SCOM Trick 1 – Product documentation

SCOM, SCOM Tricks Send feedback »

Alright, let’s face it… we are all IT people. So to generalize, we are stubborn and do not read manuals unless we are forced to. We install products and start clicking away. Until we hit a wall somewhere or we start complaining about something that is not there in a product while it is actually there, but we cannot find it. So in the rare occasion that we actually do not find something on our own and we have no other choice than to read the documentation, or when others tell us to first read about the subject before asking questions… Here are the online product documentation locations:

The TechNet library for System Center products

The TechNet Library for SCOM 2007:

The TechNet wiki

Other locations of documentation are community sites and a lot of sub-sites of the above. But these will be covered in other SCOM Trick posts.

Back to the SCOM Tricks general list

SCOM Tricks overview

Uncategorized, SCOM, System Center, SCOM Tricks 1 feedback »

I will post a series of entries here in a series called SCOM Tricks. They will all start with the title "SCOM Trick" so they are easy to recognise.

The purpose of the SCOM tricks is to have a number of short articles that just discuss one small aspect of SCOM. So these can be places where you can find stuff, things you can adjust, helpful things, solutions to common issues, howto’s and more. Many of these will be well known within the community, but as we come across so many people asking the same questions and asking for directions on the same kind of issues, I think it is well worth bringing this together in a series of small posts to bring them all to attention. A number of these will just cover a number of links to more extensive posts made somewhere else as pointers to where the information can be found. The entries will not be in any particular order. Links to all related posts in this series will be posted here in the list below and can also be found through the Category "SCOM Tricks" on the right-hand side in the list. The list below will list a few posts for the coming days. Some of the posts will reflect my personal opinion on things and they are by no means complete guides (feel free to suggest additions/changes). Entries in the list below that do not have a link enabled are still to come, but at least you know what is coming B)

Any remarks, additions, corrections and of course "tricks" are very welcome so do not be afraid to contact me.

SCOM Trick 1 – Product documentation
SCOM Trick 2 – Management Pack Guides
SCOM Trick 3 – Where to ask questions
SCOM Trick 4 – Learning SCOM
SCOM Trick 5 – SCOM Books
SCOM Trick 6 – VMware monitoring
SCOM Trick 7 – Use Maintenance mode
SCOM Trick 8 – Who enabled maintenance mode
SCOM Trick 9 – Maintenance mode tooling
SCOM Trick 10 – SCOM console renew
SCOM Trick 11 – Seeing old or unmonitored entities
SCOM Trick 12 – Diagnostic logging
SCOM Trick 13 – SPN
SCOM Trick 14 – Troubleshoot grey agents or management server
SCOM Trick 15 – cross platform agent troubleshooting
SCOM Trick 16 – 1106 event from HealthService
SCOM Trick 17 – SCOM 2007 R2 and SQL 2008 R2
SCOM Trick 18 – Removing management packs
SCOM Trick 19 – Remove SCOM agent command
SCOM Trick 20 – Increase console refresh rate
SCOM Trick 21 – Enable agent proxy
SCOM Trick 22 – Only seeing 7 days of alerts
SCOM Trick 23 – Edit company knowledge
SCOM Trick 24 – Antivirus exclusions
SCOM Trick 25 – Report export to PDF in A4 format
SCOM Trick 26 – Seal a management pack
SCOM Trick 27 – Un-seal a management pack
SCOM Trick 28 – Creating test events
SCOM Trick 29 – Web Console Issues
SCOM Trick 30 – Monitor Network Devices
SCOM Trick 31 – Monitor server hardware
SCOM Trick 32 – Monitor Oracle
SCOM Trick 33 – Service Level Dashboard
SCOM Trick 34 – Move SCOM databases
SCOM Trick 35 – SCOM Licensing
SCOM Trick 36 – Capacity planning
SCOM Trick 37 – Backup RMS encryption key
SCOM Trick 38 – Gateway
SCOM Trick 39 – RMS reconnect to SQL feature (post CU4)
SCOM Trick 40 – SNMP
SCOM Trick 41 – the Default MP
SCOM Trick 42 – Getting notified
SCOM Trick 43 – Collation
SCOM Trick 44 - Live Maps
SCOM Trick 45 – ReSearch This MP
SCOM Trick 46 – Green machine MP
SCOM Trick 47 – SCC Health Check reports
SCOM Trick 48 – Certificate validation
SCOM Trick 49 – Monitoring CentOS
SCOM Trick 50 – Reporting
SCOM Trick 51 – Dashboarding possibilities
SCOM Trick 52 – Agent in pending management
SCOM Trick 53 – New Report Operator role
SCOM Trick 54 –

Bob Cornelissen

SCOM Technet Forums

SCOM, System Center Send feedback »

For everybody in the know this is not news, but there are still a lot of people who have never been there.....

