.
35. Double-click the Allow remote server management through WinRM setting. Select the Enabled radio
button, enter an asterisk (*) in the Pv4 filter and Pv6 filter fields (under Options), and then click [OK].

36. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Preferences > Windows Settings > Registry. In the right panel, right-click and select New > Registry
Item.

Step 3: Configuring Windows Remote Management 63

37. In the New Registry Properties modal page, edit the values in one or more of the following fields:

l Action. Select Create.

l Hive. Select HKEY_LOCAL_MACHINE.
l Key Path. Enter "SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system".
l Value name. Enter "LocalAccountTokenFilterPolicy".
l Value type. Enter "REG_DWORD".
l Value data. Enter "1".
l Base. Select Decimal.

38. Click the [OK] button.

39. Repeat steps 36-38 to make an additional registry change to increase the maximum number of users who
can access Windows Remote Management. In the New Registry Properties modal page, edit the following
values:

l Action. Select Create.

l Hive. Select HKEY_LOCAL_MACHINE.
l Key Path. Enter "SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\".
l Value name. Enter "WinRS!MaxConcurrentUsers".
l Value type. Enter "REG_DWORD".
l Value data. Enter "0x64 (100)".
l Base. Select Decimal.

64 Step 3: Configuring Windows Remote Management

 40. In the left panel of the Group Policy Management Editor page, navigate to Computer Configuration
> Preferences > Control Panel Settings > Services. In the right panel, right-click and select New >
Service.

41. In the New Service Properties modal page, edit the values in one or more of the following fields:

l Startup. Select No change.

Step 3: Configuring Windows Remote Management 65

 l Service name. Enter "WinRM".
l Service action. Select Start service.
l Wait timeout if service is locked. Select 30 seconds.
l Log on as. Select No change.

42. Click the [Recovery] tab, then edit the values in one or more of the following fields:

l First failure. Select Restart the Service.

l Second failure. Select Restart the Service.
l Subsequent failures. Select Restart the Service.
l Restart fail count after. Select 0 days.
l Restart service after. Select 1 minute.

43. Click the [OK] button.

66 Step 3: Configuring Windows Remote Management

 44. To enforce your group policy, in the left panel of the Group Policy Management Editor page, navigate to
Forest > Domains > [your local domain] > PowerShell Remote Management Policy. In the
PowerShell Remote Management Policy panel on the right, right-click the local domain name under The
following sites, domains, and OUs are linked to this GPO and select Enforced.

45. To enable your group policy, in the left panel of the Group Policy Management Editor page, navigate to
Forest > Domains > [your local domain] > Group Policy Objects > WinRM Policy. Right-click
WinRM Policy, then select GPO Status > Enabled.

Step 3: Configuring Windows Remote Management 67

Step 4: Configuring a Windows Management Proxy
If SL1 cannot execute PowerShell requests directly on a Windows server, you can optionally configure an additional
Windows server to act as a proxy for those PowerShell requests. To use a proxy, you must configure at least two
Windows servers:

l A target server that SL1 cannot communicate with directly.

l A proxy server that SL1 will communicate with to execute PowerShell requests on the target server.

To configure the target and proxy servers, perform the following steps:

1. Configure a user account that SL1 will use to connect to the proxy server and the proxy server will use to
connect to the target server. The user account can either be a local account or an Active Directory account;
however, the user account must have the same credentials on the target and proxy servers and be in the
Local Administrator's group on both servers.
2. If you have created a local user account on the Windows Server instead of an Active Directory account, you
must configure encrypted communication between SL1 and the Windows server. To do this, you must
configure a Server Authentication certificate.
3. Configure Windows Remote Management on the target server and the proxy server.
4. Log in to the proxy server as an administrator.
5. Open the PowerShell command window.
6. Right-click on the PowerShell icon in the taskbar and select Run as Administrator.

7. Execute one of the following commands on the proxy server to allow the proxy server to trust one or more
target servers:
l To allow the proxy server to trust all servers (not recommended), execute the following command:
Set-Item WSMan:\Localhost\Client\TrustedHosts -value *

l To allow the proxy server to trust only specific target servers, execute the following command, inserting
a list that includes the IP address for each target server. Separate the list of IP addresses with commas.
Set-Item WSMan:\Localhost\Client\TrustedHosts -value <comma-delimited-list-
of-target-server-IPs>

8. Execute the following command on the proxy server to configure the LocalAccountTokenFilterPolicy:
New-ItemProperty
“HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System” -Name
“LocalAccountTokenFilterPolicy” -Value 1 -PropertyType “DWORD"

68 Step 4: Configuring a Windows Management Proxy

 NOTE: If the proxy server is in a different Windows domain (domain A) than the target servers (domain B), and
the proxy server uses a user account from Active Directory, and Active Directory is in the same
Windows domain as the target servers (domain B), you must perform the following to allow the proxy
server to send PowerShell commands to the target servers:

l On the domain controller for each domain (domain A and domain B), create new forward-lookup
zones and reverse-lookup zones that allow name resolution to work between the two domains.
l On the domain controller for each domain (domain A and domain B), create a non-transitive realm
trust between the two domains.
l Login to the proxy server and add the Active Directory account (from domain A) to the Local
Administrator's group for the proxy server. You should be able to select the account on the proxy server
after you create the non-transitive realm trust between the two domains.

Step 5: Increasing the Number of PowerShell Dynamic

Applications That Can Run Simultaneously
You can optionally execute a series of commands that will allow SL1 to increase the default maximum number of
PowerShell Dynamic Applications that can run simultaneously.

To do so:

1. Determine the number of Dynamic Applications that will be used to monitor the Windows server. Multiply this
number by three.
2. Open a PowerShell command prompt. Log in as an Administrator.
3. At the prompt, execute the following commands:

Set-Item WSMan:\Localhost\Shell\MaxShellsPerUser –value <number you

calculated in step 1>

Set-Item WSMan:\Localhost\Service\MaxConcurrentOperationsPerUser –value

<number you calculated in step 1>

Restart-Service WinRM

4. Repeat these steps on each Windows server that will be monitored by SL1.

Step 5: Increasing the Number of PowerShell Dynamic Applications That Can Run 69
 Chapter

4
SNMP and PowerShell Dynamic Applications
for Windows Devices

Overview
The following sections describe the SNMP and PowerShell Dynamic Applications that SL1 uses to monitor
Windows devices:

SNMP Dynamic Applications for Windows Devices 71

PowerShell Dynamic Applications 71
Microsoft: Active Directory Server 71
Microsoft: DHCP Server 72
Microsoft: DNS Server 72
Microsoft: Exchange Server 73
Microsoft: Exchange Server 2010 73
Microsoft: Hyper-V Server 74
Microsoft: IIS Server 75
Microsoft: Lync Server 2010 75
Microsoft: SharePoint Server 76
Microsoft: Skype for Business 76
Microsoft: SQL Server 77
Microsoft: Windows Server 78
Microsoft: Windows Server Event Logs 79
Microsoft: Windows Server Services 80
Run Book Automations and Actions Associated with PowerShell Dynamic Applications for Windows Servers 80

70
 Error Messages for PowerShell Collection 81
Relationships with Other Types of Component Devices 82

SNMP Dynamic Applications for Windows Devices

If you configure your Windows system to respond to SNMP requests from SL1, you can discover your Windows
system as an SNMP device. When SL1 discovers a Windows system as an SNMP device, the platform will
automatically collect the same data from the Windows system that the platform collects from most network devices.
This data includes interface usage, file system usage, CPU usage, memory usage, and hardware configuration
information.

In addition to the common SNMP data collection, you can install an optional agent that reports WMI information
through SNMP. The following SNMP Dynamic Applications can be used to collect the information reported by the
optional agent:

l MSSQL: General
l MSSQL: Memory
l MSSQL: SQL Stats

PowerShell Dynamic Applications

If you configure your Windows system to respond to PowerShell requests from SL1, you can use PowerShell
Dynamic Applications to collect information from your Windows system.

All of the PowerShell Dynamic Applications include a discovery object. If you include a credential for PowerShell
Dynamic Applications in the discovery session that includes your Windows system, SL1 will automatically align the
appropriate PowerShell Dynamic Applications to the Windows system. For more information about creating a
discovery session, see the Discovery & Credentials manual.

The following PowerPacks include PowerShell Dynamic Applications for Microsoft Servers.

Microsoft: Active Directory Server

NOTE: The Dynamic Applications in this PowerPack support Windows Server 2012 R2.

The following PowerShell Dynamic Applications can be used to collect performance data from Active Directory
servers:

l Microsoft: Active Directory Address Book Performance

l Microsoft: Active Directory Async Thread Queue Performance
l Microsoft: Active Directory Database Performance
l Microsoft: Active Directory Directory Services Reads Performance

71 SNMP Dynamic Applications for Windows Devices

 l Microsoft: Active Directory Directory Services Searches Performance
l Microsoft: Active Directory Directory Services Writes Performance
l Microsoft: Active Directory DRA Performance
l Microsoft: Active Directory LDAP Performance
l Microsoft: Active Directory Security Account Management Performance
l Microsoft: Active Directory Services General Performance
l Microsoft: Active Directory Web Service Performance

Microsoft: DHCP Server

NOTE: The Dynamic Applications in this PowerPack support Windows Server 2012.

The following PowerShell Dynamic Applications can be used to collect performance data from DHCP servers:

l Microsoft: DHCP IPv4 Performance

l Microsoft: DHCP IPv4 Scope Performance
l Microsoft: DHCP Service Performance

The following PowerShell Dynamic Applications can be used to collect configuration data from DHCP servers:

l Microsoft: DHCP IPv4 Lease Configuration

l Microsoft: DHCP IPv6 Lease Configuration
l Microsoft: DHCP Server Performance

Microsoft: DNS Server

NOTE: The Dynamic Applications in this PowerPack support Windows Server 2008 R2, 2012, and 2012
R2.

