locked
GUP monitoring RRS feed

  • Question

  • Hi All,

    I am newbie to power shell. I like to script to automate things that is a daily routine work for us. My company is having more than 7000 systems with more than 600 sections and we went with Symantec Enterprise protection suite for protection purpose and I am in charge of it. We have been provided with a console where we can go through these sections(which will have details of the systems and whether they are online and Symantec services running or not). Each section will have 7-10 systems and in each section will be 'having a system which will act as a group update provider for all updates from our Datacentre to each section

    My daily routine is that to check whether that GUP is on and the Symantec service is running which is an hectic thing and it takes 2 hrs to complete the procedure

    So I used powershell 4.0 and wrote a script for my GUP monitor after some googling . I was able to check whether the GUP is online and and also able to check the path of the smc.exe(which is useful for enabling Symantec. But i am not able to get the service "SEPMaster" status. 

    Here I am putting the script for you. 

    Workflow Test-MultiConnection {
     
        param([string[]]
        
        $ComputerName,
        [string[]] $servers
        )
          
      
     $servers = "D:\ip.csv"
        $csv = Import-CSV $servers
        foreach -Parallel ($item in $csv) {
        $server = $item.Servers
        $ip = $item.IpAddress 
         sequence
        {
       
        $online = Test-Connection -ComputerName $ip -Count 1 -Quiet
        $test = test-path "\\$ip\c$\program files\symantec\Symantec Endpoint Protection\smc.exe" 
        $test1 = test-path "\\$ip\C$\Program Files\SAV\Symantec AntiVirus\smc.exe" 
        
    <#$Check_status = get-service SepMasterService -computer $ip | select Status#>
           
            $Obj = New-Object -Type PSObject -Property @{
                BranchName =$server
                IPAddress = $ip
                Online       = $online
                SMCPath = $test
                ASMCPath = $test1
                SeviceStaus = $Check_status        }
            $Obj
            }
            }
        }
     
    
     
    
    Test-MultiConnection $ComputerName | Select -Property BranchName,IPAddress, Online, SMCPath, ASMCPath, SeviceStaus | Out-GridView
    
    
    
    
    

    if i am removing "<# ......#> for that $check_status line, I get the following error

    At D:\PSF\GUPtest2.ps1:18 char:19
    +   $Check_status = get-service SepMasterService -computer $ip | select Status
    +                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Could not find a parameter named 'ComputerName'. Remote connectivity in this 
    command is handled by the 'PSComputerName' parameter.
        + CategoryInfo          : ParserError: (:) [], ParseException
        + FullyQualifiedErrorId : RemotingHandledByPSComputerName


    Help me out guys........................!!!!!!!!!!!!!!


    • Edited by BASATI Saturday, November 15, 2014 6:59 AM
    Saturday, November 15, 2014 6:59 AM

Answers

  • Play with this for a bit.  I think you will begin to se how it works.

    This uses the defaults of sequence and multiple jobs.

    Workflow Test-MultiConnection {
        Param(
            $servicename='SepMasterService'
        )
        $props=[ordered]@{
            IPAddress = (Test-Connection $pscomputername -Count 1 -ea 0).IPV4Address.IPAddressToString
            Online = Test-Connection -ComputerName $pscomputername -Count 1 -Quiet
            SMCPath = Test-Path "\\$pscomputername\c$\program files\symantec\Symantec Endpoint Proteion\smc.exe"
            ASMCPath = Test-Path "\\$pscomputername\C$\Program Files\SAV\Symantec AntiVirus\smc.exe"
            ServiceStatus = (Get-Service -Name  $servicename -ComputerName $pscomputername -ea 'SilentlyContinue').Status
            JobName=$JobName
        }
        $obj=New-Object PsCustomObject -Property $props
        $obj
    }
    $servers=Get-Content servers.txt
    Test-MultiConnection -PSComputerName $servers -servicename Browser

    Or you can do this:

    $servers=(Get-AdComputer -filter *).Name


    ¯\_(ツ)_/¯







    • Edited by jrv Saturday, November 15, 2014 10:11 AM
    • Marked as answer by BASATI Saturday, November 15, 2014 12:01 PM
    Saturday, November 15, 2014 9:34 AM
  • Is this your service line??

           ServiceStatus = (Get-Service -Name  $servicename -ComputerName $pscomputername -ea 'SilentlyContinue').Status
    What is your run command?

