6 Replies Latest reply on Oct 29, 2013 3:10 PM by macnugetz

    False Negative IPmon failures

      Greetings, 

       We're running IPmonitor 9.01 and for the most part, all is well. However, several times a day I get a large number of 'false negative' alerts indicating that a large number of our devices are "down" when in fact, they are up and running fine.  This occurs with PING, services, bandwidth, and all applicable monitors at various times.

      The specific error I'm getting related to these is: "could not obtain an ip address for the remote device" within each of the alerts that are sent out. After a few minutes, the device is "seen" again and shows up green on the map. This happens on pretty much every device, at different times throughout the day/week.

       Clearly this points to a DNS problem, yes? However, all DNS functionality is fine. No event log errors in DNS, recursive tests are good, nslookup tests work fine, etc; 

      Any suggestions would be most appreciated.

        • Re: False Negative IPmon failures
          simonpt

          I had the same problem when I first installed ipMonitor.  However it helped me realise that I didn't want to be reliant on DNS to monitor our infrastructure, ie. I still wanted to monitor everything even if our DNS server went down.  So I switched to using IP addresses.  It's a pain to change new monitors to using IP addresses (mass edit helps if there's lots of them) but it's definitely a better approach.


          HTH


          Rgds, Simon

            • Re: False Negative IPmon failures

              That's actually a very good idea. I have no problem going straight IP instead of using FQDNs. 

               I did not set IPmon up so maybe I'm missing something. When I remove a device and rescan by IP, the hostname/FQDN stil shows up after the scan is complete. Is there some sort of Global IPmonitor DNS setting that I have to either turn off or disable? 

               

                • Re: False Negative IPmon failures
                  simonpt

                  ipMonitor is doing a DNS reverse lookup on your IP address to give the device a friendly name.  That's fine -- you'll want your devices to have meaningful names instead of IP addresses.


                  Simply edit a monitor and change the IP Address / Domain Name from the FQDN to the IP address.  To do this on all monitors for a device, select them, go Edit > (Mass Edit) Monitor Properties, Replace IP Address / Domain Name by Overwrite, Replace with <ip address>.


                  I also find it handy to have IP / Domain show when in Devices view looking at monitors.  That way I can easily see if there are any monitors that I've forgotten to change from FQDN to IP address.  To do this, right click on the area to the right of the last column heading and select Common Configuration Settings > IP Address / Domain name.


                  Rgds, Simon

                    • Re: False Negative IPmon failures

                       By golly I do believe that this is actually going to resolve the issue. So far I'm not getting any "can't resolve IP address" alerts. I do get the occasional "RPC server not found" and "Can't find Network Path", but I'll dig in to those at another time.

                       I'd buy you a cheeseburger if I could, Simon.

                        If and when someone tries to give me credit for fixing this, I'm simply going to say "It was Simon".

                      Thanks, mate!!

                       

                • Re: False Negative IPmon failures
                  jwgranger

                  I going through the same pain now in 2013. I'm on version 10. Changing the IP does not resolve the issue for me. Some history:

                   

                  1. The IP monitor system is on a HyperV virtual machine outside the network.

                  2. The Monitors are for internal services, and the monitor is HTML/ASP to hostname.

                  3. I used an IP instead, and that didn't work.

                  4. I then used a different monitor, HTTP using and IP instead of hostname and that didn't work.

                   

                  Any ideas? What I am I truly getting with that monitor and could or should I use Ping?