The Operations Manager Technet Forums.
This is a place where you can ask all kinds of questions about SCOM and issues you might run into. It is frequented by many Microsoft staff, MVPs, Microsoft Community Contributors and other enthusiasts from the community to answer questions. It is a very active place. If you have a question you can ask it here. I think it is incredible that there are so many people taking the time to answer questions from others.
Of course there are many other forums for other products to be found there as well.
Anybody wondering why I was a bit quiet last month in blogging is because I spent some time over at the forum. But I will pick up the pace again soon.
Over here is the long list of all Technet Forums for all products:

Another place to frequent would be:
System Center Central
This is also a site ran by System Center community enthusiasts and is a great place where there is not only a forum for questions, but also wiki and blog posts from several MVP's and other members of the very active System Center community. This covers all System Center products.

Again, don't be shy and jump into these forums if you have any issues or questions or if you have something to share with the world.

I just love the fact that the System Center community is this active and it is nurtured by the Microsoft product teams. The above are just a few examples of the much broader range of initiatives. Also I would like to thank everybody in the community (including product team members) for all the support they give and how responsive they are whenever anybody asks a question.

Anyway, dont forget to stop by in any of these places.

Bob Cornelissen

Using SCOM Web Page View to show documentation

SCOM, System Center 2 feedbacks »

During the last MMS 2011 I went to a breakout session from long time OpsMgr MVP Rory McCaw about must-have views and tasks for OpsMgr. While there was lots of good stuff in this session I just want to pull out one item that I have not seen used like that before.

In SCOM it is possible to make web page views, so you can link to web based documentation, other tooling, reports and lots more. Rory showed us that it is possible to even incorporate documents into this view. For instance your SCOM Design and implementation document that contains all your specific setup. Or perhaps a Visio drawing of the network or of the SCOM management group? Most of what you have as MS Office documents can be brought into a view this way in SCOM.

The trick here is to save a document as XPS file. The second part of the trick is publishing that xps file on a web server and enabling the xps feature in IIS. Third part of the trick is of course to create the web page view in SCOM pointing to this file. Great!

So, lets see this in action in a howto:

Let's say I have a Visio drawing that contains my SCOM mgmt group design. I go into Visio and go ahead and use the Save As function to save it as a XPS Document (.xps).

Next step is to go to a web server where you want to publish it. For this simple example I will just put it on the server hosting the web console in the default website (in my case still on port 80). We want to make that web server able to display xps documents. Now this is a bit different depending on the version of IIS you have.

If you have Windows 2003 and IIS 6:
Start the IIS manager on your web server. Right Click the server name and go to properties. Click the MIME Types... button. (This is also available on a per website basis through the properties of the web site - http headers tab - mime types).

Check in the list of .xps is listed. If not you have to Add it.
Extension = .xps
MIME Type = application/

Next restart the web services (or use the IISRESET command).

If you also want to view the xps documents while logged on to the windows 2003 server and you can not open the file after following the steps above using Internet Explorer to access the file - you have to have an xps viewer. For instance the Microsoft XML Paper Specification Essentials Pack. This is available for Windows 2003, XP and Vista here. Normally I assume you are viewing the SCOM console from your desktop.

If you are running Windows 2008 and IIS 7.x:

Also here if you also want to view the xps documents from the Windows 2008 box you will have to install the ability to view those documents. In Windows 2008 this is a feature. You can go to Server Manager and Add Feature. All the way near the bottom of the list is the XPS Viewer feature.

Now in IIS Manager you can select the server on the left side of the screen. Find the MIME Types icon in the middle of the screen.

Check if the .xps extension is listed here. If not you have to Add it.
Extension = .xps
MIME Type = application/

Restart IIS.

