• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 32 subscribers
  • Views 1331 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

PsExec.exe through SAM Template using Windows Script Monitor Component

eqassem

I have created a SAM Template using the Windows Script Monitor Component running VBScript against a windows server.

Here is the code:

Set objShell = CreateObject("WScript.Shell")


counter = 0




Set objScriptExec = objShell.Exec("C:\psexec\pstools\psexec.exe \\${IP} -u ${USER} -p ${PASSWORD} -accepteula netstat -an")


Do While Not objScriptExec.StdOut.AtEndOfStream


   results = objScriptExec.StdOut.ReadLine()


   if instr(results, "TIME_WAIT")>0 then


      counter = counter + 1  


   end if


Loop




msg = ""


Do While Not objScriptExec.StdErr.AtEndOfStream


   msg = msg & objScriptExec.StdErr.ReadLine()


Loop




wscript.echo "Message: " & msg


wscript.echo "Statistic: " & counter

The purpose of the code is to execute netstat on the target server which we are monitoring and count the number of "TIME_WAIT" connections exist and return the count.

PsExec.exe exists on the Solarwinds server at the location C:\psexec\pstools\

The credentials used are the same for both the Solarwinds server and the Target server to be monitored.

This WORKS! But only if I remote into the Solarwinds server with the user that I am using as the credentials.  If the user isn't remote desktop connected into the Solarwinds server, this is the error returned:

PsExec v2.11 - Execute processes remotely


Copyright (C) 2001-2014 Mark Russinovich


Sysinternals - www.sysinternals.com


The handle is invalid.


Connecting to xx.xx.xxx.x... 


Starting PSEXESVC service on xx.xx.xxx.x... 


Connecting with PsExec service on xx.xx.xxx.x... 


Error deriving session key

All is irrelevant except for line 08. Error deriving session key.  This will go away when it works.

Why is it not working if the account is not logged in through remote desktop to the Solarwinds server?  Is there something I am doing wrong? Can I change something to make this work regardless if the account is logged in or not?

Thanks in advance,

Emran

  • 0

    It is likely an impersonation issue. Orion runs as a Windows Service under the local system account, so any impersonation required to access remote hosts needs to be handled within the script. Another option would be to use to use the Agent included in SAM 6.2, then the script would run locally on the server where the agent is installed and impersonation would not be necessary.

  • 0 in reply to aLTeReGo

    Right, Orion runs as a service on the Solarwinds Server, so any script we create through the Windows Script Monitor will run locally on that server through the Windows system account. This will cause psexec to run as the local windows system account on the Solarwinds Server.  psexec then will connect to the remote server to be monitored using the credentials given.  I have found that the user needs to have the same username and password on both the Solarwinds server and the server to be monitored.  It works fine if I login remotely to the Solarwinds Server, otherwise it gets the error "Error deriving session key".

    Are you saying that I should impersonate the user through the VB script which runs through the Orion service on the Solarwinds Server before executing psexec?  If so, how?

    As for the other option you gave, the Agent available on SAM 6.2 , is that a tool which will need to be installed on the machine to be monitored? I am running SAM 6.1.1...

    Thanks,

    Emran

  • 0 in reply to eqassem

    Yes, the agent included in SAM 6.2 would be installed on the remote host you intend to monitor. As for impersonation within your vbscript there are a variety of ways, one of which is using Windows built-in Runas. If given the option however I would recommend going the agent route as it will be easier to troubleshoot since there will be no need for impersonation. 

    im compname
     Set compname=CreateObject("Wscript.Network")
    

    dim wshShell
    set wshShell=CreateObject("Wscript.Shell")
    wshShell.run("runas /noprofile /user:" & compname.ComputerName &
    "\adminaccountname " & Chr(34) & "cmd /c\" & Chr(34) &
    WScript.Arguments(0) & "\" & Chr(34) & Chr(34))
    WScript.Sleep 100
    wshShell.AppActivate "Runas"
    WScript.Sleep 100 
    wshShell.SendKeys "accountpassword~"
  • 0 in reply to aLTeReGo

    This doesn't work.

    The problem is the output from this run command:

    wshShell.run("runas /noprofile /user:" & compname.ComputerName &

    does not allow the output to be read in the code, so I do not have the ability to process the response....  Only

    Set objShellExecOut = wsShell.Exe(...)

    gives an object which will allow an me to parse the stdErr and stdOut data...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.