Category: "SCOM Tricks"

New KB: How to add a product key to an eval version of System Center 2012 Operations Manager

SCOM, System Center, SCOM Tricks, SCOM 2012 Send feedback »

A few days ago Microsoft released a KB article which explains how to add a product key to an evaluation version of SCOM 2012. It is a simple procedure. You can find the KB article here:

How to add a product key to an eval version of System Center 2012 Operations Manager

You can check if you are using an eval version of the product by opening the SCOM Console and going to Help -> About.

SCOM eval

Good luck with that!
Bob Cornelissen

nworks 5.7 automation error

SCOM, System Center, SCOM Tricks, SCOM 2012 Send feedback »

A few days ago I was playing around with auto installation of one of my favorite products, nworks 5.7, and ran into a small bug. nworks 5.7 has an installation guide with good guidance on how to use command lines to install the different components, such as EMS, WebUI and VIC.

In our case the scenario we were testing was an upgrade from nworks 5.6 to 5.7, which is supported and generally works very well. You see if you manually run the installers for EMS, UI and VIC they will auto-detect that there is a previous version installed and it will upgrade it for you with only a few questions (most have been pre-populated already for you). Got to love that product!

However when doing the upgrade through the command line we found out that only the UI installer had a problem. The EMS and VIC will run fine and continue automatically without popups when using the fully populated command line command. However the UI installer did give a popup to ask whether you want to upgrade or not. We have talked with support about it and found that this was a bug. It will be fixed in the next version.

So unfortunately we can not automate that installer as easy in this version, but we will survive. I thought it was useful to mention though that in the combi of automated command line installation with an upgrade scenario that you can run into this one on the UI installer.

Lucky that due to the upgrade recognition the upgrade process by hand is easy-peasy!
Still love nworks and the monitoring and possibilities it provides.

Good luck!
Bob Cornelissen

SCOM Close alerts from rules

SCOM, SCOM Tricks 11 feedbacks »

Was looking at a SCOM console with a lot of alerts today at a customer site. I did not feel like going through it all, so I wanted to clean out all alerts created by a rule, which had not been modified for at least 24 hours. This is because alerts coming from rules will not auto-close like the ones from monitors generally do.

So had to create a one-liner for it B)
This is for SCOM 2007.

get-alert -criteria 'ResolutionState=''0'' AND IsMonitorAlert=''False''' |where {$_.LastModified -le (Get-Date).addhours(-24)} | resolve-alert -comment "Close old alerts generated by rules" | out-null

This will look for alerts with a New resolution state and coming from a rule, where the last modification to this alert was more than 24 hours ago, and close that alert with a small comment.

I have posted an extended script on Technet Gallery at

Sure cleaned out hundreds of old alerts :>

Allways comes in handy.
Bob Cornelissen

SCOM Trick 53 – New Report Operator role

SCOM, SCOM Tricks Send feedback »

For some customers the only people running and viewing reports are the same as the ones who already have advanced rights in SCOM. If they are admins they can see and run reports as they please. However in many cases we need to allow application owners and managers to view and run SOME of the reports in SCOM. Just as with operator roles for viewing alerts and health states and performance graphs, which you can limit to certain views or groups of servers, you can also create a report operator role to view certain reports you have created for them to view and run. The process of creating a new report operator role is not the difficult part, however in most cases the last important step is being forgotten. When you run the wizard to create a new report operator the last step will show you an identifier. You will need this ID to assign some rights for that group (identified by the ID) in SQL Reporting Services. It is all spelled out in the procedures, but like I said most forget it and ask themselves why the report operator cannot access their report. I confess to have forgotten it in several occasions as well, because first of all clicking through the last screen too fast (ignoring what it says) and wanting to move forward too fast. But it is easily fixed by following the procedure.

If you don't you will get an error like this:
Loading reporting hierarchy failed. The permissions granted to user 'yyy' are insufficient for performing this operation.

