All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
iis5_rulez wrote:when i made a typing error in the hostmonitor startup > service it did run properly... (not sure which account it uses then, the service account or does it fall back to local system account?)
In such case HostMonitors makes API calls without user identification.
iis5_rulez wrote:it just seems to fail when this is set to the same account, other than localsystem that is. (impersonate restriction of windows?)
I am definitely sure, when user is a member of the Administrators group, it works fine. In other case it depends on your security policies. Iimpersonate restriction? Might be. Could you verify "Impersonate a client after authentification" privilegie?
when i made a typing error in the hostmonitor startup > service it did run properly... (not sure which account it uses then, the service account or does it fall back to local system account?)
If you specify invalid username or password, HostMonitor should log "Cannot logon as user ..." message and continue work under account specified by Windows Service applet (Local System account by default).
Looks like account that is specified by Service applet has all necessary rights, while account specified on Service page in HostMonitor's Options dialog does not have some necessary privilege.
it fails when the service account and the account specified in hostmonitor > option > startup > service is the same account. Therefor the rights are the same. I'm using an administrator account for this.
iis5_rulez wrote:it just seems to fail when this is set to the same account, other than localsystem that is. (impersonate restriction of windows?)
I am definitely sure, when user is a member of the Administrators group, it works fine. In other case it depends on your security policies. Iimpersonate restriction? Might be. Could you verify "Impersonate a client after authentification" privilegie?
Regards,
Max
the impersonate right is ok. i was just wondering if u get an access denied or something when u trying to impersonate urself (wouldnt make sense anyway )
Strange situation. We could not reproduce problem with local admin account. We have checked source code one more time and did not find anything suspicious.
Anyway, we recommend specify admin account in Hostmonitor > Options > Service tab, and select Local Admin account in Services.msc applet. Perhaps, there were some problems with impersonate function before version 5.30, but now everithing should work fine.
when we want to edit tests, we stop the service and startup the gui (in a stopped state, since we're performing so many tests, leaving hostmonitor running makes editing very annoying ). This is done by a batch, which also starts up the service when the gui is closed.
I would suggest to stop monitoring (Monitorring > Stop monitoring) instead of using any batches. Also you may change Autosave Option (Options > Preferences tab Autosave Option group). Editing tests will be performed much faster.
Regarding "unable to start script" error. Such error might appear only if user, you have specified in Options > Service, is not able to execute "cmd.exe". Could retype user account and password in Options > Service tab?
we use a specific account for starting up the service, bc we monitor servers outside our domain. By using localsystem as startup we never got it working. (if account and password are the same, windows systems will recognise this, but this doesnt seem to work for impersonation).
i'll be testing this functionality and if the function works in 6.10 now we'll be using the localsystem account and set the account in hostmonitor to the account we want.
In production (5.30) i've set in hostmonitor a bogus account, this will make hostmonitor use the serviceaccount, which is the account we need to run tests. this functions ok. (when i set it to local system here, most tests fail).
i was just wondering if u get an access denied or something when u trying to impersonate urself
Check NT Event Log. If you find "Cannot logon as user..." message from HostMonitor, this means HostMonitor cannot use specified account. "Loged on as user ..." message means LogOnUser function succeed.
However HostMonitor does not record information about ImpersonateLoggedOnUser function result. We can modify code to record more information but not in version 5.30 - its too old. So you will need to install version 6.10 anyway.
Or try to install version 5.30 on different system.
iis5_rulez wrote:we use a specific account for starting up the service, bc we monitor servers outside our domain. By using localsystem as startup we never got it working.
Most of the tests (like CPU Usage, Process, Service, NT Event Log and several others) offer you to specify username password to establish connection with remote system. If you do not want to enter "Connect as" user for each test, you may use Connection Manager. http://www.ks-soft.net/hostmon.eng/profiles.htm#conmgr
Connection Manager provides one convenient place to store account information necessary to perform connections to remote systems.
we monitor 1000's of servers. All servers have a localadmin and password the same as the localadmin which runs hostmonitor (domains are different).
99% of the tests automatically are created by a batch file and imported in hostmonitor. Just specific checks on databases and urls are edited manually.
profile manager doesn't seem to have a wildcard option or a way to import/export the settings, which means we have to created this manually. not an option for us... (probably not smart to be able to have an export option for passwords anyway )
iis5_rulez wrote:profile manager doesn't seem to have a wildcard option or a way to import/export the settings, which means we have to created this manually. not an option for us... (probably not smart to be able to have an export option for passwords anyway )
Yes, I suppose such option will never be implemented
As I see from your previous post, in case when in Options > Service tab is specified Local system account, and in services.msc applet is specified local admin account everything works fine, isn't it? Is such situation sufficient for our needs?
iis5_rulez wrote:i'll be testing this functionality and if the function works in 6.10 now we'll be using the localsystem account and set the account in hostmonitor to the account we want
Have you been trying version 6.10 already? Let me know your conclusion, please.
iis5_rulez wrote:profile manager doesn't seem to have a wildcard option or a way to import/export the settings, which means we have to created this manually. not an option for us... (probably not smart to be able to have an export option for passwords anyway )
Yes, I suppose such option will never be implemented
As I see from your previous post, in case when in Options > Service tab is specified Local system account, and in services.msc applet is specified local admin account everything works fine, isn't it? Is such situation sufficient for our needs?
in test this worked ok. but in production most of my tests would fail on authentication errors.
iis5_rulez wrote:i'll be testing this functionality and if the function works in 6.10 now we'll be using the localsystem account and set the account in hostmonitor to the account we want
Have you been trying version 6.10 already? Let me know your conclusion, please.