    Test-MultiConnection -PSComputerName $servers

    Run this line with the correct server name:

    (Get-Service -Name  YOURSERVICENAME -ComputerName  YOURREMOTESERVER ).Status


    ¯\_(ツ)_/¯


    • Edited by jrv Saturday, November 15, 2014 11:29 AM
    • Marked as answer by BASATI Saturday, November 15, 2014 11:43 AM
    • Unmarked as answer by BASATI Saturday, November 15, 2014 11:43 AM
    • Marked as answer by BASATI Saturday, November 15, 2014 12:01 PM
    Saturday, November 15, 2014 11:29 AM

All replies

  • Play with this for a bit.  I think you will begin to se how it works.

    This uses the defaults of sequence and multiple jobs.

    Workflow Test-MultiConnection {
        Param(
            $servicename='SepMasterService'
        )
        $props=[ordered]@{
            IPAddress = (Test-Connection $pscomputername -Count 1 -ea 0).IPV4Address.IPAddressToString
            Online = Test-Connection -ComputerName $pscomputername -Count 1 -Quiet
            SMCPath = Test-Path "\\$pscomputername\c$\program files\symantec\Symantec Endpoint Proteion\smc.exe"
            ASMCPath = Test-Path "\\$pscomputername\C$\Program Files\SAV\Symantec AntiVirus\smc.exe"
            ServiceStatus = (Get-Service -Name  $servicename -ComputerName $pscomputername -ea 'SilentlyContinue').Status
            JobName=$JobName
        }
        $obj=New-Object PsCustomObject -Property $props
        $obj
    }
    $servers=Get-Content servers.txt
    Test-MultiConnection -PSComputerName $servers -servicename Browser

    Or you can do this:

    $servers=(Get-AdComputer -filter *).Name


    ¯\_(ツ)_/¯







    • Edited by jrv Saturday, November 15, 2014 10:11 AM
    • Marked as answer by BASATI Saturday, November 15, 2014 12:01 PM
    Saturday, November 15, 2014 9:34 AM
  • Hi jrv,

    Thanks for the quick reply. I will try your code.But I required some clarifications before testing the code. Please donot mind if it sounds dumb.

    1) "IPAddress = (test-connection ws701 -Count 1). ""

    What is this ws701 in this line and whether I have to replace it with any other thing

    2) I have to save the servers.txt file with the IP's in the below mentioned pattern...right?

    10.XX.XX.XXX

    10.XX.XX.XXX

    10.XX.XX.XXX



    Naveen Basati

    Saturday, November 15, 2014 10:06 AM
  • Hi jrv,

    Thanks for the quick reply. I will try your code.But I required some clarifications before testing the code. Please donot mind if it sounds dumb.

    1) "IPAddress = (test-connection ws701 -Count 1). ""

    What is this ws701 in this line and whether I have to replace it with any other thing

    2) I have to save the servers.txt file with the IP's in the below mentioned pattern...right?

    10.XX.XX.XXX

    10.XX.XX.XXX

    10.XX.XX.XXX



    Naveen Basati

    Sorry - it was left from testing. Use this $pscomputername   I fixed it above too.

    ¯\_(ツ)_/¯

    Saturday, November 15, 2014 10:12 AM
  • Hi jrv,

    I tested the code. It is working fine with the test connection. But I guess it is neither detecting the path correctly nor the service status.. I am attaching the screenshot for ur reference. 


    Naveen Basati

    Saturday, November 15, 2014 10:51 AM
  • Either the path does't exisit or you do not have access to it.

    Run test-path at a prompt.

    This line has a spelling error.

    \\$pscomputername\c$\program files\symantec\Symantec Endpoint Proteion\smc.exe"

    protection is spelled wrong.


    ¯\_(ツ)_/¯

    Saturday, November 15, 2014 11:08 AM
  • Hi jrv,

    That slipped from my eye :-)). Thanks for that

    now the path is showing correctly. But unfortunately the service is still showing stopped which is wrong. Any workaround need to be done.


    Naveen Basati

    Saturday, November 15, 2014 11:24 AM
  • Is this your service line??

           ServiceStatus = (Get-Service -Name  $servicename -ComputerName $pscomputername -ea 'SilentlyContinue').Status
    What is your run command?

