Getting Started with the SNMP Service

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

By James D. Murray

Chapter 5 from Windows NT SNMP, published by O'Reilly & Associates, Inc.

This chapter describes how to install, uninstall, configure, and test the Microsoft Windows SNMP service. We'll also have a look at how the SNMP service works with the Win32 and SNMP APIs.

On This Page

The Windows SNMP Services
Installing the SNMP Service
Configuring the SNMP Service
Windows 95 System Policy Editor
Starting and Stopping the SNMP Services
SNMP Service Event Log Messages
Removing the SNMP Service
SNMP and the Registry
Installing an Extension Agent DLL
SNMPUTIL: Testing the SNMP Service

The Windows SNMP Services

As we've mentioned, SNMP is implemented as a Win32 system service. Under Windows NT there are actually two SNMP services. The first is the SNMP agent service (SNMP.EXE ). The agent processes SNMP Request messages that it receives from SNMP management systems and sends GetResponse messages in reply. The agent specifically handles the interface with the Windows Socket (WinSock) API, SNMP message parsing, and ASN.1 and BER encoding and decoding. The agent is also responsible for sending trap messages to SNMP management systems. The SNMP agent service is available under both Windows NT and Windows 95.

The second service is the SNMP trap service (SNMPTRAP.EXE ), which listens for traps sent to the NT host and then passes the data along to the Microsoft SNMP management API. The SNMP trap service is not available under Windows 95, for reasons that I'll explain later in this chapter.

The SNMP agent service is also referred to in Microsoft literature as the "Windows NT extendible SNMP agent." An "extendible" agent allows MIB information to be dynamically added and supported as required. For the programmer this means that to enable the SNMP agent service to support a new MIB object, you need not update and recompile the agent's code. Instead, an external "subagent" will be modified and used by the agent to process all of the management requests that it receives, and to create all of the traps that it sends. These subagents are called extension agents, and are written by you. Figure 5-1 illustrates the relationship of the two SNMP services, the Service Control Manager (SCM), and the extendible agent under Windows NT.


Figure 5-1: SNMP extendible agent

Both SNMP services are controlled by the SCM (I'll explain more about the SCM later in this chapter). The extendible agent resides within the SNMP service. It receives SNMP messages across the network using the WinSock API, and passes the message data to one or more of the loaded extendible agents for processing. Each extension agent is actually a DLL that is responsible for performing GetRequest, GetNextRequest, and SetRequest operations on MIB variables specified in the message. The SNMP trap service simply receives trap messages from the WinSock API and passes the data along using a named pipe server.

Figure 5-2 shows more detail of the interaction between the SNMP service, a set of extension agents, and the SNMP and WinSock APIs. SNMP messages are received from the WinSock API via the UDP/IP protocol services. The SNMP agent BER-decodes and authenticates the messages it receives and, using the SNMP API, passes the data on to the extension agent(s) responsible for processing the MIB objects specified in the message. The resulting data is then passed back to the extendible agent, formatted as a GetResponse message, and sent back to the management system. If the message specifies a MIB object that is not supported by any extension agents loaded by the SNMP service, then a noSuchName error will be returned.


Figure 5-2: Interaction of the SNMP agent service and the SNMP API

The function of the SNMP trap service is to listen for SNMP trap messages sent by other SNMP agents and then to forward the data to the Microsoft SNMP management API, specifically to the MGMTAPI.DLL, via a named pipe server. The trap data is then sent to any applications that are using the management API to listen for traps. Figure 5-3 shows the interaction of the SNMP trap service with an SNMP management application and the SNMP, management, and WinSock APIs. The management application sends and receives SNMP messages using the Management API and calls the SNMP API for memory allocation and data conversion functions.


Figure 5-3: Interaction of the SNMP trap service and SNMP management API

What Is a Service?

Before we delve into the SNMP services any further, it might be helpful to look at exactly what a service is.

The Windows NT SNMP Service Control Manager (SCM) is made up of (among other things) a collection of services. A service is actually a special type of Win32 application that interfaces with the SCM using the Win32 API. Services are essentially background processes (or daemons in UNIX vernacular) used to monitor hardware devices and other system processes. You can find a master listing of all services installed on a system in the registry under the HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services key.

There are actually two types of services: system services and device services. If you double-click on the Services applet in the Control Panel you will be presented with a listing of all the system services currently installed. Each system service monitors and maintains a specific process (Event Log, Computer Browser, Messenger, DHCP Server, and so forth). If you have a program that needs to continually monitor a process or port, or to support the operation of many different applications, then you have a good candidate for a system service.

Device services (also called drivers) are used to control specific hardware peripherals installed on the workstation (hard and floppy drives, SCSI host adapter, CD-ROM, NIC, and so forth), and to interface software applications to hardware devices. Double-clicking on the Devices applet in the Control Panel will present you with a listing of all the device services currently installed on your system.

A service is started and stopped by the SCM when a user logs in and out, or the service may be set to continually run even if no user is logged in. Service information is stored in the registry and is maintained by the SCM. See the section "Starting and Stopping the SNMP Services" later in this chapter for more information on the features of the SCM.

Services Under Windows 95

Windows 95 does not have a Service Control Manager, or even a rudimentary equivalent. All services installed under Windows 95 are started when Windows 95 starts up, and are stopped when Windows 95 shuts down.

When Windows 95 starts up, all of the service applications listed under the RunServices and RunServicesOnce registry keys are started; they are stopped when Windows 95 shuts down. When the SNMP service is installed, the SNMP.EXE executable file is listed under the RunServices key. Entries found in the Run and RunOnce keys are run when a user logs in and are stopped when the user logs out. The entries in the RunOnce and RunServicesOnce keys are deleted from the registry after the applications are started. All four of these keys are located in the registry under the HKEY_LOCAL_MACHINE \Software \Microsoft \Windows\CurrentVersion key.

Under Windows 95, most services are stopped and restarted by either logging out of Windows and back on again, or by restarting the system. This is an extremely tedious process if you are constantly changing service parameters while developing software, or debugging a problem in an application. Some services can attach themselves to the task bar and present a menu allowing them to be paused (disabled) or stopped as needed.

The SNMP service under Windows 95 may be stopped and started by either restarting the system or by using the MS-DOS Console window. The command "SNMP" will start the service, and the command "SNMP -close" will stop it. You will be frequently stopping and starting the SNMP service to reload and test any extension agent DLLs that you are developing.

If you wish to install a Windows 95 service, or prevent a service from starting, you must modify the RunServices key directly. This key has the following syntax:

<app name> <path><executable name> <option 1> <option 2> ...

For the SNMP service the default key name and value appears as follows:


If you want to set some of the SNMP agent's command-line options, you can add them in this registry key as follows:


You can also start a service in the MS-DOS Console window by executing the service application directly on the command line:


See the section "Starting and Stopping the SNMP Services" later in this chapter for more information on the SNMP service's command-line options.

SNMP Agent and Management APIs

Microsoft SNMP extension agents and SNMP management applications gain access to the SNMP services using the SNMP extension agent and SNMP Management APIs. These APIs are accessed using a standard set of header files and import libraries distributed with the Win32 SDK, and a set of two SNMP API DLLs distributed as part of the SNMP services. The SNMP agent service and SNMP trap service both make use of the SNMP APIs.

Extension agents are implemented as 32-bit, multithreaded DLLs using the Microsoft SNMP API. The agent's code must include the header file SNMP.H and link the import library SNMPAPI.LIB. All extension agents use the SNMPAPI.DLL library at run-time for making calls to the SNMP API.

