Just Because It Pings, Doesn’t Mean It SMBs (Testing Connectivity With PowerShell)


powershell3I’m a long time SCCM guy. Over the last couple of years, I’ve been learning more and more to love the automation possibilities with Powershell, Orchestrator, and even Service Manager. With these tools all used together, it makes a patch guru’s time so much easier in managing all things SCCM, including managing the devices themselves.

To that end, I created an Orchestrator runbook to create and deploy NOIDMIF files to my clients in the event they lose their tagging as they occasionally do if the CM client is reinstalled, repaired, or if the machine’s role or environment has changed. The runbook is pretty straightforward – Create the NOIDMIFs in a directory with a Powershell script using information fed from a CSV file. A second script uses Test-Connection to attempt to connect to the client before a third script sends the file over to the machine, and finally, the machine’s Hardware Inventory Cycle is initiated by another script. If the Test-Connection fails (because the machine is down for maintenance, or exists in a segregated network), that NOIDMIF is moved to another directory to be sent to the appropriate team later.

This worked flawlessly, until one day a machine that should have had the appropriate account granted the permissions necessary to access the C$ was not present on the machine, but the machine was pingable; Basic access denied. But the fix to the runbook was quick and easy to implement with Test-Path.

#Don't forget that in order to use PowerShell 3.0 in the Orchestrator 
#.NET Script activity, we need to invoke it.

$NOIDMIFs = "\\Server01\noidmif Resources\noidmifs"
$FailedToConnect = "\\Server01\noidmif Resources\FailedToConnect"

#We get the list of server names directly from the NOIDMIF file name (clientname.mif) in 
#the noidmifs directory using the GetFileNameWithoutExtension method in .NET

$FileName = Get-ChildItem $NOIDMIFs -File | ForEach {[IO.Path]::GetFileNameWithoutExtension($PSItem)}

#Now we take the hostname we extracted and use it to test an SMB connection.
#This verifies that we have access to the machine.

ForEach ($System in $FileName){
If (-not(Test-Path -Path "\\$System\c$")){Move-Item "$NOIDMIFs\$System.mif" -Destination $FailedToConnect} 

And there you have it!  This script uses the noidmif file names (%clientname%.mif) for the list of server names, tests the SMB connection, and then either continues to the next machine in the list, or moves it to a directory if it can’t connect.  Now, I can determine why the NOIDMIF wasn’t copied over, and get to remediating the problem right away!