As hardware becomes old, the operating system running on it, whether it is a virtual machine running in a hypervisor or it’s a bare metal install, will start to exhibit what we here at Tech With a Hammer like to call “Ghost In the Machine Issues”. There will be inexplicable issues, like network drop outs or mouse and keyboard input randomly freezing, which can’t be truly attributed to anything. Hardware may check out with the built in diagnostics, memory or peripherals replaced; yet these issues keep cropping up with no probable cause other than old hardware.
One of our technicians was having an issue with random network drop-outs where DNS resolution failed, while in the Windows Event Logs there is no clear indication. Verbose Windows logging has been enabled, yet none of the log files in C:\Windows\Logs can describe the underlying root cause. So, in an attempt to analyze the situation, the following hammer was created which logs DNS resolution and network ping success and failures to a custom Event Log
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
$strDNS = "google-public-dns-a.google.com" $strIP = "8.8.8.8" $strEventLogFile = "TWAH-Scripts" $strEventLogSource = "Monitor-Network-Script" # This hammer assumes that the Event Log has already been created # # If not, please run the following commands in an elevated prompt # New-EventLog -LogName "TWAH-Scripts" -Source "Monitor-Network-Script" # Limit-EventLog -LogName "TWAH-Scripts" -OverFlowAction "OverwriteAsNeeded" -MaximumSize 10240KB try { $objResult = [system.net.dns]::Resolve($strDNS) $strNow = (get-date).tostring() $strMessage = "DNS resolution success - $strDNS - $strNow" Write-Host -ForegroundColor green "$strMessage" Write-EventLog -LogName "$strEventLogFile" -Source "$strEventLogSource" -EventID 0 -Message $strMessage -EntryType Information if ($strIP -eq $null -or $strIP -eq "") { $strIP = $objResult.AddressList[0].IPAddressToString } try { $objResult = test-connection -computer $strIP -count 1 $strNow = (get-date).tostring() $strMessage = "Ping success - $strIP - $strNow" Write-Host -ForegroundColor green "$strMessage" Write-EventLog -LogName "$strEventLogFile" -Source "$strEventLogSource" -EventID 1 -Message $strMessage -EntryType Information } catch { $strNow = (get-date).tostring() $strMessage = "Ping failed - $strIP - $strNow" Write-Host -ForegroundColor red "$strMessage" Write-EventLog -LogName "$strEventLogFile" -Source "$strEventLogSource" -EventID 11 -Message $strMessage -EntryType Error } } catch { $strNow = (get-date).tostring() $strMessage = "DNS failed - Ping skipped - $strDNS - $strNow" Write-Host -ForegroundColor red "$strMessage" Write-EventLog -LogName "$strEventLogFile" -Source "$strEventLogSource" -EventID 10 -Message $strMessage -EntryType Error } |