mom: execute a command or batch file...
i was fiddling around with using this to issue a stop/start sequence on a service under a given condition. the stop/start stuff was pretty easy, but the response execution was a little baffling.
i found that mysterious "use windows command interpreter (not recommended)" dialog is required (i didn't put the parenthesis around not recommended. that was microsoft's doing). anyway, that's the first part. i'll get to that in a minute.
so how do you execute commands in a sequence? the answer is, i don't know. i don't know if it's possible. i don't know if it happens if you order it right. if you notice, the dialog doesn't supply an "up/down" button to move the commands around to sequence them. you'd have to create them in order. even then, does it execute this way? dunno.
the easy way around this is to use a double ampersand. so in order to stop and start the dhcp service, for example, you'd issue this command:
net stop dhcpserver && net start dhcpserver.
this will issue a stop control, wait for the command to finish successfully, then execute a start control. you can do this in a command shell and see how it runs. (more detail on conditional executions here, if you’re interested.) back to the first part, in order to execute things like this, you need that (not recommended) setting. otherwise, you'll see something like this in the event log:
believe me, i tried all kinds of ways to get this to work, including specifying a variable %windir% in the command line itself to call cmd.exe /c, specifying initial directory, putting the item directly on the command line... none of it worked. the interesting question is why the use windows command interpreter is (not recommended). according to this statement...Microsoft Operations Manager was unable to create a process to run a batch response.
User Command: %windir%\system32\cmd.exe /c
User Arguments: "net stop dhcpserver && net start dhcpserver"
Command executed: C:\WINDOWS\system32\cmd.exe /c "net stop dhcpserver && net start...
Error details: 3:The system cannot find the path specified.
Using the Windows command interpreter is not recommended as it exposes customers to command line injection vulnerabilities whereby maliciously constructed instrumentation data could cause the execution of arbitrary code. By separating the application name from the parameters passed to it, secure invocation mitigates the command line injection vulnerability.there is no secure invocation (calling a program or procedure) when you use this method. what am i trying to say? use a batch or scripted response where possible. it's easy to do this for starting/stopping services. i suppose you could consider this an interim approach and definitely not something to use on secured machines or dmz servers.
Thanks for the info on the &&. Fortunately, I've already run into the issues with not using the command interpreter. The issue here is a fuzy description in that response dialog that is hopefully corrected in SCOM 2007.
ReplyDeleteThe trick is to think of the application field as the run line. So your example (fully qualified, which is more thourough than mine) should only include cmd.exe. Just the application.
Then the command arguements start with /c... This one had me for a while until I ran across someone elses blogs to clarify. Thanks to the && I am able to stop IIS, Stop then restart my application and then restart IIS all in order; all waiting for the previous command to return before starting.
Erik
Thank you very much! I wasted a lot time trying to find a way to run this "net stop" / "net start" in order...
ReplyDeletecool
ReplyDelete