Had a request to use SolarWinds to highlight servers in a pending reboot status. Here’s what I did.
SolarWinds has a built in application monitor called “Windows Update Monitoring”. It does a lot more than what I want so I disabled all the components I am not interested in. (I could have also just created a new application monitor, I know, just was lazy).
The part I am interested in is the PowerShell Monitor component. By default it checks for the reboot required status by checking a registry key: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
. Here’s the default script –
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$Error.Clear(); $regpath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired"; $res = Test-Path $regpath; if ($Error.Count -ne 0) { Write-Host "Message: $($Error[0])"; exit 1; } if ($res) { write-host "Message: Reboot required." write-host "Statistic: 1" exit 0 } else { write-host "Message: Reboot not required." write-host "Statistic: 0" exit 0 } |
Inspired by this blog post which monitors three more registry keys and also queries ConfigMgr, I replaced the default PowerShell script with the following –
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
$res = $false if (Get-ChildItem "HKLM:\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending" -EA Ignore) { $res = $true } if (Get-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -EA Ignore) { $res = $true } if (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name PendingFileRenameOperations -EA Ignore) { $res = $true } try { $util = [wmiclass]"\\.\root\ccm\clientsdk:CCM_ClientUtilities" $status = $util.DetermineIfRebootPending() if (($status -ne $null) -and $status.RebootPending) { $res = $true } } catch { } if ($res) { write-host "Message: Reboot required." write-host "Statistic: 1" exit 0 } else { write-host "Message: Reboot not required." write-host "Statistic: 0" exit 0 } |
Then I added the application monitor to all my Windows servers. The result is that I can see the following information on every node –
Following this I created alerts to send me an email whenever the status of the above component (“Machine restart status …”) went down for any node. And I also created a SolarWinds report to capture all nodes for which the above component was down.
Then I assigned this to a schedule to run once in a month after our patching window to email me a list of nodes that require reboots.