OpsMgr 2007: Checking to see if a process has restarted

OpsMgr 2007: Checking to see if a process has restarted

  • Comments 1
  • Likes

Recently I was talking to a friend of mine who was trying to troubleshoot a custom process and he wanted to know if there was any way to track how many times it restarts using OpsMgr 2007.  It seems the process would randomly terminate without throwing any error at all and as a workaround it was set to restart automatically.  He knew that throughout the day it would restart but really he had no idea how many times or how often.

There's really no built-in way with Microsoft System Center Operations Manager 2007 to do this so as a quick and dirty solution I wrote up a short VBScript to track this.  It’s just something I threw together real quick so if it looks kinda hacky don’t hold it against me. 

When run on the target, the script creates a HKLM\Software\ScomRestartChecker key and then within the key it creates a value named ‘Restarts’ and sets it to 0.  It then finds the PID of the process specified in the script and every x seconds it sees if the PID has changed.  If it has it then increments the Restarts value in the registry.  To check with OpsMgr 2007 or MOM 2005, just pull the value of Restarts from HKLM\Software\ScomRestartChecker and there you go.  I didn’t do any polishing at all so it may look kinda ugly, plus there are a few caveats:

  • It resets the counter to 0 every time the script is run.  Maybe a good thing.
  • The process name is hard coded in the script so you’ll have to edit it and change BOTH instances of mspaint.exe (my test example) to the name of the process you wish to monitor.
  • The time interval is hard coded so you’ll have to edit the Wscript.Sleep value to your desired interval using msecs.  In my example it’s set to 6 seconds (6000).
  • It will only monitor the last instance of a process so if you have multiple instances then this may not give you accurate data.
  • It doesn’t give you the time duration over which the restarts have occurred.
  • The script runs until you manually end it.

At one point I was going to add some of this other fancy stuff so that it would give you more data and make it more flexible but I never got around to it.  You know how it goes.  To run it, just copy the script to the target machine and then run it from a CMD prompt using CScript (e.g. CScript ScomRestartChecker.vbs).  When you first run it, it will check to see that your process is running.  If not it will echo “Process does not exist”.  If it does then it will echo “Current PID is xxxx”.  If the PID changes it will then echo “Process has restarted.  The PID is now xxxx”.  I did this so I could see my results but it’s also kinda cool because you can simply view the CMD prompt window and count how many times the PID has changed.

The script is below so feel free to use or modify it as you like.  Oh, and I did virtually no real testing so if it blows up your computer don't blame me.  I'm probably also obligated to state that this is not a Microsoft tool and as such Microsoft makes no warranties or guarantee's, nor does Microsoft support the use of this tool in any way.  This is more of a 'use at your own risk' type of thing but hopefully you'll find it useful.

======

Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set StdOut = WScript.StdOut
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\ScomRestartChecker"
oReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
strKeyPath = "SOFTWARE\ScomRestartChecker"
strValueName = "Restarts"
strValue = "0"
oReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
Var1 = 0
Var2 = 0
Var3 = 0
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
               ("Select * From Win32_Process Where Name = 'mspaint.exe'")
For Each objItem in colItems
    intProcessID = objItem.ProcessID
Next
If intProcessID = "" Then
    Wscript.Echo "Process does not exist"
Else
    Wscript.Echo "Current PID is " & intProcessID
    Var2 = intProcessID
End If
While intProcessID <> ""
    WScript.Sleep 6000
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery _
                   ("Select * From Win32_Process Where Name = 'mspaint.exe'")
    For Each objItem in colItems
        intProcessID = objItem.ProcessID
    Next
    If Var2<>IntProcessID Then
        Var3 = Var3 + 1
        Var2 = intProcessID
        oReg.CreateKey HKEY_LOCAL_MACHINE, strKeyPath
        strKeyPath = "SOFTWARE\ScomRestartChecker"
        strValueName = "Restarts"
        strValue = Var3
        oReg.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, strValue
        Wscript.Echo "Process has restarted.  The PID is now " & intProcessID
    End If
Wend

======

J.C. Hornbeck | Manageability Knowledge Engineer

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment