Deploy BESChildProcessKiller Scheduled Task v1.3
0 Votes |
Versioning - This is the latest version.
1 | Deploy BESChildProcessKiller Scheduled Task v1.1 | 12/12/2016 10:28:47 AM |
2 | Deploy BESChildProcessKiller Scheduled Task v1.2 | 12/12/2016 1:08:27 PM |
3 | Deploy BESChildProcessKiller Scheduled Task v1.3 | 12/16/2016 7:28:34 AM |
Description
This Fixlet sets up a process to kill stuck processes launced by the BES Client. When the BES Client launches a process via 'wait' or 'waithidden' commands, if the process never completes, the BES Client will not respond to any further actions and remains "stuck" until the process is terminated, BESClient is restarted, or the system is rebooted.
This Fixlet deploys BESChildProcessKiller, which watches for these "stuck" child processes and kills them after a timeout value has been exceeded. This creates a Scheduled Task to check every 15 minutes. The Scheduled Task sends a query file to the "qna.exe" utility to identify stuck processes and returns their PID. The Scheduled Task then logs the process and kills it.
Components:
- Client Settings (configure via Task "Configure BESChildProcessKiller Timeout Values")
- BESClient_ChildProcess_Timeout - The current time interval after which stuck BES Child Processes should be terminated
- BESClient_ChildProcess_PreferredTimeout - The normal time interval after which stuck BES Child Processes should be terminated
- Scheduled Tasks
- BESChildProcessKiller
- Files (under __BESData\ChildProcessKiller
- ChildProcessKiller.cmd - Batch file executed by Scheduled Task to identify and kill stuck child processes
- ChildProcessTimeout.qna - Relevance query to identify and list PIDs of stuck processes
- ChildProcessTimeout.log - Log file containing execution outputs
v1.2 adds checking client setting "BESClient_ChildProcess_ExcludeList" to whitelist specific processes that should not be killed. These processes, their parent process, and parent's parent process will not be killed. Useful for excluding known long-running processes such as "rbagent.exe" used in BigFix OS Deployment
v1.3 adds a check to handle recycled PIDs. The BESClient service may be using a PID that was previously assigned for another process, and BESChildKiller would try to kill that defunct process's children. In some cases this was trying to terminate csrss.exe! v.1.3 adds a check that the target process is newer than the besclient.exe process (and hence should really be a child of besclient, as no other process could have reused besclient's pid as long as besclient is still running).
Property Details
23050 | |
Alpha - Code that was just developed | |
Deploy BESChildProcessKiller Scheduled Task v1.3 | |
BESC | |
Internal | |
12/9/2016 12:00:00 AM | |
Client, Stuck Action, Task Schedule, Kill, Process | |
JasonWalker on 12/16/2016 7:28:34 AM | |
JasonWalker on 12/16/2016 7:28:34 AM | |
10912 Views / 30 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
Used in 3 fixlets | * Results in a true/false |
Used in 3 fixlets | * Results in a true/false |
Used in 1 fixlet | * Results in a true/false |
Actions
Action 1 (default)
// setup all of the scripts involved
action uses wow64 redirection false
parameter "FolderPath"="{pathname of data folder of client}\ChildProcessKiller"
delete __appendfile
// The following file will be a query passed to qna.exe. It should output the list of process IDs to terminate -
appendfile Q: /* Do not remove this comment Version:1.3 */ pids of it of processes whose ((ppid of it = pid of service "BESClient") and (name of it != "BESClientUI.exe") AND (creation time of it > creation time of process (pid of service "BESClient")) and (now - creation time of it > value of setting "BESClient_ChildProcess_Timeout" of client as time interval) and (if not exists setting "BESClient_ChildProcess_ExcludeList" of client then true else (pid of it is not contained by set of (pid of it; pids of processes (ppids of it); pids of processes (ppids of processes (ppids of it))) of processes whose (name of it as lowercase is contained by (set of (substrings separated by ";" of value of setting "BESClient_ChildProcess_ExcludeList" of client as trimmed string as lowercase))))))
folder create "{parameter "FolderPath"}"
folder create "{parameter "FolderPath"}\Log"
delete "{parameter "FolderPath"}\ChildProcessTimeout.qna"
move __appendfile "{parameter "FolderPath"}\ChildProcessTimeout.qna"
// The following file will be a .cmd script, executed by the Task Scheduler in SYSTEM context, which executes qna.exe and kills the resulting process list
delete __createfile
createfile until EOF_EOF
@SET WD="{parameter "FolderPath"}"
@For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%a-%%b)
@SET LOGFILE=Log\ChildProcessKiller_%mydate%.log
PUSHD %WD%
if not exist "{pathname of storage folder of client}\qna.exe" (@echo %DATE% %TIME% ERROR: Could not locate qna.exe >> %LOGFILE% & exit /B 1)
if not exist "{parameter "FolderPath"}\ChildProcessTimeout.qna" (@echo %DATE% %TIME% ERROR: Could not locate ChildProcessTimeout.qna >> %LOGFILE% & exit /B 1)
GOTO MAIN
:HandlePID
@echo %DATE% %TIME$% Stopping Process %1 >> %LOGFILE%
@TASKLIST /FI "PID eq %1" >> %LOGFILE% 2>&1
@TASKKILL /PID %1 /T /F >> %LOGFILE% 2>&1
@exit /B %ERRORLEVEL%
:MAIN
echo %DATE% %TIME% Checking for stuck processes >> %LOGFILE%
@REM We need to call out to another subroutine, because the 'for' syntax doesn't seem to handle directly executing the result
for /F "skip=1 tokens=1,* delims=:" %%i in ('"{pathname of storage folder of client}\qna.exe" ChildProcessTimeout.qna') do @CALL :HandlePID %%j
EOF_EOF
delete "{parameter "FolderPath"}\ChildProcessKiller.cmd"
move __createfile "{parameter "FolderPath"}\ChildProcessKiller.cmd"
// Create the Scheduled Task to run every 15 minutes
waithidden schtasks.exe /create /RU System /SC MINUTE /MO 15 /TN BESChildProcessKiller /TR "'{parameter "FolderPath"}\ChildProcessKiller.cmd'" /F
waithidden schtasks.exe /run /TN BESChildProcessKiller
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |
Comments
|
|
This deploys fine however I noticed that it went away at some point on my machine. What I mean by that is the folder C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\ChildProcessKiller got deleted somehow (automated cleanup by the agent perhaps?). Anyway the scheduled task remained but without the folder there it wasn't able to run on my system. |
|
|
I tried to deploy this fixlet on 2 test machines but getting the status as ..NOT Relevant. Why? |