Hi guys,
Has anyone figured out how to successfully restart a server using a trigger action?
I'm trying to execute cmd and shutdown.exe with attributes but nothing seems to work.
Any input greatly appreciated.
Deltona
The most common issue that many customers face when trying to execute external applications through the Advanced Alert Manager are permissions. Because the Advanced Alert Manager runs under the context of the Windows local system account it does not have permissions to access network resources. There are multiple ways around this problem but there are two which are most common. The first is to execute the command through PowerShell or VBScript and force impersonation of another user that has adequate permissions to execute the desired action. The other, simpler way is the change the user account that the Advanced Alert Manager runs under to an account with higher privileges than the local system account, as pictured below. Keep in mind that if you go with this approach you will need to update this every time the Orion configuration wizard runs, as it will be set back to use the local system account.
Hi,
Could you provide the exact type of trigger to use and eventually command?
If its "Execute an External Program" then what would the program and parameters be? I've tried several to no avail.
C:\Windows\System32\runas.exe /noprofile /user:SWI\OrionADM /savecred "C:\WINDOWS\system32\shutdown.exe /m \\WindowsServer
It it is a vbscript that should be executed, do you have one that you could share with us please?
Thanks.
The "savecred" only utilizes the credentials under the user account they were saved under. For example, if you saved the credentials for the SWI\OrionADM account while logged in to the server as the local administrator, only the local admin has access to these credentials. The local system account that the Advanced Alert Manager service runs under wouldn't have access to these saved credentials, and as such the command will fail to execute.
My recommendation would be to use psshutdown.exe, which is part of Microsoft's free pstools. It will allow you to pass the username and password as part of the command. Just ensure that wherever the psshutdown.exe is extracted that the local system account has read and execute privileges to that directory.
Do you have a working example of what the command in the trigger would look like when it works?
PSTools folder is in the root of C:
At the company I left a few weeks ago, one of the last items I worked on was a graceful shutdown process, whereby an entire site's servers would shutdown gracefully when it was on UPS and the UPS had reached a predetermined level. This was compounded by the fact that each site had physical Windows servers (and some had physical Linux servers), VMs, and NetApp filers, and shutdown had to occur in a specific order.
The first thing I did was set up an alert that determined when a site was On Battery and also when the battery level reached a certain threshold (we started at 30%). Since we used APC UPS units, this was fairly easy with the custom poller. For the alert, I triggered a VB script. My initial thoughts when the task came my way (without many details) was to use PSExec in PSTools. I quickly found that this would not work for the scope that was wanted. I ended up having to work with our VM, Filer, and Windows admins to come up with something that would work for a majority of sites (those without physical Linux servers--that step would have come later).
Anyways, we ended up going with a script that did the following:
1. Extracted a site's 5 character name from the name of the UPS alerting.
2. Queried the DB to determine if a server was Windows physical or virtual.
3. Intiating a PSExec shutdown command on physical Windows server.
4. Passing the 5 character code to a Powershell script residing on a different server.
5. The PS script then initiated shutdown of the VMs and eventually filers.
This was a pain to figure out, but right before I left, we ran a test. During this first test, we didn't actually initate shutdown, but output to text to determine whether it would be successful. It took some tweaking, but it was a successful test. We had plans underway to do a full site test, but I left, and where the process is now, I don't know. I did grab the scripts I worked on, at least my parts (the PS was developed by our VM admin), and I hope to upload some form of them on Content Exchange soon.
So the short of it is, yes, you can initiate a restart. As your trigger action you can either run an external program and call on PSExec or PSShutdown, or you can vbscript it if more is needed. In our environment, we set up an account with elevated permissions on our top level domain (we called it app.orion) and we used that for any needs such as this.