Publish the xps file through the web site:

Find out where the document directory is for the web site you want to place the xps files. Properties of the website and Home directory tab will show you where. Paste the file you want in there or in a subdirectory. Now try to surf to that file (in my case http://servername/scomdesexample.xps ). If you can see the file contents you are in business.

Create web page view in SCOM:

Open the SCOM Operations Console. In my case I just create a new management pack in the administration pane and call it Z_Documentation. This makes it go to the bottom of the list in the monitoring pane. Now go to the Monitoring pane and find the newly created management pack folder. Right click it and select New -> Web Page View.
Put in the information you need. Give it a name and description and paste the link to the xps file in there.

And there you have it. A nice web page view linked to an xps version of a visio document design drawing. Same can be done with Word documents and more.

By the way, while you are at it you can also make more web page views linking to online documentation for SCOM and other websites/blogs/community sites from here. Use sub folders if the amount of links becomes too large.

Many thanks to Rory (or somebody he might have seen it from) for coming up with this idea and for sure thanks to him for showing it to us!

Bob Cornelissen

SCOM - Monitoring a Service - Part 6 Other options

SCOM, System Center Send feedback »

This is the last post in the series on how to monitor a service in SCOM. There are a lot of options and I have tried to touch upon the most common and simple in this series. This last post will try to give some directions on further options and links to resources. This will not be complete and suggestions are always welcome.

First of all the list of posts in this series:

And now on to the conclusions and resources.

So what other options are there to monitor services and other stuff?

Well, the most simple things to keep in mind are of course... Is there already a management pack for this? Try the catalog for Microsoft products, but also for references to third party solutions to monitor other products. In some cases these are created by the manufacturer of the software and in some cases by third parties who are specialised in creating management packs for several products. A number of these will be mentioned below. Also check out the community contributions - there are many of those around and many of those can be found through . The community is a valuable source.

If these do not cover what you want you will move on to simple management packs with a few monitors for instance as mentioned in several posts in this series or make it a bit more complicated as I have shown in part 4 or move on to completely writing a management pack in the Authoring console (separate download) for instance.

There are a lot of resources already available on the net and I will include a number of those in links below. Contributions to the list are welcome through email bob @ the domain in the address bar above :). Sorry to have disabled comments on this blog, but I got blasted by stuff that was not on topic and in amounts I could not moderate anymore.

Alright guys and girls, I am sorry, but as I am going off to the MMS 2011 tomorrow morning I am not able to finish the links list. I will add those to this post on a later date and make a posting referring back to this one.


System Center Online product documentation (with MP authoring console online help, mp authoring console scenarios, mp authoring guide, cross plat mp authoring guide, mp module reference, report authoring guide).

How do I videos by authoring superman Brian Wren.

Brian Wrens blog with links to resources.

System Center Operations Manager 2007 R2 Authoring Resource Kit

A series of posts on tasks from my friend Marnix Wolf. Is a must read.

Enjoy authoring and monitoring!
Bob Cornelissen

SCOM - Monitoring a Service - Part 5 unix/linux service

SCOM, System Center 1 feedback »

This is part 5 of the series about monitoring a service in SCOM. This is about monitoring a Unix or Linux service.

First the list of other posts in this series:

In the previous posts I went into monitoring windows services in several ways. In this post I will go into basic monitoring of a Unix or Linux service. This will be done based on a monitoring template just like Part 3 of this series, but this time for Unix/Linux services of course. Again several methods are available, but this is the easiest one to get a quick start. In most cases I encountered the question was just to pick up the running state of the antivirus agent, the backup agent and one or two services running state. In this case I will just use the cron service (Alright, I know it is already monitored by default by the cross plat mp's, but just needed an example).
Also this post assumes some small things, like being able to create a new management pack to store stuff and to select something by clicking buttons with three dots on it. Otherwise have a quick look at parts 2 or 3 in this series.

So lets get going with this one.

Open the SCOM console and go into the Authoring pane. Expand Management Pack Templates and select Unix/Linux Service. Right-Click and select Add Monitoring Wizard (or click the button on the menu bar).

Select Unix/Linux Service and click Next.
Give it a name, for instance "Cron Service".
Create a new destination management pack (click the New button and give the MP a name and click Next and Create). Always create a new management pack for this or select a specific one that suits this purpose (just not the default management pack).