    Test-MultiConnection -PSComputerName $servers

    Run this line with the correct server name:

    (Get-Service -Name  YOURSERVICENAME -ComputerName  YOURREMOTESERVER ).Status


    ¯\_(ツ)_/¯


    • Edited by jrv Saturday, November 15, 2014 11:29 AM
    • Marked as answer by BASATI Saturday, November 15, 2014 11:43 AM
    • Unmarked as answer by BASATI Saturday, November 15, 2014 11:43 AM
    • Marked as answer by BASATI Saturday, November 15, 2014 12:01 PM
    Saturday, November 15, 2014 11:29 AM
  • Hi jrv,

    Seriously I can bet on you at any point of time. It worked. Mistake is on my side, I didnt copied the script properly.

    Thanks a lot. 

    But could you please let me know what is the reason i am  getting the error which i have posted at the starting of the post.  and also explain the code especially this line 

    ++++++++"

      IPAddress = (Test-Connection $pscomputername -Count 1 -ea 0).IPV4Address.IPAddressToString"

    Naveen Basati

    Saturday, November 15, 2014 11:48 AM
  • Here is another method  that is faster and more flexible.  It aslo circumvents some bugs in Get-Service:

    Workflow Test-MultiConnection {
        Param(
            $servicename='SepMasterService'
        )
            $props=@{
                IPAddress = [System.Net.Dns]::Resolve($PSComputerName).AddressList[0].IPAddressToString
                Online = Test-Connection -ComputerName localhost -Count 1 -Quiet
                SMCPath = $null
                ASMCPath = $null
                ServiceName=$servicename
                ServiceStatus = $null
                JobName=$jobname
            }
    
        inlinescript{
            $p=$using:props
            $p.SMCPath=Test-Path 'c:\program files\symantec\Symantec Endpoint Protection\smc.exe'
            $p.ASMCPath=Test-Path 'C:\Program Files\SAV\Symantec AntiVirus\smc.exe'
            $p.ServiceStatus = (Get-Service -Name  $p.servicename -ea 'SilentlyContinue').Status
            New-Object PsObject -Property $p
        }
    }
    
    Test-MultiConnection -PSComputerName $servers 
    
    
    


    ¯\_(ツ)_/¯

    Saturday, November 15, 2014 12:07 PM
  • Hi jrv,

    Thanks for the new code. But it is throwing an error.

    Connecting to remote server 10.94.70.26 failed with the following error 
    message : The WinRM client cannot process the request. Default authentication 
    may be used with an IP address under the following conditions: the transport 
    is HTTPS or the destination is in the TrustedHosts list, and explicit 
    credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that 
    computers in the TrustedHosts list might not be authenticated. For more 
    information on how to set TrustedHosts run the following command: winrm help 
    config. For more information, see the about_Remote_Troubleshooting Help topic.
        + CategoryInfo          : OpenError: (System.String[]:String[]) [], PSRemo 
       tingTransportException
        + FullyQualifiedErrorId : ConnectionAttemptFailed
        + PSComputerName        : [localhost]

    Could you please explain why this error is throwing up. What are the changes I have to do to resolving it.

    Naveen Basati

    Saturday, November 15, 2014 6:05 PM
  • WinRM is not enabled so the inline method won't work. INLINESCRPT send the script to the remote server and retrieves the results.

    If you do not have remoting set up then you will be forced to use less efficient and more complex methods.  Get Service has an issue when run remotely in a workflow.  It may work but may fail.  I haven't quite nailed down what the issue is.

    Either enable remoting (Group Policy) or use the non-inline workflow.


    ¯\_(ツ)_/¯

    Saturday, November 15, 2014 6:21 PM
  • Whether enabling remoting(Group policy) wont create any security issues???


    Naveen Basati


    • Edited by BASATI Saturday, November 15, 2014 8:10 PM
    Saturday, November 15, 2014 8:10 PM
  • Whether enabling remoting(Group policy) wont create any security issues???


    Naveen Basati



    Why would a properly managed Window Service create an issue?  The important thing is to deploy it correctly which might include some research and/or training.

    ¯\_(ツ)_/¯

    Monday, November 17, 2014 1:40 AM
  • Hi,

    I am Chetan Savade from Symantec Technical Support Team.

    I am not good at scripting but just wanted to help you other way. You can check the GUP status through the SEPM console as well.