The following PowerShell Dynamic Applications can be used to collect performance data from DNS servers:

l Microsoft: DNS AXFR Performance

l Microsoft: DNS Dynamic Update Performance
l Microsoft: DNS IXFR Performance
l Microsoft: DNS Memory Performance
l Microsoft: DNS Notification Performance
l Microsoft: DNS Recursion Performance
l Microsoft: DNS Secure Dynamic Update Performance
l Microsoft: DNS TCP Performance

PowerShell Dynamic Applications 72

 l Microsoft: DNS Total Overall Performance
l Microsoft: DNS UDP Performance
l Microsoft: DNS WINS Performance
l Microsoft: DNS Zone Transfer Performance

Microsoft: Exchange Server

The following PowerShell Dynamic Applications can be used to collect performance data from Exchange 2013
and Exchange 2016 servers:

l Microsoft: Exchange CAS ActiveSync Performance

l Microsoft: Exchange CAS Address Book Load Performance
l Microsoft: Exchange CAS Address Book Service Performance
l Microsoft: Exchange CAS Availability Service Performance
l Microsoft: Exchange CAS OWA Performance
l Microsoft: Exchange CAS Performance
l Microsoft: Exchange CAS RPC Client Access Load Performance
l Microsoft: Exchange CAS RPC Client Access Performance
l Microsoft: Exchange MBS Database Performance
l Microsoft: Exchange MBS Info Store RPC Processing Stats
l Microsoft: Exchange MBS Information Store Performance
l Microsoft: Exchange MBS Replay Log I/O Latency Requirements
l Microsoft: Exchange TPS Disk Performance
l Microsoft: Exchange TPS Transport Database Performance
l Microsoft: Exchange TPS Transport Load Assessment Stats
l Microsoft: Exchange UMS General Performance

Microsoft: Exchange Server 2010

The following PowerShell Dynamic Applications can be used to collect performance data from Exchange 2010
servers:

l Microsoft: Exchange 2010 CAS Address Book Load Performance

l Microsoft: Exchange 2010 CAS Address Book Service Performance
l Microsoft: Exchange 2010 CAS Availability Service Performance
l Microsoft: Exchange 2010 CAS OWA Performance
l Microsoft: Exchange 2010 CAS Performance
l Microsoft: Exchange 2010 CAS RPC Client Access Load Performance
l Microsoft: Exchange 2010 CAS RPC Client Access Performance

73 PowerShell Dynamic Applications

 l Microsoft: Exchange 2010 MBS Client-Related Search Performance
l Microsoft: Exchange 2010 MBS Database Performance
l Microsoft: Exchange 2010 MBS Info Store RPC Processing Stats
l Microsoft: Exchange 2010 MBS Information Store Performance
l Microsoft: Exchange 2010 MBS Message Queuing Performance
l Microsoft: Exchange 2010 MBS Replay Log I/O Latency Requirements
l Microsoft: Exchange 2010 MBS RPC Client Throttling Performance
l Microsoft: Exchange 2010 MBS Store Client Request Performance
l Microsoft: Exchange 2010 TPS Disk Performance
l Microsoft: Exchange 2010 TPS Transport Database Performance
l Microsoft: Exchange 2010 TPS Transport Load Assessment Stats
l Microsoft: Exchange 2010 TPS Transport Queue Length Performance
l Microsoft: Exchange 2010 UMS General Performance

Microsoft: Hyper-V Server

NOTE: The Dynamic Applications in this PowerPack support Hyper-V Server 2008 R2, 2012, and 2012 R2.

The following PowerShell Dynamic Applications can be used to collect performance data from Hyper-V servers:

l Microsoft: Hyper-V Component Count

l Microsoft: Hyper-V Logical Processor Performance
l Microsoft: Hyper-V Overall Guest CPU Performance
l Microsoft: Hyper-V Process Performance
l Microsoft: Hyper-V Root Virtual Processor Performance
l Microsoft: Hyper-V Virtual Processor Performance
l Microsoft: Hyper-V Virtual Storage Device Performance
l Microsoft: Hyper-V Virtual Switch Performance

The following PowerShell Dynamic Applications can be used to collect configuration data from Hyper-V servers:

l Microsoft: Hyper-V Component Count Configuration

l Microsoft: Hyper-V Host Configuration

This PowerPack also includes Snippet Dynamic Applications that discover virtual machines managed by the Hyper-
V host. Although the Dynamic Applications are of type "Snippet", the snippets themselves perform PowerShell
requests to collect data and use PowerShell credentials. See the Discovering Component Devices on Hyper-V
Systems section for more information.

l Microsoft: Hyper-V Guest Configuration

PowerShell Dynamic Applications 74

 l Microsoft: Hyper-V Guest Configuration Cache
l Microsoft: Hyper-V Guest Discovery

This PowerPack also includes Snippet Dynamic Applications that retrieve performance data from virtual machines
managed by the Hyper-V host. Although the Dynamic Applications are of type "Snippet", the snippets themselves
perform PowerShell requests to collect data and use PowerShell credentials:

l Microsoft: Hyper-V Connected Clients

l Microsoft: Hyper-V Guest CPU Performance
l Microsoft: Hyper-V Guest IDE Controller Performance
l Microsoft: Hyper-V Guest Interface Performance
l Microsoft: Hyper-V Guest Memory Performance

Microsoft: IIS Server

NOTE: The Dynamic Applications in this PowerPack support Internet Information Services (ISS) versions 7.5,
8.0, 8.5, and 10.0.

The following PowerShell Dynamic Applications can be used to collect performance data from IIS servers:

l Microsoft: IIS Active Server Pages Performance

l Microsoft: IIS Core Performance
l Microsoft: IIS Web Service Performance

The following PowerShell Dynamic Applications can be used to collect configuration data from IIS servers:

l Microsoft: IIS Server Configuration

Microsoft: Lync Server 2010

The following PowerShell Dynamic Applications can be used to collect performance data from Lync 2010 servers:

l Microsoft: Lync 2010 Announcement Service Performance

l Microsoft: Lync 2010 AS MCU Performance
l Microsoft: Lync 2010 Auto Attendant Performance
l Microsoft: Lync 2010 AV MCU Performance
l Microsoft: Lync 2010 AV SIP/MRAS/QOE Performance
l Microsoft: Lync 2010 Call Park Service Performance
l Microsoft: Lync 2010 Conferencing Compatibility Performance
l Microsoft: Lync 2010 Data Conferencing Performance
l Microsoft: Lync 2010 IM MCU Performance

75 PowerShell Dynamic Applications

 l Microsoft: Lync 2010 Response Group Performance
l Microsoft: Lync 2010 SIP Load Management Performance
l Microsoft: Lync 2010 SIP Networking Performance
l Microsoft: Lync 2010 SIP Peers Performance
l Microsoft: Lync 2010 SIP Protocol Performance
l Microsoft: Lync 2010 SIP Response Performance
l Microsoft: Lync 2010 SipEps Incoming Message Performance
l Microsoft: Lync 2010 User Services Performance
l Microsoft: Lync 2010 Web Services Performance

The following PowerShell Dynamic Applications can be used to collect configuration data from Lync 2010 servers:

l Microsoft: Lync 2010 AS MCU Configuration

l Microsoft: Lync 2010 AV MCU Configuration
l Microsoft: Lync 2010 Conferencing Compatibility Configuration
l Microsoft: Lync 2010 Data Conferencing Configuration
l Microsoft: Lync 2010 Service Health Configuration
l Microsoft: Lync 2010 User Services Configuration

Microsoft: SharePoint Server

NOTE: The Dynamic Applications in this PowerPack support SharePoint Server 2010 SE.

The following PowerShell Dynamic Applications can be used to collect performance data from SharePoint servers:

l Microsoft: SharePoint Core Performance

l Microsoft: SharePoint Indexer Performance
l Microsoft: SharePoint Query Performance

Microsoft: Skype for Business

NOTE: This PowerPack was previously named Microsoft: Lync Server 2013.

The following PowerShell Dynamic Applications can be used to collect performance data from Lync 2013 servers:

l Microsoft: Lync 2013 AS MCU Performance

l Microsoft: Lync 2013 AV MCU Performance
l Microsoft: Lync 2013 AV SIP/MRAS/QOE Performance

PowerShell Dynamic Applications 76

 l Microsoft: Lync 2013 Bandwidth Services Performance
l Microsoft: Lync 2013 Call Park Service Performance
l Microsoft: Lync 2013 Data Conferencing Performance
l Microsoft: Lync 2013 IM MCU Performance
l Microsoft: Lync 2013 Mediation Server Performance
l Microsoft: Lync 2013 Response Group Performance
l Microsoft: Lync 2013 SIP Load Management Performance
l Microsoft: Lync 2013 SIP Networking Performance
l Microsoft: Lync 2013 SIP Peers Performance
l Microsoft: Lync 2013 SIP Protocol Performance
l Microsoft: Lync 2013 SIP Response Performance
l Microsoft: Lync 2013 SipEps Incoming Message Performance
l Microsoft: Lync 2013 User Services Performance
l Microsoft: Lync 2013 Web Services Performance

The following PowerShell Dynamic Applications can be used to collect configuration data from Lync 2013 servers:

l x Microsoft: Lync 2013 AS MCU Configuration

l x Microsoft: Lync 2013 AV MCU Configuration
l x Microsoft: Lync 2013 Data Conferencing Configuration
l x Microsoft: Lync 2013 Service Health Configuration
l x Microsoft: Lync 2013 User Services Configuration

Microsoft: SQL Server

NOTE: The Dynamic Applications in this PowerPack support SQL Server 2008, 2012, 2014, and 2016.

The following PowerShell Dynamic Applications can be used to collect performance data from SQL servers:

l Microsoft: SQL 2008 Buffer Pages Performance

l Microsoft: SQL Buffer Performance
l Microsoft: SQL Database Performance
l Microsoft: SQL Memory Performance
l Microsoft: SQL Plan Cache Performance
l Microsoft: SQL Query Performance
l Microsoft: SQL Session Performance
l Microsoft: SQL Table Lock/Latch Performance

77 PowerShell Dynamic Applications

Microsoft: Windows Server

NOTE: The Dynamic Applications in this PowerPack support Windows Server 2008 R2, 2012, 2012 R2,
and 2016, as well as Windows 10.

The following PowerShell Dynamic Applications can be used to collect configuration data from Windows servers:

l Microsoft: Print Server Performance

l Microsoft: Windows Server Configuration Cache
l Microsoft: Windows Server BIOS Configuration
l Microsoft: Windows Server CPU Configuration
l Microsoft: Windows Server Device Discovery
l Microsoft: Windows Server Disk Configuration
l Microsoft: Windows Server Interface Configuration
l Microsoft: Windows Server Memory Configuration
l Microsoft: Windows Server OS Configuration
l Microsoft: Windows Server Software Configuration

NOTE: The "Microsoft: Windows Server Configuration Cache" Dynamic Application caches data that is
consumed by all of the other configuration Dynamic Applications in the list.

NOTE: When the "Microsoft: Windows Server OS Configuration" or "Microsoft: Windows Server Device
Discovery" Dynamic Applications automatically align to Windows servers, they trigger events and Run
Book Actions that classify the server.

The following PowerShell Dynamic Applications can be used to collect performance data from Windows servers:

l Microsoft: Windows Server Performance Cache

l Microsoft: Windows Server CPU Performance
l Microsoft: Windows Server Disk Performance
l Microsoft: Windows Server Interface Performance
l Microsoft: Windows Server IPStats Performance
l Microsoft: Windows Server Memory Performance
l Microsoft: Windows Server TCPStats Performance
l Microsoft: Windows Server UDPStats Performance

PowerShell Dynamic Applications 78

 NOTE: The "Microsoft: Windows Server Performance Cache" Dynamic Application caches data that is
consumed by all of the other performance Dynamic Applications in the list.

The following Snippet Dynamic Application, which uses PowerShell requests to collect data, can be used to collect
journal data from Windows servers:

l Microsoft: Windows Server Process List

The following Dynamic Applications use PowerShell to collect data as a supplement to SL1's internal collection
capabilities:

l Microsoft: Windows Server IC Availability

l Microsoft: Windows Server IC Detail
l Microsoft: Windows Server IC Filesystem Inventory
l Microsoft: Windows Server IC Filesystem Performance
l Microsoft: Windows Server IC Interface Inventory
l Microsoft: Windows Server IC Interface Performance

Microsoft: Windows Server Event Logs

The following Snippet Dynamic Applications can be used to collect data from system, application, and security
event logs on Microsoft Windows servers:

l Microsoft: Windows Server Application Events

l Microsoft: Windows Server Security Events
l Microsoft: Windows Server System Events

To customize how the Microsoft: Windows Server Event Logs Dynamic Applications filter event logs, perform the
following steps for each Dynamic Application:

1. Go to the Dynamic Applications Manager page (System > Manage > Applications) and search for the
Dynamic Application you want to customize in the Dynamic Application Name column.

2. Click the wrench icon ( ) for the Dynamic Application you want to edit.

3. In the [Snippets] tab, click the wrench icon ( ) next to the item in the Snippet Registry pane.
4. In the Snippet Editor, you can edit the following fields:

l EVENT_ID_FILTER_INCLUDE_LIST. Enter a list of Event IDs to include in your event logs.

l EVENT_TYPE_FILTER_INCLUDE_LIST. Enter a list of Event Types to include in your event logs.
l EVENT_MSG_FILTER_INCLUDE_LIST. Enter a list of Event Descriptions to include in your event
logs. This field supports the use of the * wildcard character.
l EVENT_SRC_FILTER_INCLUDE_LIST. Enter a list of Event Provider names to include in your event
logs. This field supports the use of the * wildcard character.

79 PowerShell Dynamic Applications

 5. Click the [Save] button.

Microsoft: Windows Server Services

NOTE: The Dynamic Applications in this PowerPack support Windows Server 2008 R2, 2012, and 2012
R2.

The following PowerShell Dynamic Applications can be used to collect configuration data from a Windows server
about each Windows Service running on the Windows server:

l Microsoft: Windows Server Service Configuration

Run Book Automations and Actions Associated with PowerShell

Dynamic Applications for Windows Servers
You can use the following Run Book Automation Policy and Run Book Action Policy to assign a device class to each
Windows device that does not support SNMP:

l Microsoft: Windows Server Device Class Alignment (Run Book Automation Policy)
l Microsoft: Windows Server Device Class Alignment (Run Book Action Policy)

PowerShell Dynamic Applications 80

 Devices that do not support SNMP are assigned a device class of type "pingable".

The automation policy is configured to trigger when the "Microsoft: Windows Server OS Configuration" or
"Microsoft: Windows Server Device Discovery" Dynamic Applications are aligned with a device during discovery.
These Dynamic Applications collect the name of the Windows operating system and store the name in a collection
object named "Edition". The Run Book Automation policy and Run Book Action policy use the value of the
collection object named "Edition" to assign a device class to each Windows device that does not support SNMP.

For example, if the collection object named "Edition" contains the value "Microsoft Windows Server 2012 R2
Datacenter", the Run Book Automation policy and the Run Book Action policy will assign the device to the device
class "Microsoft Windows Server 2012 R2".

Error Messages for PowerShell Collection

The following table lists error messages that SL1 can generate during PowerShell collection.

Error Message Possible Issue(s)

Preauthentication failed while getting initial Incorrect Password (Active Directory Accounts only)
credentials

Client not found in Kerberos database Username does not exist in Active Directory (Active
Directory Accounts only)

KRB5 error code 68 while getting initial credentials Incorrect domain name (Active Directory Accounts
only)

Bad HTTP response returned from server. Code 401, Incorrect username/password or target server does
basic auth failed not allow user account to perform WinRM operations.

ParseError Incorrect port specified in credential

[Errno 111] Connection refused Mismatch between server configuration and

credential, e.g. encryption option selected but not
enabled on server.

Hostname cannot be canonicalized Forward and/or reverse name resolution are not
working from the Data Collector or All-In-One
Appliance

81 PowerShell Dynamic Applications

 Error Message Possible Issue(s)

Cannot resolve network address for KDC in requested Forward and/or reverse name resolution are not
realm working from the Data Collector or All-In-One
Appliance

Configuration file does not specify default realm Forward and/or reverse name resolution are not
working from the Data Collector or All-In-One
Appliance

No credentials cache found Forward and/or reverse name resolution are not
working from the Data Collector or All-In-One
Appliance

Server not found in Kerbers database Forward and/or reverse name resolution are not
working from the Data Collector or All-In-One
Appliance

Relationships with Other Types of Component Devices

Additionally, the Dynamic Applications in the Microsoft: Windows Server PowerPack can automatically build
relationships between Windows servers and other associated devices:

l If you discover Dynatrace devices using the Dynamic Applications in the Dynatrace PowerPack, SL1 will
automatically create relationships between Windows servers and Dynatrace hosts.
l If you discover Cisco AppDynamics devices using the Dynamic Applications in the Cisco:
AppDynamics PowerPack, SL1 will automatically create relationships between Windows servers and
AppDynamics nodes.
l If you discover New Relic devices using the Dynamic Applications in the New Relic APM Pro PowerPack, SL1
will automatically create relationships between Windows servers and New Relic servers.

Relationships with Other Types of Component Devices 82

 Chapter

5
Creating SNMP and PowerShell Credentials
for Windows Devices

Overview
The following sections describe how to create SNMP and PowerShell credentials for Windows devices that you
want to monitor with SL1, as well as how to discover component devices on Hyper-V systems:

Creating an SNMP Credential 83

Creating a PowerShell Credential 86
Testing Windows Credentials 89
SNMP Credential Test 89
PowerShell Credential Test 89
Running a Windows Credential Test 89
Discovering Component Devices on Hyper-V Systems 91
Viewing Component Devices 91
Manually Aligning the Microsoft: Print Server Dynamic Application 92

Creating an SNMP Credential

SNMP Credentials allow SL1 to access SNMP data on a managed device. SL1 uses SNMP credentials to perform
discovery, run auto-discovery, and gather information from SNMP Dynamic Applications.

Creating an SNMP Credential 83

 To create an SNMP credential:

1. Go to the Credential Management page (System > Manage > Credentials).

2. Click the [Actions] button and select Create SNMP Credential. The Credential Editor page appears.

3. Supply values in the following fields:

l Profile Name. Name of the credential. Can be any combination of alphanumeric characters.
l SNMP Version. SNMP version. Choices are SNMP V1, SNMP V2, and SNMP V3. The default value
is SNMP V2.

84 Creating an SNMP Credential

 l Port. The port SL1 will use to communicate with the external device or application. The default value
is 161.
l Timeout (ms). Time, in milliseconds, after which SL1 will stop trying to communicate with the SNMP
device. The default value is 1500.
l Retries. Number of times SL1 will try to authenticate and communicate with the external device. The
default value is 1.