In the service details part we will first select a server that has this service running by using the button with three dots. Next we will want to select if we want to select a specific group to target this to. For instance custom groups you have created or perhaps you have some service running specifically on Sun servers or RedHat servers. So for fun I will select to apply it to a computer group. So I click the checkbox and in the group search field I type solaris and click Search button and select the Solaris Computer Group. So if all your Unix boxes have the same backup agent or whatever you can target this monitoring wizard against those kind of groups and the server you select here is just an example of it. Next we select the cron service that we wanted to monitor in this example.

Click the Create button and it should be there in your list and monitoring is going. Just wait a few minutes to have it initialise.

As you see the cross plat team within the SCOM team has done a great job at using the template and getting it to monitor processes with just a few clicks!

Now lets move on to some resources and links and stuff in the last part of this series to wrap things up.

Bob Cornelissen

SCOM - Monitoring a Service - Part 4 basic app mp

SCOM, System Center 5 feedbacks »

This is part 4 of the series on how to monitor services with SCOM. Will be a lot longer than the other ones.

First again the list of posts in the series (as far as I know until know):

I this part we will move towards creating a custom management pack with first a discovery of the application. Based on this discovery we can target monitors to monitor services and other stuff this application depends on. We will also place these monitors in a rollup monitor in order to group services in the Health Explorer. From here we can move forward to views. This part is more complicated and contains more steps. There are multiple ways to accomplish this and this is just an example and you might want to change things or targets or leave things out. But this will still be done completely using the standard SCOM console.

So I am going to take the Microsoft FCS again as an example and I am going to create an attribute that is based on Windows Computer. Again, more ways are possible. I am sure that by the end of this you will know where to make the changes you need. So lets take the steps to build something.

First we create an attribute and registry discovery in a new management pack. The management pack will be called "Microsoft FCS". We do this in order to find machines that have this application installed and we will enable monitoring of this application for those machines. Here we go:

Open up the SCOM console and go to the Authoring pane. Go to Management Pack Objects - Attributes. Click Create a new attribute.

We need to specify a name. I will use the application name to identify it "Microsoft FCS Client" and click Next.

Now we decide on how to discover it. We can use registry or wmi discovery. I will take registry discovery. Now we will fill in the other fields.

As with everything in SCOM we need to target somewhere. SO click the browse button next to the Target field. I will use Windows Computer in this example, so I find it and select it.

When you arrive back at the wizard it now looks like this:

So, here you can see it actually used the Windows Computer, but it placed the part _extended behind it. This is because the Windows Computer is in a sealed MP. You can play around with this name, but I will keep it this way for this specific excersize. So you can change the name at this point and have it reflect your aplication a bit better. Just for this post I will keep it as such, just remember to remember what was here. Just for the rest of this excercise remember that it is Windows Computer_Extended as we will see it often. You will see that it just picks an unsealed MP in the field below it, but as you know we are going to create a new management pack for this application. So click the New button to create a new MP. Give it a descriptive name. I use "Microsoft FCS" in my example.

Go ahead and create the management pack. Now we are back in the attribute creation wizard. It now looks like this (and we click Next).

Now we can configure the registry probe. Now in this case we are going to check if a certain registry key exists and use a daily discovery. So first I click the Key type. Next I have to specify the path in the registry to the key I am looking for. Keep in mind that the HKEY_LOCAL_MACHINE is already there. This means we do not have to specify it in the path and that we can not try to find it in the other hyves either :). SO I dive into the registry and in my case I find this entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0
It tells us what it is and the version, so we can work with this. Remember to leave out the HKLM\ at the start. And paste the rest in there. Now we define what we are checking (check if exists). And specify the amount of seconds between each discovery. For one day that is 86400 seconds. It will look like this:

After clicking Finish we will have our attribute. We can check it out in the view we are in right now. Best to use the Scope button on top and find the "Windows Computer_extended" in the list to scope on and you will see it. Go ahead and scope right now as we will need that later.

Alright. On to the next step. We will create a group based on this attribute. We want to get all Windows Computers with this attribute (registry key exists) being true and place them in one group.

So back in the Authoring pane go to groups and Create a New group. We need to give the group a logical name. I use "Microsoft FCS Client Computers". Give it a description and place it in the right management pack (never forget there are numerous opportunities to forget that one if we are clicking around too fast!!!).

When continuing through this wizard we do not want to add Explicit members, so we move on to the Dynamic members (so we dont have to worry about it and let the system discover and monitor itself).

