WTCS.ORG

    SNMP4NT(c)
(Implementing SNMP and Performance DLLs on Windows NT 3.51/4.0)


Download the latest version of SNMP4NT!                 Click to see supported performance counters supported by SNMP4NT!
Last updated on: 26Aug2000
PERFMIB.MIB date: 16Aug2000    MIB.BIN date: 26Aug2000


Theory of Operation
Installing SNMP on Windows NT 3.51    Installing SNMP on Windows NT 4
Creating an SNMP Service Account    Main SNMP Components
Installing Base SNMP4NT(c)    Accessable Statistics
Generating your own PERFMIB.MIB

Do you think SNMP4NT(c) is worthy?


Theory Of Operation

The SNMP service running under Windows NT 3.51 and 4.0 supports SNMP version 1, and provides an SNMP agent that allows remote, centralized SNMP management of one or more of the following:

Some of the information above can be made available by extracting performance counters (as can be seen in the Performance Monitor application) from the Windows NT system, and some information (i.e WINS, DHCP and IIS) must be made available by incorporating MIBS from those services into the SNMP service running  on the Windows NT system.

In all cases, the MIBS for performance counters and/or others must be compiled into a binary file (called MIB.BIN) so that when an SNMP GET request is made (either locally or remotely), an intermediate system file (called PERFMIB.DLL) makes a call to MIB.BIN and the appropriate information is returned to the system that made the SNMP request.

Confused?  It's really not all that complicated once you have been doing it for 3 years or so (a little humour to break up this boring, monotonous, teckno-geek stuff!).

grnball.gif (995 bytes) Here is an hyperlink to an article that (I think) is one of the best descriptions of SNMP under Windows NT.   Check it out at http://www.microsoft.com/technet/network/networkm.asp.   In particular, there is an excellent section on configuring your system for SNMP Traps!


redball.gif (995 bytes) Before you can do anything, you MUST install the SNMP service!  Reapply the service pack when finished!

redball.gif (995 bytes) Install SNMP before any applications!!  If you don't, applications may not install SNMP support!


Installing the SNMP service on Windows NT 3.51

Installing: 

redball.gif (995 bytes) Since you will need to get the SNMP service software off your original NT installation CD, you will have to reboot your system, then re-apply Service Pack 5 (or later) before continuing.  BE SURE TO DO THIS!

Configuring: 

That's it!  After a reboot, you have the SNMP service successfully installed for Windows NT 3.51!  Now, see the "Creating an SNMP service account" section.   Once you have completed that, you are now ready to install SNMP4NT(c) and are one step away from being able to access these counters using SNMP!


Installing the SNMP service on Windows NT 4

Installing: 

Configuring: 

You can also do this (later) by:

redball.gif (995 bytes) Since you will need to get the SNMP service software off your original NT installation CD, you will have to reboot your system, then re-apply Service Pack 6a (or later) before continuing.  BE SURE TO DO THIS!

That's it!  After a reboot, you have the SNMP service successfully installed for Windows NT 4.0!  Now, see the "Creating an SNMP service account" section.   Once you have completed that, you are now ready to install SNMP4NT(c) and are one step away from being able to access these counters using SNMP!


Creating an SNMP service account

Once the SNMP Performance DLL (PERFMIB.DLL) is registerd as an SNMP extension agent, it will "PROBE" all the performance counters, even if you are not asking to GET information from them.  If (for example) you have SQL Server installed on a system that has SNMP "hooked" to the performance counters, SNMP will try to log into SQL Server to gather SQL stats.   It will try to login continuously (like every 2 seconds), and has the potential to crash SQL.  Look in the Security Event Log if you suspect this to be happening.  In order to resolve this, the SNMP service must be started with an account that has the permission to access application (i.e. SQL server).

Follow these simple steps and you will see this problem disappear:


Main Windows NT SNMP Components

PERFMIB.MIB - is a Windows NT Specific Management Information Base).  It is a specially formatted text file that contains numeric representations (called OIDs, or Object Identifier Descriptors) of the specific performance counters you have extracted from the Performance Counter application using the utility called perf2mib.exe.  Once created, it is copied to the %systemroot%\system32 directory.

PERFMIB.INI - is the corresponding INI file for PERFMIB.MIB.  It is also created by perf2mib.exe when Performance Counters are extracted.  Once created, it is also copied to the %systemroot%\system32 directory.

SNMP4NT(c) contains pre-extracted PERFMIB.MIB and PERFMIB.INI files.  They are generated on the WTCS Corporate Server (built in Edmonton, Alberta, Canada).  PERFMIB.MIB contains many base Windows NT Performance Counters (including system and network protocols), as well as extracted Performance Counters from MS Exchange 5.5 and MS Proxy Server 2.0.  See the page here for details.