Figure 5-4 shows the file and library components used to build an extension agent DLL. The compiled source file(s) include SNMP.H and other required header files. The compiled object files are linked with the SNMPAPI.LIB import library and the module definition (.DEF ) file. The resulting DLL is loaded by the SNMP service and uses SNMPAPI.DLL to make calls to the SNMP API.


Figure 5-4: Building an SNMP extension agent

SNMP management applications are implemented as 32-bit Windows applications, or as MS-DOS Console Mode programs, using the Microsoft SNMP Management API. Access to the Management API is gained by compiling with the MGMTAPI.H header file and linking with the MGMTAPI.LIB import library. Because management applications will use function calls from the SNMP API, the MGMTAPI.H header file includes SNMP.H. Once import libraries SNMPAPI.LIB and MGMTAPI.LIB have been linked, the management application will then access both the SNMPAPI.DLL and MGMTAPI.DLL libraries at run-time.

Figure 5-5 shows the components and process used to build an SNMP management application using the Microsoft SNMP management API. The compiled source file(s) includes MGMTAPI.H and other required header files. The compiled object files are linked with the SNMPAPI.LIB and MGMTAPI.LIB import libraries and the application's module definition (.DEF ) file. The resulting .EXE is run under Windows and uses SNMPAPI.DLL and MGMTAPI.DLL to make calls to the SNMP and Management APIs. Although the management application will not access the SNMP agent service itself, it does receive trap information from the SNMP trap service via the Management API.


Figure 5-5: Building an SNMP management application

Note: Extension agents must be compiled as multithreaded DLLs. If you are compiling extension agent code using Microsoft C you will have to specify the /MD command-line flag. MSVCRT.DLL is the multithreaded dynamic link import library for the MSVCRT?0.DLL dynamic link C run-time library. If an application was linked using Visual C++ 4.x, then the name of the dynamic link C run-time library will be MSVCRT40.DLL. Multithreaded C and C++ applications and DLLs compiled using Visual C++ require that the MSVCRT.DLL be present.

The SNMP API and Windows NT 3.51

Under Windows NT 3.51, the SNMP API was contained in the static library SNMP.LIB. Static libraries, however, cannot be accessed by non-compiled languages, such as Visual Basic. Microsoft has therefore discontinued support for the static SNMP.LIB library in favor of the dynamic link library SNMPAPI.DLL.

The SNMPAPI.DLL distributed with NT 4.0 is not directly compatible with NT 3.51. Microsoft has therefore released a version of the SNMPAPI.DLL library specifically for Windows NT 3.51 This file is found in the Win32 SDK version 4.0 in \MSTOOLS\SNMPAPI and should be installed in the %SystemRoot%\SYSTEM32 directory of the Windows NT 3.51 system. Use the SNMPAPI.LIB import library distributed with the Win32 SDK 4.0 in place of the obsolete SNMP.LIB static library when you're building applications that call the SNMP API. There are also several problems associated with extension agents developed using the SNMP API under versions of Windows NT earlier than 3.51.

Most of these problems have to do with memory allocation and have been fixed by the revision of the extension agent code to only allocate memory using the SNMP API, and simply recompile using SNMPAPI.LIB.

No SNMP Management Service for Windows 95

Both Windows NT and Windows 95 support the SNMP agent service and API. Only Windows NT, however, supports the Microsoft SNMP trap service and Management API. Therefore, Microsoft does not provide an API for building SNMP management applications under Windows 95.

Why this oversight? And is it an oversight? Probably not. If you look at the Microsoft network management model for Windows 95 you will notice that in the big picture of Windows system and network management, Windows 95 is conceptualized only as a system to be managed, and not as a tool to provide management. Microsoft's plan points to the Systems Management Server running on Windows NT as the ideal management platform. If this does not fit into your system management plan, you may instead choose one of the many third-party SNMP management tools available for Windows 95.

Why do so many vendors implement management systems only on Windows NT and not include support for operation under Windows 95? When compared to Windows NT, Windows 95 is a rather weak management platform. NT is far more robust than Windows 95. Its true preemptive multitasking makes it more stable. But the biggest advantage NT has is its security.

As we described in Chapter 1, Introduction to SNMP, SNMPv1 is not a very secure protocol. Perhaps the best way to secure network data is by encrypting the protocol messages themselves-a capability which SNMPv1 does not support. If the protocol itself cannot be secured, then security must come from the network elements that provide access to both the protocol and to the network itself. Windows NT, when configured and managed properly, is a very secure operating environment.

If you do need to implement SNMP management applications for use under Windows 95, take a look at the product references in Appendix A, References, and the product demos on the CD-ROM. There are several SNMP management libraries that will enable you to do Windows 95 implementation.

Tip If you are thinking of moving the SNMPTRAP.EXE trap service and MGMTAPI.DLL library over to Windows 95 on the off chance that they might work, don't bother. SNMPTRAP is implemented specifically as a Windows NT service and will not be properly started by Windows 95. SNMPTRAP also uses a named pipe server to communicate trap information to the MGMTAPI.DLL library, and named pipe servers are not supported under Windows 95.

However, when MGMTAPI.DLL is moved to Windows 95, the Management API functions used to send and receive SNMP messages (but not receive traps) do work as expected. It is therefore possible to write Microsoft management applications that run under Windows 95.

Differences Between Windows NT and Windows 95 SNMP

Support of the Management API is not the only area where the SNMP service differs between Windows 95 and NT. We've noted that the lack of a Service Control Manager under Windows 95 requires the use of the MS-DOS Console window's command line to manually start and stop the SNMP service. Here is a complete list of deficiencies of the SNMP service under Windows 95:

  • No support for the Management API (see the tip above)

  • No support for the SNMP trap service

  • The SNMP service cannot be configured using the Control Panel Network applet

  • The System Policy Editor does not support all SNMP service parameters

Is the Microsoft SNMP Service and API Right for You?

The SNMP APIs discussed in this book are the creation of Microsoft specifically for the Win32 operating environment. These APIs are not portable to other operating systems (including the Macintosh), and are not compatible with other SNMP APIs, such as HP OpenView and WinSNMP.

You might be tempted to say that an SNMP API exists for Java and that Java is a universal computer language; therefore, a universal API for SNMP does exist. However, this would only be true if Java were used universally by everybody and existed on every platform. But the programmers who are required to use C++, Delphi, Perl, and Visual Basic would hardly consider a Java SNMP API to be universal.

There is also the question of the robustness of the SNMP service itself. Searching through the Microsoft Knowledge Base articles using the keyword "SNMP" reveals that the SNMP service has had its share of bugs. And the single-threaded extendible agent will perform poorly when concurrently accessed by multiple-and demanding-management applications.

When you start to test your own extension agents, you will find that the majority of the time required to service an SNMP request is spent inside your extension agent and executing your code. SNMP performance problems are therefore typically the fault of some inefficient code that you have implemented, and not of any delays caused by the SNMP service itself.

So should you use the Microsoft SNMP agent or buy a third-party agent? That's really a decision you'll have to make based on your own testing and observation. The benefits of the Microsoft SNMP service and APIs include the following:

  • Included standard with Windows NT Workstation and Server, and with Windows 95 OSR2

  • Available as a free "CD-ROM Extra" for Windows 95

  • Easy to install and configure

  • The agent is extendible and operates as a system service

  • The agent complies with version 1 of the SNMP protocol (See Chapter 4, Inside SNMP, for an exception regarding the Set operation.)

  • The SNMP service is actively maintained by Microsoft

While there seem to be no disadvantages to using the SNMP service as a stand-alone SNMP agent, there are a few things you need to consider about the Microsoft SNMP API.

