Netreo can use the "active response" feature of actions to launch a PowerShell command against a Windows server as the response to an incident. (For example, if the service check monitoring the availability of a Windows service shows that the service has failed and needs to be restarted.) Active response actions are automatically initiated only when an incident is first opened (but, with appropriate permissions, can always be run manually from within an incident).

Restarting a Windows Service

To create an action for restarting a Windows service, start by following the instructions for creating an action group.

This action group will be assigned to a service check monitoring the availability of the service, and is what will be run when an incident for that check gets opened.

Action groups contains one or more actions, which themselves contain one or more methods. What we want to do in this case is create an action group with a single action containing a single method—the Active Response Windows method that we'll use to execute the PowerShell command to restart the service.

Follow the instructions linked to above and create an action group that can be assigned to the service check monitoring the Windows service you'll want restarted. Make sure you name it something sensible, like "Restart Windows Service".

Continue to follow the instructions as they explain how to Add an Action to an Action Group. Create the action that will hold your active response method. Be sure to name it something sensible, as well. (You can use the same name as you did for the action group without any issues.)

Continue to follow the instructions as they explain how to Add a Method to an Action. When the time come to select the ACTION METHOD TYPE, select Active Response Windows from the drop-down.

In the POWERSHELL COMMAND field, enter the command to execute on the Windows system. (The selected command will always be executed on the system associated with the primary alarm of an incident.)

To restart a failed Windows service, use the following command (see Microsoft's official documentation for your version of PowerShell):

Start-Service -displayname {SERVICENAME}

{SERVICENAME} is a macro that can be used to automatically fill in the name of the appropriate service. If you use the Netreo WMI Service Check wizard to create the service checks, this macro will automatically populate with the name of the failed service when the command is run, allowing you to reuse this action group for all monitored Windows services.

Restarting a Windows Server

The instructions for creating an action to restart a Windows server are the same as above, but change the names for the action and action group to something like "Restart Windows Server" and use the following command in the POWERSHELL COMMAND field instead (see Microsoft's official documentation for your version of PowerShell):

Restart-Computer

We recommend caution when using a full system restart as an active response action, as Netreo will not be able to communicate with the device while it boots.

An action group that restarts a system completely is probably better used as a manual action (run from within an incident), rather than one executed automatically by a monitoring check.

This makes sense as Netreo will not be able to execute the restart command if the Windows system is unreachable due to a full outage, network connectivity issue, or authentication failure.