Archive by category "Operations Manager"

Remove SCOM Management packs with PowerShell

After importing a newer version of SQL Management pack, in our case ( The older SQL Management packs are no longer needed, because the new one is version-agnostic.

As described in the release notes:
This management pack is version-agnostic, which means that you need only it to monitor SQL Server from 2012 to 2017 and higher. The previous management packs for SQL Server 20082012, 2014, and 2016 have reached the end of support. After importing, this management pack behaves differently depending on whether there are already the previous management packs installed or not. If those are not installed, the management pack will discover and monitor SQL Server 2012, 2014, 2016, 2017 and higher right out of the box, as the previous management packs do that. In the case when there is one or several of the previous management pack for SQL Server 2012, 2014, and 2016, the version-agnostic management pack will disable the discovery and monitoring for those versions of SQL Server that are already monitored by the previous management packs. It is to avoid double monitoring.

Now, it’s time to delete all older SQL Management packs.
Open your Operations Manager PowerShell window. If you cannot find the shortcut on your management server, you can also do a “import-module operationsmanager”

Unattended SCOM Agent installation Windows

Command line is your friend when the SCOM Agent auto deploy functionality does not work for some reason. Because some firewall rules are disabled or something like that.
Or if you need to create a SCCM Package.

Unattended installation with system account:

Unattended installation with SCOM Action account:


SCOM 2016

With the release of SCOM (System Center Operations Manager) 2016 Microsoft released a new version of SCOM. The look and feel of SCOM is almost the same as the 2012 version. Of course Microsoft add a couple of new features which are very useful. Microsoft has listened to the feature requests of the SCOM Community. I will describe the new features.

New features SCOM 2016

Management pack updates and recommendations

SCOM Management packs can be obtained from the Microsoft website, or other third party websites which has developed their own Management packs for custom applications. In SCOM 2016 you be able to view the current status of the management pack. When a management pack is older than the one in the Microsoft catalog the status will be changed to “update available”. The new tab is placed in the management packs folder under the Administration tab.
When you look into the management packs folder it have some new buttons available, with this new buttons you can find some more information, download page, install guides or other recommendations.

Management pack tuning and alert data management

In SCOM 2012 it was a hard job to tune the alerts, rules and discoveries when there was something wrong. You must report these with the reporting feature and change them by hand.
SCOM 2016 facilitate alert tuning by default. This enabled you to avoid the flooding of non-essentials repeated alerts and give you the focus back. In the management pack tab there is a new window called “Tune Management packs”. With the Identify button you can set the time range to analyze the data, and set the minimum number of alerts for the management packs you want to display. In this view you see the alert count, priority, source and name. Alerts can be tuned for all objects of the target class, group, or a specific object of a class or for all objects of another class. Direct from the tune alerts tab.

Improvement of the Unix, Linux monitoring

SCOM 2016 make use of a new “Management Infrastructure MI” API. With this API you can monitor much more Linux agents. Supported configuration of 1000 Unix agents to one SCOM 2016 management server. The use of the new API is not enabled by default; to enable this you must create a new registry key in:

Name: UseMIAPI
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup

Extensible network monitoring

SCOM 2016 comes with a new tool for creating custom management packs for network device monitoring. With the “NetMonMpGenerator.exe” tool located in the install directory on your SCOM management server you be able to create Management packs from .XML files with the well-known OIDs in it. This will spare you a lot of time.

Scheduled maintenance mode

With SCOM 2016 it is possible to schedule maintenance mode for specific objects. You can suspend the monitoring for a specific date / time. This is possible in the Maintenance mode scheduler wizard. Another nice feature is the client side maintenance mode enabler. This enables you to set the SCOM client in maintenance mode from the client side. So you don’t have to login to operations console for this action. This can be done with the following PowerShell command: Start-SCOMAgentMaintenanceMode cmdlet.

Monitor Nano server and workloads

SCOM 2016 has included Nano server support. The following features are available for Nano server:

  • Discover and deploy Nano server monitoring agents. Also available with PowerShell.
  • Monitor Nano server IIS and DNS roles.
  • ACS Audit event collection.
  • Support for Active Directory Integration.

Faster web console

SCOM 2016 has removed the Silverlight dependency for accessing the Web Console. Silverlight is only needed for opening Dashboard views, the rest is programmed in HTML which can be accessed from multiple browsers (chrome, firefox etc.)

Improved console performance

The SCOM 2016 console is way faster than the SCOM 2012 console. The load time of diagram and state views is reduced.