One issue is complexity. Most SNMP APIs give you access to MIB databases, MIB compilers, data collection mechanisms, and other high-level features typically associated with SNMP agents and management systems. The Microsoft SNMP API only supports basic SNMP agent and management functions. If you need database access, then you must use the ODBC API; if you need low-level network access, then you must use the WinSock API; if you need to report a trap, then you must use the event logging API, and so forth. Experienced Win32 programmers might not consider this a disadvantage, but having to utilize so many different APIs (rather than a single, uniform API) does make the learning curve a bit steeper.

Another possible disadvantage is portability or, more precisely, the lack of it. If your code needs to run only under Win32 hosts, then you have no problems. But if your SNMP management or agent software needs to run under UNIX, the MacOS, or even Windows 3.1, and you want to reuse the code that you've written, the Microsoft SNMP API should not be your choice.

A final reason why you might choose not to use the Microsoft SNMP service is the apparent lack of human technical support-or even lack of knowledge about the service-on the part of Microsoft. If you are ever in a quandary over whether to use a native Win32 mechanism or to purchase a third-party alternative, try giving Microsoft's technical support a call and see what in-depth knowledge they have on the internals of their own products. Many people who have called looking for the SNMP service and API have received insufficient responses. This has prompted some of the people to ask for help on the Internet, or to disregard the use of the Microsoft SNMP API altogether. (Still others have been prompted to write books!)

Installing the SNMP Service

The Microsoft SNMP service is installed just as any other network service would be under Windows NT and Windows 95. The only requirement is that you first install a TCP/IP protocol stack under Windows before you install the SNMP service. The Microsoft TCP/IP-32 protocol stack is included with Windows NT and Windows 95. And under Windows NT you must be logged into an account with Administrator privileges to install and configure the SNMP service.

If you have not already installed TCP/IP, refer to the Windows manuals, resource kit help file, or third-party TCP/IP stack documentation for information on how to install TCP/IP. Once you are up and running with TCP/IP, you will be ready to install SNMP.

Table 5-1 lists all of the files that are installed as part of the Windows NT SNMP service.

Table 5-1 Files Installed as the SNMP Service




Extension agent implementing MIB-II (


Extension agent implementing the LAN Manager MIB 2 (


SNMP Management API Library


Compiled MIB data used by the Management API


SNMP agent service executable


SNMP trap service executable

Several Microsoft networking products have MIB modules and extension agents that are distributed for each product to support an SNMP management interface. The MIBs listed in Table 5-2 are distributed with the Windows NT Resource Kit and with the Win32 Software Development Kit 4.0. All other MIB files are also included on the book's CD-ROM.

Table 5-2 Microsoft MIBs and Extension Agents




Extension agent implementing the DHCP server MIB (


Extension agent is part of the DHCP server installation


Microsoft Internet Information Server FTP server MIB (


Microsoft Internet Information Server gopher server MIB (


Microsoft Internet Information Server HTTP server MIB (


Extension agent implementing MIB-II (


Microsoft Internet Information Server MIB (


Original LAN Manager MIB. Superseded by LMMIB2.MIB


Extension agent implementing the LAN Manager MIB 2 (


Extension agent implementing the WINS server MIB (

The extension agents DLLs for MIB-II (INETMIB1.DLL) and for LAN Manager (LMMIB2.DLL) are installed with the SNMP service. All other extension agent DLLs are installed when their respective services are installed.

Looks like MIB-I; Tastes Something like MIB-II

Note that the extension agent INETMIB1.DLL actually supports several, but not all, MIB-II objects as defined in RFC 1213. This extension agent DLL probably supported MIB-I (RFC 1156) prior to the March 1991 publication of MIB-II; and when INETMIB1.DLL was updated for MIB-II, it was not renamed appropriately. The RFC1156Agent registry key also bears this legacy.

The most important deficiency in INETMIB1.DLL is the lack of support for the snmp group of MIB-II ( The IETF has declared support for the snmp group of MIB-II as being mandatory for all network nodes that implement SNMP. The snmp group was added when MIB-I was revised to MIB-II, but INETMIB1.DLL has yet to follow this revision.

Installing SNMP Under Windows NT 4.0

Follow these steps to add the SNMP service to a Window NT 4.0 system with TCP/IP installed:

  1. Log in to the system using an account with Administrator privileges.

  2. Double-click on the Network applet in the Control Panel.

  3. Click on the Services tab.

  4. Click on the Add button.

  5. Click on the SNMP Service entry in the Network Service list box.

  6. Click on the OK button.

Installing SNMP Under Windows NT 3.51

Follow these steps to add the SNMP service to a Window NT 3.51 system with TCP/IP installed:

  1. Log in to the system using an account with Administrator privileges.

  2. Double-click on the Network applet in the Control Panel.

  3. Click on the Add Software button.

  4. Click on the TCP/IP Protocol And Related Components entry in the Network Software list box.

  5. Click on the Continue button.

  6. Click on the SNMP service entry in the Windows NT TCP/IP Installation Options dialog box.

  7. Click on the Continue button.

  8. Enter the path to the Windows NT installation files.

  9. Click on the Continue button.

For information on the SNMP Service Properties window that appears after the installation is finished, refer to the later section "Configuring the SNMP Service."

Once you have installed and configured the SNMP service, be sure to update the system with the Windows NT 4.0 Service Pack 2 or later, or the Windows NT 3.51 Service Pack 5 or later. The SNMP agent and libraries have been modified in these service packs to fix several known problems. If you have installed the latest service pack before adding the SNMP service, then you will need to reinstall the service pack after adding the SNMP service to update the necessary files.

Installing SNMP Under Windows 95

Installing the SNMP service under Windows 95 is a bit complex. Under the original distribution of Windows 95 (4.00.950) the SNMP service is not a standard network component. It is not included on the Windows 95 installation floppy disks, or CAB file distributions, or in the Windows 95 Resource Kit.

Instead, the SNMP service is bundled as a network management service in the Windows 95 installation CD-ROM. You will find the SNMP service stored as the self-extracting archive file SNMPZP.EXE in the \ADMIN\NETTOOLS\SNMP directory on the Windows 95 CD-ROM. Once you obtain SNMPZP.EXE, move it to an empty directory or floppy disk and execute it. The archive will extract the following files:

INETMIB1.DLL 50,512 07-11-95 9:50a
SNMP.EXE 89,088 07-11-95 9:50a
SNMP.INF 3,008 07-11-95 9:50a
SNMP.TXT 1,110 08-17-95 1:28p
README.TXT 1,412 08-17-95 1:22p
LICENSE.TXT 3,315 08-15-95 9:13a

The file SNMP.EXE is the actual SNMP agent. When started by Windows 95 it will load the INETMIB1.DLL extension agent that allows the Windows 95 workstation to respond to MIB-II requests and send traps. The SNMP.INF file is used to install the SNMP service and contains a wealth of information on the registry keys created and used by the SNMP service.

Tip If you have Windows 95 OEM Service Release 2 (4.00.95b), the SNMP service is included in the distribution as a standard network component. Therefore, don't bother obtaining SNMPZP.EXE before installing the SNMP service. The SNMP service files were not changed by Windows 95 Service Pack 1 or OSR2.

To install the SNMP service, double-click the Network applet in the Control Panel. The Configuration tab will display all of the network components presently installed. The TCP/IP network protocol must be installed before the SNMP service will operate. Click the Add button, select Service from the Select Network Component Type dialog box, and click the OK button and wait for Windows to finish building a driver information database.

