SCOM 2012: How Does an Agent Task Get Executed?

  • Article

 

I was recently working on creating some agent Powershell tasks for a management pack project and it occurred to me: I don't fully understand how agent tasks get executed. What I mean is, I know how they work for the most part thanks to the school of hard knocks and also this fantastic explanation: https://thoughtsonopsmgr.blogspot.com/2010/08/scom-tasks-part-i-introduction.html

...but when you click the "Run" button in the "Run Task" window, how does the agent know to run the task?

After some investigating and was able to discover some things about how the Healthservice works.
When the agent starts, it establishes a connection to the management server on port 5723. What I didn't know is that this connection remains open.
Not only does the connection remain open, but it is bidirectional! Because this connection is always open, the management server always has an open line of communication through which to tell the agent to execute a task immediately. Since the task is defined in a MP, and the agent should have already downloaded and digested the MP, it can execute the task almost instantly.

 

In this screenshot I have demonstrated a few Powershell commands on the agent-managed machine: "WIN01".

  • The picture shows the existing persistent connection from the agent to the management server.
  • The agent is restarted.
  • A new connection gets created and remains open.

 

Sample Task. This task is designed to create a synthetic/test event in the Application event log so that it can get detected by a corresponding event rule.   It's quite useful for testing agent functionality as well as triggering email notifications. This task is part of a Utility pack that I'm working on and will make available sometime soon (as my schedule permits).

 

 

 

 

I wanted to see what was happening under the covers so I used Wireshark to capture the packets. In the screenshot below we can observe the packets used for a standard agent heartbeat.

Mgmt server (MS01): 192.168.10.62

Agent server (WIN01): 192.168.10.51

 

In the screenshots below we can observe the packets used for the execution of an agent task.

Task example #1

 

Task example #2