Win7 services required / registry changes ?

[doofologist]

We recently migrated our Hostmon monitored x64 XP systems to x64 Win7, and are using the same kinds of monitors for the system. However, we're noticing a large incidence of 'unknown' status coming up, which typically recover, but typically enough to more than occasionally trigger alerts.

We're using Hostmon v. 8.15

For Services, we ensured that the Remote Registry service is running, as well as the Remote Procedure Call service (and of course 'Server'). Is there anything we should have running ? Is there any crucial Win7 updates in newer versions of Hostmon that we should have ?

I'm hoping there is a handy 'Hostmon and Win7 and you' sticky somewhere, can't find one at the moment

[KS-Soft]

We recently migrated our Hostmon monitored x64 XP systems to x64 Win7, and are using the same kinds of monitors for the system. However, we're noticing a large incidence of 'unknown' status coming up, which typically recover, but typically enough to more than occasionally trigger alerts.

What exactly test methods shows Unknown status? Any description in Reply field of the test?

We're using Hostmon v. 8.15

1) This is some unofficial update. Official realeases are 8.14, 8.26, 8.28, 8.32. http://www.ks-soft.net/hostmon.eng/news.htm
2) Also, officially we do not support Windows 7 yet. However we are testing HostMonitor on Windows 7 and it works fine as we see.
3) Recomended OS: Windows Server 2003 SP2

For Services, we ensured that the Remote Registry service is running, as well as the Remote Procedure Call service

Service test method does not require Remote Registry Service while Remote Procedure Call service is necessary.

Regards
Alex

[doofologist]

Here's the test methods we're getting alerts from:

Performance counter (Available Mbytes, Bytes total/sec)
UNC availability
Process
CPU Usage
NT Event Log

They universally either have no additional info, or report 'RPC call failed' or 'RPC server is unavailable'; however they intermittently report 'OK' with a legitimate value. The RPC service is definitely running, so i'm not sure what would cause this issue. Is there somewhere i can dig to get more interesting logs ?

In the meanwhile, I'll look into getting a more recent Hostmon version; for the time being we're stuck hosting it on x64 XP though :/

[KS-Soft]

If you receive 'RPC server is unavailable' error, this means HostMonitor system did not receive response from remote RPC service. There is no logs that can help you because this is nothing to log.
Usually such errors caused by network problems (bad connection, unreliable router, etc) or some 3rd party software like antivirus monitors or firewall software.

for the time being we're stuck hosting it on x64 XP though

Why don't you install HostMontior on Windows Server 2003 (recommended system) or Windows Server 2008? Both systems are pretty stable, problems were fixed in SP1, SP2.
What is the reason to use NEW WORSTATION OS instead of old releable SERVER OS?? Usually new Windows have a lot of bugs (this is was true for Windows 2000, XP, 2003.. especially XP), also Windows Server edition is able to better handle many simultaneous requests (e.g. TCP requests).

Regards
Alex

[doofologist]

It took some doing, but I duplicated our existing x64 XP hostmon system onto a Win2k3 box with duplicate FW rules, and I also upgraded to 8.32. I successfully imported our old tests, installed as a service, and have it running under the same conditions as the old installation.

Unfortunately, the intermittent 'unknown' results are persistent. All Win2k3 and XP systems being monitored appear normal and results are returned. But for all Win7 hosts, either all but the ping tests come up unknown 100% of the time, or all intermittently return OK (say 1 out of 5 tests).

We have probably around 200 servers with about 10 tests on each now in our environment; is it possible we're seeing some kind of threshold ? My main suspicion is some configuration setting in Win7.

One of our engineers thought it might be that we're reaching the max ephemeral ports on the Hostmon server; we upped it to 65k. Also, added a tcptimedwaitdelay of 30. However, no noticeable difference. Do you have any 'ideal' tcpip registry values to recommend ?

[KS-Soft]

One of our engineers thought it might be that we're reaching the max ephemeral ports on the Hostmon server; we upped it to 65k. Also, added a tcptimedwaitdelay of 30. However, no noticeable difference. Do you have any 'ideal' tcpip registry values to recommend ?

H'm, If this problem is related to HostMonitor and/or Windows where HostMonitor is running, then you should see the same test results on all target systems. While you have problems testing only Windows 7 systems... At the same time everything works fine when HostMonitor is installed on your Windows XP system??
Do I understand this correctly?

