Windows PS client svcs data missing 🔗 link

On 10/05/11 2:09 AM, Scot Kreienkamp wrote:

Hi everyone,

 
I've run into a problem with the Windows Powershell client
intermittently omitting service data on Win2008.  Here's the relevant
parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status        
DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the
client to the latest PS client files available and it still is
happening. I'm not a programmer so I'm not sure how I can help
troubleshoot this, but I'm willing to help in any way I can.

 
Thanks!

 
Scot Kreienkamp

user-462cf0b6d846@xymon.invalid

 
This message is intended only for the individual or entity to which it
is addressed.  It may contain privileged, confidential information
which is exempt from disclosure under applicable laws.  If you are not
the intended recipient, please note that you are strictly prohibited
from disseminating or distributing this information (other than to the
intended recipient) or copying this information.  If you have received
this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.

<#>

-- 

 

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
On 10/05/11 2:09 AM, Scot Kreienkamp wrote: 

Hi everyone,

 
I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status         DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.

services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

 

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem
WMI:Win32_ComputerSystem
WMI:Win32_BIOS
WMI:Win32_Processor
WMI:Win32_PhysicalMemory
WMI:Win32_LogicalDisk
WMI:Win32_QuickFixEngineering
WMI:Win32_Product
 

If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

 

David.


Thanks!

 
Scot Kreienkamp

user-462cf0b6d846@xymon.invalid

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
On 10/05/11 2:09 AM, Scot Kreienkamp wrote: 

Hi everyone,

 
I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status         DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.

services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem
WMI:Win32_ComputerSystem
WMI:Win32_BIOS
WMI:Win32_Processor
WMI:Win32_PhysicalMemory
WMI:Win32_LogicalDisk
WMI:Win32_QuickFixEngineering
WMI:Win32_Product
 

If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.


Thanks!

 
Scot Kreienkamp

user-462cf0b6d846@xymon.invalid

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 


-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

David,

 
I was able to catch a system this afternoon that wasn't reporting
services.  I get this back when running the get-wmiobject command:

 
PS C:\> Get-WmiObject -Class Win32_Service

Get-WmiObject :

At line:1 char:14

+ Get-WmiObject <<<<  -Class Win32_Service

    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject],
COMException

    + FullyQualifiedErrorId :
GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

 

One other thing… I noticed that whenever the PS client runs it takes
the CPU up to 100% for 5-15 seconds or so on many of the systems it's
installed on.  I'm already getting push back from other systems admins
because of that.  I imagine many people will be complaining about it
sooner or later, that's kind of a bad thing.  J

 
Off to Google that…

 

*Sent:* Monday, May 09, 2011 9:31 PM
*To:* Scot Kreienkamp; xymon at xymon.com
*Subject:* Re: [Xymon] Windows PS client svcs data missing

 
On 10/05/11 2:09 AM, Scot Kreienkamp wrote:

Hi everyone,

 
I've run into a problem with the Windows Powershell client
intermittently omitting service data on Win2008.  Here's the relevant
parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status        
DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the
client to the latest PS client files available and it still is
happening. I'm not a programmer so I'm not sure how I can help
troubleshoot this, but I'm willing to help in any way I can.

services information is gathered from WMI. The builtin powershell
"get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in
C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not
return any information?

Also, if you look at the Client data report (link at the bottom of
various pages - cpu, disk, procs, svcs), do you see sections for
[WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem
WMI:Win32_ComputerSystem
WMI:Win32_BIOS
WMI:Win32_Processor
WMI:Win32_PhysicalMemory
WMI:Win32_LogicalDisk
WMI:Win32_QuickFixEngineering
WMI:Win32_Product
 

If these are missing there may be a problem with the WMI service. Try
restarting it in the first instance.

David.

 
Thanks!

 
Scot Kreienkamp

 
This message is intended only for the individual or entity to which it
is addressed.  It may contain privileged, confidential information
which is exempt from disclosure under applicable laws.  If you are not
the intended recipient, please note that you are strictly prohibited
from disseminating or distributing this information (other than to the
intended recipient) or copying this information.  If you have received
this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.


-- 
David Baldwin - IT Unit

 
Keep up to date with what's happening in Australian sport visit
www.ausport.gov.au <http://www.ausport.gov.au>;

This message is intended for the addressee named and may contain
confidential and privileged information. If you are not the intended
recipient please note that any form of distribution, copying or use of
this communication or the information in it is strictly prohibited and
may be unlawful. If you receive this message in error, please delete
it and notify the sender.


This message is intended only for the individual or entity to which it
is addressed.  It may contain privileged, confidential information
which is exempt from disclosure under applicable laws.  If you are not
the intended recipient, please note that you are strictly prohibited
from disseminating or distributing this information (other than to the
intended recipient) or copying this information.  If you have received
this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.

<#>

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of David Baldwin
Sent: Wednesday, May 11, 2011 7:41 PM
To: Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot,
David,

I was able to catch a system this afternoon that wasn't reporting services.  I get this back when running the get-wmiobject command:

PS C:\> Get-WmiObject -Class Win32_Service
Get-WmiObject :
At line:1 char:14
+ Get-WmiObject <<<<  -Class Win32_Service
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Looks like it's a problem with your system.

One other thing… I noticed that whenever the PS client runs it takes the CPU up to 100% for 5-15 seconds or so on many of the systems it's installed on.  I'm already getting push back from other systems admins because of that.  I imagine many people will be complaining about it sooner or later, that's kind of a bad thing.  ☺

Off to Google that…

I don't have a lot of experience with WMI, but it seems like it can be a pretty heavyweight way to get fairly trivial information. There may be some tuning or checks that can be done to make sure it's running as best it can, but a google search or others be able to give better advice than I.

It would also pay to watch the memory footprint of the client long-term. I've tried to do as much preemptive garbage collection as I can, but I'm not convinced there aren't leaks, especially interfacing with COM objects, which given the error above makes WMI a big candidate. I wouldn't be surprised if some of the WMI data could be gained by alternative means such as poking about in the registry, but I don't have time to investigate at present.

David.

Scot Kreienkamp
Senior Systems Engineer

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] Windows PS client svcs data missing

On 10/05/11 2:09 AM, Scot Kreienkamp wrote:
Hi everyone,

I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

Microsoft Windows Server 2008 R2 Standard   (build 7600)
---snip---
Persistent Routes:
  None
[ifstat]
fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366
10.100.1.211 2254617444 2999570366
::1 0 0
127.0.0.1 0 0
[svcs]
Name                                    StartupType  Status         DisplayName
[uptime]
sec: 8168297
94 days 12 hours 58 minutes 17 seconds
Bootup: 20110203213923.713291-360
[who]
SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
---snip---

As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.
services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem

WMI:Win32_ComputerSystem

WMI:Win32_BIOS

WMI:Win32_Processor

WMI:Win32_PhysicalMemory

WMI:Win32_LogicalDisk

WMI:Win32_QuickFixEngineering

WMI:Win32_Product


If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.


Thanks!

Scot Kreienkamp

This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

Ray

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

# your path to the file may very
[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
#get all the services installed on the local machine
$serviceController = [System.ServiceProcess.ServiceController]::GetServices()
foreach ($svc in $serviceController) {
                # should indicate: Stopped, Running, or Paused … others???
                write-host $svc.Status
                # the service name
                write-host $svc.Name
                # the service display name
                write-host $svc.DisplayName
}

Ray

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of David Baldwin
Sent: Wednesday, May 11, 2011 7:41 PM
To: Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot,
David,

I was able to catch a system this afternoon that wasn't reporting services.  I get this back when running the get-wmiobject command:

PS C:\> Get-WmiObject -Class Win32_Service
Get-WmiObject :
At line:1 char:14
+ Get-WmiObject <<<<  -Class Win32_Service
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Looks like it's a problem with your system.
One other thing… I noticed that whenever the PS client runs it takes the CPU up to 100% for 5-15 seconds or so on many of the systems it's installed on.  I'm already getting push back from other systems admins because of that.  I imagine many people will be complaining about it sooner or later, that's kind of a bad thing.  ☺

Off to Google that…

I don't have a lot of experience with WMI, but it seems like it can be a pretty heavyweight way to get fairly trivial information. There may be some tuning or checks that can be done to make sure it's running as best it can, but a google search or others be able to give better advice than I.

It would also pay to watch the memory footprint of the client long-term. I've tried to do as much preemptive garbage collection as I can, but I'm not convinced there aren't leaks, especially interfacing with COM objects, which given the error above makes WMI a big candidate. I wouldn't be surprised if some of the WMI data could be gained by alternative means such as poking about in the registry, but I don't have time to investigate at present.

David.
Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] Windows PS client svcs data missing

On 10/05/11 2:09 AM, Scot Kreienkamp wrote:
Hi everyone,

I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

Microsoft Windows Server 2008 R2 Standard   (build 7600)
---snip---
Persistent Routes:
  None
[ifstat]
fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366
10.100.1.211 2254617444 2999570366
::1 0 0
127.0.0.1 0 0
[svcs]
Name                                    StartupType  Status         DisplayName
[uptime]
sec: 8168297
94 days 12 hours 58 minutes 17 seconds
Bootup: 20110203213923.713291-360
[who]
SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
---snip---

As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.
services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem

WMI:Win32_ComputerSystem

WMI:Win32_BIOS

WMI:Win32_Processor

WMI:Win32_PhysicalMemory

WMI:Win32_LogicalDisk

WMI:Win32_QuickFixEngineering

WMI:Win32_Product


If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.


Thanks!

Scot Kreienkamp
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

Australian Sports Commission          www.ausport.gov.au<http://www.ausport.gov.au>;

Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616

user-cbbf693f2c89@xymon.invalid<mailto:user-cbbf693f2c89@xymon.invalid>          Leverrier Street Bruce ACT 2617

Keep up to date with what's happening in Australian sport visit www.ausport.gov.au<http://www.ausport.gov.au>;

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

Australian Sports Commission          www.ausport.gov.au<http://www.ausport.gov.au>;

Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616

user-cbbf693f2c89@xymon.invalid<mailto:user-cbbf693f2c89@xymon.invalid>          Leverrier Street Bruce ACT 2617

CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid] 
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

 
Ray

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController = [System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of David Baldwin
Sent: Wednesday, May 11, 2011 7:41 PM
To: Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
Scot, 

David,

 
I was able to catch a system this afternoon that wasn't reporting services.  I get this back when running the get-wmiobject command:

 
PS C:\> Get-WmiObject -Class Win32_Service

Get-WmiObject :

At line:1 char:14

+ Get-WmiObject <<<<  -Class Win32_Service

    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException

    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

 
Looks like it's a problem with your system.

One other thing… I noticed that whenever the PS client runs it takes the CPU up to 100% for 5-15 seconds or so on many of the systems it's installed on.  I'm already getting push back from other systems admins because of that.  I imagine many people will be complaining about it sooner or later, that's kind of a bad thing.  J

 
Off to Google that…

 
I don't have a lot of experience with WMI, but it seems like it can be a pretty heavyweight way to get fairly trivial information. There may be some tuning or checks that can be done to make sure it's running as best it can, but a google search or others be able to give better advice than I.

It would also pay to watch the memory footprint of the client long-term. I've tried to do as much preemptive garbage collection as I can, but I'm not convinced there aren't leaks, especially interfacing with COM objects, which given the error above makes WMI a big candidate. I wouldn't be surprised if some of the WMI data could be gained by alternative means such as poking about in the registry, but I don't have time to investigate at present.

David.

Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
On 10/05/11 2:09 AM, Scot Kreienkamp wrote: 

Hi everyone,

 
I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status         DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.

services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem
WMI:Win32_ComputerSystem
WMI:Win32_BIOS
WMI:Win32_Processor
WMI:Win32_PhysicalMemory
WMI:Win32_LogicalDisk
WMI:Win32_QuickFixEngineering
WMI:Win32_Product
 

If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.

 
Thanks!

 
Scot Kreienkamp

user-462cf0b6d846@xymon.invalid

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 


-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
Keep up to date with what's happening in Australian sport visit www.ausport.gov.au 

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 

 
-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.

I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.

Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid

From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid]
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

Ray

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

# your path to the file may very
[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
#get all the services installed on the local machine
$serviceController = [System.ServiceProcess.ServiceController]::GetServices()
foreach ($svc in $serviceController) {
                # should indicate: Stopped, Running, or Paused … others???
                write-host $svc.Status
                # the service name
                write-host $svc.Name
                # the service display name
                write-host $svc.DisplayName
}

Ray

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of David Baldwin
Sent: Wednesday, May 11, 2011 7:41 PM
To: Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot,
David,

I was able to catch a system this afternoon that wasn't reporting services.  I get this back when running the get-wmiobject command:

PS C:\> Get-WmiObject -Class Win32_Service
Get-WmiObject :
At line:1 char:14
+ Get-WmiObject <<<<  -Class Win32_Service
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Looks like it's a problem with your system.
One other thing… I noticed that whenever the PS client runs it takes the CPU up to 100% for 5-15 seconds or so on many of the systems it's installed on.  I'm already getting push back from other systems admins because of that.  I imagine many people will be complaining about it sooner or later, that's kind of a bad thing.  ☺

Off to Google that…

I don't have a lot of experience with WMI, but it seems like it can be a pretty heavyweight way to get fairly trivial information. There may be some tuning or checks that can be done to make sure it's running as best it can, but a google search or others be able to give better advice than I.

It would also pay to watch the memory footprint of the client long-term. I've tried to do as much preemptive garbage collection as I can, but I'm not convinced there aren't leaks, especially interfacing with COM objects, which given the error above makes WMI a big candidate. I wouldn't be surprised if some of the WMI data could be gained by alternative means such as poking about in the registry, but I don't have time to investigate at present.

David.
Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com<mailto:xymon at xymon.com>
Subject: Re: [Xymon] Windows PS client svcs data missing

On 10/05/11 2:09 AM, Scot Kreienkamp wrote:
Hi everyone,

I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

Microsoft Windows Server 2008 R2 Standard   (build 7600)
---snip---
Persistent Routes:
  None
[ifstat]
fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366
10.100.1.211 2254617444 2999570366
::1 0 0
127.0.0.1 0 0
[svcs]
Name                                    StartupType  Status         DisplayName
[uptime]
sec: 8168297
94 days 12 hours 58 minutes 17 seconds
Bootup: 20110203213923.713291-360
[who]
SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
---snip---

As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.
services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem

WMI:Win32_ComputerSystem

WMI:Win32_BIOS

WMI:Win32_Processor

WMI:Win32_PhysicalMemory

WMI:Win32_LogicalDisk

WMI:Win32_QuickFixEngineering

WMI:Win32_Product


If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.

Thanks!

Scot Kreienkamp
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

Australian Sports Commission          www.ausport.gov.au<http://www.ausport.gov.au>;

Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616

user-cbbf693f2c89@xymon.invalid<mailto:user-cbbf693f2c89@xymon.invalid>          Leverrier Street Bruce ACT 2617

Keep up to date with what's happening in Australian sport visit www.ausport.gov.au<http://www.ausport.gov.au>;

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

Australian Sports Commission          www.ausport.gov.au<http://www.ausport.gov.au>;

Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616

user-cbbf693f2c89@xymon.invalid<mailto:user-cbbf693f2c89@xymon.invalid>          Leverrier Street Bruce ACT 2617

CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

David.

Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

On 10/05/11 2:09 AM, Scot Kreienkamp wrote:
Hi everyone,

I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

Microsoft Windows Server 2008 R2 Standard   (build 7600)
---snip---
Persistent Routes:
  None
[ifstat]
fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366
10.100.1.211 2254617444 2999570366
::1 0 0
127.0.0.1 0 0
[svcs]
Name                                    StartupType  Status         DisplayName
[uptime]
sec: 8168297
94 days 12 hours 58 minutes 17 seconds
Bootup: 20110203213923.713291-360
[who]
SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
---snip---

As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.
services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem

WMI:Win32_ComputerSystem

WMI:Win32_BIOS

WMI:Win32_Processor

WMI:Win32_PhysicalMemory

WMI:Win32_LogicalDisk

WMI:Win32_QuickFixEngineering

WMI:Win32_Product


If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.

Thanks!

Scot Kreienkamp
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.


--

David Baldwin - IT Unit

Australian Sports Commission          www.ausport.gov.au<http://www.ausport.gov.au>;

Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616

user-cbbf693f2c89@xymon.invalid<mailto:user-cbbf693f2c89@xymon.invalid>          Leverrier Street Bruce ACT 2617

Keep up to date with what's happening in Australian sport visit www.ausport.gov.au<http://www.ausport.gov.au>;

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 16, 2011 12:53 AM
To: Scot Kreienkamp; xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Scot,

 
One other thing… I noticed that whenever the PS client runs it takes the CPU up to 100% for 5-15 seconds or so on many of the systems it's installed on.  I'm already getting push back from other systems admins because of that.  I imagine many people will be complaining about it sooner or later, that's kind of a bad thing.  J

 
The CPU spike could be the event log reporting – I don’t actually use that part of the client myself (there is a switch to disable event log reporting completely). Get-EventLog cmdlet is very braindead and scans the entire event log every time it runs (the –since “filter” does not use any indexing as far as I can tell on any version of Windows). I forward my event logs with SNARE to a central syslog server and then use winevtmsgs which I have added to xymonton. I did have a go at using .Net to properly “tail” the event logs, but didn’t get that finished to add to the client. Might take another look at that when I get a chance.

 
David.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
On 10/05/11 2:09 AM, Scot Kreienkamp wrote: 

Hi everyone,

 
I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status         DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.

services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem
WMI:Win32_ComputerSystem
WMI:Win32_BIOS
WMI:Win32_Processor
WMI:Win32_PhysicalMemory
WMI:Win32_LogicalDisk
WMI:Win32_QuickFixEngineering
WMI:Win32_Product
 

If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.

 
Thanks!

 
Scot Kreienkamp

user-462cf0b6d846@xymon.invalid

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 

 
-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
Keep up to date with what's happening in Australian sport visit www.ausport.gov.au 

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Scot Kreienkamp
Sent: Monday, May 16, 2011 9:33 AM
To: David Baldwin; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
David,

 
I don't really need the event reporting, it's just a nice-to-have.  I'll try disabling it and see if it reduces the load.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 16, 2011 12:53 AM
To: Scot Kreienkamp; xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Scot,

 
One other thing… I noticed that whenever the PS client runs it takes the CPU up to 100% for 5-15 seconds or so on many of the systems it's installed on.  I'm already getting push back from other systems admins because of that.  I imagine many people will be complaining about it sooner or later, that's kind of a bad thing.  J

 
The CPU spike could be the event log reporting – I don’t actually use that part of the client myself (there is a switch to disable event log reporting completely). Get-EventLog cmdlet is very braindead and scans the entire event log every time it runs (the –since “filter” does not use any indexing as far as I can tell on any version of Windows). I forward my event logs with SNARE to a central syslog server and then use winevtmsgs which I have added to xymonton. I did have a go at using .Net to properly “tail” the event logs, but didn’t get that finished to add to the client. Might take another look at that when I get a chance.

 
David.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 09, 2011 9:31 PM
To: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
On 10/05/11 2:09 AM, Scot Kreienkamp wrote: 

Hi everyone,

 
I've run into a problem with the Windows Powershell client intermittently omitting service data on Win2008.  Here's the relevant parts of the client data file:

 
Microsoft Windows Server 2008 R2 Standard   (build 7600)

---snip---

Persistent Routes:

  None

[ifstat]

fe80::619f:8c8:bf22:6ca5%11 2254617444 2999570366

10.100.1.211 2254617444 2999570366

::1 0 0

127.0.0.1 0 0

[svcs]

Name                                    StartupType  Status         DisplayName

[uptime]

sec: 8168297

94 days 12 hours 58 minutes 17 seconds

Bootup: 20110203213923.713291-360

[who]

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE

---snip---

 
As you can see, the svcs portion is empty.  I already updated the client to the latest PS client files available and it still is happening. I'm not a programmer so I'm not sure how I can help troubleshoot this, but I'm willing to help in any way I can.

services information is gathered from WMI. The builtin powershell "get-services" doesn't return sufficient information.

