The Now Platform® Washington DC release is live. Watch now!
‎06-08-2015 02:33 AM
Discovery is finding Internet Information Services (IIS) by looking for a running process called "svchost.exe" with a command line parameter "iissvcs".
Unfortunately, we're not finding a lot of IIS instances as the command line parameter is not displayed when we do a WMI query. It's shown on some servers, but not others!
Has anyone else seen this?
Is there an alternative way of reliably identifying IIS?
Examples:
PS C:\vb> gwmi win32_process -comp xxxxxxx |?{$_.name -match "svchost"} | select name,commandline
name commandline
---- -----------
_________________________________________________________________________________________________________________________________________________________
PS C:\vb> gwmi win32_process -comp yyyyyyyyy |?{$_.name -match "svchost"} | select name,commandline
name commandline
---- -----------
‎06-08-2015 07:21 AM
Hi Mike,
What are the differences between the two machines? OS Version / IIS Version...etc.
Thanks,
-Ryan
‎06-08-2015 07:30 AM
Hi Mike,
One possibility is that, you might not have rights to fire WMI queries on certain servers.
You can also try quering by powershell commands...like
get-service | Sort-Object DisplayName
‎06-08-2015 07:31 AM
And check if IIS service is running or not...
‎06-08-2015 07:37 AM
They're both Windows 2008 R2 Standard.
The one that doesn't work has IIS 7.5.7600.16385
The one that works has IIS 7.5.7600.16385
I don't think it can be a IIS issue. We don't see the command line parameters for any of the SVCHOST.EXE processes that are running. We can see the command line for other processes. So the issue is probably with SVCHOST.EXE.
I have the rights to do the queries. As well as using the ServiceNow discovery account, I'm using my own Windows account which is in the Administrator group on each server.
I normally do these queries remotely, but I also logged on with RDP and made sure UAC elevation was in place so I was truly Administrator. Still get the same result.