KBI 311280 Missed Alerts Of Server Or Device Down Due To Bad Or Missing Error Handling in PowerShell, WMI Or VBScript Script Rules
Version
Argent AT All Versions
Date
Wednesday, 9 September 2015
Summary
Argent products support PowerShell, WMI and VBScript Rules found under the System Management Scripts Rules:
By default these Rules do not fire Alerts on script exceptions
Thus if a script is used and the script suffers an exception, by default, no Alert will be fired
To address this, customers need to code an explicit error handler in the script
For the PowerShell Script Rule to inform the customer on an exception or failure the script must handle the exception using a try…catch or trap statement and use the FireEvent method in the catch or trap statement to fire an Alert
For the WMI/VBScript Rule to inform the customer on exceptions the statement On Error Resume Next must be used in conjunction with the Error Number which must be evaluated and compared, where a non-zero value is considered a VBScript error and an Alert can be fired
Technical Background
PowerShell Script Rules
By default the built-in variable $ErrorActionPreference is set to “Continue”, which as the name suggests on any cmdlet exception the code continues (non-terminating error) while outputting an “error log”
This is similar to the VBScript statement “On Error Resume Next”
Therefore by default the Argent PowerShell Rule is not aware of the script exception unless the script supports an exception handler
To fire an Alert on script exceptions, enclose any potential code failures with a try…catch…finally statement
The PowerShell cmdlets have a common parameter -ErrorAction for changing how the cmdlet handles error exceptions, without specifying this parameter the variable $ErrorActionPreference controls how errors are handled
Therefore to change the script “error action” globally, use the built-in variable $ErrorActionPreference or per cmdlets using -ErrorAction
The $ErrorActionPreference built-in variable and -ErrorAction cmdlet parameter use the same enumeration type
System.Management.Automation.ActionPreference, members are: Continue, Ignore, Inquire, SilentlyContinue, Stop and Suspend
The built-in variable $Error stores the current and previous error exceptions, the latest exception is called as $Error[0] as this variable is of type array
Note in the examples, the $_ variable (next object in the pipe) is used instead, within the ‘trap’ and ‘catch’ statements
Example: try…catch…finally
#
# Argent PowerShell Rule
#
$g_bFireAlert = $true # Fire Alert on Error, set to $false to send no Alert
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop
$PSPlayer.WriteStatus(( “PowerShell version: {0}.{1}.{2}” -f $Host.Version.Major, $Host.Version.Minor, $Host.Version.Build))
$computer_name = $PSPlayer.TargetServer
try
{
$comp = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer_name
$totslMemGB = $comp.TotalPhysicalMemory |
select @{n=“TotalMemGB”;e={“{0:F2}” -f ($_/1GB)}}
$PSPlayer.WriteStatus($totslMemGB)
}
catch
{
$err = “>>> ERROR Exception Caught : $($_.InvocationInfo.InvocationName) : $($_.Exception.GetType().Name) : $($_.Exception.Message)”
$PSPlayer.WriteStatus($err)
if($g_bFireAlert) {
$PSPlayer.FireEvent($err, “PowerShell Rule ERROR”, “”)
}
}
finally
{
# Clean up code
}
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Continue
Test PowerShell Rule Result Showing The Rule Is Broken On An Error
Argent Guardian Ultra 3.1A-1507-A Copyright (c) 2015 ArgSoft Pacific Intellectual Property Holdings (HK), Limited
For Argent Instant Help 7 by 24 with an Argent engineer, please see http://help.Argent.com/help.php
———————————————————————————–
Rule: PS_PHYSICAL_MEMORY_FREE
Server: AG-0044-XP
Test On: AG-0169-W7
Test By: Administrator
Local Time: Fri, 04 Sep 2015 12:06:06
UTC Time: Fri, 04 Sep 2015 00:06:06
Rule Result: Broken
(Summary) PowerShell Rule ERROR
(Detail) >>> ERROR Exception Caught : Get-WmiObject : COMException : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
———————————- Trace ——————————————