SNMP V1/V2 Settings

These fields appear if you selected SNMP V1 or SNMP V2 in the SNMP Version field. The fields are
inactive if you selected SNMP V3.

l SNMP Community (Read-Only). The SNMP community string (password) required for read-only
access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2 credentials,
you must supply a community string, either in this field or in the SNMP Community (Read/Write)
field.
l SNMP Community (Read/Write). The SNMP community string (password) required for read and
write access of SNMP data on the remote device or application. For SNMP V1 and SNMP V2
credentials, you must supply a community string, either in this field or in the SNMP Community (Read
Only) field.

SNMP V3 Settings

These fields appear if you selected SNMP V3 in the SNMP Version field. These fields are inactive if you
selected SNMP V1 or SNMP V2.

l Security Name. Name for SNMP authentication. This field is required.

l Security Passphrase. Password to authenticate the credential. This value must contain at least 8
characters. This value is required if you use a Security Level that includes authentication.
l Authentication Protocol. Select an authentication algorithm for the credential. Choices are MD5 or
SHA. The default value is MD5. This field is required.
l Security Level. Specifies the combination of security features for the credentials. This field is required.
Choices are:

o No Authentication / No Encryption.
o Authentication Only. This is the default value.
o Authentication and Encryption.

l SNMP v3 Engine ID. The unique engine ID for the SNMP agent you want to communicate with.
(SNMPv3 authentication and encryption keys are generated based on the associated passwords and
the engine ID.) This field is optional.
l Context Name. A context is a mechanism within SNMPv3 (and AgentX) that allows you to use
parallel versions of the same MIB objects. For example, one version of a MIB might be associated with
SNMP Version 2 and another version of the same MIB might be associated with SNMP Version 3. For
SNMP Version 3, specify the context name in this field. This field is optional.

Creating an SNMP Credential 85

 l Privacy Protocol. The privacy service encryption and decryption algorithm. This field is required.
Choices are:

o DES. This is the default value.

o AES-128
o AES-192
o AES-256

l Privacy Protocol Passphrase. Privacy password for the credential. This field is optional.

4. Click the [Save] button to save the new SNMP credential.

5. Repeat steps 1-4 for each SNMP-enabled device in your network that you want to monitor with SL1.

NOTE: When you define an SNMP Credential, SL1 automatically aligns the credential with all organizations
of which you are a member.

Creating a PowerShell Credential

If you configure your Windows system to respond to PowerShell requests from SL1, you can use PowerShell
Dynamic Applications to collect information from your Windows system.

All of the PowerShell Dynamic Applications include a discovery object. If you include a credential for PowerShell
Dynamic Applications in the discovery session that includes your Windows system, SL1 will automatically align the
appropriate PowerShell Dynamic Applications to the Windows system. For more information about creating a
discovery session, see the Discovery & Credentials manual.

To define a PowerShell credential in SL1:

1. Collect the information you need to create the credential:

l The username and password for a user on the Windows device.

l If the user is an Active Directory account, the hostname or IP address of the Active Directory server and
the domain.
l Determine if an encrypted connection should be used.
l If you are using a Windows Management Proxy, the hostname or IP address of the proxy server.

2. Go to the Credential Management page (System > Manage > Credentials).

86 Creating a PowerShell Credential

 3. In the Credential Management page, click the [Actions] menu. Select Create PowerShell Credential.

4. The Credential Editor page appears, where you can define the following fields:

l Profile Name. Name of the credential. Can be any combination of alphanumeric characters.

Creating a PowerShell Credential 87

 l Hostname/IP. Hostname or IP address of the device from which you want to retrieve data.

o You can include the variable %D in this field. SL1 will replace the variable with the IP address of the
device that is currently using the credential.
o You can include the variable %N in this field. SL1 will replace the variable with the hostname of the
device that is currently using the credential. If SL1 cannot determine the hostname, SL1 will replace
the variable with the primary, management IP address for the current device.
o You can include the prefix HOST or WSMAN before the variable %D in this field if the device you
want to monitor uses a service principal name (for example, "HOST://%D" or "WSMAN://%D").
SL1 will use the WinRM service HOST or WSMan instead of HTTP and replace the variable with
the IP address of the device that is currently using the credential.

l Username. Type the username for an account on the Windows device to be monitored or on the
proxy server.

NOTE: The user should not include the domain name prefix in the username for Active Directory accounts.
For example, use "em7admin" instead of "MSDOMAIN\em7admin".

l Encrypted. Select whether SL1 will communicate with the device using an encrypted connection.
Choices are:
o yes. When communicating with the Windows server, SL1 will use a local user account with
authentication of type "Basic Auth". You must then use HTTPS and can use a Microsoft Certificate or
a self-signed certificate.
o no. When communicating with the Windows server, SL1 will not encrypt the connection.

l Port. Type the port number used by the WinRM service on the Windows device. This field is
automatically populated with the default port based on the value you selected in the Encrypted field.
l Account Type. Type of authentication for the username and password in this credential. Choices are:
o Active Directory. On the Windows device, Active Directory will authenticate the username and
password in this credential.
o Local. Local security on the Windows device will authenticate the username and password in this
credential.
l Timeout (ms). Type the time, in milliseconds, after which SL1 will stop trying to collect data from the
authenticating server. For collection to be successful, SL1 must connect to the authenticating server,
execute the PowerShell command, and receive a response within the amount of time specified in this
field.
l Password. Type the password for the account on the Windows device to be monitored or on the proxy
server.
l PowerShell Proxy Hostname/IP. If you use a proxy server in front of the Windows devices you want to
communicate with, type the fully-qualified domain name or the IP address of the proxy server in this
field.

88 Creating a PowerShell Credential

 l Active Directory Hostname/IP. If you selected Active Directory in the Account Type field, type the
hostname or IP address of the Active Directory server that will authenticate the credential.
l Domain. If you selected Active Directory in the Account Type field, type the domain where the
monitored Windows device resides.

5. To save the credential, click the [Save] button. To clear the values you set, click the [Reset] button.

Testing Windows Credentials

Credential Tests define a series of steps that SL1 can execute on-demand to validate whether a credential works
as expected. This section describes the SNMP and PowerShell Credential Tests that are included in the default
installation of SL1.

SNMP Credential Test

The SNMP Credential Test can be used to test an SNMP credential for connectivity. The SNMP Credential Test
performs the following steps:

l Test Reachability. Performs an ICMP ping request to the host specified in the credential.
l Test Port Availability. Performs an NMAP request to the UDP port specified in the credential on the host
specified in the credential.
l Test SNMP Availability. Attempts an SNMP getnext request to .1.3.6.1 using the credential.

PowerShell Credential Test

The PowerShell Credential Test can be used to test a PowerShell credential for connectivity. The PowerShell
Credential Test performs the following steps:

l Test Reachability. Performs an ICMP ping request to the host specified in the credential.
l Test Port Availability. Performs an NMAP request to the TCP port specified in the credential on the host
specified in the credential.
l Test Name Resolution. Performs an nslookup request on the host specified in the credential.
l Test Kerberos. If the credential does not specify local authentication, attempts to acquire a kerberos ticket
using the credential.
l Test WinRM Connection. Attempts a WinRM connection using the credential.
l Execute PowerShell Cmdlet. Attempts to execute the 'Get-WmiObject Win32_Process | Select Name'
PowerShell Cmdlet using the credential.

Running a Windows Credential Test

To run a Windows credential test from the Credential Management page:

1. Go to the Credential Management page (System > Manage > Credentials).

Testing Windows Credentials 89

 2. Click the [Actions] menu, and then select Test Credential. The Credential Tester modal page appears:

3. Supply values in the following fields:

l Test Type. Select a credential test to run.

l Credential. Select the credential you want to test. This drop-down list includes only credentials that
you have access to that can be tested using the selected credential test.
l Hostname/IP. Enter a hostname or IP address that will be used during the test. For example, if you
are testing an SNMP credential, the hostname/IP address you supply will be used to perform a test
SNMP request.
l Collector. Select the All-In-One Appliance or Data Collector that will run the test.

4. Click the [Run Test] button to run the credential test. The Test Credential window appears:

The Test Credential window displays a log entry for each step in the credential test. The steps performed
are different for each credential test. The log entry for each step includes the following information:

l Step. The name of the step.

l Description. A description of the action performed during the step.
l Log Message. The result of the step for this execution of the credential test.
l Status. Whether the result of this step indicates the credential and/or the network environment is
configured correctly (Passed) or incorrectly (Failed).

l Step Tip. Mouse over the question mark icon ( ) to display the tip text. The tip text recommends
what to do to change the credential and/or the network environment if the step has a status of "Failed".

5. Optionally, you can click the [Execute Discovery Session] button to run a discovery session using the
Credential, Hostname/IP, and Collector you selected in the Credential Tester modal page.

90 Testing Windows Credentials

Discovering Component Devices on Hyper-V Systems
The Microsoft: Hyper-V Server PowerPack includes two Dynamic Applications that allow SL1 to collect information
about the virtual machines running on a Hyper-V system.

To discover the virtual machines on a Hyper-V system as component devices, align the following two Dynamic
Applications with a Hyper-V system:

l Microsoft: Hyper-V Guest Configuration Cache

l Microsoft: Hyper-V Gust Discovery

When these Dynamic Applications are aligned to a Hyper-V system, the platform will automatically create a device
record for each virtual machine. The platform will also automatically align other Dynamic Applications from the
Microsoft: Hyper-V Server PowerPack to each virtual machine.

