Excess Load From Discovery

Excess Load From Discovery

The Host Resources and Applications by WMI Discovery job can cause additional load on Windows 2008 and Vista systems.

The symptoms, while running Host Resources and Applications by WMI with the discover InstalledSoftware override set to true are:

  • slow boot times
  • slow login times
  • Application Event log is filled with entries for Windows Installer Service (Event ID 1035) for each installed software showing Windows Installer is ‘reconfiguring’ every MSI package

01 Windows_Event_Viewer

The Discovery job queries a class which may take minutes to complete, and is the cause of the load.

You can simply choose not to discover installed software. However, Installed Software CIs have many downstream benefits when modeling applications and in integrations with other software tools such as Asset Manager and Service Manager.

Fortunately, there is an alternative for installed software discovery on Windows 2008 and Vista systems that does not cause excess load. This blog will cover an alternative method to discover installed software on Windows 2008 and Vista systems that does not cause load.

Note: Readers should have prior knowledge of Discovery, Adapters, and Discovery Scripts. Examples and directions are taken from UCMDB 9.05 CUP 11.335, DDM Content Pack 10.01.487, but the concepts illustrated are relevant to other versions.


1. Causes

The out-of-the-box discovery job, Host Resources and Applications by WMI with the discover Installed Software option set to true, queries the Win32_Product class.

The Win32_Product class provides visibility into all applications installed by Windows Installer and inherited properties such as install date, install location, install date, install state, product ID, vendor, version, description and more.

Validating installed installation packages will constantly repeat system events causing group policy processing to take a long time. Microsoft has documented these conditions in this support article.


2. Resolution

Systems that have SCCM/SMS client installed can use the WMI32reg_AddRemovePrograms class or WMI32reg_AddRemovePrograms64 class.

The WMI32reg_AddRemovePrograms class will provide information on 32-bit installed applications while the WMI32reg_AddRemovePrograms64 class will provide information on 64-bit installed applications.

Tests show that either one of these classes results in less installed software discovered compared with the Win32_Product class. The WMI32reg_AddRemovePrograms and WMI32reg_AddRemovePrograms64 classes are legacy and have not been updated since initial release in 2003.

This document will walk through the revision of the discovery script to use the WMI32reg_AddRemovePrograms class.


3. Customizing the Discovery Job

A. Go to Adapter Management in Data Flow Management

B. Go to the Host_Resources_By_WMI resource

C. Under the Used Scripts Section, edit the wmi_dis_software_lib.py script


D. Edit the script                                                                                                                                                                                                                       The Script Editor will pop up.

05 editor

Edit the sections of the script that refer to the Win32_Product class and its inherited properties used by Host Resources and Applications by WMI.

The Win32_Product inherited properties used by Host Resources and Applications by WMI are:
Install Location
The Win32reg_AddRemovePrograms inherited properties that will be used are:
Display Name

Note that there 3 inherited properties of Win32reg_AddRemovePrograms instead of 5 with Win32_Product.


4. Script Edits

[Differences highlighted in bold]

(Line numbers may be different depending on the content pack; this example is from uCMDB 9.05 CUP 11.335, DDM Content Pack 10.01.487)

Line 123

Default Line 123:
createSoftware(results[‘DisplayName’], results[‘UninstallString‘], results[‘DisplayVersion’], results[‘Publisher‘],  results[‘ProductID’], host_osh, OSHVResult, softNameToInstSoftOSH)

Revised Line 123:
createSoftware(results[‘DisplayName’], results[‘Publisher‘], results[‘DisplayVersion’], results[‘ProductID‘], host_osh, OSHVResult, softNameToInstSoftOSH)

Line 171

Default Line 171:
resultSet = wmiClient.executeQuery(“SELECT Name, InstallLocation, Version, Vendor, IdentifyingNumber FROM Win32_Product“)#@@CMD_PERMISION wmi protocol execution

Revised Line 171:
resultSet = wmiClient.executeQuery(“SELECT DisplayName, Publisher, Version FROM Win32reg_AddRemovePrograms“)#@@CMD_PERMISION wmi protocol execution

Line 179

Default Line 179:
productPath = resultSet.getString(2)

Delete Line 179

Line 182

Default Line 182:
productVersion = resultSet.getString(3)

Revised Line 182:
productVendor = resultSet.getString(2)

Line 183

Default Line 183:
productVendor = resultSet.getString(4)

Revised Line 183:
productVersion = resultSet.getString(3)

Line 184

Default Line 184:
productId = resultSet.getString(5)

Delete Line 184