Partner program in administration console
There is a new tab available for third party Tools for creating management packs or downloading third party management packs.

New features SCOM 2016 Unix/Linux monitoring

  • New management packs for Apache HTTP server, MySQL and MariaDB.
  • New Linux monitoring agents which include OMI (Open management Infrastructure)
  • Multi-threaded agent which allows parallel execution.
  • Templates for Two-state, Three-state monitors, Agent tasks, Performance rules and Alert rules. You can now use shell, perl, phython, ruby or any other scripting language.
  • Default credentials for discover Unix and linux computers.
  • Filter logical disks or file systems by file name or type. Discovery rule overrides can now exclude file systems that you don’t want to monitor.


Create PowerShell monitor SCOM

With scripts you can monitor almost everything in SCOM. Out of the box SCOM uses mostly VBScript instead of PowerShell, because it works on all Windows versions. I prefer PowerShell above VBScript, so I created some PowerShell performance collection rules and PowerShell monitors.

Silect created an awesome tool called MP Author to build management packs wizard driven.

The steps:

– Create new management pack, give it a name, choose a folder, locate the references and select Empty Management pack.
– Create a custom application class. In MPAuthor this called Targets, create a new target. I used WMI to locate the custom application service (Select * From Win32_Service Where Name Like “%Service name%”). We are working with a Windows local application, with Windows Computer as target.
– Next, create a custom PowerShell performance rule or a PowerShell monitor (works the same). New “Script performance rule”. Give the script a name and paste the code in the script area. In the next page provide the parameters:

Counter: Pagespeed
Instance: Someinstance
Value:  $Data/Property[@Name=’Pageloadtime’]$

Select the target we created the above and finish the wizard.

Example script to explain the used SCOM variables:


Monitor JEE Java applications with SCOM

It’s possible to monitor the mbeams provided by the java engines with SCOM. Out of the box SCOM Doesn’t discover these applications automatically. There are some more steps needed to complete this.

The steps I followed:

– Download and import the SCOM JEE Management packs from: Download
– Install a SCOM Monitoring agent on the application server.
– Enable agent proxy on the SCOM agent (SCOM Console -> Administration -> Agent Managed -> Right click -> Allow this agent to act as proxy).
– Open port 8080 from the SCOM Management server to the application server.
– Search for the “beanspy.war” files on the SCOM Management server. Usually located in a subfolder of: “C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State\Resources”
– In my case i used an application server without authentication so i need the beanspy.notauth.war.
– Rename the beanspy.notauth.war to beanspy.war.
– Deploy beanspy.war to youre application web server, in my case tomcat-7.0.
– Restart the application web server services to load beanspy.war.
– Check if the beanspy module is loaded: browse http://URL:8080/BeanSpy/MBeans?JMXQuery=*:*
– Add the application server with the .\NewJEEAppServer.ps1 powershell script.
– .\NewJEEAppServer.ps1 -ManagementServer FQDN -JEEAppServerType Tomcat -JEEAppServerVersion 7 -Target http://FQDN:8080
– In my situation the standard query defined in the JEE Management packs discovered nothing. (http://FQDN:8080/BeanSpy/MBeans?JMXQuery=Catalina:j2eeType=WebModule,*).  I changed this by overriding the default discovery settings with (*:*). And I changed the discovery interval.
– Now you can create JEE Monitors with the pre-defined Management pack templates.

Debug SCOM Agent

Sometimes it’s unclear what the error messages are when the SCOM Agent is running an VB or PowerShell script. Or the event-log messages say nothing about the issue you actually facing. In this situation the Tracing.cmd could give you more information what is happening.

How to start the SCOM Agent Tracing:

  • Go to the Operations Manager Tools directory. Which is located: “C:\Program Files\Microsoft Monitoring Agent\Agent\Tools”
  • Run: StopTracing.cmd
  • Remove all the files located in the OpsMgr log folder: “C:\Windows\Logs\OpsMgrTrace”
  • Run: StartTracing.cmd VER
  • Wait till the problem reoccur, mostly an eventlog message that some script has runned.
  • Run: StopTracing.cmd
  • Format the logs in human readable information this can be done with the: FormatTracing.cmd
  • The logs are saved in the log directory.

I used SMS Trace to debug the logs.

The issue was found in the “TracingGuidsManaged.log”. Invoke-WebRequest was running under a user account witch not have runned the “IE First time run setup”. You can change a group policy for this issue or simply run the step with the actual account.

