remote application pool recycle using WMI \ PowerShell
Bill
application pools using PowerShell.
In the past this has always been very easy using VB script:
Function PoolRecycle(strServer)
On Error Resume Next
Err.Clear
Dim objWMIService
Dim colItems
Dim objItem
'recycle application pool
WScript.Echo ""
Err.Clear
Set objWMIService = GetObject _
("winmgmts:{authenticationLevel=pktPrivacy}\\" _
& strServer & "\root\microsoftiisv2")
'connect to WMI
Set colItems = objWMIService.ExecQuery("Select * From IIsApplicationPool")
'Step through the objects to be recycled
For each objItem in colItems
objItem.Recycle
If err = 0 Then
WScript.Echo(strServer & " - " & ObjItem.Name & " Recycled")
PoolRecycle = "success"
Else
WScript.Echo("Unable to recycle the application pool on " & strServer)
PoolRecycle = "failed"
End If
Next
End Function
I have attempted to duplicate the same thing in PowerShell, but I believe I
am still running into an issue with the pktPrivacy authentication setting.
The following code works when executing localy, but not on a remote host:
Function PoolRecycle($strServerName)
{
$objWMI = [WmiSearcher] "Select * From IIsApplicationPool"
$objWMI.Scope.Path = "\\" + $strServerName + "\root\microsoftiisv2"
$objWMI.Scope.Options.Authentication = 6
$pools = $objWMI.Get()
foreach ($pool in $pools)
{
$pool.recycle()
if (!$?)
{
Write-Host $pool.name " - ERROR"
}
else
{
Write-Host $pool.name " - Recycled"
}
}
}
Any help or better ways of accomplishing this in PowerShell would be very
much appreciated!
Thanks
Bill
Shay Levi
If you know the application pool name (the function returns true/false respectively:
function Recycle-AppPool{
param([string]$server,[string]$appPool)
([WMI]"\\$server\root\MicrosoftIISv2:IIsApplicationPool.Name='W3SVC/AppPools/$appPool'").recycle();
if($? -ne 0}{$false} else {$true}
}
To get a list of application pool names:
$computer = "your Server name/ip"
gwmi -class IIsApplicationPool -namespace "root\MicrosoftIISv2" -computer
$computer | % {$_.name}
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
Shay Levi
practice.
Also, I wrote:
gwmi -class IIsApplicationPool -namespace "root\MicrosoftIISv2" -computer
$computer | % {$_.name}
for those who are not familiar with gwmi and %, I should say that they are
aliases for:
gwmi = get-wmiobject
% = foreach-object
I should have written it like:
get-wmiobject -class IIsApplicationPool -namespace "root\MicrosoftIISv2"
-computer $computer | foreach-object {$_.name}
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
> If you know the application pool name (the function returns true/false
Bill
Thanks for the help, but I see the namespace "root\MicrosoftIISv2" operate
differently when attempting to access it on a remote IIS6 computer (default
W2K3 installs).
The code examples you pointed out all work fine when targeting the namespace
locally, but I recieve access denied messages when useing the same commands
remotely.
I have tried from multiple machines to multiple servers. The VB Script I
supplied still works in all cases, which leads me to believe I am not setting
the PowerShell WMI object authentication to use pktPrivacy correctly.
Any advice would be appreciated.
Thanks
Bill
Shay Levi
I can't test it right now. Try this on the remote server(s:)
1. Start > Run > dcomcnfg > ENTER
2. In the left pane (Compnent Services.msc) expand "Component Services" >
Computers
3. Right click "My Computer"
4. In the "Default Properties" tab tick the "Enable COM Internet Services
on this computer" checkbox
5. Reboot remote server
6. Test again
I can't recall if you need to add Access Permissions in the "COM Security"
tab.
Bill
I have tested this and it still does not resolve the issue.
I guess I must be missing something. The fact that the VB Script works and
the PowerShell does not, leads me to believe that I have an issue with my
script and not the security on the target server.
I may have to use PowerShell to call the actual .Net class instead of using
the built in commands.
Funny, I would have never believed that something as simple as recycling a
remote application pool would be so hard :)
Thanks again for the help.
Bill
Shay Levi
$server="server"
$objWMI = [WmiSearcher] "Select * From IIsApplicationPool"
$objWMI.Scope.Path = "\\$server\root\microsoftiisv2"
$objWMI.Scope.Options.Authentication = [System.Management.AuthenticationLevel]::PacketPrivacy
$pools = $objWMI.Get()
$pools | foreach { $_.name }
Shay Levi
Just to clarify, I'm not able to recycle remote app pools, just list their
names (Access denied).