Click the Have Disk button and select the SNMP.INF file in the directory where you expanded the SNMPZP.EXE archive (this "Have Disk" step isn't necessary with OSR2). Select "Microsoft SNMP Agent" and click the OK button. You should now see "Microsoft SNMP agent" displayed in the Configuration panel of the Network window.

Windows 95 may insist on copying several network files that are already in your %SystemRoot%\SYSTEM directory. You must either insert the Windows 95 installation floppy disks or CD-ROM and let it recopy these files, or simply enter the %SystemRoot%\SYSTEM directory as the source from which to copy the file. You will then be prompted to restart Windows 95. The SNMP service will not become active until the restart has completed.

At this point, the SNMP.EXE file is in the %SystemRoot% directory and the SNMP.INF file is in the %SystemRoot%\INF subdirectory. For some unknown reason, the SNMP.INF file does not contain instructions to copy the INETMIB1.DLL library to the %SystemRoot%\SYSTEM directory. You must perform this crucial step yourself or the SNMP agent will not respond properly to MIB-II requests.

Under Windows 95, the SNMP service does not have a menu item, a properties window, or any user interface. SNMP is configured by either installing and using the System Policy Editor, or by editing the Windows 95 Registry directly. The SNMP service is started when Windows 95 starts, and is stopped when Windows 95 is shut down. It may also be started and stopped from the MS-DOS Console window using the commands "SNMP" and "SNMP -close."

For information on configuring the Windows 95 SNMP service, refer to the later sections "Windows 95 System Policy Editor," "Using the System Policy Editor," and "SNMP and the Registry."

Configuring the SNMP Service

Most of the information used by the SNMP service that you will need to configure is available in the SNMP Service Properties window accessed via the Services tab in the Network applet. This window will also appear after the SNMP service is initially installed. The SNMP Service Properties window does differ in appearance between Windows NT 3.51 and 4.0, but the information is basically the same. To configure the SNMP service you must be logged into an account with Administrator privileges.

To open the SNMP Service Properties window, double-click the Network applet in the Control Panel, click on the Services tab, select the SNMP Service from the Network Services list, and click the "Properties . . ." button.

The Microsoft SNMP Properties window should now be visible. The three tabs contain most of the SNMP service configuration information that is stored in the Windows registry. The Agent tab (see Figure 5-6) contains the values for the sysContact, sysLocation, and sysServices MIB-II variables. The use of these variables is explained in the section "SNMP and the Registry" and in Chapter 4.


Figure 5-6: The SNMP Service Properties Agent tab

The Traps tab (see Figure 5-7) allows you to configure the IP or IPX addresses or DNS host names of the trap destinations. The case-sensitive community name that is encoded in each trap message must also be specified. Up to five trap destination addresses may be entered per community name.


Figure 5-7: The SNMP Service Properties Traps tab

To add a new trap destination community name, click in the combo box and highlight the community name that is there (if any). Enter the new community name and click the Add button. Now click the "Add..." button under the Trap Destinations list box. Enter the address or host name of a trap destination. Repeat this step as necessary.

The Security tab (see Figure 5-8) enables the sending of authentication traps and configures the communities that are considered valid by the SNMP agent. If no community names are listed, then all community names are accepted. The agent may also be configured to accept SNMP messages only from specific management hosts; to do this, you must specify the host's name or its IP or IPX address.


Figure 5-8: The SNMP Service Properties Security tab

All security settings are global to the agent. For example, you can't associate a specific community name with only a single management host address. All permitted managers are considered by the SNMP service to be members of all the community names listed. And the concept of read-only community names is not supported.

New or updated properties information is not written to the registry until you click the Apply or OK buttons. Clicking the Cancel button or hitting the Escape key will discard any changes you have made in the Properties window.

Windows 95 System Policy Editor

The Windows 95 System Policy Editor allows you to edit the configuration of user accounts, user groups, and the network. Some, but not all, of the SNMP service's parameters may be configured using the Policy Editor. You can change those parameter values not supported by the Policy Editor by directly modifying the registry.

You can find the Policy Editor self-extracting archive (POLICY.EXE ) in the \ADMIN\APPTOOLS\POLEDIT directory on the Windows 95 CD-ROM and in the Windows 95 Resource Kit. Sample policies are available in the Windows 95 Resource Kit, and on the Windows 95 CD-ROM in the \ADMIN\RESKIT\SAMPLES \POLICIES subdirectory.

Installing the System Policy Editor

Install the System Policy Editor by following the same installation steps used for other Windows 95 components:

  1. Select Add/Remove Programs from the Control Panel.

  2. Select the Windows Setup tab.

  3. Click the Have Disk button.

  4. Enter the path of the POLICY.INF file.

  5. Select the components you wish to install by clicking the check boxes.

  6. Click the Install button.

  7. Click the OK button.

The System Policy Editor will appear in the Start, Programs, Accessories, and System Tools menu.

Using the System Policy Editor

Start the System Policy Editor and select Open Registry from the File menu. The Local User and Local Computer icons will appear. Double click on Local Computer. On the Policies tab, select Local Computer, Network, and SNMP in the tree control. Four SNMP configuration options are shown (see Figure 5-9). Clicking on an SNMP option will display its configuration parameters.


Figure 5-9: The SNMP service properties

You enable each option by placing a check in the check box by its name and entering the configuration information. You disable an option by removing the check. This will cause the associated information to be deleted from the registry. The Policy Editor will, however, save the information and restore it to the registry in case you enable the option again. You can change the option as described later.

All modifications made to the system policies are saved to the system registry. The registry is not actually modified until the File/Save menu item is selected. These are the options:


Allows you to specify the SNMP communities to which the SNMP agent belongs. All listed communities are considered authentic by the SNMP agent, and the agent will process all requests sent to it by members of its own community. The default community is "public." If no communities are listed, or the "Communities" box is not checked, then request messages sent by any management system will be processed by the SNMP agent.

You can add a new community string by clicking "Communities" in the Policies tab, clicking the Show button, clicking the Add button on the Show Contents dialog box, entering the name of the new community, and clicking OK.

You can remove a community name by selecting the name from the Show Content dialog box and clicking the Remove button. These values are stored in the \Services\SNMP\Parameters\ValidCommunities registry key.

Permitted managers

A listing of IP or IPX addresses of network hosts that are allowed to make management requests of the SNMP agent. If no addresses are listed, or if the "Permitted managers" box is not checked, then the SNMP agent will process request messages received from all management systems. You can add a new permitted management host by clicking on "Permitted managers"; then click the Show button, click the Add button in the Show Contents dialog box, and enter a host name, IP or IPX address, and click on OK to save.

You can remove a permitted manager by using the Show Contents dialog box by clicking on the name or address of the manager and clicking the Remove button. These values are stored in the \Services\SNMP\Parameters\PermittedManagers registry key.

Traps for `Public' community

Allow you to specify up to five trap destinations. Traps with the `public' community name will be sent to each hostname, IP, or IPX network address listed. These values are stored in the \Services\SNMP\Parameters\TrapConfiguration registry key.

Internet MIB

Allows you to set the Contact Name (sysContact) and Location (sysLocation) strings defined in RFC 1213. These strings may be changed by clicking on "Internet MIB (RFC 1156)" and entering the new strings in the edit fields. These values are stored in the \Services\SNMP\Parameters\RFC1156Agent registry key. Note that the MIB-II system name (sysName) is not configurable using the System Policy Editor, but you may set it directly in the registry.

