Blog Series: Monitoring using PowerShell: Part five – Monitoring the Windows Search Database, iSCSI Connections, and Bitlocker state.

Hi All,

My next couple of blogs will be a series of blogs where I will be explaining on how to use PowerShell for the monitoring of critical infrastructure. I will be releasing a blog every day that will touch on how to monitor specific software components, but also network devices from Ubiquity, third-party API’s and Office365. I will also be showing how you can integrate this monitoring in current RMM packages such as Solarwinds N-Central, Solarwinds RMM MSP and even include the required files to import the  monitoring set directly into your system.


Requirements:

  • (Optional): Windows Search Service Installed
  • (Optional): TPM/Bitlocker
  • (Optional): a iSCSI connected disk
  • PowerShell v3 or higher

Creating the monitoring sets:

In this blog we’re going a bit more diverse and I will explain how to monitor very specific Windows Components.  This is just a large combination of stuff I like to monitor and see people struggling with sometimes. I hope these sets help in creating your own. 🙂

Monitor the Windows Search Database

If you’re using RDS2012 or 2016 with the Windows Search Service you know the Windows.edb database can sometimes grow explosively. A part of the solution for this can be found in the CoreCount Registery key found in my blog here. This script is to monitor the Windows search database and report if its growing out of control.

param(
[string]$MaxSizeInGB = '50'
)
$getservice = Get-service "wsearch" -ErrorAction SilentlyContinue
if($getservice.Status -eq "running"){
$CurrentLoc = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Search\" -name DataDirectory
$File =  Get-item -path "$($CurrentLoc.DataDirectory)\Applications\Windows\windows.edb"
$FileSize =   [math]::truncate($file.length / 1GB)
if($FileSize -gt $MaxSizeInGB){
$searchHealth = "SearchDB is $($filesize)GB - Please investigate"
}
if (!$SearchHealth) { $SearchHealth = “Healthy” }
}

Just knowing its getting large is of course only half the battle. I’ll also include the script we have to automatically rebuild the search database when this happens. Just pay mind that you do not run this while users are using the servers and schedulde this only in maintenance windows

Rebuild the searchdb:

Stop-Service Wsearch
$CurrentLoc = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Search\" -name DataDirectory
remove-item $CurrentLoc.DataDirectory -force -Recurse
Start-Service Wsearch

Monitoring iSCSI connections and restoring them.

For our clients we often use iSCSI SANs, or iSCSI NAS devices for backups. Sometimes these devices get disconnected or lose one of the iSCSI connections. We can monitor this using get-iscsiconnection on any server 2012+ by using the following script.

try{
$Sessions = Get-iScsisession
}Catch {
$ScriptError = "Get-IscsiSession failed. : $($_.Exception.Message)"
exit
}
foreach($session in $Sessions){
if($session.isConnected -eq $false -and $session.NumberOfConnections -eq 0){
$iSCSIStatus += "`n$($Session.TargetNodeAddress) is disconnected"
}
}
if (!$iSCSIStatus) { $iSCSIStatus = “Healthy” }
if (!$ScriptEror) { $ScriptError = “Healthy” }

Now restoring them is quite simple; You can run the following command to reconnect all disconnected sessions:

Get-IscsiTarget | Connect-IscsiTarget

Or to only connect the target that is disconnected specifically:

Get-IscsiTarget | where-object IsConnected -eq $False | Connect-IscsiTarget

Monitor Bitlocker status:

We also have clients that want us to monitor the bitlocker state for them. So we’ve created a monitoring set for this too, monitoring the bitlocker state is done by checking for the string “Protection on”.

$Key =  (Get-BitLockerVolume -MountPoint C).KeyProtector
Try {
Get-WmiObject -Namespace "root\CIMV2\Security\MicrosoftVolumeEncryption" -Class Win32_EncryptableVolume |
ForEach-Object {$ID = $_.DriveLetter ;
Switch($_.GetProtectionStatus().ProtectionStatus)
{
0 {$State = "PROTECTION OFF"}
1 {$State = "PROTECTION ON - $key"}
2 {$State = "PROTECTION UNKNOWN"}
}
$ProtectionStatus =  "$ID $State"
}
} catch {
$ScriptError = "Get Bitlocker State Failed : $($_.Exception.Message)"
exit
}
if (!$ScriptEror) { $ScriptError = “Healthy” }

And that’s it!

Downloads for RMM packages:

N-Central 11.0+ – iSCSI Monitoring

N-Central 11.0+ – SearchDB Monitoring

N-Central 11.0+ – Bitlocker Monitoring

2 thoughts on “Blog Series: Monitoring using PowerShell: Part five – Monitoring the Windows Search Database, iSCSI Connections, and Bitlocker state.

  1. Jason

    Super dumb question incoming. We use N-Central 11.0, and i’ve been following these blogs closely. I’m interested in the bitlocker monitoring, but when I click your link, it’s just XML. How do I turn that into something I can monitor?

    Reply
    1. Kelvin Tegelaar Post author

      Hi Jason,

      You can right click the file and click “Save target as”. You’ll download the file as a .AMP then. You can import .AMP files into your N-central to add custom monitoring, the instructions for this can best be found n your N-Central manual because its quite the few steps.

      🙂

      Regards,

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *