0

My powershell script determines the current user of a remote Windows 7 computer and will output 

userId=DOMAIN\username

If there is no user currently logged on, the script will output

userId=No One Currently Logged In

And if the script cannot access the WMI of the remote computer, the script will output

userId=CannotConnectToWMI

I ran the script along with running WBEMTEST to confirm whether or not WMI can be accessed on the remote machine.

I am really puzzled because yesterday afternoon, I was able to access WMI on several remote machines, and this morning, I cannot. Below is a chart:

Results of Script and WBEMTEST

Why is this happening? How to make sure that WMI is always accessible? I posted another question yesterday about WMI, https://stackoverflow.com/questions/19409747/wbemtest-to-windows-7-says-the-rpc-server-is-unavailable

Please help

@vonPryz

The script has Test-Connection. Below is the entire script

$line_array = @()
$multi_array = @()
[hashtable]$my_hash = @{}
$Sender_IP = $NULL
$bios = $NULL
$wmi = $NULL

foreach ($i in $args){
   $line_array+= $i.split(" ")
}

foreach ($j in $line_array){
    $multi_array += ,@($j.split("="))
}

foreach ($k in $multi_array){
    $my_hash.add($k[0],$k[1])
}


$Sender_IP = $my_hash.Get_Item("sender-ip")

try{
    Test-Connection $Sender_IP -count 1 -ErrorAction Stop | out-null
}
catch [Exception]
{
    $userId = "userId=CannotPing"
    return $userId 
}

try{
    $wmi = gwmi -class win32_computerSystem -computer $Sender_IP -ErrorAction Stop
}
catch [Exception]{
    $userId = "userId=CannotConnectToWMI"
    return $userId
}

try{

    $userId = ($wmi).username 
}
catch [Exception]{
    $userId = "userId=CannotFindLastUserLoggedOn"
    return $userId
}


if ($userId -ne $NULL){
    $userID = "userId="+$userId
    return $userId
}
elseif ($userID -eq $NULL)
{
    $userId = "userId=No One Currently Logged In"
    return $userId
}

EDIT

I was remoting into these computers to check DCOM permissions, and then I realized that one of them turned into Windows XP. It seems that the IP addresses are getting switched to different computers. I will compare according to Fully Qualified Domain Name.

Community
  • 1
  • 1
Glowie
  • 2,271
  • 21
  • 60
  • 104
  • Uh, the network is unreliable? The computer stinks? Mars was in alignment with Jupiter? The spider was downloading pics of hot eunuchs? –  Oct 17 '13 at 13:13
  • Did Group Policy mess with the DCOM permissions on those machines? – mjolinor Oct 17 '13 at 13:20
  • Are those remote machines online? Powered up? Have you looked at them to see what has changed since yesterday? – alroc Oct 17 '13 at 13:24
  • @alroc yes, they are powered on. The script pings the machine before checking whether WMI can be accessed. What things should I see that have been changed on those machines, this is what I am trying to figure out, how to even troubleshoot – Glowie Oct 17 '13 at 13:40
  • @mjolinor I will see DCOM permissions – Glowie Oct 17 '13 at 13:42

2 Answers2

0

Add Test-Connection to your script and try WMI only if pinging the host is succesfull.

vonPryz
  • 22,996
  • 7
  • 54
  • 65
0

I am currently testing several IP addresses that are Windows 7. When I remoted into one of the troublesome IP addresses, I noticed it became Windows XP. Then I realized that IP addresses of computer get changed every few days, so 10.10.10.10 may belong to ComputerA.contoso.com one day, and few days later, may belong to ComputerB.contoso.com.

Now before I do any testing on a bunch of computers, I go according to their Fully Qualified Domain Name, and then find the corresponding IP address before performing any testing.

Glowie
  • 2,271
  • 21
  • 60
  • 104