Technical Note: [Accelops KB] How to configure AO to automatically execute a script to restart a Windows service

Summary of Article

This article will explain how to create automated windows scripts for AO

Steps

Accelops Side:

Verify Permissions and Access:
1 - Log onto AO through SSH using root user
2 - Run the following command: winexe -U domain/user%password //server_ip "cmd.exe"

Case Sucessful:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>

Then move onto the next step in implementing the script that's attached to this ticket

Case Failure:
ERROR: Failed to install service winexesvc - NT code 0x00000424

Then follow the "Additional Information" Section below the KB before moving forward

Implementing the script:
1 - Copy the attached restartWinService.py, this script will read, parse out target IP and stop services and issue a winexe command to restart the service
2 - Modify the script with your username and password in order for the script to restart whichever service it needs to kick off.
3 - Place the python script under /tmp/ of your AO supervisor
4 - Once this is done you can go to the UI: Analytics > Incident Notification Policy
5 - Create a new Incident Notification Policy
6 - Select the "Edit" dialogue box towards the bottom of the pop up
7 - Under where it states "Run Script"  Click on add
8 - Since your script is under /tmp/ please use this format /tmp/myscript_name_here.py
9 - Once this is done, save your configuration.
10 - Create an authentication file under /tmp/  (To create the authentication file, please reference Additional Information)

Now each time an incident fires for a windows service, it will automatically restart that service.

Windows Side

1 - Create a script named installWinexesvc.bat and copy the following into it:

sc description winexesvc "Remote command provider for AccelOps monitoring"

sc start winexesvc

2 - Run installWinexesvc.bat on the Windows Server you are monitoring and make sure that the service has started
(The following is output by the script)

[SC] CreateService SUCCESS

C:\>sc description WinexeSvc "Remote command provider for AccelOps monitoring"

[SC] ChangeServiceConfig2 SUCCESS

C:\>sc start WinexeSvc

SERVICE_NAME: AoWinexeSvc
TYPE               : 10  WIN32_OWN_PROCESS
STATE              : 2  START_PENDING
 (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x7d0
PID                : 1580
FLAGS              :

Additional Information

If you receive the following error:
ERROR: Failed to install service winexesvc - NT code 0x00000424

Option 1 - Without making changes to AO

(Use Option 2 first)

You may have to add a couple of dword(32) attributes to the registry to make this work.
In your windows server open your registry:

• run --> regedit
• HKLM/SYSTEM/CurrentControlSet/services/lanmanserver/parameters/
• Right Click --> Add --> dword(32-bit) --> AutoShareServer
• Right Click --> Add --> dword(32-bit) --> AutoShareWks
• Edit the dwords that you created --> change the hexdecimal value of both to 1
• Reboot the windows server.

After the remote windows server comes back, please test by running the command from AO again:

winexe -U <DOMAIN>/<USER>%<PASSWORD> //<IP> "cmd.exe"

If the windows server allows for the connection, you should see something similar to:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>

Option 2 - ERROR: Failed to install service winexesvc - NT code 0x00000424

You may have installed the service on windows incorrectly

1 - Run this script 1st on your windows machine

sc create winexesvc binPath= C:\WINDOWS\WINEXESVC.EXE start= auto DisplayName= winexesvc
sc description winexesvc "Remote command provider for AccelOps monitoring"
sc start winexesvc

NOTE: if there's an error restarting the service on the last line, do not worry, please ignore it for now

2 - In AO, please run the following command:

winexe --user XXXXXXXXXXXXX --password XXXXXXXXXXX //<IP_OF_WINDOWS> 'cmd.exe'

NOTE: If the above command has special characters (eg !@#$%^&*()-_) you can run this in another fashion, just in case the CLI fails

winexe -A /tmp/authenticationfile //<IP_OF_WINDOWS> 'cmd.exe'

3 - How to create your authentication file
cd /tmp/
touch authenticationfile
chown admin.admin authenticationfile
chmod 775 authenticationfile
vi authenticationfile

In the file:
domain=xxxxxxxxxxxx
username=xxxxxxxxxxxxx
password=xxxxxxxxxxxx

After you save this, run the second winexe command again and it will install winexesvc.exe into your windows environment
You will notice a new directory in /tmp/ called /tmp/restart_log
This is a new log that has been created in order to keep track of the restarts when AO restarts these services.

Version Application

All