The SNMP Service on Windows although no longer supported by Microsoft gives you the flexibility to monitors your systems with a protocol that has much less overhead when compared to WMI. It also empowers you with the ability to generate SNMP traps from Windows Events. In addition to that, Microsoft does still populate a lot of relevant monitoring data to both SNMP and WMI. My general rule of thumb for most items is if you can do it in both, prefer SNMP. This article will show you how to add the SNMP Service to Windows 2012 and 2016, and then configure it according to best security practice.
Adding SNMP Service Windows 2012
- From Server Manager, go to your Add/Remove Features
- Hit next a bunch of times, select SNMP service and hit add
- Yes, this list isn’t quite useful right now. I will spend some more time on this soon.
Adding SNMP Service on Windows 2016
- From Server Manager, go to your Add/Remove Roles/Features
- Hit next a bunch of times, select SNMP Service and Add.
- Yes, this list isn’t quite useful right now either. I will spend some more time on this soon.
DNS Alias for use with SNMP
Before getting to the actual configuration piece, I always recommend setting up a DNS alias for your WhatsUp Gold server. This allows you flexibility for the future. For example, if the IP address of your WhatsUp Gold server needs to change in the future you simply update the DNS alias as opposed to updating the SNMP settings on all of your systems and restarting SNMP. You can easily do this with a one-liner in PowerShell
Add-DnsServerResourceRecordCName -Name "labsrv1" -HostNameAlias "srv1.lab.contoso.com" -ZoneName "contoso.com"
Once you have your DNS alias created, you’re ready to begin your configuration.
Configuring SNMP Service
- Run > services.msc
- Find the SNMP Service in the list, double-click it
- On the ‘Traps’ tab, add your DNS alias as a trap destination
- On the ‘Security’ tab, add your desired community name. Ensure not to use public or private, this is considered a security risk and will be flagged on an audit
- On the ‘Security’ tab, select ‘Accept SNMP packets from these hosts’ and add your DNS alias
- Apply/OK all changes
- Restart the SNMP Service
That’s all. You’re done, now your system will respond to SNMP requests from your WhatsUp Gold server as well as send SNMP traps
SNMP Service in Group Policy
So, you don’t want to login to every system to make these changes? No sweat, you can easily push out these settings through group policy as well. Once again, when I have more time I will cover this more in-depth.