Viewing Component Devices

When SL1 performs collection for the "Microsoft Hyper-V Guest Configuration Cache" and "Microsoft Hyper-V
Guest Discovery" Dynamic Applications, SL1 will create component devices for the virtual machines on the Hyper-
V and align other Dynamic Applications to those component devices. All component devices appear in the Device
Manager page just like devices discovered using the ScienceLogic discovery process.

In addition to the Device Manager page, you can view the Hyper-V system and all associated component devices
in the following places in the user interface:

l The Device Components page (Registry > Devices > Device Components) displays a list of all root devices
and component devices discovered by the platform. The Device Components page displays all root devices
and component devices in an indented view, so you can easily view the hierarchy and relationships between
child devices, parent devices, and root devices. To view the component devices associated with a Hyper-V
system, find the Hyper-V system and select its plus icon (+):

Discovering Component Devices on Hyper-V Systems 91

 l The Component Map page (Views > Device Maps > Components) allows you to view devices by root
node and view the relationships between root nodes, parent components, and child components in a map.
This makes it easy to visualize and manage root nodes and their components. SL1 automatically updates the
Component Map as new component devices are discovered. SL1 also updates each map with the latest
status and event information. To view the map for a Hyper-V system, select the Hyper-V system from the left
NavBar. To learn more about the Component Map page, see the Views manual.

Manually Aligning the Microsoft: Print Server Dynamic

Application
The Microsoft: Print Server Dynamic Application must be manually aligned. To do so, perform the following steps:

1. Find your Windows device in the Device Manager page (Registry > Devices > Device Manager and click
its wrench icon ( ).
2. From the Device Properties page for the Windows system, click the [Collections] tab. The Dynamic
Application Collections page appears.
3. Click the [Action] button and then select Add Dynamic Application. The Dynamic Application Alignment
page appears:

92 Manually Aligning the Microsoft: Print Server Dynamic Application

 4. In the Dynamic Applications field, select the "Microsoft: Print Server" Dynamic Application.
5. In the Credentials field, select the credential you created for your Windows system.
6. Click the [Save] button.

Manually Aligning the Microsoft: Print Server Dynamic Application 93

 Chapter

6
Executing the SL1 Agent with Windows
PowerShell

Overview
The following sections provide an overview of local Agent execution on Windows devices with PowerShell:

What is an SL1 Agent? 94

Agent-Compatible PowerPacks 95
The Credential for the SL1 Agent 95
Configuring the SL1 Agent Device Template 96

What is an SL1 Agent?

The SL1 Agent is a program that you can optionally install on a device or element monitored by SL1. The SL1
Agent collects data from the device, interface, or other element and pushes that data back to SL1. You can install
and use multiple SL1 Agents, as needed.

Because an agent is always running on a device, the SL1 Agent can collect more granular data than can be
collected by polling the device periodically with a Data Collector. You can collect data from devices using only the
SL1 Agent or using a combination of the SL1 Agent and Data Collectors.

For more information, see the Monitoring with the SL1 Agent manual .

What is an SL1 Agent? 94

Agent-Compatible PowerPacks
The following PowerPacks include the SL1 Agent PowerShell Default credential and SL1 Agent device template,
which you can use to execute the SL1 Agent on Windows devices with PowerShell:

l Microsoft: Windows Server

l SL1 Agent Templates for Microsoft PowerPacks, which includes templates for the following:

o Microsoft: DHCP Server

o Microsoft: DNS Server
o Microsoft: Exchange Server
o Microsoft: IIS Server
o Microsoft: Lync Server
o Microsoft: SharePoint Server
o Microsoft: SQL Server
o Microsoft: Windows Server

The Credential for the SL1 Agent

The "SL1 Agent PowerShell Default" credential does not need to be configured and can be used as-is. You can
find the credential in the Credential Management page (System > Manage > Credentials):

95 Agent-Compatible PowerPacks
Configuring the SL1 Agent Device Template
A device template allows you to save a device configuration and apply it to multiple devices. Windows
PowerPacks include a device template for executing the SL1 Agent with PowerShell. If you apply this device
template during discovery, SL1 aligns the appropriate Dynamic Applications to the discovered PowerShell device.

This device template does not need to be edited and will work as-is, unless you would like to remove a Dynamic
Application from the template. To remove any Dynamic Applications you may not need:

1. Go to the Configuration Templates page (Registry > Devices > Templates).

2. Locate the SL1 Agent template (for example, "SL1 Agent for Microsoft: Windows Server Template") and click
its wrench icon ( ). The Device Template Editor page appears.
3. Click the [Dyn Apps] tab. The Editing Dynamic Application Subtemplates page appears:

5. To remove a Dynamic Application listed in the Subtemplate Selection section on the left side of the page,
click it's bomb icon ( ) and then click [OK] when asked to confirm. select the SL1 Agent PowerShell
credential in the Credentials field.
6. Click [Save].

Configuring the SL1 Agent Device Template 96

 Chapter

7
Windows Dashboards

Overview
The following sections describe how to install the dashboards included in SL1 for Microsoft servers and a
description of each:

Installing the Microsoft Server Dashboards 97

Microsoft: Active Directory Server Performance 99
Microsoft: DNS Server Performance 102
Microsoft: Exchange Server 2010 Performance 104
Microsoft: Exchange Server 2013 Performance 107
Microsoft: IIS Server Performance 110
Microsoft: Lync Server 2010 Dashboards 112
Microsoft: Lync Server 2010 Performance 112
Microsoft: Lync Server 2010 Utilization 115
Microsoft: Skype for Business Dashboards 118
Microsoft: Lync Server 2013 Performance 118
Microsoft: Lync Server 2013 Utilization 121
Microsoft: SQL Server Performance 124

Installing the Microsoft Server Dashboards

The following PowerPacks contain dashboards for Microsoft servers:

l Microsoft: Active Directory Server Dashboards

Installing the Microsoft Server Dashboards 97

 l Microsoft: DNS Server Dashboards
l Microsoft: Exchange Server 2010 Dashboards
l Microsoft: Exchange Server 2013 Dashboards
l Microsoft: IIS Server Dashboards
l Microsoft: Lync Server 2010 Dashboards
l Microsoft: Skype for Business Dashboards
l Microsoft: SQL Server Dashboards

To view these dashboards in SL1, you must first install the corresponding PowerPack. To do so:

1. Go to the PowerPack Manager page (System > Manage > PowerPacks).

2. Click the [Actions] button, then select Install PowerPack. The Imported PowerPacks modal page appears.
3. Use the search filter in the PowerPack Name column heading to locate the PowerPack you want to install.
To do so, enter text to match, including special characters, and the Imported PowerPacks modal page
displays only PowerPacks that have a matching name.

4. Click the lightning-bolt icon ( ) for the PowerPack that you want to install.

98 Installing the Microsoft Server Dashboards

 5. The Install PowerPack modal page appears. To install the PowerPack, click [Install].

6. The PowerPack now appears in the PowerPack Manager page. The contents of the PowerPack are
automatically installed in your SL1 System.

Microsoft: Active Directory Server Performance

The Microsoft: Active Directory Server Performance dashboard provides an overview of the health and performance
of a selected Active Directory server.

Context Quick Selector. This widget contains buttons for time span preset and the Organizations Selector.

Microsoft: Active Directory Server Performance 99

 l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Active Directory servers that appear in the Server List widget.

Server List. This widget displays a list of Active Directory servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Active Directory server, in percent.

l The latency of the selected Active Directory server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected Active Directory server during the selected duration. Each parameter is
represented by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selectorwidget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

Replication. Replication is the process by which the changes that are made on one domain controller are
synchronized with and written to all other domain controllers in the domain or forest. The Replication widget
displays a line graph. The line graph displays information about data that is replicated from the current Active
Directory server to other Active Directory servers (the Outbound Properties Per Second) and information about data
that is replicated from other Active Directory server to the current Active Directory server (Inbound Objects Per
Second).

l The y axis displays objects per second.

l The x axis displays time. The increments vary, depending upon the date ranges selected in theContext
Quick Selectorwidget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

LDAP - Client Sessions. This widget displays the number of connected LDAP client sessions over time.

l The y axis displays number of sessions .

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.

100 Microsoft: Active Directory Server Performance

 l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

LDAP - Active Threads. This widget displays the number of threads in use by the LDAP subsystem of the local
directory service.

l The y axis displays number of threads.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

Pages Per Second. This widget displays a line graph. The line graph displays DS (domain server) directory reads
per second, DS directory writes per second, and DS directory searches per second. Each parameter is represented
by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

LDAP - Writes and Searches. This widget displays a line graph. The line graph displays LDAP writes per second
and LDAP searches per second. Each parameter is represented by a color-coded line.

l The y axis displays writers per second and searches per second.
l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

LDAP - Bind Time. This widget displays a line graph. The line graph displays the time required for completion of
each successful LDAP binding.

l The y axis displays duration in milliseconds.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Active Directory server.

Microsoft: Active Directory Server Performance 101

Microsoft: DNS Server Performance
The Microsoft: DNS Server Performance dashboard provides an overview of the health and performance of a
selected DNS server.

Context Quick Selector. This widget contains buttons for time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of DNS servers that appear in the Server List widget.

Server List. This widget displays a list of DNS servers. Selecting a server drives the context for the other widgets in
the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected DNS server, in percent.

l The latency of the selected DNS server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected DNS server during the selected duration. Each parameter is represented
by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.

102 Microsoft: DNS Server Performance

 l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
DNS server.

Overall Performance. This widget displays a line graph. The line graph displays Total Responses Sent per Second
and Total Queries Received per Second. Each parameter is represented by a color-coded line.

l The y axis displays responses per second and queries per second.
l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
DNS server.

