Monitoring services Automatic startup type

All replies

• 

  

  0

  Sign in to vote

  You could try something similair to what's described here : http://blogs.technet.com/b/brianwren/archive/2008/03/07/using-wildcards-with-the-windows-service-template.aspx

  Except the wmi query would be something like

  select * from win32_service where (name like '%') AND (startmode ='auto')

  
  

  
  

  • Edited by CyrAz Thursday, February 26, 2015 4:10 PM

  Thursday, February 26, 2015 4:10 PM
• 

  

  0

  Sign in to vote

  For monitoring services Automatic startup type using scom 2012, you will need to create custom monitor using powershell script

  $API          = new-object -comObject "MOM.ScriptAPI"
  $PropertyBag  = $API.CreatePropertyBag()
  
  $flag = 0
  $serviceName = ""
  $newline = "`r`n"
  
  ## Exclusion List to exclude Windows Services from the scan
  $exclusionList = @("dddSharedAccess","sppsvc","Server3")
  
  $autoNotRunningServiceList = Get-WmiObject win32_service | where-object{$_.Startmode -eq "Auto" -and $_.State -ne "Running"}
  
  foreach($autoService in $autoNotRunningServiceList)
  {
      if($autoService.name -notin $exclusionList)
      {
           $serviceName = $serviceName + $autoService.displayname + ", " + $newline   
          $flag = $flag + 1    }
  }
  
  if( $flag -gt 0)
  {    $PropertyBag.AddValue("State","NOTOK")
       $PropertyBag.AddValue("Description", "There are " + $flag + " Service(s) with Start Up Type = Automatic but Not Started found: " + $serviceName)   }
    else 
  {   $PropertyBag.AddValue("State","OK")
      $PropertyBag.AddValue("Description", "No Services with Start Up Type = Automatic but Not Started found.")  }
  
  $PropertyBag

  
  

  Also you can refer below links

  http://blogs.msdn.com/b/wei_out_there_with_system_center/archive/2014/05/05/opsmgr-monitoring-windows-services-based-on-startup-type-amp-state-with-a-powershell-based-monitor.aspx

  http://blogs.technet.com/b/kevinholman/archive/2010/11/07/monitoring-windows-services-automatic-manual-and-disabled-using-checkstartuptype.aspx

  ---

  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"Mai Ali | My blog: Technical | Twitter: Mai Ali

  • Proposed as answer by Patrick Seidl (s2) Friday, February 27, 2015 4:57 AM

  Thursday, February 26, 2015 11:17 PM
• 

  

  0

  Sign in to vote

  Using the wildcard without any prefix/suffix is possible but would end up as discovering every service on every managed machine that is set to startup type auto. And that could be a loooot.

  /patrick

  ---

  Please remember to click “Mark as Answer” on the post that helped you.
  Patrick Seidl (System Center and Private Cloud)
  Website: http://www.syliance.com
  Blog: http://www.systemcenterrocks.com

  Friday, February 27, 2015 4:56 AM
• 

  

  0

  Sign in to vote

  Did the same In Opsmgr 2012, but I don't get an alert if I stop a service.
  For SCOM 2012 R2, you can override the rule "A service terminated unexpectedly" for monitoring whether a service is terminate unexpected. It just monitor the event id 7021, 7024,7031 7032,7033 and 7034 for system log. This means that the service is stop unexpected, with error. If you manual stop the service, its will log event id 7036 into system log which cannot be captured by the rule. If you want to testing the functionality of the rule, you should open the task manager --> Processes and then stop the process. Then 7031 is log into system log.
  Roger

  Friday, February 27, 2015 6:33 AM
• 

  

  0

  Sign in to vote

  I created the custom monitor using the powershell script, but like Roger, I don't get an alert stopping a service.

  I do get an EventId 21405 warning "failed to create System.PropertyBagData" in the eventlog, and in the OpsMgr Console when I restart a monitored server.