Starting and Stopping the SNMP Services

Under Windows NT, the SNMP service and trap service are started and stopped using the Services applet in the Control Panel. The name of the SNMP service is "SNMP" and the name of the trap service is "SNMP Trap Service." These are also the registered names used by these services to report events in the Windows NT system event log.

The Services window indicates the current status and startup type parameter of each service. Services may have a current status of Started, Paused, or Stopped. The startup type indicates how the service is to be started; here are the possible startup types:


The service starts when the system starts.


The service must be manually started by a user or process after system startup.


The service cannot be started.

Both the SNMP service and trap service may be Started and Stopped, but not Paused.

The default service parameter for the SNMP service is Automatic startup. The SNMP trap service, however, is set to Manual startup by default. If you will be using traps, be sure to change the trap service to Automatic startup. You do this by clicking on "SNMP Trap Service" in the Services window. Then click on the Startup button, click the Automatic radio button, and then click OK. Click on the Start button to start the SNMP trap service.

Tip When the SNMP service is started, it reads the snmp port number listed in the %SystemRoot%\SYSTEM32\DRIVERS\ETC\SERVICES file (%SystemRoot%\SERVICES under Windows 95) and listens to this port for SNMP request messages. This port is 161/udp by default, but may be changed to another port number to allow only a specific management system to send requests to the agent. The SNMP service must be stopped and restarted for the snmp port number to be read.

Starting and Stopping Under Windows NT

Starting and stopping the SNMP service is something you will be doing quite a bit if you plan on writing, testing, and debugging SNMP extension agents. You must stop and start the SNMP service each time you need to load an extension agent for testing. You will quickly find that the Services window is a very tedious way to repetitively start and stop the SNMP service.

Fortunately, under Windows NT most network services can also be controlled using the Network Redirector (NET.EXE) and the Service Controller (SC.EXE) from the MS-DOS Console window.

You can start the SNMP service from the MS-DOS command line using the following command:


When the SNMP service is started, SNMP.EXE is loaded by the Service Control Manager, and all of the extension agents listed under the HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \SNMP \Parameters \ExtensionAgents registry key are loaded into memory and initialized. It typically requires only a few seconds to start the SNMP service, but the actual time depends on the number of extension agent DLLs that are being loaded and the time they each require to fully initialize. In any event, if any Windows NT service does not fully start within 30 seconds, the startup is aborted.

The SNMP service has two flags that can only be set using NET or SC.

The syntax of the NET command line is as follows:


The LOGTYPE and LOGLEVEL flags control the event logging messages generated by the SNMP service:


A numeric value in the range 1 to 20. Presumably, the greater the LOGLEVEL value, the more detailed events that will be logged. Experimentation, however, has shown that a LOGLEVEL of 10 seems to produce the most logging information.


A bitfield value that indicates where logging information is to be written. A value of 2 specifies that SNMP events are to be written to the %SystemRoot%\SYSTEM32\SNMPDBG.LOG file. A value of 4 has log messages written to the Windows NT system event log. A value of 6 writes message to both the debug file and the event log.

These options are only supported by the checked build of SNMP.EXE.

Here's my personal advice:

  1. Always use the checked builds of SNMP.EXE, SNMPTRAP.EXE, and INETMIB1.DLL when developing extension agents.

  2. Use the log messages produced by the checked build of INETMIB1.DLL as an example of the type of debug log messages to include in your own extension agents.

  3. Don't bother logging detailed debugging information to the event log. Typical SNMP activity can cause hundreds of debugging messages to be logged in just a few seconds. This defeats the purpose of the event log as a device to report significant system events. It is also more convenient to have SNMP debug messages logged to an editable file on disk, although debug messages written to the file do not include the sometimes useful time stamps found in the event log.

You can stop the SNMP service from the MS-DOS command line by using the following command:


When the service is stopped, all extension agent DLLs are unloaded from memory and Windows NT will no longer respond to SNMP requests or send traps. You must stop the SNMP service before you can load a new or revised extension agent DLL. Stopping the service will allow you to overwrite the previous extension agent DLL without causing a sharing violation. Starting the SNMP service will load and initialize the new extension agent DLL.

You can start and stop the SNMP trap service in the same manner as the SNMP service:


The trap service does not support any command-line options.

You can get help on the NET command by using the HELP modifier:


You can find complete information on the command for the MS-DOS Network Redirector in the %SystemRoot%\SYSTEM32\NTCMDS.HLP help file.

You can also start and stop the SNMP service, and any other service, using the Service Controller (SC.EXE) included with the Win32 SDK. SC is actually an MS-DOS command-line version of the Service Control Manager and provides all the functions supported by the SCM. SC gives you more accurate control and information about system services than either NET or the Services Control Panel applet.

Issue SC commands as follows:

sc <server> [command] [service name] <option1> <option2>...

SC uses RPC to control services on remote systems. If the service is on the local system, you can omit the <server> name. SC uses the same command syntax as NET to start and stop the SNMP service and trap service:


SC also lets you query the current status of a service:

WIN32_EXIT_CODE : 0 (0x0)

You can find the complete code for SC in the Win32 SDK and on the MSDN CD-ROM. Refer to the MSDN article "Using SC.EXE to Develop Windows NT Services" for more information.

Starting and Stopping Under Windows 95

There is no Service Control Manager under Windows 95. You must use the MS-DOS Console window to manually start and stop the SNMP service. The SNMP service is started by executing SNMP.EXE directly:


The SNMP service is stopped by using the undocumented (or at least sparingly documented) "-close" flag:

C:\> SNMP -close

There is also a "-help" flag, but it isn't very helpful.

SNMP Service Event Log Messages

The free build of SNMP.EXE contains only a few basic event log messages, as shown in Table 5-3. The checked builds of SNMP.EXE and INETMIB1.DLL, however, contain much more detailed logging information, much of which is self-explanatory. These messages are not available under Windows 95, as there is no checked build of SNMP.EXE or INETMIB1.DLL for Windows 95.

Table 5-3 SNMP Service Event Log Messages



The SNMP service has started successfully.

The SNMP service has started and is running. (This message is logged regardless of the failure of any extension agent DLLs to successfully load or initialize.)

The SNMP service has stopped successfully.

The SNMP service has been stopped. SNMP requests and traps are no longer being serviced.

The SNMP service is ignoring trap destination <name or address> because it is invalid.

A trap destination host name or network address listed in the registry is badly formed or illegal.

The SNMP service registry key <key> is missing or misconfigured.

An expected key in the SNMP registry branch is missing or badly formed.

The SNMP service is ignoring extension agent key <key> because it is missing or misconfigured.

A registry key providing information about a specific extension agent is missing or badly formed.

The SNMP service is ignoring extension agent DLL <DLL file name> because it is missing or misconfigured.

An extension agent listed in the registry has failed to load or properly initialize. A failure to load may be due to the extension agent's DLL failing to properly initialize, an incorrect path to the DLL specified in the registry, or the DLL missing from the location specified in the registry.

The SNMP service has encountered a fatal error.

An unspecified error has caused the SNMP service to terminate.

The SNMP service is not designed for this operating system.

The SNMP service was started under an incorrect version of Windows. The Windows 95 and Windows NT SNMP.EXE executables are not interchangeable and will not start under the incorrect Windows environment. It is also possible that the current SNMP services will not be compatible with future versions of Windows 95 and Windows NT.

Removing the SNMP Service

Normally there is no need to remove the SNMP service unless the initial installation has failed and you must attempt a reinstallation. You can temporarily stop or disable the service using the Services applet in the Control Panel (Windows NT), or by removing the "SNMP Agent" value from the HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\RunService registry key (Windows 95).

The steps to remove the SNMP service are nearly identical on all flavors of Windows.

