Forum Discussion

Ch_in_may9199's avatar
3 years ago
Solved

If we enrolled VM for OS monitoring and domain got changed for the same VM after few days then, will this OS monitors continue as it is or any issue can occur?

Hi Team,

I am enrolling the OS metrics monitoring in LM , we come to know that their might me change in domain name of VM (hostname or IP will be remain as it is ) in next few days, will it affects to this existing monitors ? how will be the behavior

and also if same case happened with the controller VM ( same case means - Change in Domain name of hosted VM)  then what will be the behavior ?

what are the precautions we should take any ideal steps to handle such scenario? 

  • Anonymous's avatar
    Anonymous
    3 years ago

    As far as LM is concerned, the identity of the server is tied to the IP address that the Collector uses to monitor it. You can change a lot of things about the device, but as long as the device IP address stays the same, LM will consider it the same device. Discovery will eventually run on the device after you make the change, potentially causing some instances/DataSources to disappear since they no longer apply, and new ones may show up. Depends on the change you make to the device.

    There are only two things to consider here: reachability and authentication. Unless you're changing the IP address or the network in some way, reachability is unaffected. Authentication is the only thing to keep in mind here. Your Collector defaults to using integrated authentication, meaning that the credentials used to run the Collector service are used to communicate with remote devices. In this case, if some target servers are moved to another domain, you'll need to make sure that the credentials used to run the Collector service still have the requisite permission on those systems in the new domain. This can be accomplished, like @Mike Moniz mentioned, using a trust between the two domains.

    The other way authentication can happen is if you specify the Windows credentials as properties on the devices in LM. If you do this, the Collector uses those credentials instead of the integrated credentials for access to remote systems.

    Look at these two support documents: https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/defining-authentication-credentials and https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/credentials-for-accessing-remote-windows-computers/

6 Replies

  • I'm going to assume you mean that a Windows system will be changing to another Active Directory domain? The biggest issue likely will be due to credentials. Windows monitoring uses WMI and typically using a local/domain admin account on that system. You want to make sure the credentials either continue working (like if there is trust between domains) or you update the credentials to use the new domain, either on the collector itself if it also changed domain or the wmi.user/wmi.pass properties.

     

  • Thanks for the response.

    anyway even if the credentials retain  (Like Username and passwords) still domain change needs to handle in crednetials.

    So what are the impacts of such domain switching activity ? 

    Like ,

    will it loss all gathered OS metrics which were collected before domain switchover ?

    will all reports affected due to  ?

    in case of domain switch over will added hosts lost from configuration and will it back once after update in domain username password ? please correct my understanding.

     

    what are the impacts on collector due to this domain changing ? 

     

    Sorry in case of any confusion from my side.

     

     

     

  • I don't expect you would lose any history or settings in LogicMonitor. Likely just gaps in monitoring during your migration. LM doesn't talk with AD/LDAP for information so it's not going to just suddenly delete everything. If the Collector is not able to talk with the server for any reasons, it just will keep trying until it can and just have monitoring gaps. You can decommission the server completely and LM will still attempt to gather data until you remove it from LM itself.

    Is the Collector server also moving domains? I would just restart the Collector services to make sure it can start properly or if it needs it's login credentials updated.

    If you use SSO with LogicMonitor that might be affected by this domain change, you might want to look into that but I'm not familiar with that part.

    If you are worried about details or need to complete a full ITIL change ticket or the like, it might be worth talking with LM Support or your rep who I think can look at your specific situation.

  • Thanks for the response. 

    So please help confirm if my understanding

    if  for 1 server example 123@abc.com has changed  domain to 123@xyz.com, then this 123 host will be not consider as new enrollment ,it will ne the existing monitoring only ?  

    post changing domain , is there any best practices steps for controller. 

    also please consider below one more scenario:

    there are total 100 server out of which domain migrated for only 50 servers and LM controllers are not part of such migrated list , what can be the issue in this case .

    will all migrated node monitors continue from LM ( from old Domain)? s any steps that should be too while such domain migration ? 

  • Anonymous's avatar
    Anonymous

    As far as LM is concerned, the identity of the server is tied to the IP address that the Collector uses to monitor it. You can change a lot of things about the device, but as long as the device IP address stays the same, LM will consider it the same device. Discovery will eventually run on the device after you make the change, potentially causing some instances/DataSources to disappear since they no longer apply, and new ones may show up. Depends on the change you make to the device.

    There are only two things to consider here: reachability and authentication. Unless you're changing the IP address or the network in some way, reachability is unaffected. Authentication is the only thing to keep in mind here. Your Collector defaults to using integrated authentication, meaning that the credentials used to run the Collector service are used to communicate with remote devices. In this case, if some target servers are moved to another domain, you'll need to make sure that the credentials used to run the Collector service still have the requisite permission on those systems in the new domain. This can be accomplished, like @Mike Moniz mentioned, using a trust between the two domains.

    The other way authentication can happen is if you specify the Windows credentials as properties on the devices in LM. If you do this, the Collector uses those credentials instead of the integrated credentials for access to remote systems.

    Look at these two support documents: https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/defining-authentication-credentials and https://www.logicmonitor.com/support/getting-started/advanced-logicmonitor-setup/credentials-for-accessing-remote-windows-computers/

  • Thanks Stuart and Mike.

    This all info is helpful for me.

    Only last question for now, IS FQDN important while configuring LM Collectors?  what can be impact post changes domin to LM collectors? 

    Is there and Specific steps needs to take to avoid issue ?