For this I will refer to two posts made by Marnix Wolf who has explained it all - with screenshots - so no point in repeating the excercise:

Back to the SCOM Tricks general list

SCOM Trick 52 – Agent in pending management

SCOM, SCOM Tricks 1 feedback »

When you look in SCOM Administration and go to device management and pending management you might see some machines listed there. This can have several reasons.
- You might have the SCOM security settings set in a way that manually installed agents need to be approved by a SCOM admin first. In this case you can either approve the agents you like on a regular basis or change the security settings for it to automatically accept or deny all manually installed agents.
- You might have been doing a repair of an agent through the SCOM administration pane (mostly the agent managed view) and the repair went wrong or stalled somewhere in the process. In that case you could run the task again from this view or reject it and try again. Or use some other form of repairing that agent.
- You might have done a cumulative update on SCOM, which requires updates of agents. If agents have been pushed from the SCOM console in the past they will remain manageable through SCOM and once you do an upgrade of the management server to a higher CU level which contains an agent update all those manageable agents will show up in pending management stating they need an agent update. You can approve this action from this view. In some cases there is something that prevents this from working correctly for a handful of machines for any reason (turned off, firewall, rights, wmi broken) and they will stay in pending management. Could be that you will have to repair them or update those few through some other way (script/sccm/manually).
- In most cases the view will tell you in what pending state they actually are (agent update/approval/repair currently running/repair gone wrong or whatever wording is used). Take action based on the what state they are in. In many cases if it is not related to install approval or update approval there might be something wrong on the agent machine or something to do with rights/connectivity/wmi/firewall and so on and it is best to check on the agent machine what is going on.

OpsMgr 2007: Agents stuck in Pending Management with Event ID 21016:

As far as I have understood from the SCOM 2012 version, they want to include more information on failed agent installs and those kind of things in the screen, so you have a better understanding of what is happening there.

Back to the SCOM Tricks general list

SCOM Trick 51 – Dashboarding possibilities

SCOM, SCOM Tricks Send feedback »

Dashboarding is actually very important with SCOM, and most of it is due to the way people operate. People like to have visual overviews of the status of machines/networks/applications and health states and alerts split by functions and so on. The machines don’t care about it, but the people who have to use it to solve the alerts (system admins) and the people who want to have visual insight in the monitoring data (helpdesks, managers) need these to do their job even better.

Dashboards can be used to visually group health states for an application together and show them to somebody who does not know how an application is setup (for instance who does not know that a website with name x running on a machine y and a database z on a machine r is important for this application and how they are linked).

Dashboards can be used to group alerts and health states of certain machine groups together for the system admins who are responsible for those machines, or perhaps the same based on the product they support. Most management packs have already created views targeted at application roles, so you will see alerts and health states relevant for that product when you go into the views belonging to that management pack. In many cases these views are not being used to their potential (or not at all) and that is not a good thing. I would say especially if you have more than 20 alerts open in total for the whole environment, which is the case often enough.

Dashboards can also help to show how things are arranged physically, for instance network devices and datacenters and racks and locations/sites. These are nice to display in dashboards.

So what options do we have?

First of all there are the views and dashboards already in the management packs.

Second you can make a simple dashboard view in SCOM that will show a few alert/health/performance views in one screen.

Third you can make targeted alert/health/performance views within scom and use those in the SCOM dashboard views.

After this you will start moving out to products that are built for dashboarding:
Savision Live Maps is still my all-time favorite and has all kinds of network/location/application/business related dashboards you can take advantage of. Check out their website for examples. I just love their product(s) and use them for everything. I am not being paid to say this by the way, although I will accept any and all payments *grin*. All jokes aside, I have been using this for years and it still has advantages that other products do not yet provide and they stay ahead of the game.

Visio add-in for SCOM. Microsoft has built a connector between Visio and SCOM, which make it possible for you to make a drawing with network devices and servers and databases and make those state enabled by linking the objects in the drawing to the objects in SCOM. It is not layered like Savision is, but in several cases this is all you need to have. This is the Visio 2007 version and this is the Visio 2010 version.

Service Level dashboard. This is basically an add-in for SharePoint where you can display service levels gauges for whatever you specify. For instance you have built a distributed application and you now have a health state for it that you can see turning from green to red and back again. Now you would like to state that the application needs to be in a green state 98% of the time and that is what the gauge will show you… if you make the service level it show in green and once it crosses the lines it is into red territory. It looks fancy and managers will love it. Check it out here.

These would be the best choices to work from in my opinion.

Back to the SCOM Tricks general list

SCOM Trick 50 – Reporting

SCOM, SCOM Tricks Send feedback »

Wow, in the end you will not believe what a good trick reporting is for SCOM. At first we always tend to dive into the technical stuff of designing and installing SCOM, distributing agents, importing management packs, tuning management packs and getting in custom management packs either from third parties or community or made by ourselves and getting all kinds of hardware and software and network devices monitored. But at some point we will need to know what is going on with our SCOM install and its performance, and management will have requirements on performance reporting, service level agreement reporting, capacity management, changes, alert volumes and so on. This is where the reporting feature jumps in. A lot of SCOM management packs come with built-in reports, usually based on some of the parent reports included with SCOM. These are mostly geared toward performance reporting on availability or performance counters of a monitored component (IIS, Exchange, SQL and so on). Then there are the reports from the SCOM management pack, which tell you more about SCOM itself (as it is also a monitored product). Next to that there are also community based report sets which are geared toward certain aspects of interest, for instance reports on disk space usage and reports on SCOM performance.