Removing Under Windows NT 4.0

  1. Double-click on the Network applet in the Control Panel.

  2. Click on the Services tab.

  3. Click on the SNMP Service entry in the Network Services list box.

  4. Click on the Remove button.

  5. Click on the Yes button.

You will be prompted to restart Windows. The SNMP service will not be stopped and fully uninstalled until the restart has completed. Alternately, you can stop the SNMP service using the SCM or MS-DOS Console window.

Removing Under Windows NT 3.51

  1. Double-click on the Network applet in the Control Panel.

  2. Click on the SNMP Service entry in the Installed Network Software list box.

  3. Click on the Remove button.

  4. Click on the Yes button.

You will be prompted to restart Windows. The SNMP service will not be stopped and fully uninstalled until the restart has completed.

Removing Under Windows 95

  1. Double-click on the Network applet in the Control Panel.

  2. Click on the Microsoft SNMP Agent entry in the Installed Network Components list box.

  3. Click on the Remove button.

  4. Click on the OK button.

You will be prompted to restart Windows. The SNMP service will not be stopped and fully uninstalled until the restart has completed.

The SNMP service may be removed manually by deleting its associated keys from the registry. Windows 95 reads the %SystemRoot%\INF\SNMP.INF file to determine which keys to delete. The following HKEY_LOCAL_MACHINE keys are deleted from the registry:

SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SNMP agent

The SNMP.EXE, SNMP.INF, and INETMIB1.DLL files, however, are not removed from disk and remain in the %SystemRoot% subdirectories. You cannot reinstall the SNMP service using the SNMP.INF file that remains in the %SystemRoot%\INF subdirectory. You must use the original files supplied with the SNMPZP.EXE archive.

SNMP and the Registry

If you are interested in the modifications made to the registry when an application, service, or other Windows components is installed, then check out the installation file (.INF ) for the application. The INF file lists all keys added or modified in the registry during the installation. The INF file itself is typically copied to the %SystemRoot%\INF or %SystemRoot%\SYSTEM32 subdirectory. After installing the SNMP service you will find the OEMNSVSN.INF (Windows NT) or the SNMP.INF (Windows 95) installation file there.

Note: Many applications will add, modify, and delete registry keys during normal operation. To monitor changes to the registry as they happen, use the Registry Monitor (Regmon) and RegSpy95 utilities that are available on the Web at and are also included with the O'Reilly book, Inside the Windows 95 Registry, by Ron Petrusha.

Now let's have a look at the registry keys used by the SNMP service. If you need to change an SNMP parameter, it is very convenient to use the Registry Editor (RegEdit), but only if you know the name and location of the key you need to edit, and the possible values that may be assigned to the key. The Win32 API and Visual Basic provide several functions that allow you to manipulate the registry from within your applications (also described in the Petrusha book).

The SNMP registry keys are stored in the HKEY_LOCAL_MACHINE key and are identical on both Windows 95 and Windows NT. All of the data in HKEY_LOCAL_MACHINE is stored in the SYSTEM.DAT registry file.

Under Windows NT, the SNMP service software package is referenced in the HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \SNMP key:

Description "Simple Network Management Protocol service that enables a Windows NT computer to be administered remotely with an SNMP management tool."
InstallDate 0x33191abe
MajorVersion 0x00000004
MinorVersion 0x00000000
OperationsSupport 0c00000086
RefCount 0x00000000
ServiceName "SNMP"
SoftwareType "service"
Title "SNMP Service"
InfName "oemnsvsn.inf"
InfOption "SNMP"

This information is described in the %SystemRoot%\System32\OEMSNVSN.INF file used to install the SNMP service. Under Windows 95, the information on the SNMP service and installations can be found in the HKEY_LOCAL_MACHINE Enum\Network\SNMP and HKEY_LOCAL_MACHINE \System \CurrentControlSet Services\Class\NetService keys:

HKEY_LOCAL_MACHINE \Enum \Network \SNMP \0000
Class "NetService"
CompatibleIds "SNMP"
ConfigFlags 10 00 00 00
DeviceDesc "Microsoft SNMP agent"
Driver "NetService\0002"
MasterCopy "Enum\Network\SNMP\0000"
Mfg "Microsoft"
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Class \NetService \0002
DriverDesc "Microsoft SNMP agent"
InfPath "SNMP.INF"
DeviceID "SNMP"
HelpText "The SNMP agent provides administrators with configuration information about this computer."
InfSection "SNMP.ndi"
InstallInf ""
(Default) "SNMP.Install"
DefLower "WinSock"
Lower "WinSock"
LowerRange "WinSock"
(Default) "SNMP.Remove"

Under no circumstances should you need to modify the information in these registry keys. This information is used to identify the SNMP service, and it can only be changed by Microsoft itself.

The keys you are most likely to need to modify are under the HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \SNMP \Parameters registry key (see Figure 5-10).


Figure 5-10: The SNMP registry keys

All of the SNMP parameters that are changed by the System Policy Editor or SNMP Service Properties window (and all of the parameters that aren't) are found under the SNMP key:

HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \SNMP
switch 01 00 00 00
1 "SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion"
2 "SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion"
1 ""
2 "12345678.1234567890AB"
sysContact "James D. Murray"
sysLocation "City of Orange Plaza Historic District"
sysServices 4c 00 00 00
1 ""
1 "public"
2 "private"

The parameters are summarized below:


A Boolean value used to indicate whether an authentication trap is to be sent if a PDU with an invalid community name is received by the SNMP agent. A value of 1 (the default) enables authentication traps; a value of 0 disables the traps. The trap is sent to all trap destination addresses listed in the TrapConfiguration key.

Note: The TrapConfiguration key disables the sending of the trap but does not disable the authentication process itself. This key was named Authtrap under Windows NT 3.1.


An enumerated listing of each extension agent DLL that is loaded when the SNMP service is started. The DLLs are loaded in the order in which the entries appear in this key. Each entry is a pointer to a location in the registry of the SOFTWARE key that contains the name and path of the specific extension agent DLL. The INETMIB1.DLL is installed with the SNMP service. The first value in the ExtensionAgents key points to the key describing the location of the INETMIB1.DLL extension agent DLL:

HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \RFC1156Agent \CurrentVersion

Pathname "%SystemRoot%\System32\inetmib1.dll"

The HKEY_LOCAL_MACHINE \SOFTWARE key is used to store the parameters of all software packages installed in the Windows workstation. The format of the keys in this section are SOFTWARE\MyCompany\MyApp\Settings.

When you add custom extension agents, you will create new keys typically based on the enterprise name to which the MIB is registered. For example, the sample toaster MIB belongs to Epilogue, so the key describing the location of the Toaster extension agent DLL should be as follows:

HKEY_LOCAL_MACHINE \SOFTWARE \Epilogue \ToasterAgent \CurrentVersion

Pathname "testdll.dll"

If you install the sample agents on the CD-ROM included with this book, their location will be described by the following registry key:

HKEY_LOCAL_MACHINE \SOFTWARE \O'Reilly\NtSnmpBook\Agents\CurrentVersion


Pathname "minagent.dll"


Pathname "regagent.dll"


Pathname "trapagt1.dll"

If the path is not specified with the DLL file name, the default directory %SystemRoot%\System32\ is searched under Windows NT and %SystemRoot%\System\ under Windows 95. If a DLL listed is not found or fails during loading, a mention is made in the Windows NT event log.