Click the Create/Edt rules at the Dynamic members. Now it asks us to pick a class. Remember that I asked you to remember the Windows COmputer_extended class? First select that one in the first box. Now click the Add button, like so:

Now we can use the dropdown boxes to define what we are looking for. So in the first box we select "Microsoft FCS Client" (this was the attribute that we were discovering through the registry). Next box we use "equals". And in the last box we type "true" (in lower case). If you ever wat to do the opposite, like create a group of machines that do not have this app installed you could use the "false" here. Anyway, your view should be something like this:

We can click OK now and we are back in the group wizard and we see the query there:

Now click Next and Next and Create to create the group and wait a few small moments for the wizard to finish and the console to load.

Alright, whats next. Because this particular app actually has two services that I want to monitor I would actually like to group them together in the Health Explorer. So I will first create an Aggregate Monitor to hold the service monitoring monitors (what the series was about). Hang on, here we go again.

In the Authoring pane we now go to Management Pack Objects - Monitors. Check that you are still scoped to Windows Computer_Extended. Now in the middel of the screen open up the Windows Computer_Extended -> Entity Health -> Availability like so:

Alright, now right-click on the Availability and select Create a Monitor -> Aggregate Rollup Monitor:

Now we land in the aggregate monitor wizard. We have to specify a name. I use "Microsoft FCS Application". And type a desciption if you like. Now the Monitor target. If you just followed my instructions on scoping and clicking you will see that Windows Computer_Extended is already selected and below that the Parent monitor is already Availability. This monitor is enabled by default which is good. Please select the right management pack that we have been working on! Your screen will look like this:

In the next screen we will keep the selection of Worst state of any member. Check the best way in your case for this one of course. In my case I just want it to roll up the state if any of the services turn red. And in the following screen we will keep the alerting disabled. To give you an example, you might want to turn on alerting at this level for instance if you have an application that has all kinds of services interlinked and if one is going down the others will follow. That would either create a lot of alerts from all the service monitors, or you could turn all of those off and turn it on at this aggregate level, having the alert say that the application Microsoft FCS has a problem and please investigate further. In this case you would get one alert and you already know what to do and you can check in the health explorer what has happened with the monitors at one level deeper. Moving on... We can click the Create button now.

Please check again that it lives at the right level (so below Availability in this case). Now we are ready to get into monitoring the services (that was what this story was about in the first place). So we can right-click our new aggregate monitor and Create a Monitor -> Unit Monitor (now we are getting into the method I used in Part 2 of this series remember?).

So now we find the Windows Services -> Basic Service Monitor. And do not forget to select the right management pack!! (I repeat myself, because I can tell you that I have made this mistake almost as often as doing it right, especially when you want to move fast...). Now we need to give our Unit Monitor a name. What I like to do is go into the Services.msc console and open the properties of that service. In there you can easily copy and paste the display name of the service. you cant change it but you can copy it :)

Pay close attention in this next screen, there is a lot to check, so do not click too fast! So we paste that name into the Name field in the Unit monitor wizard. We type a nice description what this monitor does. We check that it is pointing to the right MP. We check that the monitor target is Windows Computer_Extended. Now pay close attention to the partent monitor. Open the dropdown box and find the aggregate monitor you just created before this under the availability node and select it. Next thing is do de-select the Monitor is enabled box. So yes, we are creating a disabled monitor. We will override it later for the group of machines we created earlier that contains all machines that have the application installed. SO your screen will look like this (at least mine does):

Moving on to the next screen we will have to select a service. SO click the button with the three dots. Type a computer name in the first field and hit Enter to load the services list of that machine. Now find the service we want to monitor.

Hit OK and move on to the next screen. So how bad is it when this service stops running. Well I would like the Antimalware service to be the critical one when it stops and after this I will create another Service monitor for the State Assessment service that I will give a warning (yellow) state to when it stops working (to spice up the excercise ha ha ha).

Alright, on to the next screen where we define if we want to alert. Yes we will want alerts for this one, so we use the first checkbox to enable alerting. We will alert if this monitor is in a critical state (which it will be if the service stops as defined in the previous screen). We would like this to auto resolve if the service comes back online. For alert name I will use what is already there and I will add "is not running" to it. Please enter a nice description. You can use the small button with the small dots to create something really nice. This is a bit outside the purpose of this post, so I will move on with this one, I am sure you can figure this one out. Set the Priority... Well Medium is fine for now and Severity Critical is nice for now as well. You end up looking at something like this:

The bits in the description are just formed by selecting the Principle Name in this case, but you can take whatever you want that accomplishes your goal. NetBios name will suffice in most environments as well, but in bigger ones you would want the FQDN name. Now click the Create button.

Here we go, we have a disabled (grey) monitor in the right place.

Now I will create another service monitor for the MS FCS State Assessment service. I will move through this one faster, because you know the drill. I will make this one yellow Warning in health state and also alert on Warning state. Go to the aggregate monitor again (actually select it first) and right-click it and Create a Monitor -> Unit monitor. It is a Windows Services -> Basic Service Monitor. Select the right MP! Give it a name (paste the name of the service) and give it a description. Make sure monitor target is Windows Computer_Extended. Parent monitor is Microsoft FCS Application. We DISABLE the monitor. We select the right service by selecting a machine that runs this service and selecting it. In this case I map the health state of Service is not running to Warning. I will generate an alert (so enable it) when the monitor is in a warning health state (check this is the right one with the previous screen in this wizard). Adjust alert name and description. I will give this one a Medium Priority and a Warning Severity.

So now we have to service monitors.

Next step is to check if attribute discovery is actually working and has found the application installed anywhere.

In the SCOM console go to the Monitoring pane. Near the very top of the tree on the left side go to Discovered Inventory. On the right side in the Actions pane click the Change Target Type button. Find the Windows Computer_Extended again. Now check if you see the following:

In this case you will see a machine that has done the check and found the Microsoft FCS Client to be true. Other machines that do not have it installed will display false in that column. Remember that the discovery runs once every day, so for some machines it will take a while to appear over here. If you are in a hurry just go to that machine and restart the System Center Management service to have it re-run the discoveries and you will see it within a few minutes. As you know these discoveries will fill the group we created earlier.

Now we will enable monitoring by going back to those monitors and enabling them for the group we have created. Here we go. Go to the Authoring pane and find the monitors again. If you just came from there the scope should still be there are you will find them in a second. Select the first service monitor. Right click it and select Overrides - Override the monitor - for a group. We will select the group we created. In my case Microsoft FCS Client Computers.

We will now enable this monitor for this group. Set Enabled to True.

Click OK and now make the same override for the other service (in my case). Now get something to drink again and after returning open a health explorer on a machine where the application was discovered:

There they are. And the results when we stop the services:

So one red and one yellow. We start the services again and everything turns green again in health state and alerts go away.

From here you can do more fun stuff like creating state and alert views in the monitoring pane. Perhaps a task to Start the service targetted at this class, so when you click the alert you get a task on the right side of the screen to start the service right from there. Perhaps you want to create availability reports. Perhaps you want to add Rules to check the event viewer for certain entries that are related to this application. All things that are out of scope for this post. There are lots of resources on how to do those kind of things as well.

I think this is the place to stop now for this session. But you have seen how you can still build up monitoring an application from the SCOM console, without going to the Authoring console or XML yet. There are multiple roads that lead to the same result and sometimes a better one :)

The next post in the series is Part 5 and will be about monitoring a Unix/Linux service. I will use the monitoring template again for this one and use just a few screen shots to get things done due to the great work of the product team.

Enjoy monitoring!!!

Bob Cornelissen

SCOM - Monitoring a Service - Part 3 service monitor template

SCOM, System Center 7 feedbacks »

This is part 3 of the multiple part series on monitoring a service by using the windows service monitoring template included in SCOM.

To start the links to other parts of the series:

In this part we will create a windows service monitor using the windows service monitoring template included in the SCOM console. We will create a new management pack to hold the service monitor and we will add the service monitor using the template and discuss options to not only send alerts when the service is not running, but also how to include monitoring the same service for memory and processor usage. This is very easy and the product team has done a good job at this.

So lets get cracking at this one.

Open the SCOM console. Go to the Authoring pane. Expand Management Pack Templates. Slect Windows Service. RIght-click and slect Add Monitoring Wizard (or use the button in the menu above).

Select Windows Service and click Next.

Give it a name. In my case I just used "FCS AM Service". I left the description open. Now pay special attention... We need to create a New management pack here. So we click the New button. So first click the New button and give the new management pack a name. In my case "Services Part3" and i left the rest alone and clicked Next and Create.

