Showing posts with label SCOM. Show all posts
Showing posts with label SCOM. Show all posts

Wednesday, September 30, 2015

Bridgeways Management Packs

BridgeWays, leading developers in monitoring, reporting and analytics software offers a variety of Management Packs for System Center Operation Manager.
Using BridgeWays Management Packs, you no longer need to monitor and manage other systems and applications using several disparate tools. Monitor your complete IT environment, bringing end-to-end visibility within a single, pane-of-glass view and reducing your total cost of ownership of Microsoft System Center.
In most enterprise there would be  critical in-house custom applications that requires monitoring.
Bridgeways will be able to help you with that by providing you custom management pack solutions. It can be a great solution for companies that are not familiar with System Center Operations Manager
This video shows a case study with BridgeWays Management Packs Dataport.
This video shows the features and benefits that you can expect to reap from using BridgeWays Management Packs.

The complete list of all available management packs offered by Bridgeways is listed below together with the features

You can contact BridgeWays using the links provided in each products to start a free trial or requests a quote.

Tuesday, June 9, 2015

Monitoring GPO changes using SCOM

It is pretty common for AD admins to want to be able to monitor changes to GPO via SCOM.
Of course, there are events that are logged for every change made to any GPO.
The real challenge is that we will not be able to know which GPO was changed without having to go through an extensive search through the GPMC or by means of powershell.
What is required is that the SCOM alert should include the name of the GPO so that the efforts and time of the IT Admins are keep to the minimum.

The below is an article from the community that will enable you to do just that
Click here

Wednesday, May 27, 2015

Translate SCOM GUID to hostname

In SCOM RMS Event log, you may receive events that flag issues about a healthservice.
The challenge that SCOM Admins face is that these events merely provide the GUID.
In order for the remediation to be done, what is needed is the exact hostname of the server that is having the issues.

There are 2 ways that this information required can be retrieved.
You can choose either ways and you will still get the information


(Get-MonitoringObject -id 'GUID').DisplayName
If you have access to the SQL Database, you can run the query as below

select DisplayName, Path, basemanagedentityid from basemanagedentity where basemanagedentityid = 'GUID'

Wednesday, March 25, 2015

Retrieve monitors and rules on SCOM Agent

For SCOM admins, there is always a need to know what a servers has been monitored for.
There is a powershell that is provided by 2 MVPs previously (Stefan Stranger and Jeremy Pavleck) which serves this purpose.

To use run from OpsMgr Command Shell:
Get-OpsMgrWorkflows_v1.ps1 -agentname "" | export-csv -path c:\temp\workflows.csv

