Microsoft has removed SNMP from windows 10 and Windows server. What do we have to do to continue using PRTG?
SNMP going away
You should be able to install it via
|Programs and Features
|Turn Windows features on or off
|Simple Network Management Protocol
Configure it via the SNMP service properties in services.msc to allow PRTG to connect and you should be all set.
Stephan Linke, Tech Support Team
No you don't understand. Microsoft LITERALLY completely has depreciated and removed the SNMP service from Windows 10 and Windows Server. It no longer exists period. You can look at this thread i had with Microsoft about this.
Starting with Windows 10 1809 (which was forced upon me and if not you, it soon will be) SNMP is gone.
Here is what Microsoft has depreciated from Windows 10 in the 1809 update.
SNMP has been deprecated on Windows 10 1809. Please keep in mind, Windows 10 uses the same code as Windows Server, If you want to get more information about this, please check this link:
Features Removed or Deprecated in Windows Server 2012
SNMP is deprecated. Instead, use the Common Information Model (CIM), which is supported by the WS-Management web services protocol and implemented as Windows Remote Management.
Created on Dec 27, 2018 6:52:25 AM
Dear Darwin Brewer,
SNMP is not listed as deprecated: https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-1809-removed-features
However, SNMP is considered an optional feature with 1809.
The following link is for Windows Server 2012 (R2) - it clearly states that SNMP is deprecated.
Now - there is some truth in the fact that Windows Server and Windows (on the client side) share the same Kernel.
Having said this - I went through Windows Server 2016 and 2019 documentations and could not find a single place where SNMP would have been completely removed.
After investigating further - I can tell you this:
- using Apps & Features will help you getting SNMP via Optional Features
- then use Add a feature
- using PowerShell commands you will accomplish the same
Get-WindowsCapability -Online -Name "SNMP*" Add-WindowsCapability -Online -Name "SNMP.Client~~~~0.0.1.0"
- or those commands
Get-WindowsCapability -Online | ? Name -like 'SNMP.Client*' Add-WindowsCapability -Online | ? Name -like 'SNMP.Client*'
- or those commands
- or you use DISM
DISM /online /add-capability /capabilityname:SNMP.Client~~~~0.0.1.0
In all cases - you will run in to an possible issue if you use WSUS - you might need to temporarily bypass it in order to install this feature.
- Open Regedit
- key: UseWUServer
- new / temp value: 0
Now - this is feature that will be removed at one point - but is as of now still available. And now lets talk a little bit about it:
- using SNMP on a Windows OS is a potential security risk - actually - SNMP itself is in general, cause it is standardized in often not locked down while having as well just limited security features
- see here for a more official statement on this by the US government: https://www.us-cert.gov/ncas/alerts/TA17-156A
- I personally don't see a reason to use SNMP to monitor a Windows Server - the system itself can easily be monitored by WMI and other methods - that might have pro's and con's - but it generally works
- There are circumstances then you need SNMP enabled - I had this while coming accross mostly UPS software that only allowed to interact with it via SNMP - the UPS itself was connected per USB and the software on a Windows server/client allowed no API calls or similar - you had to enable SNMP on Windows and then use SNMP through Windows to grab data for e.g. UPS monitoring
- having said this - this is actually a flaw by the vendor in such a case and should by addressed with the vendor
- there is possibly more then just an UPS software that does behave like this
The next question clearly is - why do you need SNMP on Windows activated? Are there special reasons?
Created on Dec 27, 2018 2:59:06 PM
Just a short remark, the original question was about Windows 10. The SNMP deprecation seems to apply only for Server 2012.
Ok i'm trying to give you all a heads up here. I directly spoke with Microsoft about this issue and if you'll look at the 1st paragraph in there document it states : Windows 10 uses the same code as Windows Server, If you want to get more information about this, please check this link:
Features Removed or Deprecated in Windows Server 2012
Features Removed or Deprecated in Windows Server 2012 SMTP SMTP and the associated management tools are deprecated. Though the functionality is still available in Windows Server 2012, you should begin using System.Net.Smtp. With this API, you will not be able to insert a message into a file for pickup; instead configure Web applications to connect on port 25 to another server using SMTP.