This gives us the following result so far. And click next to continue of course.

In the Service Details screen we need to define some stuff. First of all the Service name. In this case I use the small button with the three dots to browse to a machine that is running this service and I select the service, like so:

Now we select the targetted group. Use the button with the dots again. This filter is a bit different fm the one in blogpost part 2. I will select All Windows Computers here.

And that gives the following result:

The additional checkbox is also a nice one. When it is selected it will only complain when this service is stopped when the service startup is set to automatic. On to the next step.

In this screen you can elect to monitor CPU usage and memory usage of the monitored service. For instance use the checkboxes to enable both and set thresholds to lets say 90% cpu and 500 MB memory for this process. We can define how many samples it has to be above threshold and how much time is between each sample.
Insert here: I forgot for a moment that the wizard refuses to enter anything more than 100 MB memory usage. This is a bug in the system (probably it thinks these are percent entries :) ). If you want to change it to higher values you will have to edit this value. I will tell you near the end of this post where. Put it at 100 MB for now.
See following screenshot for an example.

Click Next and Create to finish this wizard.

So what happens when we stop the monitored service...

and the health state has both service availability entries and performance entries (sorry for having to hide the computer name entries):

And near the bottom of the knowledge there is a link to start the service. And that (or starting it manually) makes the alert and health state go away and go green again.

So, earlier on I told you that it has a problem accepting values above 100 MB memory usage in the wizard. In the case of the specific service I am monitoring values of 100-200 MB are still normal, so I want to change it to 300 MB for instance as threshold.
So in the last screenshot above you will see I marked a few parts in yellow. You will want to go to the one near the bottom for Memory Usage. In the health explorer of any server just scroll down into the tree to Entity Health - Performance - Windows Local Application - Performance FCS AM Service - Windows Service Memory Usage. Right-click it and select Monitor Properties. Go to the Configuration tab. Here you will see the following:

In this screen you can see the threshold in bytes set at 100000000 (so 100 MB ). If you click the Edit button near the bottom of the screen you get into this xml code and you can change this to 300000000 for instance to set it at 300 MB. and Click OK and Apply.
Of course it is also possible to use overrides to change the threshold.

So this is a very easy way to create a service monitor that has a bit more intelligence in it. Could be that we used less steps than in part 2 of this series. And it created a number of monitors in the background for its functions (service running state, cpu usage, memory usage) and alerts. The product team has done a very nice job at this (except for allowing something above 100 MB for memory monitoring wink wink).

The methods used in part 2 and part 3 of this series were very simple and quick ways.

What I propose to do next in part 4 is to go a bit deeper and start monitoring an application. So what we will do is create a discovery, a group, a service monitor, rollup monitor, alerts, a view. This will create both a framework for us to place more service monitors in the same application, target the service monitors (and also rules if we make some) to only machines that are actually running this application and have a look at the machines running it and their state. And we will do all of this from the standard SCOM console. So no Authoring console or XML editting.

Bob Cornelissen

SCOM - Monitoring a Service - Part 2 basic service monitor

SCOM, System Center 10 feedbacks »

This is part 2 of the multiple part series on monitoring a service (yeah how much can we say about this...?).

To start the links to other parts of the series:

And now on to monitor a windows service the very very basic way. We will create a new management pack to hold the service monitor and we will add a basic windows service unit monitor that creates an alert when the monitored service is not running. This is very basic and will do no more or less than stated :) I will screenshot a bit often here in parts 2 and 3 of this blog post and will assume some things in other parts.

Go into the SCOM Console and move into the Authoring pane.
Expand Management Pack Objects and select Monitors.
In the menu bar or in the Actions pane select Create a Monitor -> Unit Monitor.

The Create a unit monitor wizard opens up. Before we do anything else we need to have a management pack to save stuff in. We could have done this before, but in this case I will use the first monitor we create as an opportunity to create a new management pack. So near the bottom of this screen click the New button.

When the Create a Management Pack wizard opens we add a Name for the management pack. In this case I use "Services Part2", but normally this would say something about the application you would want to monitor or the purpose of it. We can add a description here.

