Hi, I have been trying to get the windows updates sensor working for windows servers. We are hosting several windows machines for customers that are NOT part of a domain. Our PRTG server can connect to all those servers through a management gateway, but I have not been able to get the windows updates sensor working.
Only when putting a remote probe on the machines themselfs this sensor is working, but thats not what i want. I thought that the latest PRTG release would be able to support this. Is there a guideline for the steps to take to get this working?
Article Comments
Hi,
After another day of trying, I figured it out:
Here are the steps needed to get it working for servers not in a domain:
All commands need to be entered in powershell as Administrator
ON THE REMOTE SERVER:
To configure Windows PowerShell for remoting, type the following command:
Enable-PSRemoting –force
Also on the remote server you need to set the server with the PRTG-probe as a trusted machine:
Set-Item WSMan:\localhost\Client\TrustedHosts -value 10.X.X.X
In my case, the ip-adres is the management gateway or router ip through which the PRTG connects, so not just the ipadres of the PRTG server itself.
just in case I did a winRM service restart in powershell :
Restart-Service WinRM
On the PRTG-probe server:
To enable authentication from the PRTG-probe, you need to add the remote computer to the list of trusted hosts for the local computer in WinRM. To do so, type:
winrm quickconfig set-item WSMan:\localhost\Client\TrustedHosts -Value "172.X.X.*" -Concatenate set-item WSMan:\localhost\Client\TrustedHosts -Value "172.X.X.*" -Concatenate
In this example I trust hosts in these subnets. You can offcourse also just add the ipadresses of the servers. The concatenate command on the back is to allow a new ipadres or subnet without deleting the other allready entered ip-adresses
Restart-Service WinRM
To check ip-adresses that are trusted:
Get-Item WSMan:\localhost\Client\TrustedHosts
Furthermore: in the PRTG for the sensor to work on a windows machine, you need to enter the windows-machine credentials WITH the computername as the domain.
So every windows machine needs its own credentials, you cannot use the root with credentials to work on all servers. that doesnt work.
And the sensors need to have Negotiate authentication NOT the default Kerberos authentication
I am not entirely sure if this works in every situation, but it works for me, so yeah, great to have this sensor added and working now.
Apr, 2021 - Permalink
Hello Erik,
Thank you for sharing!
Kind regards
Felix Wiesneth - Team Tech Support
Apr, 2021 - Permalink
Hi Erik,
I'm afraid there is no guide yet. With version 21.1.66 it is possible to use this sensor for devices which are not part of a domain. For this you will need to select the option Negotiate authentication in point Authentication Method. For more detailed information, I would recommend to check out the manual page for this sensor.
Kind regards
Felix Wiesneth - Team Tech Support
Apr, 2021 - Permalink