Thursday, July 23, 2015

Notification Channel body contains more than 160 characters

When configuring a notification channel for text messages from within the Operations Console you quickly realize that the parameters exceed more than 160 characters and so you're not able to save that configuration. Below are the steps to work around that:
  1. Export the unsealed Notifications Internal Library MP.
  2. Open it with your Editor (e.g. Notepad++).
  3. Search for the name of the channel you configured in the console. There should be a display string entry starting with 'SMSEndpoint for' followed by the name of the channel.
  4. Copy the ElementID from the line above (starting with 'SmsEndpoint'.
  5. Search for the ElementID in the MP.
  6. Watch out for a line starting with 'WriteAction ID="Transport" TypeID="SmsEndpoint' followed by the ElementID.
  7. Find the Body tag two lines above.
  8. Modify the line for your need.
  9. Save the XML.
  10. Import the XML into SCOM.
  11. Test it.
All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.
Read Full Post...

Saturday, April 4, 2015

UNIX/Linux Log File Monitor RegEx Sample

In SCOM you’ve the option to use Monitoring Templates to monitor log files for patterns you define.

In the ootb template you only have the option for one regex pattern. But what if you like to query for positive pattern and negatives as well?

Easy, as long as you understand how to build regular expressions.

In my sample I’m searching for the pattern ‘positive’ while the string should not match the pattern ‘negative’.

Here’s the regex you could use:
((?i:positive)(?!(.*negative)))

You can test the regex against a sample string directly from the wizard:

clip_image002

clip_image002[4]

Furthermore, you could search for multiple patterns. Here’s the regex you could use:
((?i:positive1|positive2)(?!(.*negative)))

Happy RegEx’ing!

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.
Read Full Post...

Thursday, February 19, 2015

Monitor SCSM 2012 SP1 or R2 with SCOM

Yesterday the question came up if it is a good way to push deploy SCOM agents to SCSM 2012 SP1 or R2 MS and DW role server. The short answer: no! (NO! NEVER! DON’T DO THAT!)

Why? Unfortunately it would be possible to push an agent on those systems. SCOM would determine that there is an existing agent in place and would upgrade it to the most recent version available on the SCOM MS. Monitoring, after that, would work as expected, but the SCSM workflows will collapse. (BTW: who came to the good idea to take parts of SCOM as SCSM base without changing services, processes, logs, …? That is pain in the … consultants/admins head)

The only right way is to install SCSM SP1 or R2 as required (maybe already done). After that you’ll find the “Microsoft Monitoring Agent” on those systems where you can configure your SCOM Management Group information.

If you’ve got SCOM security settings to “Review new manual agent installations in pending management view” you will see them immediately under Pending Management in the SCOM administrative pane. If you’ve checked the option “Automatically approve new manually installed agents” they will get monitored automatically.

The self-service portal is something different (BTW: did you know that we’ve developed an awesome self-service portal? And we will release a new major version these days! More here: http://www.syliance.com/marketplace/itsm-portal). More on SSP below.

Here is the official documentation on that (bad luck that they don’t updated the SCSM MP guide):

https://technet.microsoft.com/en-us/library/hh524312.aspx

System Center 2012 – Operations Manager

System Center 2012 – Operations Manager is supported by Service Manager and Service Manager SP1 for connectors and agents. However, only corresponding System Center versions are supported when you register a data source in the Data Warehouse workspace.

System Center 2012 – Operations Manager agents were not supported with System Center 2012 – Service Manager. However, the agent that is automatically installed by System Center 2012 – Service Manager SP1 is compatible with System Center 2012 – Operations Manager and System Center 2012 – Operations Manager SP1. After Service Manager Setup completes, you must manually configure the agent to communicate with the Operations Manager management server.

To validate that the Operations Manager Agent was installed, open Control Panel and verify that the Operations Manager Agent is present. To manually configure the Operations Manager agent, see Configuring Agents.

Operations Manager Agents with the Self-Service Portal and Service Manager console

If you want to monitor a server that will host Self-Service Portal components or the Service Manager console that does not already host other Service Manager roles, then you should deploy the Operations Manager agent to the server before you install the Self-Service portal or the Service Manager console. After you’ve installed either, you should give special consideration to removing the portal or Self Service console. If an Operations Manager agent is installed on the server that hosts the portal or console and you remove the either, then the Operations Manager agent is also removed.

If you have already installed the portal or console to a server that does not host other Service Manager roles, and you want to deploy an Operations Manager agent to it, then the agent deployment will fail. However, you can prevent agent deployment failure by using the following procedure to back up, remove, and restore the Service Manager product registry key.

To back up, remove, and restore the Service Manager product registry key
  1. Export the Service Manager key from HKEY_CLASSES_ROOT\Installer\Products\<ServiceManagerGUID>. You can find the key by searching at the Products node for Data equal to Service Manager.

  2. Delete the registry key.

  3. Deploy the Operations Manager agent to the server.

  4. Import the key you exported from step 2.

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.
Read Full Post...

Thursday, February 12, 2015

What happens when the state changes?

The question came up in relation to a new to develop custom connector.

I’ve been asked what happens when the state of an object/alert changes from warning to critical (or the other way around), more specifically, will the same alert be updated or will the warning alert disappear (closed, deleted, whatever…) and a new critical one raised?

