[Xymon] Windows PS client svcs data missing
David Baldwin
david.baldwin at ausport.gov.au
Mon Jun 6 03:40:52 CEST 2011
Scot,
>
> David,
>
>
>
> I'm pretty motivated to try and get this to work. BBWin is abandoned
> and it's only a matter of time until it quits working entirely, and
> the PS client is currently the only answer. I see two problems with
> the PS client that are holding it back from being a replacement for
> BBWin.
>
>
>
> First, the services information is unreliable. This can fix that, if
> we can make it work.
>
If you are happy to do without the PID of currently running services,
can probably grab service startup status from registry and be done with it.
>
> Second, the PS client as a whole is a bit of a hog. It takes 8-10
> seconds at 100% CPU to run with no logfiles. Contrast that with BBWin
> which takes 3-4 seconds including logfiles. I've already had two
> admins ask to remove the PS client because users were seeing an impact.
>
Completely agree that the overhead has to be as low as possible. A
monitoring agent shouldn't impact unduly on what it is monitoring!
>
>
>
> I did add the following line to the top of the PS client to get it to
> run at the lowest priority of the system:
>
>
>
> get-Process -id $PID | foreach {$_.PriorityClass=
> [System.Diagnostics.ProcessPriorityClass]::Idle}
>
>
>
I can add an option to set the priority of the client at startup.
>
> that way hopefully it will cause less of an impact on the system as
> the PS client is strictly CPU load. I'll try using Ray's P/Invoke,
> but it may be above my head as I am not a programmer.
>
I really can't get excited about such gruesome delving into the bowels
of Windows. A big attraction of using PS in the first place should be to
avoid resorting to such ugly machinery. .Net classes and WMI is fair
enough (as long as they don't overly burden the system), COM objects
so-so, but directly invoking DLLs and similar seems pretty fragile as a
long term proposition.
David.
>
>
>
> Scot Kreienkamp
>
>
>
> *From:*David Baldwin [mailto:david.baldwin at ausport.gov.au]
> *Sent:* Wednesday, June 01, 2011 10:49 PM
> *To:* Storer, Raymond
> *Cc:* Scot Kreienkamp; xymon at xymon.com
> *Subject:* Re: [Xymon] Windows PS client svcs data missing
>
>
>
> I can't see that this code gets anything more than Get-Service - since
> Get-Service is an interface to [System.ServiceProcess.ServiceController]
>
> Some of the info can be derived from the registry or running SC.EXE -
> registry interpretation requires information about enumerations for
> various keys, SC would require parsing output. Neither gives you
> information about the running process if there is one which also used
> by the client.
>
> Looks like no way of getting away from the overhead of WMI - digging
> around for extra information or messing around with unstructured text
> will get you so far, but not all the info sought.
>
> David.
>
> PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-WmiObject -Filter
> "Name='dnscache'" win32_service | fl *
>
>
> Name : Dnscache
> Status : OK
> ExitCode : 0
> DesktopInteract : False
> ErrorControl : Normal
> PathName : C:\WINDOWS\system32\svchost.exe -k
> NetworkService
> ServiceType : Share Process
> StartMode : Auto
> __GENUS : 2
> __CLASS : Win32_Service
> __SUPERCLASS : Win32_BaseService
> __DYNASTY : CIM_ManagedSystemElement
> __RELPATH : Win32_Service.Name="Dnscache"
> __PROPERTY_COUNT : 25
> __DERIVATION : {Win32_BaseService, CIM_Service,
> CIM_LogicalElement, CIM_ManagedSystemElement}
> __SERVER : ITMANSV
> __NAMESPACE : root\cimv2
> __PATH :
> \\ITMANSV\root\cimv2:Win32_Service.Name="Dnscache
> <file:///%5C%5CITMANSV%5Croot%5Ccimv2:Win32_Service.Name=%22Dnscache>"
> AcceptPause : False
> AcceptStop : True
> Caption : DNS Client
> CheckPoint : 0
> CreationClassName : Win32_Service
> Description : Resolves and caches Domain Name System (DNS)
> names for this computer. If this service is stopped, this computer
> will not be able to resolve DNS names and locate Active Directory
> domain controllers. If this service is disabled, any services that
> explicitly depend on it will fail to start.
