Pages

Wednesday, 22 January 2014

SNMP configure to use PRTG

Subject: How to configure SNMP in Ubuntu (monitored by PRTG)

Step 1: Install SNMP

Step 2: Configure SNMP

1_ Configure file /etc/snmp/snmpd.conf

Run:
#vi /etc/snmp/snmpd.conf

Un-comment this line:
  • #  Listen for connections from the local system only
    #agentAddress  udp:127.0.0.1:161
    #  Listen for connections on all interfaces (both IPv4 *and* IPv6)
    agentAddress udp:161,udp6:[::1]:161
Change this line:
  • #rocommunity public  localhost
                                                     #  Default access to basic system info
     rocommunity nhutcom  
Where "nhutcom" is community string for SNMP target

Change this line:
  • #rocommunity secret  10.0.0.0/16
    rocommunity secret 172.18.72.0/24,172.16.72.0/24,172.18.21.0/24
With 172.18.72.0/24,172.16.72.0/24,172.18.21.0/24 is network we want to allow get SNMP traffic from   

2_ Configure file /etc/default/snmpd

Change this line from:

  • SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1'
To: 
  • SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
Just remove 127.0.0.1 at the end of the line.

After done all above step, let check the result, run:

#snmpwalk -v 2c -c <comminity string> localhost

and
#snmpwalk -v 2c -c <string> <IP external of the server>      //snmpwalk -v 2c -c nhutcom 192.168.1.1

And the result should be

  • SNMPv2-MIB::sysDescr.0 = STRING: Linux blablabla 2.6.18-308.el5 #1 SMP Tue Feb 21 20:05:41 EST 2012 i686
    SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
    DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (15216041) 1 day, 18:16:00.41
    SNMPv2-MIB::sysContact.0 = STRING: Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
    SNMPv2-MIB::sysName.0 = STRING: blablabla
    SNMPv2-MIB::sysLocation.0 = STRING: Unknown (edit /etc/snmp/snmpd.conf)
    SNMPv2-MIB::sysORLastChange.0 = Timeticks: (3) 0:00:00.03
    SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
    SNMPv2-MIB::sysORID.2 = OID: TCP-MIB::tcpMIB
    SNMPv2-MIB::sysORID.3 = OID: IP-MIB::ip
    SNMPv2-MIB::sysORID.4 = OID: UDP-MIB::udpMIB
    SNMPv2-MIB::sysORID.5 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
    SNMPv2-MIB::sysORID.6 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
    SNMPv2-MIB::sysORID.7 = OID: SNMP-MPD-MIB::snmpMPDCompliance
    SNMPv2-MIB::sysORID.8 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
    SNMPv2-MIB::sysORDescr.1 = STRING: The MIB module for SNMPv2 entities
    SNMPv2-MIB::sysORDescr.2 = STRING: The MIB module for managing TCP implementations
    SNMPv2-MIB::sysORDescr.3 = STRING: The MIB module for managing IP and ICMP implementations
    SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for managing UDP implementations
    SNMPv2-MIB::sysORDescr.5 = STRING: View-based Access Control Model for SNMP.
    SNMPv2-MIB::sysORDescr.6 = STRING: The SNMP Management Architecture MIB.
    SNMPv2-MIB::sysORDescr.7 = STRING: The MIB for Message Processing and Dispatching.
    SNMPv2-MIB::sysORDescr.8 = STRING: The management information definitions for the SNMP User-based Security Model.
    SNMPv2-MIB::sysORUpTime.1 = Timeticks: (2) 0:00:00.02
    SNMPv2-MIB::sysORUpTime.2 = Timeticks: (2) 0:00:00.02
    SNMPv2-MIB::sysORUpTime.3 = Timeticks: (2) 0:00:00.02
    SNMPv2-MIB::sysORUpTime.4 = Timeticks: (2) 0:00:00.02
    SNMPv2-MIB::sysORUpTime.5 = Timeticks: (2) 0:00:00.02
    SNMPv2-MIB::sysORUpTime.6 = Timeticks: (3) 0:00:00.03
    SNMPv2-MIB::sysORUpTime.7 = Timeticks: (3) 0:00:00.03
    SNMPv2-MIB::sysORUpTime.8 = Timeticks: (3) 0:00:00.03
    HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (15326821) 1 day, 18:34:28.21
    .... And more
And should not : "Timeout: No Response from localhost"

And don't forget to put SNMP deamon to automatically start when system start


One thing, when using snmptester of Paessler to check, the result maybe:
 Just ignore it. Let declare your server into your monitor system.


===================================
DO THE SAME TASK WITH CENTOS
===================================

Setup and configure SNMP in Centos and Ubuntu have some differences:


# yum install net-snmp-utils net-snmp
# up2date -v -i net-snmp-utils net-snmp
# vi /etc/snmp/snmpd.conf
Find the following Line:
com2sec notConfigUser  default       public

Replace with (make sure you replace 192.168.0.0/24 with your network/subnet) the following lines:
com2sec local     localhost           public
com2sec mynetwork 192.168.0.0/24      public
Find Lines:
group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

Replace with:
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
Find line:
view    systemview     included      system

Replace with:
view all    included  .1                               80
Find line:
access  notConfigGroup ""      any       noauth    exact  systemview none none

Replace with:
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none
Find lines:
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)

Replace with (make sure you supply appropriate values):
syslocation Linux (RH3_UP2), Home Linux Router.
syscontact YourNameHere <you@example.com>
































Friday, 3 January 2014

Exchange 2013 Step to ...

