SCOM - Powershell script to monitor windows services not working when applied to multiple groups

morphues · June 1, 2018, 1:19am

Hi Guys,

I’m currently working on a PS Script that will monitor Windows service(s) that has a startup type of automatic but is not running.

The script below is working fine if you apply it to individual computers or just a group. However, if you apply it to another group/multiple groups(group of windows servers) the monitor will stop working and will only work on the original group.

I’m kinda stuck here and I’m not really sure if the problem is with actual PS script or if it’s on how i set up the properties of the script.

Step 1. Query WMI for a list of services that are set to start automatically but are not running = where {($.StartType -eq ‘Automatic’ ) -and ($.Status -eq “Stopped”)}

Add to dictionary

Step 2. Remove any excluded services from the list of services(set via param)

Step 3. If any failed services were found return unhealthy othewise return healthy

Step 4. Add the number of failed services to the property bag

Output: Display the list of failed Services

Display total number of failed services detected.

param(
$Arguments, # Mandatory
[Parameter(HelpMessage=“Services that will be excluded from monitoring”)][string]$ExcludedServices
)

. ([Scriptblock]::Create($Arguments))

$ScomAPI = New-Object -comObject “MOM.ScriptAPI”
$PropertyBag = $ScomAPI.CreatePropertyBag()

$arrExclusions = $ExcludedServices.Split(",").Trim()

$objStoppedAutoServices = Get-Service | where {($.StartType -eq ‘Automatic’ ) -and ($.Status -eq “Stopped”)}

$strFailedServices = “”

#Setup hash table & add all services that are set to automatic but has status of ‘Stopped’/or is not running
$ServicesList = @{}

ForEach($Service in $objStoppedAutoServices)
{
$ServicesList.add($Service.Name, $service.Name + “(” + $Service.DisplayName + “)”)

}

#write-host “Added” $ServicesList.Count “items to our hash table”

#Removed excluded services from our table
ForEach($Service in $objStoppedAutoServices) {

foreach($Exclusion in $arrExclusions)
{
if ($Service -like $Exclusion) {

$ServicesList.Remove($service.Name)
#Write-Host "Removing " $Service.Name “in the list”
}
}

}

#this will be use to display all services that failed
ForEach($objService in $ServicesList.Keys)
{
$strFailedServices += $ServicesList.Item($objService) + “rn”
}

If($ServicesList.Count -gt 0 ) {

#Found some unhealthy Service(s)
$PropertyBag.AddValue(“State”, “Unhealthy”)

} else {
#write-host “Health state = healthy”
$PropertyBag.AddValue(“State”, “Healthy”)
}

$PropertyBag.AddValue(“NumberOfFailedServices”, $ServicesList.Count)
$PropertyBag.AddValue(“FailedServices”, $strFailedServices)

Send output to SCOM

$PropertyBag

f1point2 · June 1, 2018, 5:50am

Hi Len

Not sure what you mean by:

“The script below is working fine if you apply it to individual computers or just a group. However, if you apply it to another group/multiple groups(group of windows servers) the monitor will stop working and will only work on the original group.”

You target monitors at classes not at groups. If you target a group then it will run on the a Management Server as that is where groups are hosted.

What class are you targeting this monitor at? Windows Computers? Windows Operating System? A specific version of Windows Computer or Windows Operating System?

Also, what do you mean by not working? Does it error? Or does it just stop alerting?

Cheers

Graham

ervia · June 1, 2018, 8:25am

As a side note, I have just implemented a similar monitor

https://blogs.technet.microsoft.com/meamcs/2016/02/01/windows-automatic-services-monitoring-using-scom/

Which uses a csv file to exclude services, either by all computer, or specific computer. I presume you don’t want to go back to the drawing board, but it might give you some ideas of a different approach.

jannep · June 1, 2018, 6:25am

Could it be that he has targeted all windows servers and disabled the monitor and then done an override to enable it only for a computer, group, multiple groups?

f1point2 · June 1, 2018, 7:03am

I agree - not a great way of targeting but the only way in the SCOM console. You end up with every windows server with every monitor against it whether it should be running there or not. At the very least I would use an authoring console to create classes for targeting even if you use the console for the monitoring.

But this also comes to:

What is the actual target? OS and Computer are two distinctly separate classes.
What objects are in the group that is being used in the override? Are they the same as the target?

Cheers

spa5603 · June 4, 2018, 9:49am

If you have implemented the rule as in the example, the target of your rule is the Windows computer class and the rule is enabled by default. So the rule would have to be applied to all Windows computers that know SCOM.

Where do you define the assignment of the rule to the group or groups?

f1point2 · June 6, 2018, 7:48am

Hi Len - did you resolve this? Just wondered if we could provide any more assistance.