 

MIB.BIN - is a binary file that gets created once the PERFMIB.MIB and other MIBS for applications or services that may be installed on the Windows NT system are compiled.  Once created, it is copied to the %systemroot%\system32 directory along with PERFMIB.MIB and PERFMIB.INI.

SNMP4NT(c) contains a pre-compiled MIB.BIN which includes the Performance Counters extracted into PERFMIB.MIB (above), as well as several others (including WINS, DCHP, IIS, HHTP, FTP, LANMAN and MS SQL Server).

 

PERFMIB.DLL - is a file provided by Microsoft which gets registered (or "hooked") into SNMP as an extension agent.  Its' job (my defintion, I could not find an official one) is to intercept SNMP requests, and make a call to MIB.BIN, whose job it is to look up and provide the information requested.  It is copied to the %systemroot%\system32 directory along with MIB.BIN, PERFMIB.MIB and PERFMIB.INI.


Installing Base SNMP4NT(c)

Since all the hard work has been done (and SNMP is correctly installed), all you need to do is download the latest SNMP4NT(c) Standard Edition (free!), extract it into a directory (or onto a floppy if you want) and run the batch file called MIBINST.BAT (located in the \MIBINST directory) to install it on the Windows NT system you want to monitor.

You can access the SNMP4NT(c) Download page here.

What MIBINST.BAT does:

Once that has been done, you are ready to roll.  If you have a Network Management Station (NMS) you will need to copy the MIBS in the \MIBINST\MIBS directory to the appropriate directory in your NMS.  Otherwise, if you know the OIDs to query, you can use SNMPUTIL.EXE and access them from a command prompt.  I would suggest that you go to the Testing your implementation Page, and download getif.  If you are using getif, follow these instructions:

1) Stop getif if you are using it.
2) Copy ALL the MIBS in the \MIBINST\MIBS subdirectory to the MIBS directory below the getif installation directory.
3) Delete the ".index" file in the MIBS directory
4) Restart getif


redball.gif (995 bytes) Remember that the SNMP MUST have SNMP sucessfully installed and configured (i.e. community name).  It does not have to have SNMP4NT(c) installed on it in order to query another system that does have SNMP4NT installed.

redball.gif (995 bytes) If you have a need or desire to add additional counters, see the section called "Generating your own Performance Counter MIB (PERFMIB.MIB)".


Performance counters accessable after SNMP4NT Installation

This section lists some of the more "meaningful" statistics you will be able to monitor after installing SNMP on your Windows NT server. A short definition accompanies each.

Since SNMP4NT's PERFMIB.MIB is compiled with numerous other MIBs (including HTTP.MIB, FTP.MIB and INETSRV.MIB), the result is that MIB.BIN allows Internet Server (IIS), HTTP and FTP stats to be queried as well (but you must have installed IIS AFTER SNMP!


Generating your own Performance Counter MIB (PERFMIB.MIB)

In order for SNMP to access performance counter and application informaion from your Windows NT server or workstation, the following steps must be performed.

  1. Install and configure the SNMP service (and make sure the latest service pack is reapplied).
  2. Extract Windows NT Performance Counter information and create a Performance MIB (PERFMIB.MIB).
  3. Compile this PERFMIB.MIB (and others) into a MIB.BIN file.
  4. Copy this MIB.BIN file (which contains support for all the MIBS compiled in step 3) and a support DLL (PERFMIB.DLL) into the %SYSTEMROOT%\SYSTEM32 directory
  5. Register the Performance Counter "Extension Agent"  or "hook" the Performance Counter MIB into the SNMP service.

If for some reason, you did not want to extract performance counter information, you could eliminate step 2, and (in step 3) only compile the MIBS you wanted (i.e. WINS/DHCP/SQL) into MIB.BIN.  Then carry on on with steps 4 and 5.

 

So... How is this done?

If you have added a program to your WIndows NT system, and would like to add it's performance counters to PERFMIB.MIB, then you will need to run PERFM.BAT.  Specifically, you will need to modify the part of perfm.bat that takes performance counters and adds them to the MIB file (PERFMIB.MIB). This is done by editting the PERF2MIB.EXE line in PERFM.BAT.

PERFM.BAT is a batch file that will create a MIB file (PERFMIB.MIB) from the performance counters, compile it into a binary file (MIB.BIN), stop the SNMP service, copy some files (PERFMIB.MIB, PERFMIB.DLL, PERFMIB.INI and MIB.BIN) to your Windows NT system directory, and restart SNMP.

 

Here's how it works ...

We will use 2 theoretical counters for examples. Lets say you start Performance Monitor, and you can see 2 counters (in the object field) that you would like to add to PERFMIB.MIB. One is called
ProgStat and the other is called Program Statistics (note the space between the words).