Save the below as Get-OpsMgrWorkflows_v1.ps1
#param ([string]$agentname = $(read-host "Please enter OpsMgr Agent Name"))             
function Get-AgentWorkflow($agentname)            
 #Original Script from Jeremy Pavleck.            
 #Use the OpsMgr Task Show Running Rules and Monitors.            
 $taskobj = Get-Task | Where-Object {$_.Name -eq "Microsoft.SystemCenter.GetAllRunningWorkflows"}            
 # Grab HealthService class object            
 $hsobj = Get-MonitoringClass -name "Microsoft.SystemCenter.HealthService"            
 # Find HealthService object defined for named server            
 $monobj = Get-MonitoringObject -MonitoringClass $hsobj | Where-Object {$_.DisplayName -match $agentname}            
 #Start Task GetAllRunningWorkflows            
 $taskOut = Start-Task -Task $taskobj -TargetMonitoringObject $monobj            
 [xml]$taskXML = $taskOut.OutPut             
 #Get Workflows            
 #Retrieve Monitors            
 $monitors = get-monitor            
 #Retrieve Rules            
 $rules = get-rule            
 #Retrieve Discoveries"            
 #Used the Group-object because there are some discovery rules with the same DisplayName            
 $discoveries = get-discovery | select-object -Unique            
 #Get Overrides"            
 #monitoroverrides = foreach ($monitor in Get-ManagementPack | get-override | where {$_.monitor}) {get-monitor | where {$_.Id -eq $}}            
 #$rulesoverrides = foreach ($rule in Get-ManagementPack | get-override | where {$_.rule}) {get-rule | where {$_.Id -eq $}}            
 #$discoveryoverrides = foreach ($discovery in Get-ManagementPack | get-override | where {$_.discovery}) {get-discovery | where {$_.Id -eq $}}            
 #Check for each workflow if it's a Rule or Monitor or Discovery.            
 foreach ($workflow in $workflows)            
  #Check for Monitor            
  $monitor = $monitors | where-object {$_.Name -eq $workflow."#text"}            
  if ($monitor -eq $null)            
   #Check for Rule            
   $rule = $rules | where-object {$_.Name -eq $workflow."#text"}            
   if ($rule -eq $null)            
    #Check for Discovery            
    $discovery = $discoveries | where-object {$_.Name -eq $workflow."#text"}            
    if ($discovery -eq $null)            
     #Get ManagementPack            
     $mp = $discovery.getmanagementpack()            
     #Check if Discovery has an override            
     #$flag = $discoveryoverrides | Where-Object {$_.DisplayName -eq $discovery.DisplayName}            
     #if ($flag -eq $null)            
     # $override = "false"            
     # $override = "true"            
     $discobject = new-object System.Management.Automation.PSObject            
     $discobject = $discobject | add-member -membertype NoteProperty -name Type -value "Discovery" -passthru            
     $discobject = $discobject | add-member -membertype NoteProperty -name DisplayName -value $discovery.DisplayName -passthru            
     $discobject = $discobject | add-member -membertype NoteProperty -name Description -value $discovery.Description -passthru            
     #$discobject = $discobject | add-member -membertype NoteProperty -name Override -value $override -passthru            
     $discobject = $discobject | add-member -membertype NoteProperty -name ManagementPack -value $mp.DisplayName -passthru            
    $mp = $rule.getmanagementpack()            
    #Check if Rule has an override            
    #$flag = $ruleoverrides | Where-Object {$_.DisplayName -eq $rule.DisplayName}            
    #if ($flag -eq $null)            
    # $override = "false"            
    # $override = "true"            
    $ruleobject = new-object System.Management.Automation.PSObject            
    $ruleobject = $ruleobject | add-member -membertype NoteProperty -name Type -value "Rule" -passthru            
    $ruleobject = $ruleobject | add-member -membertype NoteProperty -name DisplayName -value $rule.DisplayName -passthru            
    $ruleobject = $ruleobject | add-member -membertype NoteProperty -name Description -value $rule.Description -passthru            
    #$ruleobject = $ruleobject | add-member -membertype NoteProperty -name Override -value $override -passthru            
    $ruleobject = $ruleobject | add-member -membertype NoteProperty -name ManagementPack -value $mp.DisplayName -passthru            
   #Get ManagementPack for Monitor            
   $mp = $monitor.getmanagementpack()            
   #Check if Monitor has an override            
   #$flag = $monitoroverrides | Where-Object {$_.DisplayName -eq $monitor.DisplayName}            
   #if ($flag -eq $null)            
   # $override = "false"            
   # $override = "true"            
   $monitorobject = new-object System.Management.Automation.PSObject            
   $monitorobject = $monitorobject | add-member -membertype NoteProperty -name Type -value "Monitor" -passthru            
   $monitorobject = $monitorobject | add-member -membertype NoteProperty -name DisplayName -value $monitor.DisplayName -passthru            
   $monitorobject = $monitorobject | add-member -membertype NoteProperty -name Description -value $monitor.Description -passthru            
   #$monitorobject = $monitorobject | add-member -membertype NoteProperty -name Override -value $override -passthru            
   $monitorobject = $monitorobject | add-member -membertype NoteProperty -name ManagementPack -value $mp.DisplayName -passthru            
Get-AgentWorkflow $agentname

Thursday, September 4, 2014

Event ID 10 AD MP DC Local Discovery : Active Directory Helper Objects Installation unsuccessful. MSI was not found at the specified location

Encountered a situation where the SCOM agent was installed on a Windows 2008 R2 Domain Controller but was unable to locate it under the DC state in the AD MP folder.
I found this EventID in the OpsMgr event log on all DCs reporting to a SCOM R2 Gateway Server.