Recursive Queries. This widget displays a line graph. The line graph displays Recursive Queries per Second.

l The y axis displays number of queries per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
DNS server.

Recursive Errors. This widget displays a line graph. The line graph displays Recursive Query Failures per Second
and Recursive Time-Outs per Second. Each parameter is represented by a color-coded line..

l The y axis displays number of queries per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
DNS server.

Microsoft: DNS Server Performance 103

Microsoft: Exchange Server 2010 Performance
The Microsoft: Exchange Server 2010 Performance dashboard provides an overview of the health and
performance of a selected Exchange 2010 server.

Context Quick Selector. This widget contains buttons for time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Exchange 2010 servers that appear in the Server List widget.

Server List. This widget displays a list of Exchange 2010 servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Exchange 2010 server, in percent.

l The latency of the selected Exchange 2010 server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, swap memory
usage, and CPU usage for the selected Exchange 2010 server during the selected duration. Each parameter is
represented by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.

104 Microsoft: Exchange Server 2010 Performance

 l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

User Active Connections. This widget displays a line graph. The line graph displays the number of active user
connections for the selected Exchange 2010 server during the selected duration.

l The y axis displays the number of users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in the line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

OWA Requests. This widget displays a line graph. The line graph displays two lines: One for the frequency of
Outlook Web Access requests for the selected Exchange 2010 server during the selected duration and another for
the frequency of Web Services requests for the selected Exchange 2010 server during the selected duration.

l The y axis displays the number of requests per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

RPC Averaged Latency. This widget displays a line graph. The line graph displays the average latency of remote
procedure calls (RPCs) for the selected Exchange 2010 server during the selected duration.

l The y axis displays the average RPC latency, in milliseconds.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

MBS Databases. This widget displays a line graph. The line graph displays two lines: One for I/O write latency for
the mailbox server database for the selected Exchange 2010 and one for I/O read latency to the mailbox server
for the selected Exchange 2010 server during the selected duration.

l The y axis displays the write and read latency statistics in milliseconds.
l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

Microsoft: Exchange Server 2010 Performance 105

 Mailbox Messages.This widget displays a line graph. The line graph displays two lines: One for the number of
mailbox messages sent to the selected Exchange 2010 server and one for the number of mailbox message sent
from the selected Exchange 2010 server during the selected duration.

l The y axis displays the number of messages per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

Total Queue Messages. This widget displays a line graph. The line graph includes three lines: One for the
number of messages in the submission queue, one for the number of messages in the delivery queue, and one for
the number of queued message that were delivered for the selected Exchange 2010 server during the selected
duration.

l The y axis displays the number of messages per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

SMTP Messages. This widget displays a line graph. The line graphs includes two lines: One for the number of
SMTP messages sent from the selected Exchange 2010 server and one for the number of SMTP messages
received by the selected Exchange 2010 server during the selected duration.

l The y axis displays the number of messages per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

Buckets Allocated. This widget displays a line graph. The line graph displays the number of buckets of version
store memory used by the selected Exchange 2010 server during the selected duration.

l The y axis displays the number of allocated buckets.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2010 server.

106 Microsoft: Exchange Server 2010 Performance

Microsoft: Exchange Server 2013 Performance
The Microsoft: Exchange Server 2013 Performance dashboard provides an overview of the health and
performance of a selected Exchange 2013 server.

Context Quick Selector. This widget contains buttons for time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Exchange 2013 servers that appear in the Server Listwidget.

Server List. This widget displays a list of Exchange 2013 servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Exchange 2013 server, in percent.

l The latency of the selected Exchange 2013 server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays three lines: One for memory
usage, one for swap memory usage, and one for CPU usage for the selected Exchange 2013 server during the
selected duration. Each parameter is represented by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.

Microsoft: Exchange Server 2013 Performance 107

 l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

User Active Connections. This widget displays a line graph. The line graph displays the number of active user
connections for the selected Exchange 2013 server during the selected duration.

l The y axis displays the number of users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in the line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

OWA Requests. This widget displays a line graph. The line graph displays two lines: One for the frequency of
Outlook Web Access requests and one for the frequency of Web Services requests for the selected Exchange
2013 server during the selected duration.

l The y axis displays the number of requests per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

RPC Averaged Latency. This widget displays a line graph. The line graph displays the average latency for remote
procedure calls (RPCs) for the selected Exchange 2013 server during the selected duration.

l The y axis displays the average RPC latency, in milliseconds.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

MBS Databases. This widget displays a line graph. The line graph displays two lines: One for I/O write latency to
the mailbox server database and one for I/O read latency to the mailbox server database for the selected
Exchange 2013 server during the selected duration.

l The y axis displays the average write and read latency in milliseconds.
l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

108 Microsoft: Exchange Server 2013 Performance

 Mailbox Messages. This widget displays a line graph. The line graph displays two lines: One for the number of
mailbox messages sent from the selected Exchange 2013 and one for the number of mailbox messages delivered
to the selected Exchange 2013 server during the selected duration.

l The y axis displays the number of messages per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

Total Queue Messages. This widget displays a line graph. The line graph displays three lines: One for the the
number of messages in the submission queue, one for the number of messages in the delivery queue, and one for
the number of queued message that were delivered for the selected Exchange 2013 server during the selected
duration.

l The y axis displays the number of messages per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

SMTP Messages. This widget displays a line graph. The line graph displays two lines: One for the number of
SMTP messages sent from the selected Exchange 2013 server and one for the number of SMTP messages
received by the selected Exchange 2013 server during the selected duration.

l The y axis displays the number of messages per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

Buckets Allocated. This widget displays a line graph. The line graph displays the number of buckets of version
store memory used by the selected Exchange 2013 server during the selected duration.

l The y axis displays the number of allocated buckets.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Exchange 2013 server.

Microsoft: Exchange Server 2013 Performance 109

Microsoft: IIS Server Performance
The Microsoft: IIS Server Performance dashboard provides an overview of the health and performance of a
selected IIS server.

Context Quick Selector. This widget contains buttons for time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of IIS servers that appear in the Server List widget.

Server List. This widget displays a list of IIS servers. Selecting a server drives the context for the other widgets in the
dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected IIS server, in percent.

l The latency of the selected IIS server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected IIS server during the selected duration. Each parameter is represented by a
color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.

110 Microsoft: IIS Server Performance

 l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

Current Users. This widget displays a line graph. The line graph displays Current Anonymous Users and Current
Non Anonymous Users. Each parameter is represented by a color-coded line.

l The y axis displays number of users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

Bytes Sent and Received. This widget displays a line graph. The line graph displays Bytes Sent Per Second and
Bytes Received Per Second. Each parameter is represented by a color-coded line.

l The y axis displays kB of data per second..

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

Connections. This widget displays a line graph. The line graph displays the number of Active HTTP Connections.

l The y axis displays number of connections.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

Pages Per Second. This widget displays a line graph. The line graph displays the number of Pages (served) Per
Second.

l The y axis displays number of pages per second..

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

Cache Hit %. The IIS server caches (in memory) frequently requested files. This widget displays a line graph. The
line graph displays the ratio of kernel URI cache hits to total cache requests.

l The y axis displays percent of URI cache hits.

Microsoft: IIS Server Performance 111

 l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

404 Errors Per Second. This widget displays a line graph. The line graph displays the number of errors due to
requests that couldn't be satisfied by the server because the requested document couldn't be found, per second.

l The y axis displays number of errors per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
IIS server.

Microsoft: Lync Server 2010 Dashboards

The Microsoft: Lync Server 2010 Dashboards PowerPack includes the following dashboards:

l Microsoft: Lync Server 2010 Performance

l Microsoft: Lync Server 2010 Utilization

Microsoft: Lync Server 2010 Performance

The Microsoft: Lync 2010 Server Performance dashboard provides an overview of the health and performance of
a selected Lync 2010 server.

112 Microsoft: Lync Server 2010 Dashboards

 Context Quick Selector. This widget contains buttons for time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Lync 2010 servers that appear in the Server List widget.

Server List. This widget displays a list of Lync 2010 servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Lync 2010 server, in percent.

l The latency of the selected Lync 2010 server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected Lync 2010 server during the selected duration. Each parameter is
represented by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Connections Established. This widget displays a line graph. The line graph displays Connections Established.

l The y axis displays number of connections.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

SIP Message. SIP is a protocol for instant messaging and VOIP. This widget displays a line graph. The line graph
displays Incoming Message and Outgoing Messages. Each parameter is represented by a color-coded line.

l The y axis displays number of messages.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Microsoft: Lync Server 2010 Dashboards 113

 Sproc Latency. Stored Procedure Call (sproc) latency is the time it takes for the Lync database to process the
stored procedure call.

l The y axis displays the duration, in milliseconds.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

SIP Network Errors. This widget displays information about errors during instant messaging or VOIP. This widget
displays a line graph. The line graph displays Connections Above Per-User Limit Dropped, Connections Refused
Due to Server Overload, Failed DNS SRV Queries, Time Out DNS SRV Queries, and TLS Negotiations Failed.
Each parameter is represented by a color-coded line.

l The y axis displays the number of connections that resulted in errors.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Incoming Response Breakdown. This widget displays information about the number of responses generated by
the server. This widget displays a line graph. The line graph displays Incoming 2xx Responses. A 2xx Response
means that a connection has been established.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Incoming Response Breakdown. This widget displays information about the number of responses generated by
the server. This widget displays a line graph. The line graph displays Incoming 1xx (non-100) Responses,
Incoming 3xx Responses, Incoming Other 4xx Responses, Incoming Other 5xx Responses, and Incoming 6xx
Responses. Each parameter is represented by a color-coded line. For a description of SIP response codes, see the
Wikipedia page http://en.wikipedia.org/wiki/List_of_SIP_response_codes.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

114 Microsoft: Lync Server 2010 Dashboards

 Incoming Response Breakdown. This widget displays information about the number of responses generated by
the server. This widget displays a line graph. The line graph displays Incoming 400 Responses, Incoming 401
Responses, Incoming Other 403 Responses, Incoming 404 Responses, Incoming 407 Responses, and Incoming
408 Responses. Each parameter is represented by a color-coded line. For a description of SIP response codes,
see the Wikipedia page http://en.wikipedia.org/wiki/List_of_SIP_response_codes.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Incoming Response Breakdown. This widget displays information about the number of responses generated by
the server. This widget displays a line graph. The line graph displays Incoming 482 Responses and Incoming 483
Responses. Each parameter is represented by a color-coded line. For a description of SIP response codes, see the
Wikipedia page http://en.wikipedia.org/wiki/List_of_SIP_response_codes.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Microsoft: Lync Server 2010 Utilization

The Microsoft: Lync 2010 Server Utilization dashboard provides an overview of how users are using a selected
Lync 2010 server.