Some assumption:

Root domain name : ntest.local
Pass admin : <..>
NETBIOS domain name : NTEST
Login user: ntest\administrator
Pass: <..>
Exchange Organization is : ntest
External domain: ntest.com 
- We will install Mail box role and Client Access role in separate server.
- Server OS will be Window server 2012 R2.

Some note:
- If server created base on virtual machine, execute system preparation before use the machine or you have to experience some un-control errors that come up when install or configure the system.
- Make sure all service with "Automatic" window service status is "Running".
- Check network to make sure IPv6 is enabled.



1) Promote Server to domain controller

Primary domain controller:
IP : 172.16.55.108


2) Install Exchange Mailbox role

Software Pre-Installation step:
     Open Windows PowerShell.
     Run the following command to install the required Windows components.
  • Install-WindowsFeature RSAT-ADDS
  1. Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation
    
      After Preinstallation step, the result should be

     And server reboot will be required.
     Install some requirement software pack (click this link to download require software):
   

Precheck step:
     Open command prompt, navigate to exchange installation directory and run:

  • setup /PrepareSchema /IacceptExchangeServerLicenseTerms
     The result should be OK on both step. After that, run:

  • setup /PrepareAD  /OrganizationName:ntest /IacceptExchangeServerLicenseTerms
     And also, the result should be OK on both step.
     After completed all of checking step, run setup.exe from installation directory and follow guide step to install. And result should be:


3) Install Exchange Client Access role

The Precheck and PreInstall software step of this role will be similar with Mailbox role.
And after completed all of checking step, run setup.exe from installation directory and follow guide step to install.

4) Configuration step:
Create Send Connector:
Open the EAC by browsing to the URL of your Client Access server. For example, https://<IP Client Access Server>/ECP.

Enter your user name and password in Domain\user name and Password and then click Sign in.
Go to Mail flow > Send connectors. On the Send connectors page, click New Add Icon.

In the New send connector wizard, specify a name for the Send connector and then select Internet. Click Next.
Verify that MX record associated with recipient domain is selected. Click Next.

Under Address space, click Add Add Icon. In the Add domain window, make sure SMTP is selected in the Type field. In the Fully Qualified Domain Name (FQDN) field, enter *. Click Save.

Make sure Scoped send connector isn't selected and then click Next.

Under Source server, click Add Add Icon. In the Select a Server window, select a Mailbox server. After you've selected the server, click Add and then click OK.
Click Finish.
Add additional accepted domain:
Open the EAC by browsing to the URL of your Client Access server. For example, https://<IP Client Access Server>/ECP.
Enter your user name and password in Domain\user name and Password and then click Sign in.
Go to Mail flow > Accepted domains. On the Accepted domains page, click New Add Icon.

In the New accepted domain wizard, specify a name for the accepted domain.

In the Accepted domain field, specify the SMTP recipient domain you want to add. For example, ntest.com.
Select Authoritative domain and then click Save.

Configure default email address policy:
Open the EAC by browsing to the URL of your Client Access server. For example, https://<IP Client Access Server>/ECP.
Enter your user name and password in Domain\user name and Password and then click Sign in.
Go to Mail flow > Email address policies. On the Email address policies page, select Default Policy and then click Edit Edit Icon.

On the Default Policy Email Address Policy page, click Email Address Format.

Under Email address format, click the SMTP address you want to change and then click Edit Icon.

On the Email address format page in the Email address parameters field, specify the SMTP recipient domain you want to apply to all recipients in the Exchange organization. This domain must match the accepted domain you added in the previous step. For example, @ntest.com. Click Save.
Click Save
In the Default Policy details pane, click Apply.



Configure internal/external URLs:
Open the EAC by browsing to the URL of your Client Access server. For example, https://<IP Client Access Server>/ECP.
Enter your user name and password in Domain\user name and Password and then click Sign in.
Go to Servers > Servers, select the name of the Internet-facing Client Access server and then click Edit Edit Icon.

Click Outlook Anywhere.

In the Specify the external hostname field, specify the externally accessible FQDN of the Client Access server. For example, mail.ntest.com.
While you’re here, let’s also set the internally accessible FQDN of the Client Access server. In the Specify the internal hostname field, insert the FQDN you used in the previous step. For example, mail.ntest.com.
Click Save.
Select owa (Default Web Site) and click Edit Icon.
In External URL, type https://, then the unique Outlook Web App FQDN you want to use, and then append /owa. For example, https://owa.ntest.com/owa.



Click Save.
Select ecp (Default Web Site) and click Edit Icon.
In External URL, type https://, then the same Outlook Web App FQDN that you specified in the previous step, and then append /ecp. For example, https://owa.ntest.com/ecp.


Click Save.

You can do the same task for all remain virtual website:




After configure all paramenters, take a look with this:

Virtual directory
External URL value
Autodiscover
No external URL displayed
ECP
https://owa.ntest.com/ecp
EWS
https://mail.ntest.com/EWS/Exchange.asmx
Microsoft-Server-ActiveSync
https://mail.ntest.com/Microsoft-Server-ActiveSync
OAB
https://mail.ntest.com/OAB
OWA
https://owa.ntest.com/owa
PowerShell
http://mail.ntest.com/PowerShell

After configure external domain, try to access OWA via web browser, the result look like:



Configure SSL:

[To be continue ....]