As it turned out, the AD Helper Object (OOMADs.msi) was missing on the DC. The SCOM R2 Gateway Server did not have this file in place so it never arrived on the DC to be monitored by SCOM.

To remediate this issue and stop it from re-occuring ever again. 
This is what was dome:

Corrected the SCOM R2 Gateway Server
Copied the file OOMADs.msi from the installation media of SCOM R2 (~\HelperObjects\<ARCHITECTURE>) to the installation folder of the SCOM R2 Gateway Server (~:\Program Files\System Center Operations Manager 2007\HelperObjects).

Corrected the Agent Staging Folder
Copied the file OOMADs.msi from the installation media of SCOM R2 (~\HelperObjects\<ARCHITECTURE>) to the Agent Staging folder of the SCOM R2 Gateway Server (~:\Program Files\System Center Operations Manager 2007\AgentManagement\<ARCHITECTURE>). 

Copied the AD Helper Object to the Agent
Copied the file OOMADs.msi from the installation media of SCOM R2 (~\HelperObjects\<ARCHITECTURE>) to the installation folder of the SCOM R2 Agent (~:\Program Files\System Center Operations Manager 2007\HelperObjects).

Corrected the Agent
Stopped the HealthService, removed the cache file (~:\Program Files\System Center Operations Manager 2007\Health Service State), installed the AD Helper Object manually and restarted the HealthService. Checked the OpsMgr event log for EventID 10. It did not return. Closed the Alerts (based on a Rule) in the SCOM Console per fixed DC and the Alerts did not come back.

Now all is well and the DC are monitored in a proper manner. 

Thursday, August 28, 2014

Updated SCOM Management Packs

Some SCOM management packs have been upated as of 27th August 2014.
Those updated includes

4) Cluster MP
5) AD MP
6) Windows Server Core MP

More details is available here

Thursday, August 14, 2014

Customizing Information in SCOM Subscriptions

Custom Properties for Alert Description and Notification:
Alert Description Variables:
For event Rules:
EventDisplayNumber (Event ID):             $Data/EventDisplayNumber$ 
EventDescription (Description):               $Data/EventDescription$ 
Publisher Name (Event Source):              $Data/PublisherName$ 
EventCategory:                                    $Data/EventCategory$ 
LoggingComputer:                                $Data/LoggingComputer$ 
EventLevel:                                          $Data/EventLevel$ 
Channel:                                              $Data/Channel$ 
UserName:                                           $Data/UserName$ 
EventNumber:                                      $Data/EventNumber$ 
Event Time:                                          $Data/@time$
For event Monitors:
EventDisplayNumber (Event ID):            $Data/Context/EventDisplayNumber$ 
EventDescription (Description):              $Data/Context/EventDescription$ 
Publisher Name (Event Source):             $Data/Context/PublisherName$ 
EventCategory:                                    $Data/Context/EventCategory$ 
LoggingComputer:                                $Data/Context/LoggingComputer$ 
EventLevel:                                         $Data/Context/EventLevel$ 
Channel:                                             $Data/Context/Channel$ 
UserName:                                          $Data/Context/UserName$ 
EventNumber:                                     $Data/Context/EventNumber$ 
Event Time:                                         $Data/Context/@time$