Regards
Alex

[doofologist]

So I did some brainstorming with the team, and think we have a lead: the REAL common element on all these new machines is the processor. They're all running dual Nehalems (E5520 @ 2.27Ghz). I am going to pray to the google gods (and our tech rep for these systems) that there is some issue with PerfObj and the processor, but does this ring any bells ?

[doofologist]

To the previous question, it's the XP 'Clients' that don't seem to have the problem. Per my previous update, those systems also are running dual Xeons as opposed to the Nehalems in the newer systems.

[KS-Soft]

To the previous question, it's the XP 'Clients' that don't seem to have the problem.

I am confused Do you mean tests related to Windows 7 systems did not work properly even when HostMonitor was installed on XP system?
I thought you migrated HostMonitor to Windows 7 system and then tests (related to other Windows 7 systems) cannot be performed.

I had picture like this
1) You was running HostMonitor on Windows XP and HostMonitor was able to check remote Windows XP, 2003 and Windows 7 systems
2) You moved HostMonitor from Windows XP to Windows 7 and HostMonitor was able to check remote Windows XP and 2003 systems while tests against Windows 7 systems works unreliable
3) You moved HostMonitor from Windows 7 to Windows 2003 system and nothing changed (compared to configuration #2): HostMonitor is able to check remote Windows XP and 2003 systems while tests against Windows 7 systems works unreliable.

Do you mean that HostMonitor is able to check without problems only systems under Windows XP regardless where HostMonitor is installed (Windows XP, 2003 or Windows 7)?

that there is some issue with PerfObj and the processor, but does this ring any bells ?

I don't think errors like 'RPC call failed' and 'RPC server is unavailable' can be related somehow to Performance Counter DLLs and objects. It looks like some network related problem or RPC service problem.
Also, UNC and NT Event Log tests do not use Performance Counters. UNC test uses network client only.

Regards
Alex

[doofologist]

Well, I've been banging my head against this the last 2 days, and I'm stumped. For whatever reason, we have 2 racks (50 systems) (one of HP systems, one of Supermicro) that were just racked/imaged with Win7, and they give totally erratic results.

Nt log: security/security monitors intermittently report:
Error code 1726 The remote procedure call failed
Error code: 87 : The parameter is incorrect
and then sometimes, the regular OK result (like 5% of the time).

The 'process' monitors also flicker between 'unknown' and 'OK'.

The 'performance counter' alerts for the network interface (Bytes Total) as well as '/memory/available mbytes' also intermittently are 'unknown' and 'OK'.

The unknown status reports every few minutes, so it makes real monitoring impossible.

In our production environment, the original system hosting Hostmon was Win x64. When the new systems were added and the monitors set up, the issues started. I then set up a Win2k3 box, mirrored all the FW rules to it, revved up the newest release version (8.32) and exported the tests to it. The same issues are occuring.

I've now got one of these clients with these issues here locally and performing more tests. Our local production instance of Hostmon (Win2k3, Hostmon ver 8.13) has the same issues monitoring it. It actually reports a different isssue, System Error 1130 - Not enough server storage is available.


I also tried setting up an alternate Hostmon instance on my own workstation (logged in as domain admin) and got the same issues.

My last ditch effort was to install it on one of my co-workers systems running Win7, also logged in as a domain admin. And success ! All the tests run perfectly. I'm going to try setting up a Win7 system in our prod environment and try another Hostmon instance there. There is definitely some kind of Win7 setting that is unfriendly to Hostmon, I just can't for the life of me figure out what it is.

We DO have systems that are correctly being monitored with Win7, and I've pored over the registry settings/services for them, and after mirroring them exactly, the issue persists. I've also gotten packet captures from the affected systems for our network engineers, but they show traffic getting through fine. If you've got any info to pass on from other users with Win7 client issues, I'd be much obliged.

[doofologist]

Figured it out.

HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters

Set 'Size' from 1 to 2

I'm guessing this becomes an issue once a certain threshold in the amount of monitors in reached. In Win7, default set to 2. XP/Win2k3 : 1.

[KS-Soft]

Thank you for information
Actually our XP systems show Size=2, Windows Server 2003 shows Size=3
1 to minimize memory use,
2 to balance memory and network throughput,
3 to maximize network throughput

Regards
Alex