An enumerated listing of the IP or IPX network addresses of SNMP management devices permitted to make requests of the SNMP agent. If an SNMP request is received from an address that is not in this list, the request is not processed and no response (or authentication trap) is returned. If no network addresses are listed in PermittedManagers, all received management requests are accepted.


Contains the values of the read-write objects defined by the System group in the MIB-II Internet MIB. This information is read by INETMIB1.DLL when it is loaded by the SNMP service.


The name of the user who manages the Windows workstation. The sysName key is the administratively assigned name of the Windows workstation. The sysLocation key value is the physical location of the workstation. And, the sysServices key contains a 7-bit binary value used to indicate the type of services the managed device may provide. This value is created by OR'ing the bits, from the table below, together.

Bit Field


OSI Layer













Multi-homed router




Host with a network address


End-to-End Interface


Session management protocols


Applications Interface


Terminal Protocols




SNMP Agent

Under Windows NT, these values are changed by using the SNMP Service Properties panel. Under Windows 95, they are changed either by using the System Policy Editor or by modifying the registry directly.

For Windows NT, the sysDesc is built out of several pieces of information in the registry. The registry keys queried to build the Windows NT sysDesc follow:



SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion

SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber

SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType

For example, the sysDesc for my workstation appears as follows:

Hardware: x86 Family 6 Model 1 Stepping 7 AT/AT COMPATIBLE

Software: Windows NT Version 4.0 (Build Number: 1381 Uniprocessor Free)

For Windows 95 the sysDescr is always "Microsoft Corp. Chicago Beta."


A listing of communities and hosts to which SNMP agents will send traps. This key contains one or more subkeys named after the trap communities. Each community name key contains an enumerated listing of IP or IPX network addresses. The community installed by default is "Public." Each network address listed under Public will be sent trap PDUs with the community name "Public." Additional keys may be added for other communities; for example:



1 ""


1 ""

2 "12345678.1234567890AB"

Note that the SNMP agent encodes the community name in a trap PDU using the same alphabetical case as the TrapConfiguration subkeys. Community names are compared as strings of octet values. Therefore, the names "Public," "PUBLIC," and "public" identify three different SNMP communities. The Windows registry, however, is case-insensitive, and would regard these names as the same three key names. If you are having a problem with seemingly identical community names failing to compare, be sure to check the case of the names.

This key was named TrapDestinations (addresses to send trap, no default) and TrapCommunity (community name of traps, default "public") under Windows NT 3.1.


An enumerated listing of the SNMP communities to which the SNMP agent belongs. Any request PDU received by the SNMP agent that does not belong to one of the listed communities will not be processed, and an authentication trap will be sent if the EnableAuthentication key value is 1. The default community name is "public" and additional community names may be added. If no community names are listed in ValidCommunities, all PDUs received are considered valid. This key was named CommunityNames under Windows NT 3.1.

Once again, community names are case-sensitive. The community string in all received PDUs will be compared to the case-sensitive names stored under the ValidCommunities key. The first unidentical pair of octets to be found by the string comparison causes the PDU to fail authentication. If all octets are identical, then the authentication succeeds. A problem was identified in the SNMP agent under Windows NT 3.5 where the community name comparison would stop as soon as all the octets in one string had been compared. For example, the community names "public" and "publichouse" would have compared as identical.

The SNMPTRAP key contains the configuration information used by the SNMP trap service (see Figure 5-11). There is very little data in the SNMPTRAP key and its subkeys, and you will not be making any modifications here. This key is not present in the Windows 95 registry.


Figure 5-11: The SNMPTRAP registry keys

Installing an Extension Agent DLL

When you finish writing and debugging your extension agent DLLs (covered in Chapter 7, Writing Extension Agents) you will need some way to distribute them. One way is to use any one of several Windows application installation programs available as commercial or shareware products. If you also need to install some other Windows application, such as an SNMP network management system or network monitor, this is the way to go.

The Microsoft extension agents distributed for Windows 95 and Windows NT are installed using device information (.INF ) files. When you install the SNMP service, Windows NT reads the device information file OEMNSVSN.INF (Windows 95 reads the SNMP.INF file) to install the service application. The INF file is a custom setup script that instructs Windows how to install a set of files, where to copy them, and how to modify the registry and INI files.

The Windows 95 Resource Kit describes how to create INF files and includes the Batch INF Script Editor utility (the kit and all utilities are available on the Internet as described in Appendix A). I recommend that you use the INF format supported by Windows 95 and not the older INF format supported only by earlier versions of Windows NT. This will allow you to write a single INF file that can be used under both Windows 95 and Windows NT.

While you are developing extension agents, and to make "quick fixes," you will use the Registry Editor to add, modify, and remove extension agent registrations. You can also temporarily disable the loading of a specific extension agent by changing its name or path in the registry. A warning posted to the event log by the SNMP service will verify that the extension agent was not loaded.

Tip If you don't have RegEdit in your Start menu or as a desktop icon, then you can find it under Windows NT4 and Windows 95 as %SystemRoot%\REGEDIT.EXE, and under Windows NT 3.x as %SystemRoot%\REGEDT32.EXE.

Extension agent DLLs will typically be installed in the %SystemRoot%\SYSTEM32 subdirectory under Windows NT, and in %SystemRoot%\SYSTEM under Windows 95, but they may also be located anywhere on your local file system. When the SNMP service is started, it reads from the registry the physical location of all extension agent DLLs that it is to load.

The installation of extension agents is performed using the same procedure under both Windows NT and Windows 95. The SNMP service must be installed before any extension agents may be installed. To determine whether the SNMP service is installed, you can check for the existence of the HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\Services\SNMP registry key, which is created when the SNMP service is installed.

Each extension agent must be registered using a unique key in the registry. Because extension agent DLLs are associated with specific hardware or software vendors, the registration keys are located under the KEY_LOCAL_MACHINE\SOFTWARE key, which stores registry information specific to the software configuration of the system. To install the O'Reilly extension agents included on the CD-ROM, you will make an O'Reilly\SNMP\ExtensionAgents branch to contain all of the registration information for the O'Reilly extension agents.

Figure 5-12 shows the HKEY_LOCAL_MACHINE \SOFTWARE \O'Reilly\SNMP\ExtensionAgents branch of the registry. Each extension agent DLL is registered using a separate key and a subkey, CurrentVersion, which stores the absolute pathname of the extension agent DLL. This is the actual information read by the SNMP service to locate the extension agent DLLs on disk.


Figure 5-12: Extension agents registered under HKEY_LOCAL_MACHINE \SOFTWARE \O'Reilly

Create the HKEY_LOCAL_MACHINE \SOFTWARE \O'Reilly\SNMP\ExtensionAgents in the registry and one key for each extension agent you wish loaded by the SNMP service. Under each extension agent key, create a CurrentVersion key with the string value name "Pathname" and data value set to the absolute pathname of the extension agent DLL (e.g., %SystemRoot%\System32\inetmib1.dll or D:\Agents\O'Reilly\MINAGENT.DLL).

If the extension agent DLL stored in "Pathname" cannot be loaded or is missing, the SNMP service will mention this fact in the Windows NT event log (no warning message is given under Windows 95). Note that if you misspell the key value name "Pathname," the SNMP service will not be able to find the extension agent and will simply ignore it. No warning message will be written to the event log and you will be left scratching your head for an hour or more until you find the problem.

Next, you need to point the SNMP service to the registration keys of the extension agents that you need to have loaded. This indication is given in the SNMP service configuration registry keys located at HKEY_LOCAL_MACHINE \SYSTEM CurrentControlSet\Services\SNMP\Parameters.