  The override for "A service terminated unexpectedly" does work. taskkill /pid <pidid> /f generates an alert

  
  
  
  

  • Edited by Biga_b Friday, February 27, 2015 3:10 PM

  Friday, February 27, 2015 12:13 PM
• 

  

  0

  Sign in to vote

  I've got something similar in my toolbox. No clue where I've got the VBS from (ages ago, thanks to the author :-) ) but it still works fine:

        <UnitMonitor ID="Syliance.Windows.Server.Extension.ManagementPack.Generic.Service.Monitor" Accessibility="Internal" Enabled="false" Target="Windows!Microsoft.Windows.Server.Computer" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.TimedScript.TwoStateMonitorType" ConfirmDelivery="false">
          <Category>AvailabilityHealth</Category>
          <AlertSettings AlertMessage="Syliance.Windows.Server.Extension.ManagementPack.Generic.Service.Monitor_AlertMessageResourceID">
            <AlertOnState>Error</AlertOnState>
            <AutoResolve>true</AutoResolve>
            <AlertPriority>Normal</AlertPriority>
            <AlertSeverity>Error</AlertSeverity>
            <AlertParameters>
              <AlertParameter1>$Data/Context/Property[@Name='Description']$</AlertParameter1>
            </AlertParameters>
          </AlertSettings>
          <OperationalStates>
            <OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success" />
            <OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Error" />
          </OperationalStates>
          <Configuration>
            <IntervalSeconds>300</IntervalSeconds>
            <SyncTime />
            <ScriptName>Monitor_Auto_Services.vbs</ScriptName>
            <Arguments>/Exclude:"'Microsoft .NET Framework NGEN v4.0.30319_X64' 'Microsoft .NET Framework NGEN v4.0.30319_X86' 'Performance Logs and Alerts'"</Arguments>
            <ScriptBody><![CDATA[' Monitor if any automatic service is not running
  ' Excluded: Performance Logs and Alerts service is auto but never running
  ' Create a two state timed generic script unit monitor
  ' HEALTH EXPRESSIONS
  ' Healthy Property[@Name='State'] Contains GOOD
  ' Unhealthy Property[@Name='State'] Contains BAD
  ' ALERT DESCRIPTION
  ' $Data/Context/Property[@Name='Description']$
  Set oAPI = CreateObject("MOM.ScriptAPI")
  Set oShell = CreateObject( "WScript.Shell" )
  Set arArgs = WScript.Arguments.Named
  Set oBag = oAPI.CreatePropertyBag()
  dim StateRegPath : StateRegPath = "HKLM\" & oAPI.GetScriptStateKeyPath("ServicesStopped")
  On Error Resume Next
  GetState = oShell.RegRead(StateRegPath & "\ServicesList")
  on error Goto 0
  allGood = TRUE
  RepeatDown = FALSE
  sExcludeList = arArgs.Item("Exclude")
  Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  'Get System Uptime, if recently rebotted, do not continue
  Set colOperatingSystems = oWMI.ExecQuery("Select * From Win32_PerfFormattedData_PerfOS_System")
  For Each objOS in colOperatingSystems
      intSystemUptime = Int(objOS.SystemUpTime)
  Next
  If (intSystemUptime > 900) Then
   Set allSvc = oWMI.ExecQuery("Select * from Win32_Service Where StartMode = 'Auto'")
   For Each oSvc in allSvc
      If (oSvc.Started = FALSE and instr(1,sExcludeList,"'" & oSvc.DisplayName & "'") < 1) Then
      sList = sList & oSvc.DisplayName & ", "
      allGood = FALSE
      if instr(1,GetState,oSvc.DisplayName) > 0 then RepeatDown = TRUE
      End If
   Next
   If allGood = TRUE then
      Call oBag.AddValue("State", "GOOD")
      call oShell.RegWrite (StateRegPath & "\ServicesList", "", "REG_SZ")
   Else
      if RepeatDown = TRUE then
          Call oBag.AddValue("State", "BAD")
          Call oBag.AddValue("Description", "Automatic service(s) not running: " & sList)
      end if
      call oShell.RegWrite (StateRegPath & "\ServicesList", sList, "REG_SZ")
    End if
  Else
   Call oBag.AddValue("State", "GOOD")
  End If
  Call oAPI.Return(oBag)]]></ScriptBody>
            <TimeoutSeconds>60</TimeoutSeconds>
            <ErrorExpression>
              <SimpleExpression>
                <ValueExpression>
                  <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
                </ValueExpression>
                <Operator>Equal</Operator>
                <ValueExpression>
                  <Value Type="String">BAD</Value>
                </ValueExpression>
              </SimpleExpression>
            </ErrorExpression>
            <SuccessExpression>
              <SimpleExpression>
                <ValueExpression>
                  <XPathQuery Type="String">Property[@Name='State']</XPathQuery>
                </ValueExpression>
                <Operator>Equal</Operator>
                <ValueExpression>
                  <Value Type="String">GOOD</Value>
                </ValueExpression>
              </SimpleExpression>
            </SuccessExpression>
          </Configuration>
        </UnitMonitor>
      </Monitors>