Microsoft: Lync Server 2010 Dashboards 115

 Context Quick Selector. This widget contains the time span preset buttons and Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Lync 2010 servers that appear in the Server List widget.

Server List. This widget displays a list of Lync 2010 servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Lync 2010 server, in percent.

l The latency of the selected Lync 2010 server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected Lync 2010 server during the selected duration. Each parameter is
represented by a color-coded line.

l The y axis displays usage, in percent t.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Active Registered Endpoints. Endpoints are devices that are connected to the Lync front-end server. This widget
displays a line graph. The line graph displays Endpoint Cache: Active Registered Endpoints.

l The y axis displays numbered of registered endpoints.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

116 Microsoft: Lync Server 2010 Dashboards

 Active IM Conferences. This widget displays the current number of IM conversations on the Lync server.
Conferences usually include more than two users. This widget displays a line graph. The line graph displays Active
Conferences.

l The y axis displays numbered of IM conferences.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Connected IM Users. This widget displays the current number of connected IM users. This widget displays a line
graph. The line graph displays Connected Users.

l The y axis displays numbered of IM users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Number of Calls. This widget displays the current number of voice calls on the Lync server. This widget displays a
line graph. The line graph displays UpdateEndpoint: Number of Calls.

l The y axis displays numbered of calls.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Active AS Conferences. This widget displays the number of active conferences using Application Sharing (AS).
This widget displays a line graph. The line graph displays Active Conferences.

l The y axis displays numbered of AS conferences.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Microsoft: Lync Server 2010 Dashboards 117

 Connected AS Users. This widget displays the number of users connected to conferences using Application
Sharing (AS). This widget displays a line graph. The line graph displays Connected Users.

l The y axis displays numbered of AS users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

Microsoft: Skype for Business Dashboards

The Microsoft: Skype for Business Dashboards PowerPack includes the following dashboards:

l Microsoft: Lync Server 2013 Performance

l Microsoft: Lync Server 2013 Utilization

Microsoft: Lync Server 2013 Performance

The Microsoft: Lync 2013 Server Performance dashboard provides an overview of the health and performance of
a selected Lync 2013 server.

Context Quick Selector. This widget contains the time span preset buttons and Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Lync 2013 servers that appear in the Server List widget.

118 Microsoft: Skype for Business Dashboards

 Server List. This widget displays a list of Lync 2013 servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Lync 2013 server, in percent.

l The latency of the selected Lync 2013 server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected Lync 2013 server during the selected duration. Each parameter is
represented by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Connections Established. This widget displays a line graph. The line graph displays Connections Established.

l The y axis displays number of connections.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2010 server.

SIP Message. SIP is a protocol for instant messaging and VOIP. This widget displays a line graph. The line graph
displays Incoming Message and Outgoing Messages. Each parameter is represented by a color-coded line.

l The y axis displays number of messages.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Sproc Latency. Stored Procedure Call (sproc) latency is the time it takes for the Lync database to process the
stored procedure call.

l The y axis displays the duration, in milliseconds.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.

Microsoft: Skype for Business Dashboards 119

 l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

SIP Network Errors. This widget displays information about errors during instant messaging or VOIP. This widget
displays a line graph. The line graph displays Connections Above Per-User Limit Dropped, Connections Refused
Due to Server Overload, Failed DNS SRV Queries, Time Out DNS SRV Queries, and TLS Negotiations Failed.
Each parameter is represented by a color-coded line.

l The y axis displays the number of connections that resulted in errors.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Incoming Response Breakdown. This widget displays information about the number of responses that are being
generated by the server. This widget displays a line graph. The line graph displays Incoming 2xx Responses. A 2xx
Response means that a connection has been established.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Incoming Respond Breakdown. This widget displays information about the number of responses that are being
generated by the server. This widget displays a line graph. The line graph displays Incoming 1xx (non-100)
Responses, Incoming 3xx Responses, Incoming Other 4xx Responses, Incoming Other 5xx Responses, and
Incoming 6xx Responses. Each parameter is represented by a color-coded line. For a description of all SIP
response codes, see the Wikipedia page http://en.wikipedia.org/wiki/List_of_SIP_response_codes.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

120 Microsoft: Skype for Business Dashboards

 Incoming Response Breakdown. This widget displays information about the number of responses that are being
generated by the server. This widget displays a line graph. The line graph displays Incoming 400 Responses,
Incoming 401 Responses, Incoming Other 403 Responses, Incoming 404 Responses, Incoming 407 Responses,
and Incoming 408Responses. Each parameter is represented by a color-coded line. For a description of all SIP
response codes, see the Wikipedia page http://en.wikipedia.org/wiki/List_of_SIP_response_codes.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Incoming Response Breakdown. This widget displays information about the number of responses that are being
generated by the server. This widget displays a line graph. The line graph displays Incoming 482 Responses and
Incoming 483 Responses. Each parameter is represented by a color-coded line. For a description of all SIP
responses codes, see the Wikipedia page http://en.wikipedia.org/wiki/List_of_SIP_response_codes.

l The y axis displays the number of responses.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Microsoft: Lync Server 2013 Utilization

The Microsoft: Lync 2013 Server Utilization dashboard provides an overview of how users are using a selected
Lync 2013 server.

Microsoft: Skype for Business Dashboards 121

 Context Quick Selector. This widget contains buttons for time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of Lync 2013 servers that appear in the Server List widget.

Server List. This widget displays a list of Lync 2013 servers. Selecting a server drives the context for the other
widgets in the dashboard.

Availability and Latency. This widget displays two gauges:

l The availability of the selected Lync 2013 server, in percent.

l The latency of the selected Lync 2013 server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected Lync 2013 server during the selected duration. Each parameter is
represented by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Active Registered Endpoints. Endpoints are devices that are connected to the Lync front-end server. This widget
displays a line graph. The line graph displays Endpoint Cache: Active Registered Endpoints.

l The y axis displays the number of registered endpoints.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

122 Microsoft: Skype for Business Dashboards

 Active IM Conferences. This widget displays the number of IM conversations on the Lync server. Conferences
usually include more than two users. This widget displays a line graph. The line graph displays Active
Conferences.

l The y axis displays the number of IM conferences.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Connected IM Users. This widget displays the current number of connected IM users. This widget displays a line
graph. The line graph displays Connected Users.

l The y axis displays the number of IM users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Number of Calls. This widget displays the current number of voice calls on the Lync server. This widget displays a
line graph. The line graph displays UpdateEndpoint: Number of Calls.

l The y axis displays the number of calls.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Active AS Conferences. This widget displays the number of active conferences using Application Sharing (AS).
This widget displays a line graph. The line graph displays Active Conferences.

l The y axis displays the number of AS conferences.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Microsoft: Skype for Business Dashboards 123

 Connected AS Users. This widget displays the number of users connected to conferences using Application
Sharing (AS). This widget displays a line graph. The line graph displays Connected Users.

l The y axis displays the number of AS users.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
Lync 2013 server.

Microsoft: SQL Server Performance

The Microsoft: SQL Server Performance dashboard provides an overview of the health and performance of a
selected SQL server.

Context Quick Selector. This widget contains buttons for the time span presets and the Organizations Selector.

l Time span presets. Users select the time span over which they want to view data. Selections range from one
hour to 90 days.
l Organizations Selector. This drop-down list allows a user to select specific organizations for which they want
to view data. This field filters the list of SQL servers that appear in the Server List widget.

Server List. This widget displays a list of SQL servers. Selecting a server drives the context for the other widgets in
the dashboard.

124 Microsoft: SQL Server Performance

 Availability and Latency. This widget displays two gauges:

l The availability of the selected SQL server, in percent.

l The latency of the selected SQL server, in milliseconds.

