Many big files in System Volume Information

Windows 2008 Send feedback »

Was monitoring an Exchange machine today and got a message that the Log disk contained less than x percent of storage. First thing to check if backups have run on the machine, because if those fail the log disk tends to fill up quickly. But the backups were OK and there was only a few hours of data on the disk. After short investigation it turned out to be the System Volume Information directory causing this and it had a lot of big files in it with a number of several GB each. Thing was most of these files were older than a year. So hereby a few quick commands:

First one to list the shadow copy space reserved and used for each disk:
vssadmin list shadowstorage

This got me some output and lets list here some stuff for the Log disk:

Used Shadow Copy Storage space: 52.481 GB (52%)
Allocated Shadow Copy Storage space: 52.983 GB (52%)
Maximum Shadow Copy Storage space: UNBOUNDED (100%)

Aha, so it had no limit and was already occupying over half the disk space and 52 GB. By the way the data disk was a factor 10 bigger in size and also had well over half the disk size used by only this stuff.

You can also open the Explorer and take the properties of the disk and look for the Shadow Copies tab. Also to make alterations.

In this case I used the available commands though. First I set the amount of disk space to use as maximum to only a few GB, which causes the old files to be deleted. Next I used the same command to raise the maximum space to be used again to a more suitable number.

vssadmin resize shadowstorage /on=E: /For=E: /Maxsize=19GB

So the above command sets the maximum size on the E drive to 19GB.

Sure got rid of the problem of Exchange management pack telling us during each day the Log disk was running below 50% free space already.

Very good, on to the next isue to be solved!
Bob Cornelissen

Getting SQL information from SCOM discovered inventory

SCOM, SQL, System Center, SCOM Tricks, SCOM 2012 Send feedback »

I often get questions for getting SQL info together, such as names, instances, versions, editions and so on for all kinds of purposes. Sometimes as inventory, sometimes to find instances no longer supported, rogue instances, needed for licensing info and so on.

The first thing to understand is that SCOM is not a CMDB. There are tools like SCCM and SCSM for those kind of things. However if a SCOM agent is installed and the SQL management packs are imported they will discover the SQL component and put some info in the discovered inventory for you.

So first thing I usually do for this and other reasons is to go in the monitoring pane all the way to the top in the left hand side menu and find Discovered Inventory. Next on the right hand Actions Menu go for Change Target Type. Next find the SQL DB Engine and select it. Now you should get a list of all SQL database engines and their versions and names and lots of other information. In the case of this management pack it is also possible to go to the Microsft SQL Server management pack folder to the left hand side and expand the server roles folder and select a state view, such as for database engine. It has the same information (could be you use the Personalize View actions item to add columns you are interested in). Keep in mind that the SQL DB Engine is not the only possible SQL component which can be installed. There is also Reporting Services for instance which is very common. The state views here are nice and fast to find your instances of those as well.

Now, lets pull this info into a CSV file using the Operations Manager Shell (these are two lines, enter as separate commands, and note these are SCOM 2012 commands):

$MyDevices = get-scomclass -Displayname "SQL DB Engine" | get-scomclassinstance

$MyDevices | select @{Label="Computer";Expression= {$_.'[Microsoft.Windows.Computer].PrincipalName'}}, @{Label="Instance";Expression= {$_.'[Microsoft.SQLServer.ServerRole].InstanceName'}}, @{Label="ConnectionString";Expression= {$_.'[Microsoft.SQLServer.DBEngine].ConnectionString'}}, @{Label="Version";Expression= {$_.'[Microsoft.SQLServer.DBEngine].Version'}}, @{Label="Edition";Expression= {$_.'[Microsoft.SQLServer.DBEngine].Edition'}} | Export-CSV -notype C:\sqlinstances.txt

And Voila you have a text file with the required info. What happened is that we are looking for a class called SQL DB Engine and we pull in all instances of that class. Next we select for each DB engine the ComputerName (you could have used Path as well there), Instance Name, Connection string, SQL version (as a number) and SQL edition (Standard/Enterprise/Express). Throw the CSV file into Excel and you will have the data in clear format.

This basically works the same way as in a post I did earlier about how to get devices (network device, windows agents, unix/linux agents) out of SCOM through PowerShell.

You can go deeper for instance by trying to find only instances of a certain version or edition and to sort the output. It is very versatile.

