I just discovered some windows servers that were not able to contact our WSUS server due to some bad firewall rules. In this case, the windows update plugin isn’t helpful because obviously it didn’t find pending updates on the client side. So…I’m thinking that a decent workaround could be a check on each client (tcp check or http check) towards the WSUS.Yes…I know that this is not a perfect solution because maybe WSUS’ port is responding but in reality it is not working properly but this is another topic. Anyway I never tried to configure a tcp or http check on windows agent, is it possible?
The check itself is an active one so you do not need to do anything specific on the windows hosts. It is all done on the check_mk server. Look in WATO, Host & Service Parameters -> Active Checks.
Also, WSUS logs to windows events system. If you monitor the logs I believe you should also get details about failed WSUS connection attempts.
···
On 18 May 2017, at 18:39, mlist--- via checkmk-en <checkmk-en@lists.mathias-kettner.de> wrote:
I just discovered some windows servers that were not able to contact our WSUS server due to some bad firewall rules. In this case, the windows update plugin isn't helpful because obviously it didn't find pending updates on the client side. So...I'm thinking that a decent workaround could be a check on each client (tcp check or http check) towards the WSUS.Yes...I know that this is not a perfect solution because maybe WSUS' port is responding but in reality it is not working properly but this is another topic. Anyway I never tried to configure a tcp or http check on windows agent, is it possible?