The subkey ExtensionAgents contains an enumerated listing of string values that contain the name of each registration key of the extension agents that are to be loaded, not including the HKEY_LOCAL_MACHINE top-level key name. Add to the list the registration keys of the extension agents you wish loaded. Figure 5-13 shows the ExtensionAgents key on my machine.


Figure 5-13: Extension agents paths under \SNMP\Parameters\ExtensionAgents

Uninstalling an extension can be performed to temporarily disable the loading of a specific extension agent (like the one that GPFs each time it processes an OCTET STRING MIB variable and crashes the SNMP service, or even the Service Control Manager itself ), or to remove an extension agent registration from the registry completely. Just delete the extension agent's registry key.

After performing any modifications to the SNMP registry keys, you need to stop and then restart the SNMP service for the extension agents to be unloaded and reloaded, and for any changed parameters to take effect.

Under Windows NT, you should always check the event log after loading any new extension agents to make sure that the DLLs were found and successfully loaded (see the earlier section "SNMP Service Event Log Messages" for SNMP service errors that may appear in the event log). Windows 95 does not provide an indication of whether an extension agent DLL was not found or failed to successfully load, so you'll need to use an SNMP management utility, such as SNMPUTIL (described in the next section), to check whether the extension agent is responding.

SNMPUTIL: Testing the SNMP Service

Once the SNMP service has been installed and configured, and the system has been rebooted, the workstation will respond to SNMP queries. Both Windows NT and Windows 95 install the MIB-II extension agent; NT also installs the LAN Manager extension agent. So now all that's left to do is make a query to the SNMP agent and check for a response.

Microsoft provides an SNMP management utility, SNMPUTIL, that you can use to test the functionality of the SNMP service. In fact, you'll probably be using SNMPUTIL to test your own extension agents. The only unfortunate fact is that SNMPUTIL is written using the Microsoft SNMP Management API, so it won't run under Windows 95 (unless you copy MGMTAPI.DLL from a Windows NT system to your Windows 95 %SystemRoot\SYSTEM directory). To test an extension agent running on a Windows 95 system, you'll need an SNMP management application written using an API that operates under Windows 95 (such as WinSNMP), or you'll need to send management queries from a Windows NT host over a network.

SNMPUTIL is actually a Win32 SDK sample program used to demonstrate how to use the SNMP Management API. SNMPUTIL is an MS-DOS program and is typically run in the MS-DOS Command window. SNMPUTIL is only available in the Win32 SDK and on the companion CD-ROM for the book Internetworking with TCP/IP on Windows 4.0 from Microsoft Press.

Tip If you don't have SNMPUTIL, then use the SNMPTOOL utility included on this book's CD-ROM. SNMPTOOL is an SNMP management utility that greatly improves on SNMPUTIL in several ways. Full source code is included.

The SNMPUTIL example includes an external makefile and is compiled using NMAKE. If you are using the Microsoft Development Studio (or other development platform) you will need to import the makefile and convert it to a project file. This procedure is described fully in the MDS Help file (under "makefiles, converting"). Here's the abbreviated run down of this procedure for Microsoft Visual C++ 4.x:

  1. Select Open Workspace from the File menu.

  2. Select "All Files (*.*)" in the "Files of type" combo box.

  3. Select the directory where the project is stored (typically \MSTOOLS\ SAMPLES\WIN32\WINNT\SNMP\SNMPUTIL).

  4. Select "Makefile" and click the Open button.

  5. A message box will appear asking if you really want to convert the makefile to a Developer Studio workspace. Click the "Yes" button.

  6. A Save As dialog box will appear, allowing you to save the new makefile to a different file name. If you want to keep the old makefile, then select a new name (MAKEFILE1.MAK is the default).

  7. Select Rebuild All from the Build menu.

The command-line syntax of SNMPUTIL is shown below:

usage: snmputil [get|getnext|walk] agent_address community oid [oid ...]

snmputil trap

You can use SNMPUTIL to send a single GetRequest or GetNextRequest message. You can also have SNMPUTIL walk an entire MIB using a volley of GetNextRequest messages that listen for traps. It's usually best to open two MS-DOS Console windows and use SNMPUTIL in the first window to perform requests; start SNMPUTIL in the second window to listen for traps.

You will notice that SNMPUTIL does not include the Set operation. The current Management API does include the ability to perform Set requests, but this functionality was not included in the SNMPUTIL sample program, probably because of the extra overhead required on the command line. The SNMPTOOL utility on the CD-ROM supports the Set operation and the ability to read command-line data from a file.

Here are a few ways to use SNMPUTIL to test your SNMP service installation. Let's assume that the IP address of the agent is and that a valid community name is "public."

  1. Request the sysDesc from the agent using a GetRequest:

    SNMPUTIL get public 1.1.0

    If you are querying an object in the MIB-II view, it is not necessary to supply the "" OID prefix. For a get operation, you must always supply the ".0" instance identifier.

  2. Request the sysDesc from the agent using a GetNextRequest:

    SNMPUTIL getnext public 1.1

    A getnext does not require an instance identifier. If you were to perform a GetNextRequest on "1.1.0," you would receive a GetResponse containing the value of "1.2.0".

  3. Request a non-MIB-II variable:

    SNMPUTIL getnext public .

    When you use SNMPUTIL to get or GetNext a value from a MIB other than MIB-II, you must prepend a "." to the OID. Otherwise, SNMPUTIL will infer that the entire OID you specified on the command line should first be appended to "" before performing the operation.

  4. Walk the MIB-II system subtree:

    SNMPUTIL walk public 1

    You will receive a listing of the objects and values in the MIB-II System group.

  5. Walk the entire MIB-II subtree:

    SNMPUTIL walk public .

    You will receive a listing of all MIB-II objects supported by the INETMIB1.DLL extension agent.

  6. Configure the SNMP service to send traps to the host that is running SNMPUTIL. Now start up a second MS-DOS Console window and start SNMPUTIL listening for traps:

    SNMPUTIL trap

    From the first MS-DOS window, make a request but specify a community name that is not recognized by the agent. This will cause an authentication trap to be generated by the agent:

    SNMPUTIL getnext fred 1.1

    In the trap window you should see the authentication trap (assuming that "fred" is not a valid community):

    snmputil: trap generic=4 specific=0

    from ->

    When a message fails authentication, no response other than the trap is returned. SNMPUTIL will send the request a total of three times and wait six seconds between requests before giving up. One trap per response will be sent to the trap window.

    Note: The agent must have authentication traps enabled and at least one community name registered for this test to work.

  7. You can also easily test traps by receiving the coldStart trap sent by the SNMP service when it is first started. With SNMPUTIL listening for traps in the second window, stop the SNMP service and then restart it. You will see the following indication by SNMPUTIL that it has received the coldStart trap sent by the extendible agent:

    snmputil: trap generic=1 specific=0 from ->

    Other methods of testing extension agents and the SNMP service are detailed in Chapters 7, 8, and 10.

About the Author

James D. Murray started his computer career in 1981 on a Version 6 UNIX system running on a PDP-11/45 and programming in C. Over the years he has specialized in serial communications, image processing and analysis, UNIX and Windows NT systems programming, and telco network management. Currently he works for a telecommunications company developing network management stations and as a staff writer for O'Reilly & Associates.

Copyright © 1998 by O'Reilly & Associates, Inc.

We at Microsoft Corporation hope that the information in this work is valuable to you. Your use of the information contained in this work, however, is at your sole risk. All information in this work is provided "as -is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Microsoft Corporation. Microsoft Corporation shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages. All prices for products mentioned in this document are subject to change without notice. International rights = English only.

International rights = English only.

Click to order