    How to search for the clients that act as Group Update Providers ?

    http://www.symantec.com/docs/TECH96094

    & if the GUP machines have green dot then you can rest assure SEP services are up and running.

    Monday, November 17, 2014 10:13 AM
  • Hi jrv,

    Thanks for the suggestion, I will check with it for sure. I will get back to you, if I am having any issues.


    Naveen Basati

    Monday, November 17, 2014 11:33 AM
  • Hi Chetan,

    Thanks for the suggestion. I already aware of that and I was not able to take a look at 600 + GUP's at a time and while exporting the list, i am not getting the IP.

    Also, I have to call them for enabling the symantec services as I have to ask for  permission before taking the system for taking remote access or call them to ON that system. Its somewhat hectic thing.

    But your suggesstion can reduce the work to an extent. Thanks once again.


    Naveen Basati

    Monday, November 17, 2014 11:40 AM
  • Hi jrv,

    I made my mind to go with the Remote(GP) thing, but I have to work out before going with it as I have to dealt with different OS levels in my organization.

    I found this article after searching in google

    http://www.windowsnetworking.com/articles-tutorials/windows-server-2012/remote-management-powershell-part1.html

    Hope this help me out, any more suggestions will be a great help for me.

    Thanks again. Have a nice day !!!!!!!!!!!!


    Naveen Basati

    Tuesday, November 18, 2014 3:36 AM
  • Hi JRV,

    We have created GP(Remoting) but waiting for the nod from the higher officials. But in the mean time, i have searched and in google and found a code that is using runspace pooling

    function ForEach-Parallel {
        param(
            [Parameter(Mandatory=$true,position=0)]
            [System.Management.Automation.ScriptBlock] $ScriptBlock,
            [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
            [PSObject]$InputObject,
            [Parameter(Mandatory=$false)]
            [int]$MaxThreads=5
        )
        BEGIN {
            $iss = [system.management.automation.runspaces.initialsessionstate]::CreateDefault()
            $pool = [Runspacefactory]::CreateRunspacePool(1, $maxthreads, $iss, $host)
            $pool.open()
            $threads = @()
            $ScriptBlock = $ExecutionContext.InvokeCommand.NewScriptBlock("param(`$_)`r`n" + $Scriptblock.ToString())
        }
        PROCESS {
            $powershell = [powershell]::Create().addscript($scriptblock).addargument($InputObject)
            $powershell.runspacepool=$pool
            $threads+= @{
                instance = $powershell
                handle = $powershell.begininvoke()
            }
        }
        END {
            $notdone = $true
            while ($notdone) {
                $notdone = $false
                for ($i=0; $i -lt $threads.count; $i++) {
                    $thread = $threads[$i]
                    if ($thread) {
                        if ($thread.handle.iscompleted) {
                            $thread.instance.endinvoke($thread.handle)
                            $thread.instance.dispose()
                            $threads[$i] = $null
                        }
                        else {
                            $notdone = $true
                        }
                    }
                }
            }
        }
    }
    
    $ErrorActionPreference = "Stop";
    
    $ComputerList = $(Read-Host "Enter the Location of the computerlist")
    $Computers = Get-Content $ComputerList
    $Computers |ForEach-Parallel -MaxThreads 100{
    
    try{
        $online = Test-Connection $_ -Count 1 -ErrorAction silentlycontinue
    if($online){
        #$domain = Get-WmiObject -Class Win32_ComputerSystem  -ComputerName $_| select Domain
        $test  =  test-path "\\$_\c$\program files\symantec\Symantec Endpoint Protection\smc.exe"
        $test1 =  test-path "\\$_\C$\Program Files\SAV\Symantec AntiVirus\smc.exe"
        "Online: " + $_ + $test + $test1# + "Domain Status:  " + $domain
                } 
    else{
       $_ + " - Machine not accessible"
        }
       }
     Catch{
       "Caught an exception!" +
       "Exception Type: $($_.Exception.GetType().FullName)" +
        "Exception Message: $($_.Exception.Message)" 
          } 
    
     } | out-gridview -Title  "GUP Monitor"
    
    
    

    This is working very fine and bit faster to add to the note. But I am getting a string out put. But I want an output seggregated. Could you help me out

    Naveen Basati

    Friday, November 21, 2014 12:16 PM