LII

Lawson Information Investigator

I edited the following line (3787 in doLBP Budgeting & Planning) to correct formatting:

#push @lawson, ( XMLEntry( 'product', '', 'name', 'LBP', 'version,', $version, 'location', $dir, 'connection', $connection ) );

push @lawson, ( XMLEntry( 'product', '', 'name', 'LBP', 'version', $version, 'location', $dir, 'connection', $connection ) );

One Liners: Remote Commands

One Liners: Remote Commands

Terminate a disconnected terminal services session: rwinsta 0 /server:%server%
Remotely reboot machine: shutdown /m \\192.168.1.1 /r /t 0 /f

Copy entire folder and its contents from a remote source to local machine: xcopy /s \\remotecomputer\directory c:\local
Get server uptime: systeminfo /s <server> | find /i "boot time"

WMIC Remote Queries

Remotely determine logged in user: wmic /node:remotecomputer computersystem get username
List running processes: wmic /node:remotecomputer process list brief
Determine open shares: wmic  /node:remotecomputer share list brief

Remotely display machine’s MAC address
wmic /node:machinename nic get macaddress

Remotely list running processes every second
wmic /node:machinename process list brief /every:1

Remotely display System Info
wmic /node:machinename computersystem list full

Disk drive information
wmic diskdrive list full
wmic partition list full

Bios info
wmic bios list full

List all patches
wmic qfe

Look for a particular patch
wmic qfe where hotfixid="KB958644" list full

Remotely List Local Enabled Accounts
wmic /node:machinename USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name

Start a service remotely
wmic /node:machinename 4 service lanmanserver CALL Startservice
sc \\machinename start lanmanserver

List services
wmic service list brief
sc \\machinename query

Disable startup service
sc config example disabled

List user accounts
wmic useraccount list brief

Enable RDP remotely
wmic /node:"machinename 4" path Win32_TerminalServiceSetting where AllowTSConnections=“0” call SetAllowTSConnections “1”

List number of times a user logged on
wmic netlogin where (name like "%adm%") get numberoflogons

Query active RDP sessions
qwinsta /server:192.168.1.1

Remove active RDP session ID 2
rwinsta /server:192.168.1.1 2

Remotely query registry for last logged in user
reg query "\\computername\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName

One Liners: DSQUERY DSGET

One Liners: DSQUERY | DSGET

Required: Remote Server Installation Tools

Most Used

• dsquery user -name "*name*"
• dsget user <FullCN> -memberof
•  dsquery user -name "*name*" |   dsget user -memberof 
• dsget user <FullCN> -memberof | find "blah"
• dsquery user <CN> -name l* | dsget user -samid
• dsquery computer domainroot -name "name*" | dsget computer -samid

Less Used

• Get members of an AD Group:
• dsget group "CN=Blah,OU=Blah,DC=domain,DC=domainsuffix" -members
• Find the number of mailboxes on the specified msExchHomeServerName
• dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(mailnickname=*)(msExchHomeServerName=*servername*))" -limit 0 | find /i /c "cn"
• Query for global security or distribution groups
• dsquery * -filter "(&(groupType:1.2.840.113556.1.4.803:=2))"
• Query for global security groups
• dsquery * -filter "(&(groupType:1.2.840.113556.1.4.803:=-2147483646))"
• Find the domain controller GUID of the specified DC
• dsquery * "CN=dcname,OU=Domain Controllers,DC=domainRoot" -scope base -attr objectguid
• Find the domain GUID
• dsquery * "domainRoot" -scope base -attr objectGUID
• Find DFS roots from Active Directory
• dsquery * "CN=Dfs-Configuration,CN=System,domainRoot" -filter "(objectClass=fTDfs)"
• Find the Exchange storage groups known to AD
• dsquery * "CN=Configuration,domainRoot" -filter "(&(objectClass=msExchStorageGroup))" -attr name msExchESEParamCircularLog msExchESEParamEventSource msExchESEParamLogFilePath msExchESEParamLogFileSize msExchESEParamSystemPath msExchESEParamZeroDatabaseDuringBackup msExchRecovery msExchESEParamEnableOnlineDefrag msExchESEParamEnableIndexChecking msExchESEParamBaseName msExchESEParamCommitDefault msExchESEParamDbExtensionSize msExchESEParamPageTempDBMin msExchESEParamPageFragment msExchESEParamCheckpointDepthMax
• Find AdminSDHolder / SDPROP groups in the directory
• dsquery * -filter "(&(objectClass=Group)(objectCategory=Group)(adminCount=1))"  
• Query for all objects that are protected (that are members of the groups above)
• dsquery * -filter "(adminCount=1)"
• Count how many user accounts are protected by the SDPROP process
• dsquery * -filter "(&(objectClass=User)(objectCategory=Person)(adminCount=1))" | find /i /c "CN="
• Find SCPs (Service Connection Points) for objects other than print queues
• dsquery * -filter "&((objectClass=ConnectionPoint)(!(objectClass=PrintQueue)))" -limit 0
• Check a 2008 R2 schema forest prep has run successfully (rvevision=5)
• dsquery * "CN=ActiveDirectoryUpdate,CN=ForestUpdates,CN=Configuration,domainRoot" -attr * -scope base
• Check a 2008 R2 schema domain prep has run successfully (revision=5)
• dsquery * "CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,domainRoot" -attr * -scope base
• Find the infrastructure role holder for the DNS domain application partition
• dsquery * "CN=Infrastructure,DC=DomainDNSZones,domainRoot" -attr fSMORoleOwner  
• Find the application partitions from the forest root configuration NC
• dsquery * "CN=Partitions,CN=Configuration,domainRoot" -filter "(&(objectClass=crossRef)(msDS-SDReferenceDomain=*))" -attr ncName dnsRoot
• Find computer accounts not server, XP or Vista
• dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(&(!(operatingSystem=*prof*)(!(operatingSystem=*server*)(!(operatingSystem=*vista*))))))" -limit 0 -attr CN operatingSystem operatingSystemVersion
• Find SPNs from the directory
• dsquery * -filter "(servicePrincipalName=*)" -attr cn servicePrincipalName -limit 0
• Query a list of groups and determine the group type (global/local/universal)
• dsquery group -name *groupfilter* | dsget group -scope -secgrp -dn