Bob Cornelissen

SCOM 2012 Linux agent update fails with no tty present and no askpass program specified

SCOM, System Center, SCOM 2012 Send feedback »

While I was upgrading a bunch of SCOM 2012 Unix/Linux agents to a higher rollup level the other day I noticed an error on one of them. I need to quickly say that upgrading the agents was otherwise a breeze by just selecting a few of them and using the update agent option and using stored credentials and waiting for about 15 seconds. Was a great experience. However one of them was resisting and threw the following error:

Failed to update the cross platform agent. Exit code: 1
Standard Output: Sudo path: /etc/opt/microsoft/scx/conf/sudodir/
Standard Error: sudo: no tty present and no askpass program specified
Exception Message:

That is strange, because an agent was already installed on that machine so something must have changed somehow. It needs the same rights and settings to upgrade the agent.

So we checked the /etc/sudoers file on the machine.

First we check if the requiretty line is commented out:
#Defaults requiretty

Next we check if the account we are using for the monitoring and updating has the use of a password to elevate to sudo turned off (am using a different account of course):

Hmmm, that is set correctly as well. Alright lets test these settings.

Login with this user through ssh. Give the command sudo bash. If it asks for a password something is wrong.
And it did ask for a password in our case.

As it turns out this settings file is read top to bottom and unlike some firewall for instance it doesnt evaluate the first match, it evaluates the last match. Scrolling down there was another line in this config file where the wheel group got sudo rights with the following setting:
%wheel ALL=(ALL) ALL
Aha, so the NOPASSWD setting was different there and because our monitoring/management account was also a member of the wheel group and this line was further down the sudoers file it got evaluated last and won.

Simply move the line with your monitoring account to below the wheel group line in this example and it will work. Simply checked by testing again.

The update of the agent went fine after this.

Happy monitoring!
Bob Cornelissen

Using PowerShell to get agents and devices out of SCOM 2012

SCOM, System Center, SCOM Tricks, SCOM 2012 Send feedback »

Because a customer needed an export of all network devices currently in monitoring and the list was a bit long I decided to use PowerShell for this purpose. However I regularly see questions about retrieving also agents and Linux agents and network devices through this route, so I thought I write some things down here. They all assume this is run from an Operations Manager Shell, otherwise just import-module OperationsManager to get to it.

Getting SCOM Windows Agents

There is a simple command for this purpose:

For instance to get a list of all SCOM agents and show the display name:
Get-SCOMAgent | Select DisplayName

Command reference can be found here.

Getting SCOM Unix/Linux Agents
Because the above command does not give you the cross plat agents we will have to pull in the Unix or Linux agents through another route. There is no get-crossplatagent command so we use the generic route for this. We will be looking for instances of a class.

Now assume we do not know exactly which class to look for, but we can have a guess. I am trying the following commands:

get-scomclass -Displayname "Linux*"
get-scomclass -Displayname "Unix*"

This will give us two relatively short lists of classes starting with Linux or Unix. The one on top of the Unix list looks like our preferred target: UNIX/Linux Computer. We use the displayname. So now we have our class we can pull in the instances of that class and show the displaynames of these to get our list of Unix and Linux agents.

get-scomclass -Displayname "UNIX/Linux Computer" |get-scomclassinstance | select Displayname

Command reference for get-scomclass can be found here.
COmmand reference for get-scomclassinstance can be found here.

Getting SCOM monitored network devices

In the same way as the command to find crossplat agents we can also get our network devices. The class we are looking for is Network Device.

get-scomclass -Displayname "Network Device" | get-scomclassinstance

So now we can play around with the set and show certain fields. A posting from Stefan Stranger gives more insight. I will use an adjusted example from there. These two commands combined give us the name and IP address and AccessMode type (ICMP, SNMP or both) of our monitored network devices:

$MyDevices = get-scomclass -Displayname "Network Device" | get-scomclassinstance

$MyDevices | select DisplayName,@{Label="SNMPAddress";Expression={$_.'[System.NetworkManagement.Node].SNMPAddress'}},@{Label="AccessMode";Expression={$_.'[System.NetworkManagement.Node].AccessMode'}}

Well, in this case I wanted to export all the fields and not just these three to a CSV file for playing with. So here goes:

$MyDevices = get-scomclass -Displayname "Network Device" | get-scomclassinstance
$MyDevices | select * | Export-CSV -notype C:\Scripts\networkexport.txt

Alright, now we have an exported CSV for playing with.

Command reference for Export-CSV can be found here.


Getting Windows based SCOM agents is very simple as there is a cmdlet for it already.
Getting monitored network devices and Unix?linux agents requires an additional step, but is still easy to do.