For Repeating Event Monitors:
EventDisplayNumber (Event ID):              $Data/Context/Context/DataItem/EventDisplayNumber$ 
EventDescription (Description):                $Data/Context/Context/DataItem/EventDescription$ 
Publisher Name (Event Source):              $Data/Context/Context/DataItem/PublisherName$ 
EventCategory:                                      $Data/Context/Context/DataItem/EventCategory$ 
LoggingComputer:                                  $Data/Context/Context/DataItem/LoggingComputer$ 
EventLevel:                                            $Data/Context/Context/DataItem/EventLevel$ 
Channel:                                                $Data/Context/Context/DataItem/Channel$ 
UserName:                                             $Data/Context/Context/DataItem/UserName$ 
EventNumber:                                         $Data/Context/Context/DataItem/EventNumber$
Performance Threshold Monitors:
Object (Perf Object Name):                    $Data/Context/ObjectName$ 
Counter (Perf Counter Name):                $Data/Context/CounterName$ 
Instance (Perf Instance Name):              $Data/Context/InstanceName$ 
*Value (Perf Counter Value):                  $Data/Context/Value$  
**Last Sampled Value                            $Data/Context/SampleValue$
*Value will show the actual performance value for simple and avg monitors.
It will show number of samples for consecutive threshold monitors. 
**Last Sampled Value works to show the last value evaluated in a consecutive sample value monitor.
Service Monitors:
Service Name                         $Data/Context/Property[@Name='Name']$ 
Service Dependencies             $Data/Context/Property[@Name='Dependencies']$ 
Service Binary Path                $Data/Context/Property[@Name='BinaryPathName']$ 
Service Display Name             $Data/Context/Property[@Name='DisplayName']$ 
Service Description                 $Data/Context/Property[@Name='Description']$

Logfile Monitors:
Logfile Directory :                  $Data/Context/LogFileDirectory$ 
Logfile name:                        $Data/Context/LogFileName$ 
String:                                  $Data/Context/Params/Param[1]$

Logfile rules:
Logfile Directory:                   $Data/EventData/DataItem/LogFileDirectory$ 
Logfile name:                        $Data/EventData/DataItem/LogFileName$ 
String:                                  $Data/EventData/DataItem/Params/Param[1]$

To show the name of the Windows Computer host: 

$Data/Context/DataItem/AlertId$                                       The AlertID GUID 
$Data/Context/DataItem/AlertName$                                   The Alert Name 
$Data/Context/DataItem/Category$                                    The Alert category 
$Data/Context/DataItem/CreatedByMonitor$                       True/False 
$Data/Context/DataItem/Custom1$                                     CustomField1 
$Data/Context/DataItem/Custom2$                                    CustomField2 
$Data/Context/DataItem/Custom3$                                    CustomField3 
$Data/Context/DataItem/Custom4$                                    CustomField4 
$Data/Context/DataItem/Custom5$                                    CustomField5 
$Data/Context/DataItem/Custom6$                                     CustomField6 
$Data/Context/DataItem/Custom7$                                     CustomField7 
$Data/Context/DataItem/Custom8$                                     CustomField8 
$Data/Context/DataItem/Custom9$                                     CustomField9 
$Data/Context/DataItem/Custom10$                                  CustomField10 
$Data/Context/DataItem/DataItemCreateTime$                      UTC Date/Time of Dataitem created 
$Data/Context/DataItem/DataItemCreateTimeLocal$               LocalTime Date/Time of Dataitem created 
$Data/Context/DataItem/LastModified$                                 UTC Date/Time DataItem was modified 
$Data/Context/DataItem/LastModifiedLocal$                          Local Date/Time DataItem was modified 
$Data/Context/DataItem/ManagedEntity$                               ManagedEntity GUID 
$Data/Context/DataItem/ManagedEntityDisplayName$             ManagedEntity Display name 
$Data/Context/DataItem/ManagedEntityFullName$                   ManagedEntity Full name 
$Data/Context/DataItem/ManagedEntityPath$                          Managed Entity Path 
$Data/Context/DataItem/Priority$                                          The Alert Priority Number (High=1,Medium=2,Low=3) 
$Data/Context/DataItem/Owner$                                           The Alert Owner 
$Data/Context/DataItem/RepeatCount$                                  The Alert Repeat Count 
$Data/Context/DataItem/ResolutionState$                               Resolution state ID (0=New, 255= Closed) 
$Data/Context/DataItem/ResolutionStateLastModified$                 UTC Date/Time ResolutionState was last modified 
$Data/Context/DataItem/ResolutionStateLastModifiedLocal$          Local Date/Time ResolutionState was last modified 
$Data/Context/DataItem/ResolutionStateName$                       The Resolution State Name (New, Closed) 
$Data/Context/DataItem/ResolvedBy$                                     Person resolving the alert 
$Data/Context/DataItem/Severity$                                          The Alert Severity ID 
$Data/Context/DataItem/TicketId$                                           The TicketID 
$Data/Context/DataItem/TimeAdded$                                       UTC Time Added 
$Data/Context/DataItem/TimeAddedLocal$                               Local Time Added 
$Data/Context/DataItem/TimeRaised$                                      UTC Time Raised 
$Data/Context/DataItem/TimeRaisedLocal$                              Local Time Raised 
$Data/Context/DataItem/TimeResolved$                                  UTC Date/Time the Alert was resolved 
$Data/Context/DataItem/WorkflowId$                                      The Workflow ID (GUID) 
$Data/Recipients/To/Address/Address$                                    The name of the recipient