Lawson Health Check Automation

Lawson Health Check Automation

Disclaimer

While I use these scripts in my environment they are only tested in my environment. These examples are in no way endorsed by Lawson, Infor or any of their affiliates. There is no warranty, expressed or implied, to them  -- use at your own risk.

-- Common sense dictates that you at least read through thet script to understand what it does.

Base Script

:: This file gathers logs from the production Lawson system
::   and places them in a temporary local folder where it then
::   parses them for the current day's events and any errors.
:: 20120913 garymartin2007@gmail.com
:: REQUIREMENTS:
::   -- Microsoft .NET Framework v4 +
::   -- WinSCP with .NET COM interop
::      -- Create WinSCP script file
::   -- PowerShell
::   -- tidyit.cmd
:: COMMAND LINE ARGUMENTS - none
:: PROGRAM Flow
::   -- Set log file
::   -- Get date formats using PowerShell
::   --- Set date formats
::   -- Run WinSCP script to gather log files
::   -- Parse Lawson log files for errors and ouput to log file
:: CHANGELOG
::    -- 20120913 Beta version testing
::    -- 20120913 Modifed output for HTML file creation
::    -- 20120914 Added HTML Tidy to clean up any errors in output file

@echo off
setLocal EnableDelayedExpansion
set LOGFILE=C:\Lawson\reports\scrout.html
set LOCALLOGFOLDER=C:\Lawson\reports\logs\

:: get date and set vars for later use
::   Powershell is used because Win 7 does not provide
::     week day names
powershell -NonInteractive -Command "& {Get-Date -Format ddd.MMM.dd}" > date.txt
REM powershell -NonInteractive -Command "& {Get-Date -Format .MMM.dd', 'yyyy}" > date1.txt
powershell -NonInteractive -Command "& {Get-Date -Format .MMM.dd}" > date1.txt

:: Date format for latm, ladb, and lajs logs
for /f "tokens=* delims= " %%a in (date.txt) do (
set DATESTR1=%%a
)
:: Date format for ProcessFlow logs
for /f "tokens=* delims= " %%a in (date1.txt) do (
set DATESTR2=%%a
)

:: get the current logs using WinSCP script
C:\gmTools\WinSCP\WinSCP.exe /console /script=c:\Lawson\reports\WinSCPHC.txt

