cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

APM Powershell script error for remote computer

I'm running the query below to return the number of times an eventlog has appeared in the last 5 minutes. This will return an accurate number. I've tested this from the Orion server's powershell terminal against all my servers and it works. However when I run it via the integrated powershell monitor in APM (4.0.1) I get the error below. The issue is that I've done all the steps necessary. I got that error locally in the terminal until I enabled PSRemoting and added the computer to the trustedhosts. Anyone have any idea:

Get-EventLog Application -ComputerName <remote-server-ip-address> -message *someString* -entrytype Error | where {$_.eventID -eq ####} | where {$_.TimeGenerated -gt (get-date).AddMinutes(-5)} | Group-Object EntryType | Format-Table Count -HideTableHeaders

I put my server's IP address in the monitor
I put my real string I'm searching for after "-message"
I put the real eventid I'm searching on

Below is the error I'm getting when I test the Application Monitor via the web console:

---------------------------------------------
Testing on node N1G6DB2 WAN (0.117): failed with 'NotAvailable' status
Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
---------------------------------------------

I've tried checking the https box and not checking it. I'm using V2. I confirmed my servers use that version ($host.version). the Orion server and the others are both Windows Server 2008 R2 x64. If I run either of the following queries I can see that TrustedHosts is set to "local" which means all servers in the same workgroup will work (this is our case as there's no domain). And it does work now if I run locally on the Orion server's powershell terminal.

(A) Set-Item WSMan:\localhost\Client\TrustedHosts

or

(B) winrm get winrm/config

 

If you haven't noticed, yes this is my attempt to find a script that can query for the exact number of times an event has occured since the last polling cycle. So far it works great if I run it directly on the server, just not via the web.

0 Kudos
8 Replies
Level 9

Ran some more tests. I opened IE on the ORION server and ran the query against the IP of the ORION server and had it check for events that are in it's own logs. Got the same error back. I even tried taking out the "-ComputerName <ip-address>" part so that it did a localhost lookup and it too failed. I'm certain the oRION server can query for this info of itself. The credentials passed are the local administrator account too.

0 Kudos

Hello,

This seems like authentication problem within Microsoft's Web Service Management implementation that is remote PS script running on.

For some reason 'local' does not match you server. Maybe you could use following setting to allow all machines being trusted:

winrm set winrm/config/client @{TrustedHosts="*"}

If this work it might be worth setting more specific value like:

winrm set winrm/config/client @{TrustedHosts="IP1, IP2"}

Regards,

0 Kudos

Thanks. I did that and now get this error, though it works fine when I run it in Powershell from the ORION server:

 

Testing on node server3: failed with 'Undefined' status Windows script execution error.

0 Kudos

Hello,
I would like to summarize several things about PoweShell monitor that could be easily encountred and has significant error messages.

Firstly, good start is to read following articles:

Windows PowerShell Monitor

http://www.solarwinds.com/NetPerfMon/SolarWinds/wwhelp/wwhimpl/common/html/wwhelp.htm#href=OrionAPMP...

Creating a Windows PowerShell Monitor

http://www.solarwinds.com/NetPerfMon/SolarWinds/wwhelp/wwhimpl/common/html/wwhelp.htm#href=OrionAPMP...

Please also notice that PowerShell version means:

-         Version 1 can run scripts only locally, that is, on the Orion APM server. This is the default value.

-         Version 2 can also execute scripts remotely (on the selected target node) using the Windows Remote

Management (WRM) system component. WRM should be configured separately to get it working with the Windows PowerShell monitor.

As you can see powershell scripts are executed on target machine with using of Windows Remote Management (Windows WS-Management) and rely on this service being configured properly.

Scenarios

Error Message:

Could not load type 'System.Management.Automation.Runspaces.WSManConnectionInfo' from assembly 'System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e37'

Description:

Machine where is Orion server running has not installed WinRM an PS v2.

Resolution:

This could be easily fixed by installing PS v2.

You can download the package at http://support.microsoft.com/kb/968930

 

Error Message:

Connecting to remote server failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.

Description:

Most probably is WinRM not configured on the machine.

Resolution:

You can run command line, type winrm quickconfig“ and select yes in dialog for quick configuration.

 

Error Message:

Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. You can get more information about that by running the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.

Description:

Connection could not be established because host (APM server) is not thusted.

Resolution:

Option 1: Add specific thrusted host by running command: „winrm set winrm/config/client @{TrustedHosts="IP1, IP2"}

Option 1: Set any host as thrusted by running command: „winrm set winrm/config/client @{TrustedHosts="*"}

 

Scripts

There are two things that scripts should do.

1)     Define string „Statistic: XX“ where XX is stattictical output value of the script in script output. Monitor is parsing statistics from output and if is not there script fails.

2)     Script has to have an exit code that represent outcome. For example PS command „exit (0)“ defines outcome available. You can find more information about exit codes in administration guide.

Please note the following updated links for SolarWinds SAM online help:

0 Kudos

I have explained that this does not fix the issue. I've done all the steps required and none of those errors apply to me.

 

I don't understand how to apply the statistic part. Can you look at my query above and help determine where I should put that piece in? The same for the exit code?

 

Thanks

0 Kudos

Following script is giving you number of error messages in last 5 minutes. You will just need to add you extra filtering. Also, if you are running script on target box (not locally) then you will not need to specify computer name which (at least for me) did not work with IP. 

 

$result = @(Get-EventLog Application -entrytype Error | where {$_.TimeGenerated -gt (get-date).AddMinutes(-5)} | Group-Object EntryType | Format-Table @{ Expression = {"Statistic:" + $_.Count}} -HideTableHeaders)

 

if ($result.length -gt 0) 

{

  foreach ($st in $result) 

  {

    $st

  }

}

else {"Statitic:0"}

 

exit(0)

The following Windows PowerShell script shows an example of how to use the Statistic string:

*******code example*******

$avg = Get-WmiObject win32_process -ComputerName '${IP}' -Credential '${CREDENTIAL}' | Where-Object {$_.Name -eq "lsass.exe" } | Measure-Object -property ReadOperationCount -Average;


Write-Host 'Statistic: ' $avg.Average


exit(0)

 

*******code example*******

 

Note that it reads the average ReadOperationCount from the process lsass.exe, and then writes the Statistic: string with that value:

Statistic: <value>

This value is used to compare against the thresholds that have been set. For example if you set warning to 30 and critical to 70, if the statistic is written with the value 40, that will generate a warning (> 30).

In your particular case, after reading the value for your query, you will need to process its meaning to return a single numeric value for the statistic: that is meaningful for tripping the thresholds that you set in the monitor.

Also remember to specify an exit code, for example:

exit(0)

returns an exit code of 0, which indicates the monitor is Up.

For more info about the Statistic: string, and the exit codes, see: http://www.solarwinds.com/NetPerfMon/SolarWinds/OrionAPMAGCreatingWindowsScriptMonitor.htm

To see the complete PowerShell script example described above, see: http://www.solarwinds.com/NetPerfMon/SolarWinds/OrionAPMAGCreatingPowershellMonitor.htm

I should also mention that there is a known bug that development is investigating which currently causes thresholds to be ignored. See the following post:

Windows PowerShell Thresholds Bug

 

Hope this helps,

Mike