6 Replies Latest reply on Aug 29, 2009 12:19 PM by bwilliam13

    Several machines' OS now aren't identified automatically.

      I have about 6-7 machines that went from being identified correctly as Windows machines to being "Unknown" now.  Anyone know what MIB or whatever Solarwinds is reading this information from?

        • Re: Several machines' OS now aren't identified automatically.

          I have been seeing the same problem for some time now. It has been identified a couple of times in other threads but no solution has ever come to light, to my knowledge.

            • Re: Several machines' OS now aren't identified automatically.

              Well, I did an snmpwalk of one of the systems in question.  The SysObjectID you want is 1.3.6.1.4.1.311.1.1.3.1.3

              I got this by looking at the snmp information of a windows host identified correctly.  I then did a complete snmpwalk on the host in question.  Last OID it finds is 1.3.6.1.2.1.4.25.6.3.1.5.xxx

              Which isn't right.  Somewhere along the way, I lost access to the require OID's to look up the required information on those servers.

              Still researching it.

                • Re: Several machines' OS now aren't identified automatically.

                  That is pretty much the same as what I found. For us, it seemed to happen after Windows updates were applied and the system was rebooted. After that, I was only able to see basic information - volumes and interfaces, though in some cases only volumes.

                  Some of them are VMs, others are not. Some I can get CPU and memory stats from, some I cannot. It seems to be a general failure of the Windows SNMP package due to something that changed with a security update from a few months ago.

                    • Re: Several machines' OS now aren't identified automatically.

                      The common theme for all of our machines is that they had to have Symantec Endpoint Protection forcibly removed...which was some manual edits to some registry entries.  I believe this is the cause of our particular issue.  Only the machines that that had to be performed on are suffering this issue.  The instructions called for us to remove:

                       

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent

                       

                      Pretty sure that's what did it.  I have no idea how to get it back.  I'm going to try and export it from a machine that's working (that we did not do this on) and import it to a non-working one.

                        • Re: Several machines' OS now aren't identified automatically.

                          I will have to check with our server guys, but I believe all our servers are still running the SEP agent.

                          Let me know if that works.

                            • Re: Several machines' OS now aren't identified automatically.

                              I ended up opening a ticket with Microsoft on this.

                              In short, the latest version of Symantec Endpoint Protection hosed it all up.  We had to.

                               

                              1.  Obtain the CleanWipe utility from Symantec to remove all folders and registry entries for SEP from the system, then  uninstall Dell OpenManage.

                              2.  Two reboots.

                              3.  Remove teaming on the built-in network cards

                              4.  Reboot.

                              5.  Activate only one NIC

                              6.  Uninstall all SNMP functionality

                              7.  Re-install SNMP functionality

                              8.  Enable NIC teaming

                              9.  Re-install Dell Openmanage  (since they are Dell servers)

                               

                              After this, everything is fine.  Not to bash Symantec, but this is the 5th time in 2 years that we've had an issue like this due to their product(s).  We've learned our lesson.  Our maintenance is up in January, and we won't be renewing.  Luckily we have a relatively small network, so it should take us about 2 weeks to get rid of it and replace it with something else.