Neophyte
As it says on the tin. Error installing watchdog service. On separate customers core DC's, different networks, different proxies, same error. Failed to install watchdog. Browser access to LM works and we're installing as system.
Proxies do not require auth and we're installing with domain admin rights. We've had/have support tickets opened but we haven't been able to resolve this.
Anybody got any ideas.
AdvisorI don't have a solution to that issue, I've not tried deploying to Windows Server core before.
But could you avoid installing the collector on the DC entirely? We treat domain controllers the same as any other Windows Server - we apply least privilege access using a PowerShell script that's very similar to what LM describe here: https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/windows-server-monitoring-and-principle-of-least-privilege
As long as we've got a domain user (not a domain admin), we have the relevant Win Firewall ports open and the user in the right domain groups (both done in GPO) and have run the NonAdmin script (which we push out using GPO) we can monitor DCs from an external collector.
Might be worth a look and avoiding collectors on DCs entirely.
Dave
NeophyteUnfortunately the clients want the AD visibility/management that installing provides , otherwise we'd need a service account with Dom Admin rights and that's not happening.
AdvisorI'm pretty sure the AD modules work just fine when polled from a remote collector without domain admin rights. I think there was one permission we had to set to allow some custom stuff to run, but the built-in LM modules seem to work OK for us if the user account has been assigned permissions by the Non-Admin script.
Dave
AdvisorWe have a handful running server core but they are not DC's. I'm unable to recall if we encountered any issues during the install as it's been years.
Are you using the full package or bootstrap? Are you logged in as an admin?
NeophyteFull package locally copied and installed with Domain Admin rights
NeophyteWe monitor DC's just fine without Domain Admin privliges. You just need to ensure you have given the service account all the required permissions, set the WMI permissions and set the service permissions. The script that comes with the collectors does a good job at granting most of the local permissions.
NeophyteThe issue we've had several times to "all the required permissions" is customers don't want service accounts having any rights on DC's so we just use system and it manages itself.
ProfessorThe collector would need to have the RSAT tools installed to get the get-ad* cmdlets in powershell. It's in the add roles/features of server manager. That allows for the remote collection of AD data.
We've also avoided installing collectors directly on DCs as LM is extremely TCP Port hungry, as is Active Directory. Combining them on the same box is bad for both. With the DC being the heart of any windows enterprise deployment, it's detrimental to the whole domain to use the DC for LM.