Try the following:

open a powershell window (powershell.exe lives in C:\WINDOWS\system32\windowspowershell\v1.0)

Get-WmiObject -Class Win32_Service

Try running it a few times. Is it slow, or does it sometimes not return any information?

Also, if you look at the Client data report (link at the bottom of various pages - cpu, disk, procs, svcs), do you see sections for [WMI:Win32...] towards the bottom of the report. There should be:

WMI:Win32_OperatingSystem
WMI:Win32_ComputerSystem
WMI:Win32_BIOS
WMI:Win32_Processor
WMI:Win32_PhysicalMemory
WMI:Win32_LogicalDisk
WMI:Win32_QuickFixEngineering
WMI:Win32_Product
 

If these are missing there may be a problem with the WMI service. Try restarting it in the first instance.

David.

 
Thanks!

 
Scot Kreienkamp

user-462cf0b6d846@xymon.invalid

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 

 
-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
Keep up to date with what's happening in Australian sport visit www.ausport.gov.au 

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Monday, May 16, 2011 12:39 AM
To: 'Scot Kreienkamp'; Storer, Raymond
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Ray,

Thanks for the code. I’m a bit wary of using something with such a version specific path though – is that seriously a “standard” interface to a .Net DLL that can be expected to have some degree of persistence?

I’m offsite this week, will try to take a look next week.

Thanks, David.

From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.

I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.

Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>

From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid]
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

Ray

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

# your path to the file may very
[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
#get all the services installed on the local machine
$serviceController = [System.ServiceProcess.ServiceController]::GetServices()
foreach ($svc in $serviceController) {
                # should indicate: Stopped, Running, or Paused … others???
                write-host $svc.Status
                # the service name
                write-host $svc.Name
                # the service display name
                write-host $svc.DisplayName
}

Ray
[snip]

CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Monday, May 16, 2011 10:38 AM
To: David Baldwin
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
David, you can also use the “Load” method instead as follows:

 
[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

 
Ray

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 16, 2011 12:39 AM
To: 'Scot Kreienkamp'; Storer, Raymond
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Ray,

 
Thanks for the code. I’m a bit wary of using something with such a version specific path though – is that seriously a “standard” interface to a .Net DLL that can be expected to have some degree of persistence?

 
I’m offsite this week, will try to take a look next week.

 
Thanks, David.

 
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] 
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.  

 
I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid] 
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

 
Ray

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController = [System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

[snip]

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Monday, May 16, 2011 10:38 AM
To: David Baldwin
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
David, you can also use the “Load” method instead as follows:

 
[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

 
Ray

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 16, 2011 12:39 AM
To: 'Scot Kreienkamp'; Storer, Raymond
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Ray,

 
Thanks for the code. I’m a bit wary of using something with such a version specific path though – is that seriously a “standard” interface to a .Net DLL that can be expected to have some degree of persistence?

 
I’m offsite this week, will try to take a look next week.

 
Thanks, David.

 
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] 
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.  

 
I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid] 
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

 
Ray

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController = [System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

[snip]

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
Sent: Wednesday, June 01, 2011 11:03 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

This is what I have so far:

function XymonSvcsNET2
{
                $result = [reflection.Assembly]::LoadWithPartialName("System.ServiceProcess")
                $Services = [System.ServiceProcess.ServiceController]::GetServices()
                $COLUMNNAME="Name"
                $COLUMNSTATUS="Status"
                $COLUMNDESCRIPTION="Description"
                #[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)
                #get all the services installed on the local machine
                $serviceController = [System.ServiceProcess.ServiceController]::GetServices()
                "[svcs]"
                "--------------------------------------------------------------------------------------------------------------"
                "{0,-50} {1,-20} {2,-20}" -f `
                $COLUMNNAME, $COLUMNSTATUS, $COLUMNDESCRIPTION
                "--------------------------------------------------------------------------------------------------------------"
                foreach ($svc in $serviceController) {
                "{0,-50} {1,-20} {2,-20}" -f `
                $svc.Name, $svc.Status, $svc.DisplayName
                }

}

I did get the formatting figured out finally after about 6 hours.  The only piece that I cannot figure out is the service startup type, if I can get some help on that I think this is workable.

I'm a complete newbie at powershell, so comments/help appreciated.

Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Monday, May 16, 2011 10:38 AM
To: David Baldwin
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

David, you can also use the “Load” method instead as follows:

[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)


Ray

From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
Sent: Monday, May 16, 2011 12:39 AM
To: 'Scot Kreienkamp'; Storer, Raymond
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Ray,

Thanks for the code. I’m a bit wary of using something with such a version specific path though – is that seriously a “standard” interface to a .Net DLL that can be expected to have some degree of persistence?

I’m offsite this week, will try to take a look next week.

Thanks, David.

From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.

I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.

Scot Kreienkamp
Senior Systems Engineer
user-462cf0b6d846@xymon.invalid<mailto:user-462cf0b6d846@xymon.invalid>

From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid]
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

Ray

From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

# your path to the file may very
[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
#get all the services installed on the local machine
$serviceController = [System.ServiceProcess.ServiceController]::GetServices()
foreach ($svc in $serviceController) {
                # should indicate: Stopped, Running, or Paused … others???
                write-host $svc.Status
                # the service name
                write-host $svc.Name
                # the service display name
                write-host $svc.DisplayName
}

Ray
[snip]


CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

On 2/06/11 8:50 AM, Storer, Raymond wrote:

Scott and David, I’m not finding any .net call that will produce the
“StartupType” for a service that is already installed. There is a
documented way to do it from a Win32 API; but, that involves using
P/Invoke. See here:
http://www.leeholmes.com/blog/2009/01/19/powershell-pinvoke-walkthrough/ 
and here: http://pinvoke.net/default.aspx/advapi32/QueryServiceConfig.html

 
Ray

 

*Sent:* Wednesday, June 01, 2011 11:03 AM
*To:* Storer, Raymond; David Baldwin
*Cc:* xymon at xymon.com
*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
This is what I have so far:

 
function XymonSvcsNET2

{

                $result =
[reflection.Assembly]::LoadWithPartialName("System.ServiceProcess")

                $Services =
[System.ServiceProcess.ServiceController]::GetServices()

                $COLUMNNAME="Name"

                $COLUMNSTATUS="Status"

                $COLUMNDESCRIPTION="Description"

                #[Reflection.Assembly]::Load(‘System.ServiceProcess,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

                #get all the services installed on the local machine

                $serviceController =
[System.ServiceProcess.ServiceController]::GetServices()

                "[svcs]"

               
"--------------------------------------------------------------------------------------------------------------"

                "{0,-50} {1,-20} {2,-20}" -f `

                $COLUMNNAME, $COLUMNSTATUS, $COLUMNDESCRIPTION

               
"--------------------------------------------------------------------------------------------------------------"

                foreach ($svc in $serviceController) {

                "{0,-50} {1,-20} {2,-20}" -f `

                $svc.Name, $svc.Status, $svc.DisplayName

                }

 
}

 
I did get the formatting figured out finally after about 6 hours.  The
only piece that I cannot figure out is the service startup type, if I
can get some help on that I think this is workable. 

