Featured image of post Blog Series: Monitoring using PowerShell: Part five – Monitoring the Windows Search Database, iSCSI Connections, and Bitlocker state.
Automation Powershell Series: PowerShell Monitoring

Blog Series: Monitoring using PowerShell: Part five – Monitoring the Windows Search Database, iSCSI Connections, and Bitlocker state.

Hi All,

My next couple of blogs will be a series of blogs where I will be explaining on how to use PowerShell for the monitoring of critical infrastructure. I will be releasing a blog every day that will touch on how to monitor specific software components, but also network devices from Ubiquity, third-party API’s and Office365. I will also be showing how you can integrate this monitoring in current RMM packages such as Solarwinds N-Central, Solarwinds RMM MSP and even include the required files to import the monitoring set directly into your system.

Requirements:

  • (Optional): Windows Search Service Installed
  • (Optional): TPM/Bitlocker
  • (Optional): a iSCSI connected disk
  • PowerShell v3 or higher

Creating the monitoring sets:

In this blog we’re going a bit more diverse and I will explain how to monitor very specific Windows Components. This is just a large combination of stuff I like to monitor and see people struggling with sometimes. I hope these sets help in creating your own. 🙂

Monitor the Windows Search Database

If you’re using RDS2012 or 2016 with the Windows Search Service you know the Windows.edb database can sometimes grow explosively. A part of the solution for this can be found in the CoreCount Registery key found in my blog here. This script is to monitor the Windows search database and report if its growing out of control.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

param(
[string]$MaxSizeInGB = '50'
)
$getservice = Get-service "wsearch" -ErrorAction SilentlyContinue
if($getservice.Status -eq "running"){
$CurrentLoc = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Search" -name DataDirectory
$File =  Get-item -path "$($CurrentLoc.DataDirectory)\Applications\Windows\windows.edb"
$FileSize =   [math]::truncate($file.length / 1GB)
if($FileSize -gt $MaxSizeInGB){
$searchHealth = "SearchDB is $($filesize)GB - Please investigate"
}
if (!$SearchHealth) { $SearchHealth = Healthy }
}

Just knowing its getting large is of course only half the battle. I’ll also include the script we have to automatically rebuild the search database when this happens. Just pay mind that you do not run this while users are using the servers and schedulde this only in maintenance windows

Rebuild the searchdb:

1
2
3
4

Stop-Service Wsearch
$CurrentLoc = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Search" -name DataDirectory
remove-item $CurrentLoc.DataDirectory -force -Recurse
Start-Service Wsearch

Monitoring iSCSI connections and restoring them.

For our clients we often use iSCSI SANs, or iSCSI NAS devices for backups. Sometimes these devices get disconnected or lose one of the iSCSI connections. We can monitor this using get-iscsiconnection on any server 2012+ by using the following script.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

try{
$Sessions = Get-iScsisession
}Catch {
$ScriptError = "Get-IscsiSession failed. : $($_.Exception.Message)"
exit
}
foreach($session in $Sessions){
if($session.isConnected -eq $false -and $session.NumberOfConnections -eq 0){
$iSCSIStatus += "`n$($Session.TargetNodeAddress) is disconnected"
}
}
if (!$iSCSIStatus) { $iSCSIStatus = Healthy }
if (!$ScriptEror) { $ScriptError = Healthy }

Now restoring them is quite simple; You can run the following command to reconnect all disconnected sessions:

1

Get-IscsiTarget | Connect-IscsiTarget

Or to only connect the target that is disconnected specifically:

1

Get-IscsiTarget | where-object IsConnected -eq $False | Connect-IscsiTarget

Monitor Bitlocker status:

We also have clients that want us to monitor the bitlocker state for them. So we’ve created a monitoring set for this too, monitoring the bitlocker state is done by checking for the string “Protection on”.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

$Key =  (Get-BitLockerVolume -MountPoint C).KeyProtector
Try {
Get-WmiObject -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Class Win32_EncryptableVolume |
ForEach-Object {$ID = $_.DriveLetter ;
Switch($_.GetProtectionStatus().ProtectionStatus)
{
0 {$State = "PROTECTION OFF"}
1 {$State = "PROTECTION ON - $key"}
2 {$State = "PROTECTION UNKNOWN"}
}
$ProtectionStatus =  "$ID $State"
}
} catch {
$ScriptError = "Get Bitlocker State Failed : $($_.Exception.Message)"
exit
}
if (!$ScriptEror) { $ScriptError = Healthy }

And that’s it!

Downloads for RMM packages:

N-Central 11.0+ – iSCSI Monitoring

N-Central 11.0+ – SearchDB Monitoring

N-Central 11.0+ – Bitlocker Monitoring

All blogs are posted under AGPL3.0 unless stated otherwise
comments powered by Disqus
© 2012 - 2023 CyberDrain - Kelvin Tegelaar
Built with Hugo
Theme Stack designed by Jimmy