Monitoring Windows Services – Automatic, Manual, and Disabled, using CheckStartupType


<!--[if lt IE 9]>

<![endif]-->

Comments (17)

  1. Kevin Holman says:

    Ramesh – absolutely you can use scheduled MM to accomplish this as well.

  2. Kevin Holman says:

    @Derek –

    I dont know offhand the best way to tackle that issue.  I would imagine I would want to discover the application as a class, then write a script based monitor to monitor the services that has logic for the wildcard… not sure.  I'd really have to dig in.  Either way – creating a class is the way I would go for the application.

    @Ramesh –

    Yes – you can do this using the examples on Boris blog about monitoring udring certain hours.  It would require creating a new custom monitortype in the authoring console and a little XML work.

  3. Kevin Holman says:

    @Ramesh –

    Following the XML:

    The Basic Service Monitor uses the Microsoft.Windows.CheckNTServiceStateMonitorType from the Microsoft.Windows.Library.

    The Microsoft.Windows.CheckNTServiceStateMonitorType uses a data source of Microsoft.Windows.Win32ServiceInformationProvider with two condition detections.

    The Microsoft.Windows.Win32ServiceInformationProvider datasource is a managed code module.

    So – now we know how the workflow works….

    Examining Microsoft.Windows.Win32ServiceInformationProvider we can see that a required parameter is frequency.  This means that frequency is not hard coded into the code – it is passed from the monitortype to the datasource.

    Examining Microsoft.Windows.CheckNTServiceStateMonitorType – we can see that Frequency is not exposed as an overidable property.  This is your issue.  This monitortype is hard coded to 60 seconds.

    Therefore – you have a few options.

    One option is to create a new monitortype in your own management pack, that basically copies the existing Microsoft.Windows.CheckNTServiceStateMonitorType, except you would add in your own overrideable property for frequency.  Then when you create a monitor based on this monitortype – frequency would be an option and you can change the interval.

    HOWEVER – I dont think this is the best plan…. changing the interval will only change how often it checks.  Most of the time when people want to extend this for services – they really dont want to change the interval – they just need to ensure "x" time has passed before alerting.  Changing the interval wont fix that – because it your service fails, and we happen to check 10 seconds later – we will change state and generate an alert.  What most customers want is a consolidation condition detection added, where the monitor will still check every 60 seconds – but will not generate a state change until 3-5 minutes has passed, and each check still shows "not running"

    For this – you would need to create a new monitortype which contains this additional condition detection.  Many customers dont have this level of authoring experience – so they will rather generate a script as a response to the monitor (recovery script) and have the script provide this logic including sleep times, possibly even trying to recover the service in the script, then generating an event in the OpsMgr event log tracking the success or failure of the service status ofter the desired time interval, and then have another rule that generates an alert based on the script output.

  4. Kevin, I need to monitor Windows services on a group of machines that are set to manual. This is a group of servers that has up to 25 services running with a similar start name like AppService.xy*  When a server is restarted we need to run a script to start these services. My issue is, how do I create a windows services  template that will discover these AppService.xy% services and then monitor them. I can get around intial start up script issues by putting the machine in MX mode and using your information in this post about manual services override but my problem extends to discovering the services in the first place. I found an older blog that referenced wildcards but that does not seem to work when importing the mp back using a wmi query.

    My thinking was to create a monitor set to disabled and then use an override to enable it for a Group that included the servers I want to monitor. I could add the adiditonal override you mention here because the services are set to manual until they are "manually" started by an admin. I'm trying to avoid alot of manual set up using wildcards but so far I am having no luck. If you have any ideas they would be greatly appreciated.

  5. Ramesh says:

    Kevin – Is there a way to create a custom module for a service monitor where condition would be to exclude monitoring a particular service during its scheduled restart/outage (say between 2-4am every day) in the authoring console? The service should be monitored all times, but it should just ignore the maintenance window!

  6. Ramesh says:

    Thanks Kevin – For the planned restart/outage (say between 2-4am every day), Is it not possible to place a particular service monitor (created using template) in the scheduled maintenance mode and that we must create a custom monitor type as per Boris blog?

  7. Kevin says:

    I understand that the windows service monitor (from default template) checks the status of a windows service by querying the service control manager/WMI on a timed interval (1 min.) But here I have a requirement where I need to increase this timed interval to 3 or 5 mins. How is that possible?

    I tried looking at the options through Authoring Console, but could not find any! Please help

  8. Ramesh says:

    Kevin – I understand that the windows service monitor (from default template) checks the status of a windows service by querying the service control manager/WMI on a timed interval (1 min.) But here I have a requirement where I need to increase this timed interval to 3 or 5 mins. How is that possible?