  
  

  HTH,
  Cheers,
  Patrick

  ---

  Please remember to click “Mark as Answer” on the post that helped you.
  Patrick Seidl (System Center and Private Cloud)
  Website: http://www.syliance.com
  Blog: http://www.systemcenterrocks.com

  Friday, February 27, 2015 3:17 PM
• 

  

  0

  Sign in to vote

  @Patrick

  I also tried your script, but all my agent go grey, and get an alert:

  After deleting the monitor, agents are healthy again

  I probably am doing something wrong during creation of the Unit monitor. These are my steps:Create Unit Monitor PDF 

  The lines I changed in the script are highlighted in red.

  Thanx

  
  

  • Edited by Biga_b Monday, March 2, 2015 4:53 PM

  Monday, March 2, 2015 4:52 PM
• 

  

  0

  Sign in to vote

  Yeah... I posted the whole XML and not only the VBS part ;-)

  In your case you've to use this script:

  Set oAPI = CreateObject("MOM.ScriptAPI")
  Set oShell = CreateObject( "WScript.Shell" )
  Set arArgs = WScript.Arguments.Named
  Set oBag = oAPI.CreatePropertyBag()
  dim StateRegPath : StateRegPath = "HKLM\" & oAPI.GetScriptStateKeyPath("ServicesStopped")
  On Error Resume Next
  GetState = oShell.RegRead(StateRegPath & "\ServicesList")
  on error Goto 0
  allGood = TRUE
  RepeatDown = FALSE
  sExcludeList = arArgs.Item("Exclude")
  Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
  'Get System Uptime, if recently rebotted, do not continue
  Set colOperatingSystems = oWMI.ExecQuery("Select * From Win32_PerfFormattedData_PerfOS_System")
  For Each objOS in colOperatingSystems
  intSystemUptime = Int(objOS.SystemUpTime)
  Next
  If (intSystemUptime > 900) Then
  Set allSvc = oWMI.ExecQuery("Select * from Win32_Service Where StartMode = 'Auto'")
  For Each oSvc in allSvc
  If (oSvc.Started = FALSE and instr(1,sExcludeList,"'" & oSvc.DisplayName & "'") < 1) Then
  sList = sList & oSvc.DisplayName & ", "
  allGood = FALSE
  if instr(1,GetState,oSvc.DisplayName) > 0 then RepeatDown = TRUE
  End If
  Next
  If allGood = TRUE then
  Call oBag.AddValue("State", "GOOD")
  call oShell.RegWrite (StateRegPath & "\ServicesList", "", "REG_SZ")
  Else
  if RepeatDown = TRUE then
  Call oBag.AddValue("State", "BAD")
  Call oBag.AddValue("Description", "Automatic service(s) not running: " & sList)
  end if
  call oShell.RegWrite (StateRegPath & "\ServicesList", sList, "REG_SZ")
  End if
  Else
  Call oBag.AddValue("State", "GOOD")
  End If
  Call oAPI.Return(oBag)

  And add the following line to the parameters dialog:

  /Exclude:"'Microsoft .NET Framework NGEN v4.0.30319_X64' 'Microsoft .NET Framework NGEN v4.0.30319_X86' 'Performance Logs and Alerts'"
  

  Cheers,
  Patrick

  ---

  Please remember to click “Mark as Answer” on the post that helped you.
  Patrick Seidl (System Center and Private Cloud)
  Website: http://www.syliance.com
  Blog: http://www.systemcenterrocks.com

  • Marked as answer by Biga_b Wednesday, March 4, 2015 5:15 PM

  Monday, March 2, 2015 5:31 PM
• 

  

  0

  Sign in to vote

  Thanks Patrick

  Me copying the whole XML file gives you an idea of my scripting skills. Bad..

  Added 2 more services in the exclusion list, test a few services by stopping them, and it's working. Do get the alerts.

  If I enable this monitor on about 100 servers, there will be a few services (Delayed Start, Trigger Start) that will be started on a few servers. So I have to investigate the services to exclude.

  Anyway thanks for the help. I'm having a discussion now with a colleague if we really need this monitor..

  Thanx

  Wednesday, March 4, 2015 5:15 PM
• 

  

  0

  Sign in to vote

  Hi Patrick, Can you please tell me where I need to exactly put the Excluded list of services in this Script.

  As I’ve ‘put it in sExcludeList = arArgs.Item(“‘Remore registry'”) but still its not working?

  Friday, December 1, 2017 1:55 PM