Even adding full security on IIsApplicationPool (WMI Properties) didn't resolve
it.
I'm still on it...
Bill
Yeah, I can list the pools, but only after specifing the authentication
setting.
It's almost like it does not carry to the other objects.
I appreciate the help.
Shay Levi
Shay Levi
Try this, I get no errors on my machines.
$server="server"
$objWMI = [WmiSearcher] "Select * From IIsApplicationPool"
$objWMI.Scope.Path = "\\$server\root\microsoftiisv2"
$objWMI.Scope.Options.Authentication = [System.Management.AuthenticationLevel]::PacketPrivacy;
$objWMI.Scope.Options.EnablePrivileges=$true;
$pools = $objWMI.Get()
$pools | foreach {$_.recycle}
Shay Levi
$wmi.Scope.Options.Username="domain\user"
$wmi.Scope.Options.Password="yourPassword"
Shay Levi
$server="server"
$co = new-object System.Management.ConnectionOptions;
$co.Username="domain\username";
$co.Password="password";
$co.Authentication=[System.Management.AuthenticationLevel]::PacketPrivacy;
$co.EnablePrivileges=$true;
$wmi = New-Object System.Management.ManagementObjectSearcher;
$wmi.Query="Select * From IIsApplicationPool";
$wmi.Scope.Path="\\$server\root\microsoftiisv2";
$wmi.Scope.Options=$co;
$wmi.Get() | foreach {
$_.recycle;
if($?){
$_.name + " recycled";
} else {
$_.name + " error";
}
}
I hope it solves your problem.
Bill
This last set of code seems to have come the closest. I no longer get an
access denied error, but the application pools on the remote server don't
actually recycle.
I have gotten some new ideas from these scripts though and I will try some
things.
Thank You for the continued effort.
Bill
Shay Levi
You're right. The pools aren't recycling. PowerShell doesn't return any error
on $_.recycle
and I assumed no errors returned = recycled.
This turned out to be my typo error. I should have write $_.recycle().
Now its givin me the ACCESS_DENIED again.
I'll check on it some more and see what I can find.
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
> Hi Shay,
>
Shay Levi
executing the code:
CALL ConnectionLogin::NTLMLogin
wszNetworkResource = \\server\root\MicrosoftIISv2
pPreferredLocale =
lFlags = 0x0
DCOM connection from DOMAIN\ShayL at authentiction level Packet, AuthnSvc
= 9, AuthzSvc = 1, Capabilities = 0
CALL CWbemNamespace::ExecQuery
BSTR QueryFormat = WQL
BSTR Query = select * from IIsApplicationPool
IEnumWbemClassObject **pEnum = 0xB9130
Access to the root\MicrosoftIISv2 namespace was denied. The namespace is
marked with RequiresEncryption but the client connection was attempted with
an authentication level below Pkt_Privacy.Re try the connection using Pkt_Privacy
authentication level.
Odd... the connection AuthenticationLevel was specified to PacketPrivacy
$co.Authentication=[System.Management.AuthenticationLevel]::PacketPrivacy;
Why do I still get access denied?
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
> Bill
>
Shay Levi
Encrypting Data When Running WMI–Based Remote Administration Scripts (IIS
6.0)
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/aa7f3ea9-0639-475f-b6c7-883cbde6f3a0.mspx?mfr=true
Authentication level seems to be in place. Anyone???
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
> I monitored the remote server's WMI log file and found this
Bill
I'm still pluggin around, but I wanted to run a couple of things by you.
Do you think it could be related to the Timeout option? I'm not sure how to
translate the value, but if it was short our connection could have timed out.
Another possibility could be that the connection options are not carrying
over to the other objects. Maybe reset the $_.psbase.options on each object??
Shay Levi
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
> Hi Shay,
>
>>> iv acy;
Shay Levi
I'm still struggling with the WMI method, I tried so many variations and
still gets access denied.
In the meantime I was able to recycle via ADSI, can you confirm?
$server="server"
$pool=[adsi]"IIS://$server/W3SVC/AppPools/DefaultAppPool"
$pool.psbase.Invoke("recycle")
I can see that the w3wp process id is changing.
>>> r y/IIS/aa7f3ea9-0639-475f-b6c7-883cbde6f3a0.mspx?mfr=true
Shay Levi
You haven't reply on this. Anything new? Were you able to recycle with [ADSI]?
-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
> Bill
>
>>>> a r y/IIS/aa7f3ea9-0639-475f-b6c7-883cbde6f3a0.mspx?mfr=true