 
I'm a complete newbie at powershell, so comments/help appreciated. 

 
Scot Kreienkamp

Senior Systems Engineer

Behalf Of *Storer, Raymond
*Sent:* Monday, May 16, 2011 10:38 AM
*To:* David Baldwin
*Cc:* xymon at xymon.com
*Subject:* Re: [Xymon] Windows PS client svcs data missing

 
David, you can also use the “Load” method instead as follows:

 
[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

 
Ray

 
*From:*David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
*Sent:* Monday, May 16, 2011 12:39 AM
*To:* 'Scot Kreienkamp'; Storer, Raymond
*Cc:* xymon at xymon.com
*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
Ray,

 
Thanks for the code. I’m a bit wary of using something with such a
version specific path though – is that seriously a “standard”
interface to a .Net DLL that can be expected to have some degree of
persistence?

 
I’m offsite this week, will try to take a look next week.

 
Thanks, David.

 

*Sent:* Saturday, 14 May 2011 5:54 AM
*To:* Storer, Raymond; David Baldwin
*Cc:* xymon at xymon.com
*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
Thank you Raymond… If I knew how to implement it I would.  Hopefully
David or Henrik can find the time to experiment with it. 

 
I'm seeing all kinds of problems with the PS client…. If this keeps up
I'll have to remove it.  It pegged one of my servers at 100% for over
an hour, stuck on the WMI yesterday. 

 
Scot Kreienkamp

Senior Systems Engineer

*Sent:* Friday, May 13, 2011 12:58 PM
*To:* David Baldwin; Scot Kreienkamp
*Cc:* xymon at xymon.com
*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can
pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
| out-null

 
Ray

 

Behalf Of *Storer, Raymond
*Sent:* Friday, May 13, 2011 11:40 AM
*To:* David Baldwin; Scot Kreienkamp
*Cc:* xymon at xymon.com
*Subject:* Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for
services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController =
[System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

[snip]

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
This message is intended only for the individual or entity to which it
is addressed.  It may contain privileged, confidential information
which is exempt from disclosure under applicable laws.  If you are not
the intended recipient, please note that you are strictly prohibited
from disseminating or distributing this information (other than to the
intended recipient) or copying this information.  If you have received
this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.


CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617


Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Wednesday, June 01, 2011 10:49 PM
To: Storer, Raymond
Cc: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
I can't see that this code gets anything more than Get-Service - since Get-Service is an interface to [System.ServiceProcess.ServiceController]

Some of the info can be derived from the registry or running SC.EXE - registry interpretation requires information about enumerations for various keys, SC would require parsing output. Neither gives you information about the running process if there is one which also used by the client.

Looks like no way of getting away from the overhead of WMI - digging around for extra information or messing around with unstructured text will get you so far, but not all the info sought.

David.

PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-WmiObject -Filter "Name='dnscache'" win32_service | fl *


Name                    : Dnscache
Status                  : OK
ExitCode                : 0
DesktopInteract         : False
ErrorControl            : Normal
PathName                : C:\WINDOWS\system32\svchost.exe -k NetworkService
ServiceType             : Share Process
StartMode               : Auto
__GENUS                 : 2
__CLASS                 : Win32_Service
__SUPERCLASS            : Win32_BaseService
__DYNASTY               : CIM_ManagedSystemElement
__RELPATH               : Win32_Service.Name="Dnscache"
__PROPERTY_COUNT        : 25
__DERIVATION            : {Win32_BaseService, CIM_Service, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER                : ITMANSV
__NAMESPACE             : root\cimv2

AcceptPause             : False
AcceptStop              : True
Caption                 : DNS Client
CheckPoint              : 0
CreationClassName       : Win32_Service
Description             : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName             : DNS Client
InstallDate             : 
ProcessId               : 872
ServiceSpecificExitCode : 0
Started                 : True
StartName               : NT AUTHORITY\NetworkService
State                   : Running
SystemCreationClassName : Win32_ComputerSystem
SystemName              : ITMANSV
TagId                   : 0
WaitHint                : 0
Scope                   : System.Management.ManagementScope

Properties              : {AcceptPause, AcceptStop, Caption, CheckPoint...}
SystemProperties        : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers              : {dynamic, Locale, provider, UUID}
Site                    : 
Container               : 


PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-Service dnscache | fl *


Name                : dnscache
RequiredServices    : {Tcpip}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : DNS Client
DependentServices   : {}
MachineName         : .
ServiceName         : dnscache
ServicesDependedOn  : {Tcpip}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
Site                : 
Container           : 


PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache


PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
PSChildName     : Dnscache
PSDrive         : HKLM
PSProvider      : Microsoft.PowerShell.Core\Registry
Type            : 32
Start           : 2
ErrorControl    : 1
ImagePath       : C:\WINDOWS\system32\svchost.exe -k NetworkService
DisplayName     : DNS Client
Group           : TDI
DependOnService : {Tcpip}
DependOnGroup   : {}
ObjectName      : NT AUTHORITY\NetworkService
Description     : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.


PS C:\WINDOWS\system32\windowspowershell\v1.0> sc.exe qc dnscache
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: dnscache
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DNS Client
        DEPENDENCIES       : Tcpip
        SERVICE_START_NAME : NT AUTHORITY\NetworkService


On 2/06/11 8:50 AM, Storer, Raymond wrote: 

Scott and David, I’m not finding any .net call that will produce the “StartupType” for a service that is already installed. There is a documented way to do it from a Win32 API; but, that involves using P/Invoke. See here: http://www.leeholmes.com/blog/2009/01/19/powershell-pinvoke-walkthrough/  and here: http://pinvoke.net/default.aspx/advapi32/QueryServiceConfig.html

 
Ray

 
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] 
Sent: Wednesday, June 01, 2011 11:03 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
This is what I have so far:

 
function XymonSvcsNET2

{

                $result = [reflection.Assembly]::LoadWithPartialName("System.ServiceProcess")

                $Services = [System.ServiceProcess.ServiceController]::GetServices()

                $COLUMNNAME="Name"

                $COLUMNSTATUS="Status"

                $COLUMNDESCRIPTION="Description"

                #[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

                #get all the services installed on the local machine

                $serviceController = [System.ServiceProcess.ServiceController]::GetServices()

                "[svcs]"

                "--------------------------------------------------------------------------------------------------------------"

                "{0,-50} {1,-20} {2,-20}" -f `

                $COLUMNNAME, $COLUMNSTATUS, $COLUMNDESCRIPTION

                "--------------------------------------------------------------------------------------------------------------"

                foreach ($svc in $serviceController) {

                "{0,-50} {1,-20} {2,-20}" -f `

                $svc.Name, $svc.Status, $svc.DisplayName

                }

 
}

 
I did get the formatting figured out finally after about 6 hours.  The only piece that I cannot figure out is the service startup type, if I can get some help on that I think this is workable.  