The Web Console URL: 

The principalname of the management server: 

Wednesday, August 13, 2014

New Office 365 MP

On July 29th 204, Microsoft has released System Center Management Pack for Office 365 and it can be downloaded from here

This management pack can be used to
1.       Add and configure Office 365 subscriptions to be monitored in Operations Manager
2.       Proactively monitor connection health for subscriptions
3.       Automatically discover services and features available for each subscription
4.       Proactively notify when Office 365 Incidents that affects services operational status appear, being changed or resolved
5.       Reflect Office 365 Incidents and informational Messages for the subscription to Operations Manager alerts
Intuitively visualize subscriptions health and corresponding alerts via dashboard

I will blog about this in future after importing this into my environment.

Thursday, July 17, 2014

Useful SCOM 2007 R2 Powershell

Get list Operations Manager Commands

Get list of unavailable/unresponsive agents
Get-Monitoringclass -name "Microsoft.Windows.Computer" | Get-MonitoringObject | Where-Object {$_.IsAvailable -eq $False} | Select-Object DisplayName, IsAvailable | Format-Table

Resolve the healthserviceid to Agent Name
Get-Agent | Where-Object {$ -eq "healthserviceid"} | Select-Object name

Export All Unsealed Management Packs to UnsealedMPBackup Folder
Get-ManagementPack | where {$_.Sealed -eq $false} | Export-Managementpack -path C:\UnsealedMPBackup

Get the Management Server information including the Management Server Action Account identity
Get-ManagementServer | Select-Object DisplayName, IsRootManagementServer, ActionAccountIdentity, HealthState | Format-Table -autosize

Get the User Roles and its Members
Get-Userrole | Select-Object DisplayName, Users

Export all rules in imported management packs to rules.csv
Get-rule | select-object @{Name="MP";Expression={ foreach-object {$_.GetManagementPack().DisplayName }}},DisplayName | sort-object -property MP | export-csv "c:\rules.csv"

Get List of agent managed machines and their ip address
Get-agent | format-list -property, displayname, IPAddress

Enable Agent Proxy for all agents where it is disabled
$NoProxy = get-agent | where {$_.ProxyingEnabled -match "false"}
$NoProxy|foreach {$_.ProxyingEnabled = $true}
$NoProxy|foreach {$_.ApplyChanges()}

Wednesday, May 21, 2014

List Alerts for Specific SCOM Group

There was a query in the Microsoft System Center Community Forum requesting for assistance for a SQL query to list all alerts for a particular SCOM Group within a specific time frame.
I have create the query below and hopefully this will help anyone that needs something similar.
All is needed is to replace those in bold and underlined based on your needs.

select AlertName
,RGV.targetMonitoringObjectDisplayName [Server Name]
,RGV.SourceMonitoringObjectDisplayName [SCOM Group Name]
,AlertDescription [Alert]
,ars.DWCreatedDateTime [Alert Date]
,alt.Priority [Priority]
,alt.Severity [Severity]
      ,day(ars.DWCreatedDateTime) [triggerdate]
    ,month(ars.DWCreatedDateTime) [triggermonth]
      ,year(ars.DWCreatedDateTime) [triggeryear]
       from Alert.vAlertResolutionState ars
inner join Alert.vAlertDetail adt on ars.alertguid = adt.alertguid
inner join Alert.vAlert alt on ars.alertguid = alt.alertguid
left join dbo.vManagedEntity ME on ME.ManagedEntityRowId = alt.ManagedEntityRowId
left join OperationsManager.dbo.RelationshipGenericView RGV on RGV.TargetMonitoringObjectDisplayName = ME.DisplayName
where ars.DWCreatedDateTime between 'start date (mm/dd/yy)' and  'end date (mm/dd/yy)'
and ME.DisplayName in (select TargetMonitoringObjectDisplayName
from OperationsManager.dbo.RelationshipGenericView
where isDeleted=0
AND SourceMonitoringObjectDisplayName = 'Group Name' )

Friday, May 9, 2014

OpsMgr 2012 Scheduled Maintenance Mode tool

This is a very neat new tool, that enabled you to create schedules for agents and groups to go into maintenance mode.

It is a web service, with a VERY simple user interface, to allow users to create schedules for maintenance mode, or for on-demand maintenance mode.
It even includes a nice tool/icon to place on all your servers desktops, to allow server admins to immediately place a server into maintenance mode from the server itself

All System Center Cmdlets you are looking for

Microsoft has released System Center CmdLets reference for all the system center components.
It will definitely be a great help to any System Center Admins.

The reference can be downloaded from the below

Wednesday, April 16, 2014

Removing Obsolete Product Connector in SCOM 2007 R2

We used to be using Jalasoft for monitoring network devices which is integrated with SCOM and this product creates a product connector to pipe the data to SCOM.
However as this is no longer needed, I had to remove this obsolete Connector from a SCOM R2 environment. 
This cannot be done via the regular SCOM R2 console and has to be execute via one of the 3 methods below 

As Kevin Holman describes
This is not the official method but it works and gives you pretty much more control on what is being executed.

The official supported method, KB2626670
Basically a PS script which goes through the steps as per what is described by Kevin Holman :)

A community based tool
Un-official tool form the community

As you can see there are multiple options available to get to the end game
When you want to play is safe use KB2626670 since that’s the officially supported way.

Error Deleting Distributed Application in SCOM (Failed to verify View with ID)

I encountered the below trying to delete a distributed application and gotten the error similar to the below

Application: System Center Operations Manager 2007 R2
Application Version: 6.1.7221.0
Severity: Error

: Verification failed with [1] errors:
Error 1:
: Failed to verify View with ID: View_1f3465325fe94ccb9876d7154bfa30c
Target property :ManagementPackElement=Service_ceecc43c88ee428197f7eafbf91236e2 in ManagementPack:[Name=my.managementpack, KeyToken=, Version=] for this View is incorrect.Cannot find ManagementPackElement [Type=ManagementPackClass, ID=Service_ceecc43c88ee428197f7eafbf91236e2] in ManagementPack [ManagementPack:[Name=my.managmentpack, KeyToken=, Version=]]
This is due to a view that was created in the Monitoring Console to display the distributed application. The view have to be deleted first before the distributed application can be deleted

Thursday, April 10, 2014

Powershell not responsive on tab

Powershell is everywhere now. Exchange, SCOM etc.. you name it.

Since I use the tab expansion function frequently, I noticed immediately that for some odd reason the Command Shell would paused for ~30 seconds every time I used the tab completion function. I had to remind myself never to use it or I’d be staring at the screen for a while. Sometimes it’s quicker to just close Command Shell and launch it again, but usually there is history saved which I don’t want to lose.

So I wait…and wait. :(
Lincoln Atkinson created a workaround for this, which I stumbled across on the Technet forum. This was such a wonderful find, I feel like I should spread the news. Run the following script, or add it to your $profile, and tab away!

$tabExpand = (get-item function:\tabexpansion).Definition
if($tabExpand -match 'try {Resolve-Path.{49}(?=;)')
$tabExpand = $tabExpand.Replace($matches[0], "if((get-location).Provider.Name -ne 'OperationsManagerMonitoring'){ $($matches[0]) }" )
invoke-expression "function TabExpansion{$tabExpand}"