_bruno
August 18, 2023, 8:34pm
1
Environment:
Windows version: Windows 10 21H2, fully patched
Beats versions: 8.9.0, 8.9.1 (winlogbeat and filebeat)
Steps to Reproduce:
Install beats versions 8.9.0 or 8.9.1 as a windows service.
Attempt to make a WMI query to Win32_Service.
Expected Results:
The query should be handled smoothly without any lag or hang.
Actual Results:
The query hangs and does not complete in a timely manner.
Force killing the beats process immediately allows the queries to complete.
Notes:
I am not experiencing this issue with older versions (like 8.8.2 and previous).
Question:
Is anyone else experiencing this? Are there any known workarounds or solutions?
Here is the WMI query in question:Get-CimInstance Win32_Service
andrewkroh
August 18, 2023, 10:02pm
2
Only the Metricbeat windows.service module uses WMI. Are you running that?
I've never done any WMI debugging, but after a few searches it seems that enabling WMI trace logging might help give you some indication of what WMI is doing. Tracing WMI Activity - Win32 apps | Microsoft Learn
_bruno
August 23, 2023, 4:24pm
3
The issue isn't with WMI inside of beats application, but rather when a beats application is installed as a Windows Service.
After that happends simple queries like Get-CimInstance Win32_Service hang
_bruno
August 23, 2023, 5:41pm
4
Seems like there has been at least one workaround for Win32_Service issues in the beats repo
elastic:main ← stryngs:main
opened 02:15AM - 12 Oct 22 UTC
<!-- Type of change
Please label this PR with one of the following labels, depe… nding on the scope of your change:
- Bug
- Enhancement
- Breaking change
- Deprecation
- Cleanup
- Docs
-->
## What does this PR do?
This PR adds a workaround to a situation in Windows where calling Get-WmiObject returns "Win32_Service" as an Invalid class.
## Why is it important?
This is important to users which remotely deploy and install any of the Beats in a Windows environment. Rather than solving the class issue I focused on a workaround which can be provided until a proper solution to the class issue is found.
## Checklist
<!-- Mandatory
Add a checklist of things that are required to be reviewed in order to have the PR approved
List here all the items you have verified BEFORE sending this PR. Please DO NOT remove any item, striking through those that do not apply. (Just in case, strikethrough uses two tildes. ~~Scratch this.~~)
-->
- [ ] My code follows the style guidelines of this project
~~- [ ] I have commented my code, particularly in hard-to-understand areas~~
~~- [ ] I have made corresponding changes to the documentation~~
~~- [ ] I have made corresponding change to the default configuration files~~
~~- [ ] I have added tests that prove my fix is effective or that my feature works~~
~~- [ ] I have added an entry in `CHANGELOG.next.asciidoc` or `CHANGELOG-developer.next.asciidoc`.~~
## Author's Checklist
<!-- Recommended
Add a checklist of things that are required to be reviewed in order to have the PR approved
-->
- [ ] N/A
## How to test this PR locally
Build any Beats package and then run the associated installer for Windows.
## Related issues
- N/A
## Use cases
Windows zipfile deployments for service installations.
## Screenshots
N/A
## Logs
N/A
_bruno
August 24, 2023, 3:16pm
5
Additionally, service control thing seems to be generally broken in these later versions.
Simply trying to stop the Winlogbeat service hangs.Get-Service Winlogbeat | Stop-Service
Is anyone else running into similar issues?
system
September 21, 2023, 5:16pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.