12:05:56.985 Start testing server AG-0044-XP (Engine: 64-bit, Trace: Debug)
12:05:57.223 PowerShell version: 2.0.-1
12:06:04.979 >>> ERROR Exception Caught : Get-WmiObject : COMException : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
12:06:05.219 >>> Total Time Consumed: 8.237 <<<
Example: trap
#
# Argent PowerShell Rule
#
$g_bFireAlert = $true # Fire Alert on Error, set to $false to send no Alert
trap
{
$err = “>>> ERROR Exception Caught : $($_.InvocationInfo.InvocationName) : $($_.Exception.GetType().Name) : $($_.Exception.Message)”
$PSPlayer.WriteStatus($err)
if($g_bFireAlert) {
$PSPlayer.FireEvent($err, “PowerShell Rule ERROR”, “”)
}
continue;
}
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop
$PSPlayer.WriteStatus((“PowerShell version: {0}.{1}.{2}” -f $Host.Version.Major, $Host.Version.Minor, $Host.Version.Build))
$computer_name = $PSPlayer.TargetServer
$comp = Get-WmiObject -Class Win32_ComputerSystem -ComputerName $computer_name
$totslMemGB = $comp.TotalPhysicalMemory |
select @{n=”TotalMemGB”;e={“{0:F2}” -f ($_/1GB)}}
$PSPlayer.WriteStatus($totslMemGB)
$ErrorActionPreference = [System.Management.Automation.ActionPreference]::Continue
This example gives the same result as the previous
WMI Script Rules (VBScript)
By default VBScripts fail immediately and stops on any error, without continuing to execute, unless the statement “On Error Resume Next” is used
The Argent WMI Script Rule works exactly the same way also by displaying the error info in the “Error Log” or “Relator Trace Log” , but does not inform the end-user (via an Alert) that an issue is present (assuming the script syntax is verified as correct)
Therefore to inform the end-user on error exceptions the Alert is explicitly implemented
See the following example for a solution to Alerting the end-user on errors
Example:
‘
‘ WMI Script Rule
‘
Option Explicit
Const cWMINameSpace = “\root\cimv2”
Const cOjbect = “Win32_ComputerSystem”
Const cFireAlert = True ‘Fire Alert on Error, set to False to send no Alert
Dim objWMIService, oWmiCS, oItem
Sub RunScript
On Error Resume Next ‘Resume next statement so that our code can do the error handling
Dim errStr
Set objWMIService = GetObject(“winmgmts:”& “{impersonationLevel=impersonate}!\\” & TargetServer & cWMINameSpace)
If Err.Number <> 0 Then ‘Error checking and log internal errors if any
‘{
errStr = “>>> Failed to call GetObject. Error: “ & Err.Description & ” (” & Err.Source & “)”
WriteStatus errStr
If cFireAlert Then
‘{
FireEvent errStr, “WMI Rule ERROR”, “”
‘}
End If
Exit Sub
‘}
End If
Set oWmiCS = objWMIService.ExecQuery(“SELECT * FROM “ & cOjbect)
If Err.Number <> 0 Then ‘Error checking and log internal errors if any
errStr = “>>> Failed to call objWMIService.ExecQuery. Error: ” & Err.Description & ” (” & Err.Source & “)”
WriteStatus errStr
If cFireAlert Then
‘{
FireEvent errStr, “WMI Rule ERROR”, “”
‘}
End If
Exit Sub
‘}
End If
For Each oItem in oWmiCS
‘{
WriteStatus FormatNumber((oItem.TotalPhysicalMemory/(1024*1024)), 2) & “GB”
‘}
Next
End Sub
‘ Main routine
RunScript ‘ calls the RunScript Subroutine
Test WMI Rule Result Showing The Rule Is Broken On An Error
Rule: WMI_MEM_PHYSICAL
Server: ACME
Test On: AG-0169-W7
Test By: Administrator
Local Time: Mon, 07 Sep 2015 09:10:44
UTC Time: Sun, 06 Sep 2015 21:10:44
Rule Result: Broken
(Summary) WMI Rule ERROR
(Detail) >>> Failed to call GetObject. Error: The remote server machine does not exist or is unavailable (Microsoft VBScript runtime error)
———————————- Trace ——————————————
09:10:35.994 Start testing server ACME (Engine: 64-bit, Trace: Debug)
09:10:35.998 CONNECTED to ACME (Credential: ‘ACME\petert’)
09:10:35.998 REUSE CONNECTION to ACME (Credential: ‘ACME\petert’)
09:10:42.793 >>> Failed to call GetObject. Error: The remote server machine does not exist or is unavailable (Microsoft VBScript runtime error)
09:10:42.796 >>> Total Time Consumed: 7.426 <<<
Resolution
A new set of scripts with the Rule name suffix of “_EHndlr” will be added to include errors handlers in Argent AT 3.1A-1510-A