> DisplayName : DNS Client
> InstallDate :
> ProcessId : 872
> ServiceSpecificExitCode : 0
> Started : True
> StartName : NT AUTHORITY\NetworkService
> State : Running
> SystemCreationClassName : Win32_ComputerSystem
> SystemName : ITMANSV
> TagId : 0
> WaitHint : 0
> Scope : System.Management.ManagementScope
> Path :
> \\ITMANSV\root\cimv2:Win32_Service.Name="Dnscache
> <file:///%5C%5CITMANSV%5Croot%5Ccimv2:Win32_Service.Name=%22Dnscache>"
> Options : System.Management.ObjectGetOptions
> ClassPath : \\ITMANSV\root\cimv2:Win32_Service
> <file:///%5C%5CITMANSV%5Croot%5Ccimv2:Win32_Service>
> Properties : {AcceptPause, AcceptStop, Caption,
> CheckPoint...}
> SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
> Qualifiers : {dynamic, Locale, provider, UUID}
> Site :
> Container :
>
>
>
>
> _______________________________________________________________________________________________________________________________________________
> PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-Service dnscache | fl *
>
>
> Name : dnscache
> RequiredServices : {Tcpip}
> CanPauseAndContinue : False
> CanShutdown : False
> CanStop : True
> DisplayName : DNS Client
> DependentServices : {}
> MachineName : .
> ServiceName : dnscache
> ServicesDependedOn : {Tcpip}
> ServiceHandle : SafeServiceHandle
> Status : Running
> ServiceType : Win32ShareProcess
> Site :
> Container :
>
>
>
>
> _______________________________________________________________________________________________________________________________________________
> PS C:\WINDOWS\system32\windowspowershell\v1.0> Get-ItemProperty
> HKLM:\SYSTEM\CurrentControlSet\Services\Dnscache
>
>
> PSPath :
> Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
> PSParentPath :
> Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
> PSChildName : Dnscache
> PSDrive : HKLM
> PSProvider : Microsoft.PowerShell.Core\Registry
> Type : 32
> Start : 2
> ErrorControl : 1
> ImagePath : C:\WINDOWS\system32\svchost.exe -k NetworkService
> DisplayName : DNS Client
> Group : TDI
> DependOnService : {Tcpip}
> DependOnGroup : {}
> ObjectName : NT AUTHORITY\NetworkService
> Description : Resolves and caches Domain Name System (DNS) names
> for this computer. If this service is stopped, this computer will not
> be able to resolve DNS names and locate Active Directory domain
> controllers. If this service is disabled, any services that
> explicitly depend on it will fail to start.