Microsoft stated that SNMP will be completly removed from Windows 10, Windows server 2012, Windows Server 2016 in the near future. In Windows 10 1809 the option to add SNMP from the "Turn features on/off in control panel" is already gone and yes "FOR NOW" you can get SNMP installed by using powershell commands but this will go away in future updates per Microsoft.
As to why I need SNMP: there are several reasons. 1st being that all of our devices pc's, printers, scanners, etc... are and have been setup with the SNMP monitors for a very long time and has worked flawlessly. Having to reconfigure our entire network to use WMI would be a very time intensive project. Why does Paessler offer SNMP if you have negative regards towards it? SNMP is also much less taxing on the systems than WMI.
And to Mr Seifert, the original question was not about windows 10 it was about how to use paessler on windows 10 without SNMP. And please check again, SNMP deprecation does not only apply to Server 2012. While the document does state that SNMP will be deprecated in windows server 2012 this directly affects windows 10 as the code base is the same. I also argued this with Microsoft and they finally just stated if your running windows 10, server 2012 or server 2016 SNMP will disappear in future updates.
thank you for your time.
Created on Dec 27, 2018 7:37:35 PM
I suppose it is a type cause you mix SNMP and SMTP - while SMTP is on that list as well - but that's a different story. Pretty sure you meant SNMP instead of SMTP.
Please be aware - I am not a Paessler employee nor associated somehow, just for the record and full disclosure of course :-).
What I stated about SNMP being a risky protocol is true - as long you don't put appropriate security measures in place, like named communities (other then private/public), IP restrictions, authentication mechanisms.
The protocol is risky cause it is standardized, well documented, actually pretty old and not the most secure, thought they change it from v1 to v2 to v3 over the years - while I even today find brand new devices that only understand v1 or v2 - what is quite amazing. Often the protocol is even enabled by default and using private/public community strings (e.g. printers!) - so yes - it is an actually security issue.
If you monitored all your windows clients via SNMP - I assume you configured it as secure as possible - otherwise any system that is able to send SNMP requests to your client would be able to gather very confidential information and possibly be able to determine due to this information the best way to intrude and overtake the target system.
WMI is a bit more secure - you can configure firewall ports per GPO and change the sensors possibly even per auto-discover. You have months if now more to slowly transition - while Microsoft started this possibly in or around 2012 - it now is more then 5 years later and they barely start to make it harder to find it / activate it.
It is not totally clear if updates to Windows 10 respective server 2016 / 2019 will remove the feature completely, so far this did not happen, but any older operating system will still have the feature. This also means the amount of affected clients possibly is less then it seems. A smooth transition over a likely long enough time window should be possible.
As of now, there is no clear statement when the feature will finally vanish from Windows nor how this might affect systems like Windows 10 that have it installed and getting the new build - what likely might cause a removal once this will happen.
I see it this way - to monitor Windows systems I do not prefer SNMP - but no one said that you can't monitor your printers, switches, routers, Linux systems and other network components via SNMP. Nor will this have an effect on older Windows versions - possible legacy systems.
As for Paessler, well - Microsoft mentioned this in a tech article, this might have been known by them or not - but in any case the feature is still here and all Paessler says is that you can use SNMP to monitor Windows systems - nothing wrong with that - it might be time to update the article and mention that it might be wise to use e.g. WMI instead for Windows systems, but that's a different story.
Personally, I think it is great that you discovered this and actually brought it up here in an open conversation so that others will be aware of it as well - you even caused me to write a whole blog entry about it cause I think it is quite interesting.
Finally - your question was originally how to monitor your Windows systems now - well - e.g. WMI or install remote probes etc.. I am sorry that I can't give you any other advice, I hope you find this whole posting not offensive, I only try to help out in the PRTG community, I do not get compensated for it and do this only because I think the product is great and I try to share my experience with other end users, while only being a end user - and as you sure know - end-user to end-user opinion, experience and knowledge sharing is often a bit different ;-)
Created on Dec 28, 2018 2:39:45 PM
PRTG uses Net-SNMP for SNMP access. It can still query SNMP devices, regardless if Windows comes with its own SNMP service or not. If the SNMP service in Windows in not installed or not running, you cannot query those computers through SNMP unless you use another SNMP agent. The alternative would be WMI.
As we are not Microsoft, we don't know their future plans or deprecation schedule.