System Utilization (%). This widget displays a line graph. The line graph displays memory usage, virtual-memory
usage, and CPU usage for the selected SQL server during the selected duration. Each parameter is represented
by a color-coded line.

l The y axis displays usage, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Buffer Cache Hit Ratio. This widget displays information about the percentage of page requests that are satisfied
by data pages from the buffer cache without having to read from disk. The ratio is the total number of pages found
in the buffer divided by the total number of requests. This widget displays a line graph. The line graph displays
Buffer Cache Hit Ratio.

l The y axis displays the ratio, in percent.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Average Wait Time. This widget displays information about the average wait time to acquire a lock. This widget
displays a line graph. The line graph displays Average Wait Time.

l The y axis displays the wait time, in milliseconds.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Microsoft: SQL Server Performance 125

 Deadlocks. This widget displays information about deadlocks. A deadlock occurs when two or more tasks
permanently block each other because each task tries to lock a resource which the other tasks are also trying to
lock. This widget displays a line graph. The line graph displays Number of Deadlocks Per Second.

l The y axis displays the number of deadlocks per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Lock Waits. This widget displays information about the number of lock requests per second that require the
requester to wait. This widget displays a line graph. The line graph displays Lock Waits Per Second.

l The y axis displays the number of waits per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Catalog Cache Hit Ratio. This widget displays information about the ratio between catalog metadata cache hits
and lookups. The ratio is the total number of pages found in the catalog metadata cache divided by the total
number of lookups. This widget displays a line graph. The line graph displays Catalog Cache Hit Ratio.

l The y axis displays the ratio.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Page Life Expectancy. This widget displays information about the number of seconds a page will stay in the buffer
pool (memory cache) without references. This widget displays a line graph. The line graph displays Page Life
Expectancy.

l The y axis displays the number of seconds a page will stay in the buffer pool.
l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

126 Microsoft: SQL Server Performance

 Transactions. A transaction is a sequence of operations that make up a single logical unit of work, usually a
change to the database. This widget displays information about the number of transactions per second to the SQL
server. This widget displays a line graph. The line graph displays Transactions Per Second.

l The y axis displays the number of transactions per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Latch Waits. A latch is an object that ensures data integrity for objects in the buffer pool (memory cache). This
widget displays a line graph. The line graph displays Latch Waits Per Second.

l The y axis displays the number of waits per second.

l The x axis displays time. The increments vary, depending upon the date range selected in the Context Quick
Selector widget.
l Mousing over any point in any line displays the average value at that time-point.
l Clicking on a data point displays the Device Performance graph for the selected parameter on the selected
SQL server.

Microsoft: SQL Server Performance 127

 Chapter

8
Troubleshooting

Overview
The following sections describe some of the error messages that you might see when configuring SL1 to monitor
Windows devices:

Troubleshooting WinRM Error Messages 128

Debugging Code 401 Errors 129
Debugging Code 500 Errors 130
Troubleshooting PowerShell Error Messages 131

Troubleshooting WinRM Error Messages

SL1 can generate the following error messages when problems occur in Windows Remote Management
(WinRM). For each error message, the top-most cause listed is the most likely reason for the error message.

Error / Message Cause / Resolution

Incorrect username and/or password provided in the Bad HTTP response returned from server. Basic
PowerShell Credential. authentication failed. Code 401. (For more
information, see the section Debugging Code 401
Errors.)

Pre-authentication failed while getting initial

credentials.

Client not found in Kerberos database.

Troubleshooting WinRM Error Messages 128

Error / Message Cause / Resolution

The device cannot respond to WinRM requests or the Kerberos-based authentication failed. Code 500. (For
PowerShell credential settings do not match the more information, see the section Debugging Code
device's WinRM configuration. 500 Errors.)

[Errno 111] Connection refused.

ParseError.

Server is offline. Increase the Timeout value on your ScienceLogic

credential.

NOTE: If you receive an error message that is a combination of the first two error messages, then you must
run debugging steps for both Code 401 and Code 500.

Debugging Code 401 Errors

If you encounter a Code 401 error, perform the following troubleshooting steps to debug the error:

l Determine if the error is caused by an issue with the Kerberos ticket:

o Ensure forward and reverse DNS are configured correctly when using Active Directory authentication:

# nslookup [IP address]

# nslookup [hostname]

o Ensure you are able to run the following command without error from the collector:

# kinit [username@DOMAINNAME]

o If you see the following error, change the domain name to all capital letters:

l Ensure that your WinRM settings match your ScienceLogic credential.

o To print out current WinRM settings:

# winrm get winrm/config

o If your ScienceLogic credential says no encryption, AllowUnencrypted should be set to True for both the
Client and the Service:

# winrm set winrm/config/client ‘@{AllowUnencrypted="$true"}’

# winrm set winrm/config/service ‘@{AllowUnencrypted="$true"}’

129 Troubleshooting WinRM Error Messages

 o If you are using local type credentials, basic Authentication should be set to True for both Client and
Service:

# winrm set winrm/config/client/Auth ‘@{Basic="$true"}’

# winrm set winrm/config/service/Auth ‘@{Basic="$true"}’

o If you are using AD type credentials, Kerberos Authentication should be set to True for both Client and
Service:

# winrm set winrm/config/client/Auth ‘@{Kerberos="$true"}’

# winrm set winrm/config/service/Auth ‘@{Kerberos="$true"}’

l In the ScienceLogic credential, ensure the Active Directory Hostname/IP field contains the FQDN and the
LDAP Domain field includes the domain.
l In the ScienceLogic credential, the value in the LDAP Domain field might need to be entered in all capital
letters.
l Ensure your ScienceLogic credentials are correct:

o SSH to your Data Collector and try running the following command:

# wmic -U ‘user%password’ //IP “select * from Win32_ComputerSystem”

NOTE: If you choose to copy and paste the above command from this document into a shell session, you
might have to replace the single and double quotation marks.

l If you are using Windows Servers 2012 and above, make sure that the user you are using belongs to the
group: WinRMRemoteWMIUsers__
l If you are using Windows Server 2008, 2008r2, or below, ensure that the user you are using is an
administrator. This is a Windows requirement.
l If multiple domains are in use, ensure that they are mapped in the [domain_realm] section of the Kerberos
krb5.conf file.

o The [domain_realm] section provides a translation from a domain name or hostname to a Kerberos
realm name.

l Ensure that the username and password are correct and that you can log on to the system.
l Ensure your credential cache is up-to-date:

o SSH to your Data Collector and cd to the /tmp/ directory.

o Do an ‘ls’ to list all the contents of the /tmp/ directory.
o If you see any files that being with “krb5cc_”, delete those files.

Debugging Code 500 Errors

If you encounter a Code 500 error, perform the following troubleshooting steps to debug the error:

l In the ScienceLogic credential, increase the value in the Timeout field (e.g., 180000 ms.).

Troubleshooting WinRM Error Messages 130

 l Increase the timeout in the WinRM settings:

winrm set winrm/config ‘@{MaxTimeoutms=”30000”}’

l Increase the maximum number of concurrent operations per user:

winrm set winrm/config/service ‘@{MaxConcurrentOperationsPerUser=”100”}’

l Increase the maximum number of connections:

winrm set winrm/config/service ‘@{MaxConnections=”100”}’

l Increase the maximum number of concurrent operations:

winrm set winrm/config/service ‘@{MaxConcurrentOperations=”500”}’

l Ensure that the Windows device being monitored is not exceeding its resource thresholds. You can do this by
opening Resource Monitor on the Windows Device and monitoring the CPU usage.

Troubleshooting PowerShell Error Messages

SL1 can generate the following error message when monitoring Windows devices using PowerShell. This error
message usually indicates that an issue with WinRM is not causing the error.

Error / Message Cause / Resolution

Get-Counter The PowerShell object was not found on the device that
The specified object was not found on the computer. is being monitored. To test this, copy the PowerShell
request from the Dynamic Application and run it on the
Windows device in a PowerShell shell as Administrator.
If you get a similar error message, then the counter
does not exist on your Windows device. This means that
the user must install the necessary service on the
Windows device.

131 Troubleshooting PowerShell Error Messages

© 2003 - 2020, ScienceLogic, Inc.
All rights reserved.
LIMITATION OF LIABILITY AND GENERAL DISCLAIMER
ALL INFORMATION AVAILABLE IN THIS GUIDE IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESS OR IMPLIED. SCIENCELOGIC™ AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.
Although ScienceLogic™ has attempted to provide accurate information on this Site, information on this Site
may contain inadvertent technical inaccuracies or typographical errors, and ScienceLogic™ assumes no
responsibility for the accuracy of the information. Information may be changed or updated without notice.
ScienceLogic™ may also make improvements and / or changes in the products or services described in this
Site at any time without notice.

Copyrights and Trademarks

ScienceLogic, the ScienceLogic logo, and EM7 are trademarks of ScienceLogic, Inc. in the United States,
other countries, or both.
Below is a list of trademarks and service marks that should be credited to ScienceLogic, Inc. The ® and ™
symbols reflect the trademark registration status in the U.S. Patent and Trademark Office and may not be
appropriate for materials to be distributed outside the United States.
l ScienceLogic™
l EM7™ and em7™
l Simplify IT™
l Dynamic Application™
l Relational Infrastructure Management™
The absence of a product or service name, slogan or logo from this list does not constitute a waiver of
ScienceLogic’s trademark or other intellectual property rights concerning that name, slogan, or logo.
Please note that laws concerning use of trademarks or product names vary by country. Always consult a
local attorney for additional guidance.

Other
If any provision of this agreement shall be unlawful, void, or for any reason unenforceable, then that
provision shall be deemed severable from this agreement and shall not affect the validity and enforceability
of any remaining provisions. This is the entire agreement between the parties relating to the matters
contained herein.
In the U.S. and other jurisdictions, trademark owners have a duty to police the use of their marks. Therefore,
if you become aware of any improper use of ScienceLogic Trademarks, including infringement or
counterfeiting by third parties, report them to Science Logic’s legal department immediately. Report as much
detail as possible about the misuse, including the name of the party, contact information, and copies or
photographs of the potential misuse to: [email protected]
800-SCI-LOGIC (1-800-724-5644)

International: +1-703-354-1010