To show that I created an override for the “Windows Server 2012 Logical Disk Free Space (MB) Low” monitor so that it is enabled, generates an alert for either warning and critical state and I configured testing thresholds. Further, I decreased the interval to 60sec for testing.

After that I created a dummy file that is big enough to reach the warning but small enough to not reach the critical threshold using the following command:
fsutil file createnew $env:temp\dummy.bin (40gb)

After 60sec the following warning alert has been created:

image

I collected the interesting (warning) alert information using Get-SCOMAlert, see table below.

After that I deleted the dummy file:
del $env:temp\dummy.bin

And I created a new file that reaches the critical threshold:
fsutil file createnew $env:temp\dummy.bin (45gb)

Again, within 60sec a critical alert has been raised:

image

I collected the interesting (critical) alert information using Get-SCOMAlert, see table below.

Again, I deleted the dummy file to clean up:
del $env:temp\dummy.bin

And removed all the overrides I created initially.

Here are the alert details that have been kept behind the scenes:

Warning Alert Details:

Id : cdb71a4a-9621-4372-84d3-aad8be07f160
Name : Logical Disk Free Space in MBytes is low
Description : The disk C: on computer <FQDN> is running out of disk space.
    The value that exceeded the threshold is 6552 free Mbytes.
Severity : Warning
TimeRaised : 02.12.2015 10:04
TimeAdded : 02.12.2015 10:04
LastModified : 02.12.2015 10:04
StateLastModified : 02.12.2015 10:04

Critical Alert Details:

Id : cdb71a4a-9621-4372-84d3-aad8be07f160
Name : Logical Disk Free Space in MBytes is low
Description : The disk C: on computer <FQDN> is running out of disk space.
Severity : Error
TimeRaised : 02.12.2015 10:04
TimeAdded : 02.12.2015 10:04
LastModified : 02.12.2015 10:08
StateLastModified : 02.12.2015 10:08

As you can see: the alert ID is the same. The severity has been changed from Warning to Critical and the (State)LastModified timestamps have been updated.

Conclusion: it’s the same alert with a new severity.

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.
Read Full Post...

Monday, February 2, 2015

Remove duplicate Performance Entries

A couple of weeks ago, Microsoft released a new MP version for Windows Server Operating System. The version number was 6.0.7294.0 and it brought some fixes for Mount Point monitoring and unfortunately some bugs related Logical Disk discovery, monitoring and performance collection.

Since last Friday they released a fixed version (6.0.7296.0):
http://www.microsoft.com/en-us/download/details.aspx?id=9296

After importing the new version everything looks good but the multiple entries in the Performance Views remain.

Below you can find the SQL statements to get rid of them. Always keep in mind that manipulating the database directly is completely unsupported! Everything you do here is on your own risk! Try in lab before!

Let’s go…

Show all Logical Disk performance entries where the Display Name is not equal the Instance Name:

Use OperationsManager
select PS.PerformanceSourceInternalId, BME.BaseManagedEntityId, BME.DisplayName, PS.PerfmonInstanceName, PC.CounterName, PC.ObjectName, PS.TimeAdded, PS.LastModified, PDA.PerformanceSourceInternalId 
from PerformanceSource PS
left join PerformanceDataAllView PDA on PDA.PerformanceSourceInternalID = PS.PerformanceSourceInternalId
      join PerformanceCounter PC on PC.PerformanceCounterId = PS.PerformanceCounterId
      join BaseManagedEntity BME on BME.BaseManagedEntityId = PS.BaseManagedEntityId
      where ObjectName = 'LogicalDisk'
      and DisplayName like '%:%'
      and DisplayName <> PS.PerfmonInstanceName
      or ObjectName = 'LogicalDisk'
      and DisplayName like '\\?\Volume%'
      and DisplayName <> PS.PerfmonInstanceName

Attention: backup your Operational Database before you move on!

Delete all Logical Disk performance entries where the Display Name is not equal the Instance Name:

Use OperationsManager
delete from PerformanceSource where PerformanceSourceInternalId in
(
select PS.PerformanceSourceInternalId
from PerformanceSource PS
left join PerformanceDataAllView PDA on PDA.PerformanceSourceInternalID = PS.PerformanceSourceInternalId
      join PerformanceCounter PC on PC.PerformanceCounterId = PS.PerformanceCounterId
      join BaseManagedEntity BME on BME.BaseManagedEntityId = PS.BaseManagedEntityId
      where ObjectName = 'LogicalDisk'
      and DisplayName like '%:%'
      and DisplayName <> PS.PerfmonInstanceName
      or ObjectName = 'LogicalDisk'
      and DisplayName like '\\?\Volume%'
      and DisplayName <> PS.PerfmonInstanceName
)

After that, the duplicate entries in the performance view will disappear.

Good luck!

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.
Read Full Post...

Tuesday, January 27, 2015

AD Computers without Agent Dashboard

I created a PowerShell script which shows all computers in a defined Domain/OU structure that have no SCOM Agent installed in a PowerShell Grid Widget.

The script shows all computers and the Domain/OU that has been scanned:

It is mandatory to change the SearchBase string in the second line of the script.

Further, it is possible to exclude known computers without agents to avoid showing them in the widget.

This version is only able to search one Domain/OU but it is possible to create a dashboard with multiple widgets running for different Domains/OU.

The script can be downloaded from the TechNet Gallery:
https://gallery.technet.microsoft.com/PSGW-Computers-without-f4199ba7

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.
Read Full Post...