In PERFM.BAT (as part of SNMP4NT.EXE - 16Aug2000), the perf2mib.exe line currently looks like this (note that it is a single line!)...

perf2mib PERFMIB.MIB PERFMIB.INI memory 1 memory processor 2 CPU "Network Interface" 3 net PhysicalDisk 4 pdisk LogicalDisk 5 ldisk "Paging File" 6 pagefile Process 7 process Redirector 8 redirector TCP 9 tcp IP 10 ip UDP 11 udp NetBEUI 12 netbeui "NBT Connection" 13 nbtconn "NWLink IPX" 14 nwlinkipx "NWLink SPX" 15 nwlinkspx "RAS Total" 16 rastotal Server 17 server "Server Work Queues" 18 srvrqueues Cache 19 cache MSExchangeMTA 20 ExchMTA "MSExchangeMTA Connections" 21 ExchMTAConn MSExchangeIMC 22 ExchIMC MSExchangeIS 23 ExchIS "MSExchangeIS Public" 24 ExchISPub "MSExchangeIS Private" 25 ExchISPriv MSExchangeDS 26 ExchDS "Web Proxy Server Service" 27 WebProxySrvr "WinSock Proxy Server" 28 WinSockProxySrvr "Web Proxy Server Cache" 29 WebProxySrvrCache Telephony 30 Telephony "RAS Port" 31 RASPort "NWLink NetBIOS" 32 NWNetBIOS System 33 NTSystem "Packet Filtering" 34 PacketFilter "Web Service" 35 WebService

If you want to add the ProgStat counter to PERFMIB.MIB, you would add another counter to the perf2mib line (remember, the last statistic on the perf2mib line is 35!) like so...

ProgStat 36 ProgStat

Note that you have incremented the number from 35 to 36!


If you want to add the Program Statistics counter to PERFMIB.MIB, you would (again) add another counter to the perf2mib line (the last statistic on the perf2mib line is now 36!) like so...

"Program Statistics" 37 ProgramStat

Note that when a counter has 2 or more words, you must surround them with " " characters. The name you insert AFTER the number is up to you. Keep it short and unique.

By the Way, the number you use DIRECTLY INFLUENCES THE OID. For example, since the last counter is now 35 (the "Program Statistics" counter you just added), the corresponding OID is:

1.3.6.1.4.1.311.1.1.3.1.1.37

You can test this OID by running the following command:
snmputil walk 127.0.0.1 community .1.3.6.1.4.1.311.1.1.3.1.1.37.


Pretty Simple, huh?

You can use this tehnique to add counters from (almost) any program that installs them into Performance Monitor.

Then, this MIB must be compiled.   A program called MIBCC.EXE joins PERFMIB.MIB and more MIBS (some NT system specific, some may be from other applications) into a binary file called MIB.BIN

This binary file, another one (this one called PERFMIB.DLL) and a file called PERFMIB.INI (a text file listing the OIDs of the Windows NT performance counters are copied to the %SYSTEMROOT%\System32 directory, usually (\WINNT\SYSTEM32).

Finally, the SNMP Performance DLL must be registered.   Windows must be "told" that when the SNMP service is queried, it should run the PERFMIB.DLL program (which will execute the MIB.BIN code, and (provided a valid OID is passed to it) access the applicable performance counter to retrieve and return that data to the querying program.

Once perfm.bat has completed, you should be ready to use SNMP from your NMS to access the system performance counters listed above! 

See the Testing your implementation page to see if you got it working!


warning.gif (19508 bytes) READ BEFORE RUNNING PERFM.BAT!!  warning.gif (19508 bytes)

NOTE 1: The programs required to make this work come as part of the Windows NT Resource Kit.  Buy it if you do not already own it!
NOTE 2: 

Back up your SNMP registry key first! 
- Run regedt32, and navigate to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services.
- Scroll down, and highlight the SNMP key
- Select Registry/Save Key, and save it (it will save sub-keys) as X:\TEMP\SNMP.KEY.   That way if anything screws up, you can restore the key. 

To restore:
- Do the same thing you did to save it only select Registry/Restore, and select the key you saved (X:\TEMP\SNMP.KEY.)

NOTE 3: PERFM.BAT will perform an operation or two, then pause.  When it does, it will tell you to edit a file (perfmib.mib) on a:\ or in the current directory.   READ THE SCREEN INFORMATION THAT PERFM.BAT PUTS OUT!!  Follow the instructions!  DO NOT CONTINUE UNTIL YOU EDIT THAT FILE!   There is a typo in one of Microsoft's MIBs and it tells you what to edit to fix the Microsoft typo.
NOTE 4:  If you reference performance counters in the perf2mib line that do not exist in your system, then perfm.bat will fail!  Using the example above, perfm.bat will fail if you do not have IPX/SPX, TCP/IP, RAS or MS Exchange 5.5 installed on your system.  Remove the counters that do not exist on your system.  Be sure to correctly re-adjust the numbering in the perf2mib line!

Click for page hit stats!     


To return the the main page, click the Go Home! logo!