 
I'm a complete newbie at powershell, so comments/help appreciated.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Monday, May 16, 2011 10:38 AM
To: David Baldwin
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
David, you can also use the “Load” method instead as follows:

 
[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

 
Ray

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 16, 2011 12:39 AM
To: 'Scot Kreienkamp'; Storer, Raymond
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Ray,

 
Thanks for the code. I’m a bit wary of using something with such a version specific path though – is that seriously a “standard” interface to a .Net DLL that can be expected to have some degree of persistence?

 
I’m offsite this week, will try to take a look next week.

 
Thanks, David.

 
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] 
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.  

 
I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid] 
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

 
Ray

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController = [System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

[snip]

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
Keep up to date with what's happening in Australian sport visit www.ausport.gov.au 

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.

David,

 
I'm pretty motivated to try and get this to work. BBWin is abandoned
and it's only a matter of time until it quits working entirely, and
the PS client is currently the only answer.  I see two problems with
the PS client that are holding it back from being a replacement for
BBWin. 

 
First, the services information is unreliable.  This can fix that, if
we can make it work. 

Second, the PS client as a whole is a bit of a hog.  It takes 8-10
seconds at 100% CPU to run with no logfiles.  Contrast that with BBWin
which takes 3-4 seconds including logfiles.  I've already had two
admins ask to remove the PS client because users were seeing an impact.

 
I did add the following line to the top of the PS client to get it to
run at the lowest priority of the system:

 
get-Process  -id $PID | foreach {$_.PriorityClass=
[System.Diagnostics.ProcessPriorityClass]::Idle}

 

that way hopefully it will cause less of an impact on the system as
the PS client is strictly CPU load.  I'll try using Ray's P/Invoke,
but it may be above my head as I am not a programmer.

*Sent:* Wednesday, June 01, 2011 10:49 PM
*To:* Storer, Raymond
*Cc:* Scot Kreienkamp; xymon at xymon.com
*Subject:* Re: [Xymon] Windows PS client svcs data missing

 
I can't see that this code gets anything more than Get-Service - since
Get-Service is an interface to [System.ServiceProcess.ServiceController]

Some of the info can be derived from the registry or running SC.EXE -
registry interpretation requires information about enumerations for
various keys, SC would require parsing output. Neither gives you
information about the running process if there is one which also used
by the client.

Looks like no way of getting away from the overhead of WMI - digging
around for extra information or messing around with unstructured text
will get you so far, but not all the info sought.

David.

PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-WmiObject -Filter
"Name='dnscache'" win32_service | fl *


Name                    : Dnscache
Status                  : OK
ExitCode                : 0
DesktopInteract         : False
ErrorControl            : Normal
PathName                : C:\WINDOWS\system32\svchost.exe -k
NetworkService
ServiceType             : Share Process
StartMode               : Auto
__GENUS                 : 2
__CLASS                 : Win32_Service
__SUPERCLASS            : Win32_BaseService
__DYNASTY               : CIM_ManagedSystemElement
__RELPATH               : Win32_Service.Name="Dnscache"
__PROPERTY_COUNT        : 25
__DERIVATION            : {Win32_BaseService, CIM_Service,
CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER                : ITMANSV
__NAMESPACE             : root\cimv2
__PATH                  :
\\ITMANSV\root\cimv2:Win32_Service.Name="Dnscache

AcceptPause             : False
AcceptStop              : True
Caption                 : DNS Client
CheckPoint              : 0
CreationClassName       : Win32_Service
Description             : Resolves and caches Domain Name System (DNS)
names for this computer. If this service is stopped, this computer
will not be able to resolve DNS names and locate Active Directory
domain controllers. If this service is disabled, any services that
explicitly depend on it will fail to start.
DisplayName             : DNS Client
InstallDate             :
ProcessId               : 872
ServiceSpecificExitCode : 0
Started                 : True
StartName               : NT AUTHORITY\NetworkService
State                   : Running
SystemCreationClassName : Win32_ComputerSystem
SystemName              : ITMANSV
TagId                   : 0
WaitHint                : 0
Scope                   : System.Management.ManagementScope
Path                    :
\\ITMANSV\root\cimv2:Win32_Service.Name="Dnscache

Properties              : {AcceptPause, AcceptStop, Caption,
CheckPoint...}
SystemProperties        : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers              : {dynamic, Locale, provider, UUID}
Site                    :
Container               :


PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-Service dnscache | fl *


Name                : dnscache
RequiredServices    : {Tcpip}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : DNS Client
DependentServices   : {}
MachineName         : .
ServiceName         : dnscache
ServicesDependedOn  : {Tcpip}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
Site                :
Container           :


PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-ItemProperty
HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache


PSPath          :
Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
PSParentPath    :
Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
PSChildName     : Dnscache
PSDrive         : HKLM
PSProvider      : Microsoft.PowerShell.Core\Registry
Type            : 32
Start           : 2
ErrorControl    : 1
ImagePath       : C:\WINDOWS\system32\svchost.exe -k NetworkService
DisplayName     : DNS Client
Group           : TDI
DependOnService : {Tcpip}
DependOnGroup   : {}
ObjectName      : NT AUTHORITY\NetworkService
Description     : Resolves and caches Domain Name System (DNS) names
for this computer. If this service is stopped, this computer will not
be able to resolve DNS names and locate Active Directory domain
controllers. If this service is disabled, any services that
explicitly depend on it will fail to start.


PS C:\WINDOWS\system32\windowspowershell\v1.0> sc.exe qc dnscache
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: dnscache
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k
NetworkService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DNS Client
        DEPENDENCIES       : Tcpip
        SERVICE_START_NAME : NT AUTHORITY\NetworkService


On 2/06/11 8:50 AM, Storer, Raymond wrote:

Scott and David, I’m not finding any .net call that will produce the
“StartupType” for a service that is already installed. There is a
documented way to do it from a Win32 API; but, that involves using
P/Invoke. See here:
http://www.leeholmes.com/blog/2009/01/19/powershell-pinvoke-walkthrough/ 
and here: http://pinvoke.net/default.aspx/advapi32/QueryServiceConfig.html

 
Ray

 
*From:*Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
*Sent:* Wednesday, June 01, 2011 11:03 AM
*To:* Storer, Raymond; David Baldwin

*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
This is what I have so far:

 
function XymonSvcsNET2

{

                $result =
[reflection.Assembly]::LoadWithPartialName("System.ServiceProcess")

                $Services =
[System.ServiceProcess.ServiceController]::GetServices()

                $COLUMNNAME="Name"

                $COLUMNSTATUS="Status"

                $COLUMNDESCRIPTION="Description"

                #[Reflection.Assembly]::Load(‘System.ServiceProcess,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

                #get all the services installed on the local machine

                $serviceController =
[System.ServiceProcess.ServiceController]::GetServices()

                "[svcs]"

               
"--------------------------------------------------------------------------------------------------------------"

                "{0,-50} {1,-20} {2,-20}" -f `

                $COLUMNNAME, $COLUMNSTATUS, $COLUMNDESCRIPTION

               
"--------------------------------------------------------------------------------------------------------------"

                foreach ($svc in $serviceController) {

                "{0,-50} {1,-20} {2,-20}" -f `

                $svc.Name, $svc.Status, $svc.DisplayName

                }

 
}

 
I did get the formatting figured out finally after about 6 hours.  The
only piece that I cannot figure out is the service startup type, if I
can get some help on that I think this is workable. 

