我们遇到PowerShell脚本会偶尔杀死远程服务器上的WinRM服务的情况。这是脚本:
$results = Invoke-Command -computername $hostname -ScriptBlock { Invoke-Expression "C:\Windows\System32\inetsrv\appcmd.exe list WP" }
$query = 'Select IDPROCESS,workingsetprivate,name from Win32_PerfFormattedData_PerfProc_Process WHERE name LIKE "w3wp%"'
$Pools = Get-WmiObject -computername $hostname -query $query
foreach ($result in $results)
{
$obj = New-Object -TypeName PSObject
$result -match '\d+' | Out-Null
$AppPoolID = $Matches[0]
$result -match '(?<=:)\S*(?=\))' | Out-Null
$AppPoolName = $Matches[0]
$Memory = $Pools | where IDPROCESS -eq $AppPoolID | Select -ExpandProperty workingsetprivate
$obj | Add-Member -MemberType NoteProperty -Name ID -Value $AppPoolID
$obj | Add-Member -MemberType NoteProperty -Name Name -Value $AppPoolName
$obj | Add-Member -MemberType NoteProperty -Name Memory -Value $Memory
Write-Host "$AppPoolName=$Memory"
}
我从未见过WinRM被远程脚本杀死的情况。该脚本每六分钟运行一次,成功率为99.9%,但偶尔会失败。
以下是目标计算机上事件日志的错误:
错误应用程序名称:svchost.exe_WinRM,版本:6.1.7600.16385, 时间戳:0x4a5bc3c1错误模块名称:wsmsvc.dll,版本: 6.3.9600.16406,时间戳:0x5244e817异常代码:0xc0000005故障偏移量:0x0000000000120da9故障进程id:0x9fb0故障 应用程序启动时间:0x01d32aba968aefb7错误应用程序路径: C:\ Windows \ System32 \ svchost.exe错误模块路径: c:\ windows \ system32 \ wsmsvc.dll报告ID: 4c9bd468-96fd-11E7-bbb4-005056ba0048
有什么想法吗?