>
>
> PS C:\WINDOWS\system32\windowspowershell\v1.0> sc.exe qc dnscache
> [SC] QueryServiceConfig SUCCESS
>
> SERVICE_NAME: dnscache
> TYPE : 20 WIN32_SHARE_PROCESS
> START_TYPE : 2 AUTO_START
> ERROR_CONTROL : 1 NORMAL
> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k
> NetworkService
> LOAD_ORDER_GROUP : TDI
> TAG : 0
> DISPLAY_NAME : DNS Client
> DEPENDENCIES : Tcpip
> SERVICE_START_NAME : NT AUTHORITY\NetworkService
>
>
>
> On 2/06/11 8:50 AM, Storer, Raymond wrote:
>
> Scott and David, I’m not finding any .net call that will produce the
> “StartupType” for a service that is already installed. There is a
> documented way to do it from a Win32 API; but, that involves using
> P/Invoke. See here:
> http://www.leeholmes.com/blog/2009/01/19/powershell-pinvoke-walkthrough/
> and here: http://pinvoke.net/default.aspx/advapi32/QueryServiceConfig.html
>
>
>
> Ray
>
>
>
> *From:*Scot Kreienkamp [mailto:SKreien at la-z-boy.com]
> *Sent:* Wednesday, June 01, 2011 11:03 AM
> *To:* Storer, Raymond; David Baldwin
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Subject:* RE: [Xymon] Windows PS client svcs data missing
>
>
>
> This is what I have so far:
>
>
>
> function XymonSvcsNET2
>
> {
>
> $result =
> [reflection.Assembly]::LoadWithPartialName("System.ServiceProcess")
>
> $Services =
> [System.ServiceProcess.ServiceController]::GetServices()
>
> $COLUMNNAME="Name"
>
> $COLUMNSTATUS="Status"
>
> $COLUMNDESCRIPTION="Description"
>
> #[Reflection.Assembly]::Load(‘System.ServiceProcess,
> Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)
>
> #get all the services installed on the local machine
>
> $serviceController =
> [System.ServiceProcess.ServiceController]::GetServices()
>
> "[svcs]"
>
>
> "--------------------------------------------------------------------------------------------------------------"
>
> "{0,-50} {1,-20} {2,-20}" -f `
>
> $COLUMNNAME, $COLUMNSTATUS, $COLUMNDESCRIPTION
>
>
> "--------------------------------------------------------------------------------------------------------------"
>
> foreach ($svc in $serviceController) {
>
> "{0,-50} {1,-20} {2,-20}" -f `
>
> $svc.Name, $svc.Status, $svc.DisplayName
>
> }
>
>
>
> }
>
>
>
> I did get the formatting figured out finally after about 6 hours. The
> only piece that I cannot figure out is the service startup type, if I
> can get some help on that I think this is workable.
>
>
>
> I'm a complete newbie at powershell, so comments/help appreciated.
>
>
>
> Scot Kreienkamp
>
> Senior Systems Engineer
>
> skreien at la-z-boy.com <mailto:skreien at la-z-boy.com>
>
>
>
> *From:*xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>
> [mailto:xymon-bounces at xymon.com] *On Behalf Of *Storer, Raymond
> *Sent:* Monday, May 16, 2011 10:38 AM
> *To:* David Baldwin
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Subject:* Re: [Xymon] Windows PS client svcs data missing
>
>
>
> David, you can also use the “Load” method instead as follows:
>
>
>
> [Reflection.Assembly]::Load(‘System.ServiceProcess, Version=2.0.0.0,
> Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’)
>
>
>
>
> Ray
>
>
>
> *From:*David Baldwin [mailto:David.Baldwin at ausport.gov.au]
> *Sent:* Monday, May 16, 2011 12:39 AM
> *To:* 'Scot Kreienkamp'; Storer, Raymond
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Subject:* RE: [Xymon] Windows PS client svcs data missing
>
>
>
> Ray,
>
>
>
> Thanks for the code. I’m a bit wary of using something with such a
> version specific path though – is that seriously a “standard”
> interface to a .Net DLL that can be expected to have some degree of
> persistence?
>
>
>
> I’m offsite this week, will try to take a look next week.
>
>
>
> Thanks, David.
>
>
>
> *From:*Scot Kreienkamp [mailto:SKreien at la-z-boy.com]
> *Sent:* Saturday, 14 May 2011 5:54 AM
> *To:* Storer, Raymond; David Baldwin
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Subject:* RE: [Xymon] Windows PS client svcs data missing
>
>
>
> Thank you Raymond… If I knew how to implement it I would. Hopefully
> David or Henrik can find the time to experiment with it.
>
>
>
> I'm seeing all kinds of problems with the PS client…. If this keeps up
> I'll have to remove it. It pegged one of my servers at 100% for over
> an hour, stuck on the WMI yesterday.