 
I'm a complete newbie at powershell, so comments/help appreciated. 

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid <mailto:user-462cf0b6d846@xymon.invalid>

 
*From:*xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>
[mailto:xymon-bounces at xymon.com] *On Behalf Of *Storer, Raymond
*Sent:* Monday, May 16, 2011 10:38 AM
*To:* David Baldwin

*Subject:* Re: [Xymon] Windows PS client svcs data missing

 
David, you can also use the “Load” method instead as follows:

 
[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

 
Ray

 
*From:*David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid]
*Sent:* Monday, May 16, 2011 12:39 AM
*To:* 'Scot Kreienkamp'; Storer, Raymond

*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
Ray,

 
Thanks for the code. I’m a bit wary of using something with such a
version specific path though – is that seriously a “standard”
interface to a .Net DLL that can be expected to have some degree of
persistence?

 
I’m offsite this week, will try to take a look next week.

 
Thanks, David.

 
*From:*Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid]
*Sent:* Saturday, 14 May 2011 5:54 AM
*To:* Storer, Raymond; David Baldwin

*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
Thank you Raymond… If I knew how to implement it I would.  Hopefully
David or Henrik can find the time to experiment with it. 

 
I'm seeing all kinds of problems with the PS client…. If this keeps up
I'll have to remove it.  It pegged one of my servers at 100% for over
an hour, stuck on the WMI yesterday. 

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid <mailto:user-462cf0b6d846@xymon.invalid>

 
*From:*Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid]
*Sent:* Friday, May 13, 2011 12:58 PM
*To:* David Baldwin; Scot Kreienkamp

*Subject:* RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can
pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
| out-null

 
Ray

 
*From:*xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>
[mailto:xymon-bounces at xymon.com] *On Behalf Of *Storer, Raymond
*Sent:* Friday, May 13, 2011 11:40 AM
*To:* David Baldwin; Scot Kreienkamp

*Subject:* Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for
services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController =
[System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

[snip]

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
This message is intended only for the individual or entity to which it
is addressed.  It may contain privileged, confidential information
which is exempt from disclosure under applicable laws.  If you are not
the intended recipient, please note that you are strictly prohibited
from disseminating or distributing this information (other than to the
intended recipient) or copying this information.  If you have received
this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au <http://www.ausport.gov.au>;
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid <mailto:user-cbbf693f2c89@xymon.invalid>          Leverrier Street Bruce ACT 2617

 
Keep up to date with what's happening in Australian sport visit
www.ausport.gov.au <http://www.ausport.gov.au>;

This message is intended for the addressee named and may contain
confidential and privileged information. If you are not the intended
recipient please note that any form of distribution, copying or use of
this communication or the information in it is strictly prohibited and
may be unlawful. If you receive this message in error, please delete
it and notify the sender.


This message is intended only for the individual or entity to which it
is addressed.  It may contain privileged, confidential information
which is exempt from disclosure under applicable laws.  If you are not
the intended recipient, please note that you are strictly prohibited
from disseminating or distributing this information (other than to the
intended recipient) or copying this information.  If you have received
this communication in error, please notify us immediately by e-mail or
by telephone at the above number. Thank you.

<#>

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
First, the services information is unreliable.  This can fix that, if we can make it work.  

If you are happy to do without the PID of currently running services, can probably grab service startup status from registry and be done with it.

 
Second, the PS client as a whole is a bit of a hog.  It takes 8-10 seconds at 100% CPU to run with no logfiles.  Contrast that with BBWin which takes 3-4 seconds including logfiles.  I've already had two admins ask to remove the PS client because users were seeing an impact. 

Completely agree that the overhead has to be as low as possible. A monitoring agent shouldn't impact unduly on what it is monitoring!

 
I did add the following line to the top of the PS client to get it to run at the lowest priority of the system:

 
get-Process  -id $PID | foreach {$_.PriorityClass= [System.Diagnostics.ProcessPriorityClass]::Idle}

 
I can add an option to set the priority of the client at startup.

that way hopefully it will cause less of an impact on the system as the PS client is strictly CPU load.  I'll try using Ray's P/Invoke, but it may be above my head as I am not a programmer.

I really can't get excited about such gruesome delving into the bowels of Windows. A big attraction of using PS in the first place should be to avoid resorting to such ugly machinery. .Net classes and WMI is fair enough (as long as they don't overly burden the system), COM objects so-so, but directly invoking DLLs and similar seems pretty fragile as a long term proposition.

 
Scot Kreienkamp

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Wednesday, June 01, 2011 10:49 PM
To: Storer, Raymond
Cc: Scot Kreienkamp; xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
I can't see that this code gets anything more than Get-Service - since Get-Service is an interface to [System.ServiceProcess.ServiceController]

Some of the info can be derived from the registry or running SC.EXE - registry interpretation requires information about enumerations for various keys, SC would require parsing output. Neither gives you information about the running process if there is one which also used by the client.

Looks like no way of getting away from the overhead of WMI - digging around for extra information or messing around with unstructured text will get you so far, but not all the info sought.

David.

PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-WmiObject -Filter "Name='dnscache'" win32_service | fl *


Name                    : Dnscache
Status                  : OK
ExitCode                : 0
DesktopInteract         : False
ErrorControl            : Normal
PathName                : C:\WINDOWS\system32\svchost.exe -k NetworkService
ServiceType             : Share Process
StartMode               : Auto
__GENUS                 : 2
__CLASS                 : Win32_Service
__SUPERCLASS            : Win32_BaseService
__DYNASTY               : CIM_ManagedSystemElement
__RELPATH               : Win32_Service.Name="Dnscache"
__PROPERTY_COUNT        : 25
__DERIVATION            : {Win32_BaseService, CIM_Service, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER                : ITMANSV
__NAMESPACE             : root\cimv2
__PATH                  : \\ITMANSV\root\cimv2:Win32_Service.Name="Dnscache <file:///\\%5C%5CITMANSV%5Croot%5Ccimv2:Win32_Service.Name=%22Dnscache> "
AcceptPause             : False
AcceptStop              : True
Caption                 : DNS Client
CheckPoint              : 0
CreationClassName       : Win32_Service
Description             : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName             : DNS Client
InstallDate             : 
ProcessId               : 872
ServiceSpecificExitCode : 0
Started                 : True
StartName               : NT AUTHORITY\NetworkService
State                   : Running
SystemCreationClassName : Win32_ComputerSystem
SystemName              : ITMANSV
TagId                   : 0
WaitHint                : 0
Scope                   : System.Management.ManagementScope
Path                    : \\ITMANSV\root\cimv2:Win32_Service.Name="Dnscache <file:///\\%5C%5CITMANSV%5Croot%5Ccimv2:Win32_Service.Name=%22Dnscache> "
Options                 : System.Management.ObjectGetOptions
ClassPath               : \\ITMANSV\root\cimv2:Win32_Service <file:///\\%5C%5CITMANSV%5Croot%5Ccimv2:Win32_Service> 
Properties              : {AcceptPause, AcceptStop, Caption, CheckPoint...}
SystemProperties        : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers              : {dynamic, Locale, provider, UUID}
Site                    : 
Container               : 


PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-Service dnscache | fl *


Name                : dnscache
RequiredServices    : {Tcpip}
CanPauseAndContinue : False
CanShutdown         : False
CanStop             : True
DisplayName         : DNS Client
DependentServices   : {}
MachineName         : .
ServiceName         : dnscache
ServicesDependedOn  : {Tcpip}
ServiceHandle       : SafeServiceHandle
Status              : Running
ServiceType         : Win32ShareProcess
Site                : 
Container           : 


PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache


PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
PSChildName     : Dnscache
PSDrive         : HKLM
PSProvider      : Microsoft.PowerShell.Core\Registry
Type            : 32
Start           : 2
ErrorControl    : 1
ImagePath       : C:\WINDOWS\system32\svchost.exe -k NetworkService
DisplayName     : DNS Client
Group           : TDI
DependOnService : {Tcpip}
DependOnGroup   : {}
ObjectName      : NT AUTHORITY\NetworkService
Description     : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.


PS C:\WINDOWS\system32\windowspowershell\v1.0> sc.exe qc dnscache
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: dnscache
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DNS Client
        DEPENDENCIES       : Tcpip
        SERVICE_START_NAME : NT AUTHORITY\NetworkService


On 2/06/11 8:50 AM, Storer, Raymond wrote: 

Scott and David, I’m not finding any .net call that will produce the “StartupType” for a service that is already installed. There is a documented way to do it from a Win32 API; but, that involves using P/Invoke. See here: http://www.leeholmes.com/blog/2009/01/19/powershell-pinvoke-walkthrough/  and here: http://pinvoke.net/default.aspx/advapi32/QueryServiceConfig.html

 
Ray

 
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] 
Sent: Wednesday, June 01, 2011 11:03 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
This is what I have so far:

 
function XymonSvcsNET2

{

                $result = [reflection.Assembly]::LoadWithPartialName("System.ServiceProcess")

                $Services = [System.ServiceProcess.ServiceController]::GetServices()

                $COLUMNNAME="Name"

                $COLUMNSTATUS="Status"

                $COLUMNDESCRIPTION="Description"

                #[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

                #get all the services installed on the local machine

                $serviceController = [System.ServiceProcess.ServiceController]::GetServices()

                "[svcs]"

                "--------------------------------------------------------------------------------------------------------------"

                "{0,-50} {1,-20} {2,-20}" -f `

                $COLUMNNAME, $COLUMNSTATUS, $COLUMNDESCRIPTION

                "--------------------------------------------------------------------------------------------------------------"

                foreach ($svc in $serviceController) {

                "{0,-50} {1,-20} {2,-20}" -f `

                $svc.Name, $svc.Status, $svc.DisplayName

                }

 
}

 
I did get the formatting figured out finally after about 6 hours.  The only piece that I cannot figure out is the service startup type, if I can get some help on that I think this is workable.  

 
I'm a complete newbie at powershell, so comments/help appreciated.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Monday, May 16, 2011 10:38 AM
To: David Baldwin
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
David, you can also use the “Load” method instead as follows:

 
[Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)

 
Ray

 
From: David Baldwin [mailto:user-cbbf693f2c89@xymon.invalid] 
Sent: Monday, May 16, 2011 12:39 AM
To: 'Scot Kreienkamp'; Storer, Raymond
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Ray,

 
Thanks for the code. I’m a bit wary of using something with such a version specific path though – is that seriously a “standard” interface to a .Net DLL that can be expected to have some degree of persistence?

 
I’m offsite this week, will try to take a look next week.

 
Thanks, David.

 
From: Scot Kreienkamp [mailto:user-462cf0b6d846@xymon.invalid] 
Sent: Saturday, 14 May 2011 5:54 AM
To: Storer, Raymond; David Baldwin
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Thank you Raymond… If I knew how to implement it I would.  Hopefully David or Henrik can find the time to experiment with it.  

 
I'm seeing all kinds of problems with the PS client…. If this keeps up I'll have to remove it.  It pegged one of my servers at 100% for over an hour, stuck on the WMI yesterday.  

 
Scot Kreienkamp

Senior Systems Engineer

user-462cf0b6d846@xymon.invalid

 
From: Storer, Raymond [mailto:user-bbaa567d59bb@xymon.invalid] 
Sent: Friday, May 13, 2011 12:58 PM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: RE: [Xymon] Windows PS client svcs data missing

 
Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can pipe it to out-null to avoid any unwanted output. So:

 
[Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’) | out-null

 
Ray

 
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Storer, Raymond
Sent: Friday, May 13, 2011 11:40 AM
To: David Baldwin; Scot Kreienkamp
Cc: xymon at xymon.com
Subject: Re: [Xymon] Windows PS client svcs data missing

 
Scot and David, if you’d prefer to implement a .net pure call for services you can try the following:

 
# your path to the file may very

[ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)

#get all the services installed on the local machine

$serviceController = [System.ServiceProcess.ServiceController]::GetServices()

foreach ($svc in $serviceController) {

                # should indicate: Stopped, Running, or Paused … others???

                write-host $svc.Status

                # the service name

                write-host $svc.Name

                # the service display name

                write-host $svc.DisplayName

}

 
Ray

[snip]

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.

 
This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 

 
CONFIDENTIALITY NOTICE: This email and any attachments are for the
exclusive and confidential use of the intended recipient. If you are not
the intended recipient, please do not read, distribute or take action in
reliance upon this message. If you have received this in error, please
notify us immediately by return email and promptly delete this message
and its attachments from your computer system. We do not waive
attorney-client or work product privilege by the transmission of this
message.


-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617

 
Keep up to date with what's happening in Australian sport visit www.ausport.gov.au 

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender. 


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you. 


-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617


This message is intended only for the individual or entity to which it is addressed.  It may contain privileged, confidential information which is exempt from disclosure under applicable laws.  If you are not the intended recipient, please note that you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information.  If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.