In many cases you will want to create reports based on the parent reports. Let’s say you have a group of computers that support a certain business application and its owner wants to know the CPU usage of these machines during office hours for the last 30 days. These are quite easy to make in most cases and there are several howto’s available. To be listed below.

In some cases you want very specific reports that cannot be covered by the way the generic reports have been setup. In that case you will have to build a complete report yourself. There are report authoring guides for that. Check out some of the links below.
In any case there is a lot of data in the data warehouse (reporting database) that can be pulled out. All having to do with the monitoring system, alerts, performance counters and availability. If you haven’t done so already, take a good look at reporting and what it can do for you. For very large implementations the consultants often take a hard look at what reporting requirements there are, because in some cases a customer has a hard requirement for 10 performance counters and have no interest in anything else and that means we can disable a lot of performance counter collection rules that inflate the reporting datawarehouse (especially if you are running towards 1000+ agents and so on).

So perhaps some additional links:

TechNet Report Authoring guide

Reporting Links (gathered links by Stefan Stranger), this is a very good list:

Also a nice post series by Marnix Wolf about reports (he has much more about this and other subjects, but I selected one):

Also check the systemcentercentral mp catalog for some custom reports:

There are many more resources out there but this should be a good start. The list by Stefan is long enough to get a head start.

Back to the SCOM Tricks general list

SCOM Trick 49 – monitoring CentOS

SCOM, SCOM Tricks 1 feedback »

Cross platform monitoring in SCOM is a good thing. It has been a good step to include it and in many environments we have come across machines that we could now monitor with SCOM 2007 R2 (or higher). A fair number of Unix and Linux distributions which are usually used in a business environment are supported by cross platform monitoring, usually in a few versions of that distribution. New ones are added gradually. CentOS is not on the supported list, but right from the start (in the early bate phases of SCOM 2007 R2) some people wanted to see if it was possible to monitor their CentOS machines. And it is. One of the primary reasons is that it is quite similar to RedHat and the rpm file meant for RedHat would be able to install. There have been a few mothods for this, the first being getting CentOS to think it was a RedHat, and the second one being getting a new management pack based on the one from RedHat and teaching it to recognize and install on CentOS.

So here are some posts that will help you on your way to monitor CentOS:

Centos the short way by Pete Zerger:

CentOS the long way by Robert Hearn:

A posting from Daniele all the way from the beta stages of SCOM 2007 R2:

Back to the SCOM Tricks general list

SCOM Trick 48 – Certificate validation

SCOM, SCOM Tricks Send feedback »

Certificates can play an important role in SCOM when monitoring machines in non-trusted domains and workgroups. During the past years we have seen all kinds of things that can go wrong with certificates, especially during the initial stages. Mostly because the procedures were not being followed (read documentation) or that certificates of the wrong kind or with the wrong name were requested and issued.

A very nice posting about how to get the right certificates for use with SCOM is the following:

Don't forget to make sure the CA (chain) that signed your certificate is trusted. Make sure it is still valid. Make sure it is of the right type (check the OID's that they are for server authentication and client authentication), check that it has the right servername listed.

Especially for checking all certificates for validity there is also a management pack written by Raphael Burri with Pete Zerger and Jaime Correia. This is not limited to certificates used for SCOM, but all of them. This is another community MP that I use often. It can be found at: Be sure to read documentation included, so you will have maximum pleasure from this MP B)

Back to the SCOM Tricks general list

SCOM Trick 47 – SCC Health Check reports

SCOM, SCOM Tricks Send feedback »

While working with SCOM you will want to know more about what is happening to your monitoring system. This could also be for reasons of troubleshooting, but also in order to catch problems before you will actually be affected by them.
Oskar Landman and Pete Zerger took up the challenge to gather useful queries and create reports targeted at both the opsDB and OpsDW in order to gather relevant data.

Check out the Database Hygiene series by Pete Zerger for background information:

The how and why story for this management pack is given here by Oskar:

The management pack can be found in the mp catalog at SystemCenterCentral:

Now we have a way to take a look at agents, alerts, config churn, events, performance, state and general reports. Very valuable stuff and have found this to be very useful in many environments.

Back to the SCOM Tricks general list

Contact / Help. ©2017 by Bob Cornelissen. blogging tool.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.