---

Subject:	In later versions, there is
Author:	Jane Curry
Posted:	2016-12-01 14:43

In later versions, there is an extra parameter for what start modes to monitor. From memory, only auto-started services are monitored in later versions. Could that explain the discrepancy

Cheers,

Jane

Email: jane.curry@skills-1st.co.uk    Web: https://www.skills-1st.co.uk

---

Subject:	Not nessesarily referring to
Author:	R S
Posted:	2016-12-01 14:53

Not nessesarily referring to what is being monitored or what is not being monitored, but rather what is listed under Components - Windows Services for a device. Orwhat is listed under the Windows Services tab at the top (collection of all the services discovered off the modelled servers I've added to zenoss).There are services missing, one of them for example, being an automatic startup service. I've been selectively choosing what to monitor from that list.

---

Subject:	I found out that the names
Author:	Joan
Posted:	2016-12-02 03:08

I found out that the names written in non-ascii characters doesn't appear, this happen with the interface names in my case (servers installed with spanish localization). This worked fine when using wmi
Could that be the case for you too

---

Subject:	I wish that were the case
Author:	R S
Posted:	2016-12-02 09:19

I wish that were the case here. At first I thought it might be services that do not have a desciption (caption in Zenoss speak) but I've found both with and without are missing.Here's an example, as for why it doesn't show up....I'm at a lose.

Solidworks PDM Archive Server <--- shows up

Solidworks PDM Database Server <----shows up

Solidworks PDM Web Server <-----shows up

SolidNeWork License Manager <--- Missing

---

Subject:	Pardon me mentioning the
Author:	Jane Curry
Posted:	2016-12-02 11:45

Pardon me mentioning the obvious but presumably these missing services ARE actually running

You might try running zenmodeler against your offending device, with verbose debugging, just activating the services plugin:

zenmodeler run -v 10 -d < id of your device > --collect zenoss.winrm.Services > /tmp/mod.out 2>&1

Then look at /tmp/mod.out

Cheers,

Jane

Email: jane.curry@skills-1st.co.uk    Web: https://www.skills-1st.co.uk

---

Subject:	Yes, in this case the service
Author:	R S
Posted:	2016-12-02 12:21

Yes, in this case the service is running. Although when modelling the device, all services should be reported, stopped or not. In this case it isan automatic startup service. If the discrepancy betweenof number of services showing up was different between the old WMI monitoring vs the WINrm was only one server, I'd point the finger at a server issue. However, the discrepancy is on all of the Windows boxes.

I've run your command on the server I listed the missing service for, that servicedoesn't not show up in the mod.out log.I've also run it against another server with more than 1 service missing. It too doesn't show in the log

---

Subject:	So it sounds like it is the
Author:	Jane Curry
Posted:	2016-12-06 04:14

So it sounds like it is the WinRM Windows bit that is not working, rather than Zenoss's processing of the data. I don't have a WinRM-capable machine to test against but can you craft a small test script outside of the Zenoss code that attempts to gather the rogue service information

Is there anything in the event log on the Windows side

Seems very unlikely to be anything to do with firewall as you are getting most data.

I know someone else mentioned it but are you quite sure that there are no non-English, non-utf-8 characters in the service names

Cheers,

Jane

Email: jane.curry@skills-1st.co.uk    Web: https://www.skills-1st.co.uk

---

Subject:	I added the domain account I
Author:	R S
Posted:	2016-12-08 12:16

I added the domain account I'm using for WinRM collection to the local administrators group of one of the servers. A remodel picks up the missing services in this case.

Having said that, what would cause this vMy domain user "zenosscore" is a member of the following domain groups

Distributed COM Users

Domain Users

Event Log Readers

Performance Log Users

Performance Monitor Users

WinRMRemoteWMIUsers

And I am using this scripthttps://github.com/zenoss/microsoft.tools/blob/develop/lpu/zenoss-lpu.ps1 on the group policy which is setup to run like zenoss-lpu.ps1 -u zenosscore@mydomain.local

So there is an issue with the powershell script I am to assume

---

Subject:	My bad, there is an event log
Author:	R S
Posted:	2016-12-08 14:42

My bad, there is an event log entry for these problem services when running the powershellscript through a startup GPO

Persuing this further, I see near the bottom of the powershell script is the query for services

get-wmiobject -query "Select * from Win32_Service"

If I run that as administrator AND my zenoss winrm user I get the same number of results.

If I run sc sdshow on a service that doesn't show up, I can see that the permissions are missing for my winRM account. Where as if I run that same command on a service that does show up, the winRM account SID is listed there.

If I reboot the server and once logged in review the event log (application) I can see the changes made by the powershell script for services. For example:

Service MSSQLServerOLAPService already contains permission for user zenosscore@mydomain.local

The ones that are missing, for example, say:

User: zenosscore@domain.local was not added to service SolidWorks SolidNetWork License Manager.
Reason: The parameter is incorrect.

From what I gather here is the script isn't working when the registry key has a space in the name

HKLM\SYSTEM\CurrentControlSet\Services

Keyname in this case is "SolidWorks SolidNetwork License Manager"

---

Subject:	Sounds like you have answered
Author:	Jane Curry
Posted:	2016-12-09 05:35

Sounds like you have answered your own question - good stuff.

Cheers,

Jane

Email: jane.curry@skills-1st.co.uk    Web: https://www.skills-1st.co.uk

---

Subject:	I dont suppose anyone knows
Author:	R S
Posted:	2016-12-09 08:58

I dont suppose anyone knows enough about powershell scripting to fix this Or am I stuck submitting a bug on github