Example debug line:

[3]dd/mm/yyyy [AzureModule] [] [Error] :RunspaceController.WriteErrorLine{runspacecontroller_cs412}( 0000000000)PowerShell Script ‘ps1’ WriteErrorLine: Invoke-WebRequest : The response content cannot be parsed because the Internet

Create test alert in SCOM

There is no standard feature in SCOM to generate a test alert, which can be needed to test a mail subscription.
For SCOM2007 there is a simple tool to generate test alerts. Too bad that this tool doesn’t support SCOM2012.
If you are using SCOM2007 you can download the tool here:

For the SCOM2012 users we can generate a test alert with a Microsoft Event log event.
First we need to create an event log entry. This can be done with PowerShell or a CMD Command.

Create event in Windows Event log

I’ve done this with the standard EventCreate command in CMD.
eventcreate /L Application /T information /ID 999 /D “This is a test event” /SO TestEvent

If you want to create a daily test event, this can be scheduled in task scheduler.

Sample parameters:
– Run whether user is logged on or not
– Run with highest privileges
– Program/script: eventcreate
– Arguments: /L Application /T information /ID 999 /D “This is a test event” /SO TestEvent

Create an Event Monitor in SCOM

  • Go to the Authoring tab -> Monitors -> Create a unit monitor.
  • Create a new management pack: “Test event management pack” Or use (not the default) a other unsealed management pack.
  • Choose Windows Events -> Simple event detection -> Timer reset.
  • Give it a name, and select the target. I’ve chosen the “Operations Manager Management Server Computer Group” because i generate the test event on my SCOM Management server.
  • I’ve chosen the “configuration” parent monitor because this is a typical configuration thing.
  • Select the event log we are monitoring for the event.
  • Next, type the Event ID (999) and the Source (TestEvent).
  • Configure the timer when the test alert can be closed.
  • Configure the Severity and Priority and Select the “Generate alerts for this monitor” box.

Now you can test Alerts with running the scheduled task or run the command in the DOS prompt.

Delete dependencies Default Management Pack

Default Management Pack Information

Don’t save any custom rules, overrides or views to the default management pack. Store al application specific overrides in a new unsealed application overrides MP. Or when the overrides are customer based, create an unsealed customer management pack. When this is done, you can simply delete application specific or customer specific overrides.
Now with the rule above in your mind, we are going to delete al the dependencies in the default management pack.

SCOM Reporting Overrides Report.

With this report its possible to locate overrides saved in the Default Management Pack.
If there is some override made, locate the monitor or rule and go to the override summery to delete the overrides.
After this step, try to delete the Management Pack. Same situation? Go to the second step.

SCOM XML Management pack editing:

The default management pack is an unsealed management pack with the real name “Microsoft.SystemCenter.OperationsManager.DefaultUser”. Unsealed Management Packs like all SCOM handmade management packs can be edited.
Export the Default Management pack 2 times, first on your backup location and second one witch you going to edit.
There are four sections in the management pack:
– Manifest: Contains the name of the management pack and the references.
– Monitoring: Contains the monitoring and override definitions.
– Presentation: Contains the views and folders.
– Language Packs: Contains readable names for objects instead of unreadable system guides.

When you have deleted all overrides on monitors and deleted al the views the reference section in the XML is the issue. So first delete the references:

Delete all <Reference Alias= </Reference> for each Management Pack that must be removed.

Example Advisor:

In my situation was this enough to delete the management pack. Because I had delete the overrides and views in the SCOM UI.

Save the XML, and import the management pack again. When importing the management pack, this will be trowed: Default Management Pack version 7.1.10226.0 is imported. Click install.

When there are still dependencies on the management pack, safely remove the dependent overrides, monitors and views in the other 3 sections based on the management pack you want to remove. The example formats are:


Run SCOM Discovery task manually

Sometimes it takes up to 24 hours to discover a new component or new installed role. If there is no time to wait 24 hours to complete this discovery you can do this manually.
There is a nice task in the SCOM console to get this discovery started.

First search the Discovery ID and Instance ID. This can be done with some PowerShell one-liners:

Then search the “Trigger On Demand Discovery” button in your SCOM Console.
Is placed under the folder -> Operations Manager -> Agent Details -> Agent Health State -> Select Object -> Task plane (scroll down) -> Trigger on demand discovery

Then Override the task parameters with your id found in the steps above:
Override Task Parameters SCOM