    I tried looking at the options through Authoring Console, but could not find any! Please help

  9. Ramesh says:

    Kevin – Thank you for your response

    For certain non-critical services, we are OK if the monitor checks those services state after 3-5mins. The only concern for us here is that it shouldn't raise an alert after 60 secs! (default hard code value) The logic of using the recovery script/diagnostic task looks to be the good option, but not sure how is that feasible and would help controlling the alert from being raised. As soon as the monitor's health state is changed to 'critical' an alert will be raised immediately – right?

    We have around 300 service monitors (custom ones created using windows service template, i.e., using 'Add monitoring wizard' in Authoring) and they are all showing as 'Not inherited' from windows service library. So how does this work? If it's not a tedious task and there is an easy/best way to add $Frequency as overridable parameter, I'm ready to open a case with MS 🙂

  10. Pim says:

    Hello Kevin,

    can you give me some tips for creating a "simple dashboard" for the following:
    (between parenthesis my perception of what kind of view)

    – service state/events (state view or service monitor)
    – ping test (event)
    – rdp connection "test" (state or event)
    – last (unexpected) reboot (event id)

    Help would be appreciated.

    Greetings,
    Pim

  11. Pim says:

    Hello Kevin,

    can you give me some tips for creating a "simple dashboard" for the following:
    (between parenthesis my perception of what kind of view)

    – service state/events (state view or service monitor)
    – ping test (event)
    – rdp connection "test" (state or event)
    – last (unexpected) reboot (event id)

    Help would be appreciated.

    Greetings,
    Pim

  12. Luc Van den Berg says:

    Hi Kein, I need to monitor all the automatic windows services for a couple of windows servers but not the ones that are automatic (delaiyed start) and automatic (triggered start). How can I do this?

  13. Sone says:

    Hi Kevin,

    Info : There are two SCOM management servers having same group in our environment. Primary is residing at Lisle(US) and Secondary at Amsterdam(Europe) and there is a continuous database replication between primary to secondary server.

    Query: I have configured a common service monitoring for two different servers (Lisle and Amsterdam) using Window service template under Authoring pane in SCOM. I observed that the Lisle(US) server service monitoring has been discovered soon whereas Amsterdam server service is unavailable there in console, restarted all the possible SCOM services on both Lisle and Amsterdam management servers but still the common service is missing into SCOM console, seems it’s not been discovered.

    Apart from this service monitors, all Amsterdam and Lisle servers are healthy, sending out the notifications for both sites server correctly.

    Kindly suggest the possible way to intervene the issue.

  14. Andrew Chan says:

    To my understanding, a default service monitor will always report a non-existing service on a server (which is inside the scope of the monitor target) as healthy and it has been behaving like that for a long time.

    However, some of the servers, without any changes/overrides, suddenly raises alerts for the non-existing service being stopped.

    It raises many months after the monitor is in-place

    The service monitor actually target a large amount of Windows Servers, and quite a few of them do not have this service as well. However, only a few of them raises the alerts. I am very sure that no change has been done before these alerts.

    This happen not only from one monitor, several other service monitors also causing some servers raising wrong alerts

    The problem is: Why do those monitors change health state to critical in the first place?

    SCOM 2016 UR3, all agents running SCOM 2016 UR3 as well

    single management server, single DB server

    Andrew

  15. serge says:

    Hi Kevin,
    With regards to creating a custom MP for monitoring services, is it best to use the Windows Service Library or another base class? I have a powershell scripted discovery for a custom class with base class Microsoft.Windows.Server.OperatingSystem. The script runs and finds all the services I need to find ( I know from the logging lines I had temporarily enabled to event on every service it found with its associated state – *don’t worry* the discovery was enabled for one server only 😉 ). I also ran the script on another server and the propertybag was perfect, showing me all the 7 values I needed for all auto services. My issue is that it doesn’t populate anything. No discovered inventory when I check my custom class nor through get-scomclassinstance for my custom class. Could this base class be the reason why?
    Thanks

    1. Kevin Holman says:

      That’s a bad base class to choose, as you are copying the OS class, and inheriting all properties AND monitoring. in general this is a no-no except for VERY specific circumstances.

      We created Microsoft.Windows.LocalApplication base class for use in customer classes. I’d recommend using that. I much prefer registry based discoveries for custom classes as they are very lightweight, and separating each class definition and discovery into different MP’s by app, not some megalithic catch-all MP.

  16. Carol Schneider says:

    Kevin,
    I have the same question as Luc Van den Berg (April 7, 2017 at 1:31 am)

    How can I exclude monitoring of services set to automatic (delayed start) and automatic (triggered start)?

    Thanks

Skip to main content