>
>
>
> Scot Kreienkamp
>
> Senior Systems Engineer
>
> skreien at la-z-boy.com <mailto:skreien at la-z-boy.com>
>
>
>
> *From:*Storer, Raymond [mailto:storerr at nibco.com]
> *Sent:* Friday, May 13, 2011 12:58 PM
> *To:* David Baldwin; Scot Kreienkamp
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Subject:* RE: [Xymon] Windows PS client svcs data missing
>
>
>
> Opps… I missed the “.” in the [Reflection.Assembly]. Also, you can
> pipe it to out-null to avoid any unwanted output. So:
>
>
>
> [Reflection.Assembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
> | out-null
>
>
>
> Ray
>
>
>
> *From:*xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>
> [mailto:xymon-bounces at xymon.com] *On Behalf Of *Storer, Raymond
> *Sent:* Friday, May 13, 2011 11:40 AM
> *To:* David Baldwin; Scot Kreienkamp
> *Cc:* xymon at xymon.com <mailto:xymon at xymon.com>
> *Subject:* Re: [Xymon] Windows PS client svcs data missing
>
>
>
> Scot and David, if you’d prefer to implement a .net pure call for
> services you can try the following:
>
>
>
> # your path to the file may very
>
> [ReflectionAssembly]::LoadFile(‘C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727\System.ServiceProcess.dll’)
>
> #get all the services installed on the local machine
>
> $serviceController =
> [System.ServiceProcess.ServiceController]::GetServices()
>
> foreach ($svc in $serviceController) {
>
> # should indicate: Stopped, Running, or Paused … others???
>
> write-host $svc.Status
>
> # the service name
>
> write-host $svc.Name
>
> # the service display name
>
> write-host $svc.DisplayName
>
> }
>
>
>
> Ray
>
> [snip]
>
>
>
>
>
> ------------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: This email and any attachments are for the
> exclusive and confidential use of the intended recipient. If you are not
> the intended recipient, please do not read, distribute or take action in
> reliance upon this message. If you have received this in error, please
> notify us immediately by return email and promptly delete this message
> and its attachments from your computer system. We do not waive
> attorney-client or work product privilege by the transmission of this
> message.
>
>
>
>
>
>
>
> This message is intended only for the individual or entity to which it
> is addressed. It may contain privileged, confidential information
> which is exempt from disclosure under applicable laws. If you are not
> the intended recipient, please note that you are strictly prohibited
> from disseminating or distributing this information (other than to the
> intended recipient) or copying this information. If you have received
> this communication in error, please notify us immediately by e-mail or
> by telephone at the above number. Thank you.
>
>
>
> ------------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: This email and any attachments are for the
> exclusive and confidential use of the intended recipient. If you are not
> the intended recipient, please do not read, distribute or take action in
> reliance upon this message. If you have received this in error, please
> notify us immediately by return email and promptly delete this message
> and its attachments from your computer system. We do not waive
> attorney-client or work product privilege by the transmission of this
> message.
>
>
>
>
> --
> David Baldwin - IT Unit
> Australian Sports Commission www.ausport.gov.au <http://www.ausport.gov.au>
> Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616
> david.baldwin at ausport.gov.au <mailto:david.baldwin at ausport.gov.au> Leverrier Street Bruce ACT 2617
>
>
>
> ------------------------------------------------------------------------
>
> Keep up to date with what's happening in Australian sport visit
> www.ausport.gov.au <http://www.ausport.gov.au>
>
> This message is intended for the addressee named and may contain
> confidential and privileged information. If you are not the intended
> recipient please note that any form of distribution, copying or use of
> this communication or the information in it is strictly prohibited and
> may be unlawful. If you receive this message in error, please delete
> it and notify the sender.
>
> ------------------------------------------------------------------------
>
>
>
>
>
>
>
> This message is intended only for the individual or entity to which it
> is addressed. It may contain privileged, confidential information
> which is exempt from disclosure under applicable laws. If you are not
> the intended recipient, please note that you are strictly prohibited
> from disseminating or distributing this information (other than to the
> intended recipient) or copying this information. If you have received
> this communication in error, please notify us immediately by e-mail or
> by telephone at the above number. Thank you.
>
> <#>
--
David Baldwin - IT Unit
Australian Sports Commission www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616
david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20110606/5c7dc129/attachment.html>
More information about the Xymon
mailing list