We finish this part of the wizard by clicking Next and Create. This will bring us back to the Create a unit monitor wizard and the newly created management pack will be listed as the destination management pack near the bottom of the screen. Next we define what kind of monitor we want near the top of the screen. In our case this is Windows Services -> Basic Service Monitor. Click Next to continue.

In the general properties we will define a name for the monitor. In this case I will just use "FCS AM Service" as Name and Description to keep it simple.
Now we need to specify a Monitor target. So click the Select button in the middle of the screen.

We see a big list of targets (and we see even more when we select the View all targets option). We need to think of where we could possibly target this. Well, one of the things we know is that it runs on windows computers. That could give us Windows Computer and Windows Operating System for instance (if we say that we dont want to specify a specific operating system). I will go with Windows Computer for now.

We need to specify the Parent monitor now. As we are monitoring the running state of a service we will use the availability parent monitor. And click Next.

So now it asks us for the Service name. It is easier to browse there, so we use the small button with the three dots.

Pick a machine where you know this service is installed. Find the service you want to monitor in the list and select it. In my case I pick the Microsoft Forefront Client Security Antimalware Service.

When we click OK it will bring us back to the wizard and it gives us the name of the service (as windows would understand it).

Click Next and we can configure what the health should be if the service is not running. In the box where it says Health State for the row where it says Service is not running we can select what state we want by clicking and using the dropdown that appears to either select Critical or Warning. For this example I just think this is a security service so I will leave it as Critical.

Next step is to define if we want to generate alerts for this monitor. Lets go ahead and do that and check the checkbox. Next we need to define when to generate an alert. In my case I said that the state of service down should be Critical, so my choice is to generate an alert when the monitor is in a critical health state. If you had Warning in the previous screen you will need to use the warning state here as well in order to get alerts.
The checkbox to Automatically resolve the alert when the monitor returns to a healthy state is very usefull in most cases. So if the service returns to running state (either automatically or because you start it manually for instance) it will also close the alert for you in the SCOM console.
In the alert properties we can define an Alert name. BY default it displays the name of the monitor here. In my case I add some words to make it say "FCS AM Service is not running". I copy that to the Alert description box below it and add some words to it suggesting to start the service. I will not add more fancy stuff here although the small button with three dots will give you possibilities to add the server name in the description for instance. Next we can also set Priority and Severity of the alert. I will leave it default for now. That will give us the following screen.

Now we can push the Create button to create the monitor.
We will have a monitor now for one service in a new management pack with alerting when this service is not running.

New I can pick a machine and stop this service and see if I get an alert in the monitoring pane in Active Alerts.

After starting the service the alert disappeared within the minute.

So that is the most basic quick and dirty way to monitor one service.

Now lets see in Part 3 of this series how we can do this using the Windows Service monitoring template and at the same time make a choice if we want to monitor the processor and memory usage of this service (process) and at what threshold it should start complaining.

Bob Cornelissen

SCOM - Monitoring a Service - Part 1 intro

SCOM, System Center 3 feedbacks »

I regularly get questions about service monitoring for custom services or just for services of applications where they do not want to implement full management packs. In almost every case there are different prerequisites in the question. Most of the times customers want to able to do it themselves and in most cases they want to be able to do it through the normal SCOM Console.

As most SCOM admins know there is a template built-in in SCOM to do this and it gives possibilities to also monitor the CPU and memory consumption of this service and alert on state or performance thresholds. In most cases where you just want a simple service monitor this is the best way to go. In many cases I get asked however on simple service monitors (yes even more basic) or on the other side more complicated monitors (multiple services running state and sometimes also moving towards event log entries). This last concept is going towards creating a custom management pack for an application whereby the most important monitoring is the running state of the services, but still created through the console and not through the Authoring Console or XML manupilation. In some cases of course this is not enough and other prerequisites push you towards creating a custom management pack through the Authoring console and XML. The purpose of this series is not to go into creating custom management packs through Authoring console or XML, although we might touch upon xml at times.

So, I will try to put some options into a few blog posts covering:

Of course in all cases we will create a new management pack to hold the monitors, but part 4 is more in the direction of custom management pack creation for applications. Of course I am aware that multiple methods are possible in each scenario on the options to use and places where you target your custom monitors. Of course you can always send your comments by email to bob @ the domain listed above in the address bar :)

Use the links in the list above to move to the parts of this post.

Bob Cornelissen

Contact / Help. ©2017 by Bob Cornelissen. blog software.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.