Application Performance Analytics via WMI with SIOS iQ

SIOS iQ has the ability to perform application level analytics and correlation with infrastructure level analysis for applications residing on Windows Servers running 2008R2 and later. Application performance analysis uses remote access WMI functionality and currently only supports MSSQL. Application performance analysis works by using an Active Directory Domain user account that has Local Administrator permissions on the MSSQL server to be monitored and by entering those credentials in the VM Guest OS Credentials section of the SIOS iQ Environment properties. In order to use this feature, the following prerequisites must be met and performed on the MSSQL server(s).

Prerequisites:

  • Up to date VMWare Tools must be installed and running on the VMs to be accessed by SIOS iQ for application performance analysis.
  • The MSSQL server must be a member of an Active Directory domain. WMI access to non-domain servers is not supported.
  • Create an Active Directory domain user account with Local Administrator permissions.
  • Update the Windows Firewall configuration for remote WMI and DCOM access.
  • Enable the Remote Registry service.
  • Modify permissions on a Registry Key.

Create an Active Directory Domain user account for WMI access

Create a domain user account and make it a member of the local Administrators group on the MSSQL server. This is the account that SIOS iQ will connect to on the MSSQL server via WMI. This account does not need to be a Domain Administrator but must have Local Administrator permissions. To prevent connection issues set the password on the account to never expire.

Windows Firewall configuration

To allow for remote WMI and DCOM access certain firewall rules must be enabled. Without the following firewall rules, Connection timeout errors will occur in the SIOS iQ mssql provider log file. The simplest option is to disable the firewall. If disabling the firewall is not an option, create and modify the following rules to allow remote WMI and DCOM network traffic.

  • Open Windows Firewall with Advanced Security
  • Add a new inbound rule:
    • Rule Type = Predefined, select Windows Management Instrumentation (WMI)
    • Enable all three Predefined Rules
    • Action = Allow the connection
  • Add another new inbound rule:
    • Type = Program
    • Program Path = %SystemRoot%\System32\dllhost.exe
    • Action = Allow the connection
    • Apply the rule to the Domain profile
    • Rule Name = SIOS iQ WMI Access
  • Enable rule “File and Printer Sharing (NB-Session-In)” for the Domain profile
  • Enable rule “File and Printer Sharing (SMB-In)” for the Domain profile

Remote Registry Service

By default, this service is already enabled. Go to Services on the server and verify that the Remote Registry service is running and starts automatically.

Registry permissions changes

In order for SIOS iQ to use WMI remotely, the WBEM Scripting Locator registry key permissions must be modified.

  • Run regedit, expand HKEY_CLASSES_ROOT, right-click CLSID and select Find. In the “Find what” field type 76A64158-CB41-11D1-8B02-00600806D9B6 and click Find Next.
  • Right-click the key and select Permissions.
  • Click Advanced and change the owner to the local Administrators group.
    • (Server 2008R2) Select the Owners tab and click the “Administrators ([servername]\Administrators)” under Change Owner To and click Ok.
    • (Server 2012R2) Click “Change” link, click Location (you may be required to provide credentials to make changes), Click the local server name under location and click OK. Type “Administrators” for the object name and click “Check Names”. The object name should now show “[servername}\Administrators”, click OK. Click Apply and then OK on the Advanced Security settings dialog box.
  • Under the Security tab, highlight the Local Administrators group and check Allow Full Control and click OK.
  • Once the permissions on the registry key are updated, repeat the same steps to set the owner back to “NT Service\TrustedInstaller”.
    • Right-click the key and select Permissions.
    • Click Advanced and change the owner.
      • (Server 2008R2) Select the Owners tab and click “Other users or groups”. Type “NT Service\TrustedInstaller” and click Check Names. The object name should now show “TrustedInstaller”, click OK. Click OK on the Advanced Security settings dialog box.
      • (Server 2012R2) Click “Change” link, click Location (you may be required to provide credentials to make changes), Click the local server name under location and click OK. Type “NT Service\TrustedInstaller” for the object name and click “Check Names”. The object name should now show “TrustedInstaller”, click OK. Click OK on the Advanced Security settings dialog box.
  • Click OK on the Permissions dialog box and close the registry.

Once the above changes are implemented, SIOS iQ is ready to begin the performance analysis of the MSSQL servers in the Environment.

Helpful Tools and Tips

The wbemtest.exe tool comes pre-installed on Windows servers that have WMI installed. It can be a useful tool to verify if remote WMI access has been properly configured for a given Windows server.

To verify access to a Windows server:

  • On a different server that can access the machine to verify, run the wbemtest.exe program.
  • Click the Connect button.
  • Change the namespace at the top to \\(servername)\root\cimv2. The default doesn’t contain the hostname but put your server name in.
  • Set the username and password to the domain username and password that will be used to remotely access WMI data.
  • Click Connect.
  • Click the Query button.
  • Choose WQL for the query type.
  • In the query text area type “select * from win32_process” and click execute (or apply).
  • Verify that results are displayed in the resulting table.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment