Plugin-Output "Output unavailable" on Windows, if antiVirus-software kills process (e.g. PowerShell)

[stevie-sy]

Our colleagues updated on every Server the antivirus-software and it seems it is working like a angry pitbull after the update. After that, on Windows server we got following problem:

If Icinga triggers a PowerShell-Check from the icinga-powershell-framework/plugins, our antivirus software killed the process. But on the first glance it was difficult to recognize. While the agent on Linux writes an useful message like "terminted by xyz" with the state <unkown", on Windows you get nothing. Here is the output "Output unavailable."

So it's difficult to find the reason.

If you check the complete output via Icinga API, you'll see that the var "output" is empty and a strange exit_status:

....
"last_check_result": {
                    "active": true,
                    "check_source": "__zzzz__",
                    "command": [
                        "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
                        "-NoProfile",
                        "-NoLogo",
                        "-ExecutionPolicy",
                        "ByPass",
                        "-C",
                        "try { Use-Icinga -Minimal; } catch { Write-Output 'The Icinga PowerShell Framework is either not installed on the system or not configured properly. Please check https://icinga.com/docs/windows for further details'; Write-Output 'Error:' $($_.Exception.Message)Components:`r`n$( Get-Module -ListAvailable 'icinga-powershell-*' )`r`n'Module-Path:'`r`n$($Env:PSModulePath); exit 3; }; Exit-IcingaExecutePlugin -Command 'Invoke-IcingaCheckTimeSync' ",
                        "-Server",
                        "xxx.xxx.xxx.xxx",
                        "-Warning",
                        "-2:2",
                        "-Critical",
                        "-4:4",
                        "-Verbosity",
                        "3"
                    ],
                    "execution_end": 1708672721.194,
                    "execution_start": 1708672694.115,
                    "exit_status": -1073741819,
                    **"output": "",**
                    "performance_data": [],
                    "previous_hard_state": 0,
                    "schedule_end": 1708672721.194,
                    "schedule_start": 1708672721.194,
                    "scheduling_source": "___xyz__",
                    "state": 3,
....

After turning on the debug log on the Windows server, we can see, that Icinga recognize this happening:

[2024-02-22 13:45:25 +0100] notice/Process: PID 5556 ('C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NoLogo -ExecutionPolicy ByPass -C "try { Use-Icinga; } catch { Write-Output 'The Icinga PowerShell Framework is either not installed on the system or not configured properly. Please check https://icinga.com/docs/windows for further details'; exit 3; }; Exit-IcingaPluginNotInstalled 'Invoke-IcingaCheckService'; exit Invoke-IcingaCheckService" -Service 'Boschung-Voice-Service','Boschung-DJob-Service' -Exclude $null -Status Running -Verbosity 3') terminated with exit code 3221225477

So it would be great, if the agent on Windows has the same behaviour like on Linux. That means also write a output like

terminated with exit code 3221225477

Because with this exit/exception code you'll find information in the web and what the root cause is. But with an empty output, you'll have to invest time first. That means to check what the problem is on the system

So a better information in such situation is helping not to waste time!!

Your Environment

Include as many relevant details about the environment you experienced the problem in

• Version used (icinga2 --version): 2.14.2
• Operating System and version: Windows Server 2016 - 2022

[carraroj]

ref/NC/809781