:: Search and log errors to file
:: Start Head section
@ECHO ^<html lang="en"^>^<head^>^<title^>Lawson ERP AHC Implementation^</title^> > %LOGFILE% 2>&1
:: to enable HTML5 in IE
@ECHO ^<script^>document.createElement('header'); document.createElement('nav'); document.createElement('article'); document.createElement('footer'); document.createElement('aside');^</script^> >> %LOGFILE% 2>&1
@ECHO ^<link rel="stylesheet" href="scrout.css" /^> >> %LOGFILE% 2>&1
@ECHO ^</head^>^<body^> >> %LOGFILE% 2>&1
@ECHO ^<h1^>Production^</h1^>^<p^> >> %LOGFILE% 2>&1
@ECHO DATESTR1 = %DATESTR1% ^<br /^> DATESTR2 = %DATESTR2% ^<br /^>for findstr regex format. Last run >> %LOGFILE% 2>&1
time /t >> %LOGFILE% 2>&1
@ECHO . ^</p^> >> %LOGFILE% 2>&1
:: End Head section
:: lawsec section
@ECHO ^<h2^>LAWSEC Results^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /b "Lawson" %LOCALLOGFOLDER%heilawwi004\lawsec.txt >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: jqstatus section
@ECHO ^<h2^>JQSTATUS Results^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b "^[0-9]" %LOCALLOGFOLDER%heilawwi004\jqstat.txt >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: jobinteg section
@ECHO ^<h2^>JOBINTEG Results^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b "ORPHANED " %LOCALLOGFOLDER%heilawwi004\orphans.txt >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: secinteg section
@ECHO ^<h2^>SECINTEG Results^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b "corrupt" %LOCALLOGFOLDER%heilawwi004\secinteg.txt >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: latm log
@ECHO ^<h2^>LATM.LOG Errors only^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR1% %LOCALLOGFOLDER%heilawwi004\latm.log | find "PrcTPCrash" >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
@ECHO ^<hr /^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR1% %LOCALLOGFOLDER%heilawwi004\latm.log | find /i "ERROR" >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: ladb log
@ECHO ^<h2^>LADB.LOG ^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<p^>Filtered out (LoadLic) lines.^</p^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR1% %LOCALLOGFOLDER%heilawwi004\ladb.log | find /v "(LoadLic)" >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: lajs log
@ECHO ^<h2^>LAJS.LOG All events^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR1% %LOCALLOGFOLDER%heilawwi004\lajs.log >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: pflow.out log
@ECHO ^<h2^>PFLOW.OUT^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<p^>Java com.lawson errors only^</p^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR2% %LOCALLOGFOLDER%heilawwi004\pflow.out | find "at com.lawson" >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
:: pfsch.out log
@ECHO ^<h2^>PFSCH.OUT Database Exception errors only ^</h2^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR2%",.[0-9]*.[0-9]*:[0-9]*:[0-9].*.M\].*Lawson.Database.Exception" %LOCALLOGFOLDER%heilawwi004\pfsch.out >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
@ECHO ^<p^>There are:^</p^> >> %LOGFILE% 2>&1
@ECHO ^<pre^> >> %LOGFILE% 2>&1
REM findstr /i /n /b %DATESTR2%",.[0-9]*.[0-9]*:[0-9]*:[0-9].*.M\].*Scheduler shutdown waiting for jobs to complete" %LOCALLOGFOLDER%heilawwi004\pfsch.out | find /c "Scheduler shutdown waiting for jobs to complete" >> %LOGFILE% 2>&1
findstr /i /n /b %DATESTR2%",.2012.[0-9]*:[0-9]*:[0-9]*.[A|P]M\].Scheduler shutdown waiting for jobs to complete" %LOCALLOGFOLDER%heilawwi004\pfsch.out | find /c "Scheduler shutdown waiting for jobs to complete" >> %LOGFILE% 2>&1
@ECHO ^</pre^> >> %LOGFILE% 2>&1
@ECHO ^<p^>jobs waiting for scheduler to shut down. If there are more than a few: to correct this: ^<br /^> ^<br /^> Follow AR_1095827 instructions.^<br /^> ps -ef ^&#124; grep WfSche ^&#124; less ^<br /^> to kill the hung processes.^</p^> >> %LOGFILE% 2>&1
:: Start footer
@ECHO ^<br /^>^<p^>Completed  >> %LOGFILE% 2>&1
time /t >> %LOGFILE% 2>&1
@ECHO ^</p^> >> %LOGFILE% 2>&1
:: Close HTML tags
@ECHO ^</body^>^</html^> >> %LOGFILE% 2>&1
call tidyit.cmd %LOGFILE%
endlocal

@start "" /b C:\PROGRA~2\INTERN~1\iexplore.exe C:\Lawson\reports\scrout.html

Requires

Set the following to run as a cron job:

jqstatus –rwh > /law/app/jqstat.txt

jobinteg –vd > /law/app/orphans.txt

lawsec > /law/app/lawsec.txt

secinteg –fv > /law/app/secinteg.txt