Bob Cornelissen

Latest information WMUG NL Webinar nr2 2014

SCCM, System Center, Configuration Manager, WMUG NL Send feedback »

Just as a reminder to both Dutch and international community members who have an interest in SCCM and OSD and MDT, we have a webinar upcoming tomorrow evening (European time) with Johan Arwidmark as speaker!!!

All the info can be found here:

I will copy the English translation below:

Below you will find the necessary information in order to participate in our third webinar of 2014 on the 6th of May.

For our second webinar we are proud to announce that Johan Arwidmark will host a session about “OSD – MDT 2013 & ConfigMgr 2012 R2 highlights”. This session will be in English.

You can connect to the live meeting by visiting the following URL:

Also this time we will use Microsoft Lync for hosting our session, more information about the use of Lync can be found here:

We will start at 20:00 sharp, so make sure that you are connected with the live meeting upfront. We will start the session at 19:50 giving you enough time to test connectivity.

If you are in a different timezone from the Netherlands (CET), please make sure you know which time the webinar starts in your timezone:

We hope to welcome you on the 6th !

Come on and join us!
Bob Cornelissen

Orchestrator 2012 R2 Integration Pack for VMware vSphere

System Center Send feedback »

New download available for System Center 2012 R2 Orchestrator to automate things relating to VMWare vSphere. Very nice. Description:

The Integration Pack for VMware vSphere is an add-on for System Center 2012 R2 - Orchestrator that enables you to connect System Center Orchestrator to your VMware vSphere server to automate actions in VMware vSphere to enable full management of the virtualized computing infrastructure.


Upcoming WMUG NL session 8 April

SCCM, System Center, WMUG NL Send feedback »

The Windows Management User Group Netherlands (WMUG NL) is organizing another user group meeting in the Netherlands in the evening of 8 April 2014. This time it is an on-site event at a sponsor location in Utrecht sponsored by Conclusion Future Infrastructure Solutions.

We will have Peter Daalmans and Kenneth van Surksum talking about Application deployment across several devices with SCCM 2012, and Steven Duckaert will give a deep dive into the solutions offered by Nutanix, and finally Arie de Haan will show us how Mobile Application Management using Symantec App Center works.

More information on the agenda, location, speakers, and how to register for this event can be found over here on the WMUG site:

Hope to see you there!
Bob Cornelissen

SCOM 2012 agent fails to start with error -2130771964

SCOM, SCOM 2012 Send feedback »

I had an issue on a SCOM agent where the System Center Management service (healthservice) failed to start. It gave error -2130771964 as the reason.

If something like that happens check the System Eventlog for errors and also check the Operations Manager eventlog for any errors.

In this case I saw an error in the Operations Manager eventlog coming from Source Health Service ESE Store and event ID 482 with the following content:

HealthService (21756) Health Service Store: An attempt to write to the file "C:\Program Files\System Center Operations Manager\Agent\Health Service State\Health Service Store\tmp.edb" at offset 1744896 (0x00000000001aa000) for 8192 (0x00002000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

In this case the error is inside that block of text. The problem was that there was a very sudden filling of the disk for some reason. No more space on disk -> healthservice doesn't like it and stops working. Due to this disk space change being very sudden the agent did not have a chance to alert on too low disk space and just stopped working. Of course this gives you in SCOM a Health Service Heartbeat Failure for that agent.

I seem to remember having this error number before and found all kinds of references, but each time I try to find it again because I did not make a pointer for myself here :D So now here it is.

Bob Cornelissen

Webinar Rick Claus about Storage spaces today

System Center, Windows 2012 Send feedback »

If you are interested in hearing about Storage Spaces in Windows 2012 R2, there is a webinar tonight (in about 3 to 4 hours from now) about this topic presented by Rick Claus!!! It is a presentation for our user group. For more info and the link to Lync see this post:

You are free to join if you like!

WMUG NL live event 12 February

SCOM, System Center, SCOM 2012, WMUG NL Send feedback »

The user group Windows Management User Group Netherlands will organize another live event on location in the Netherlands with the subject of monitoring in the evening on 12 February 2014!!! The meeting will be in Dutch and is on location at our host for that evening - VX Company in Baarn. This will be monitoring goodness! We will have three great main speakers again this time: our favorite stranger Stefan Stranger on SCOM and PowerShell, Dieter Wijckmans about the combination of monitoring and the cloud and how to expand your power, and Dennis Rietvink on business service management for SCOM and also showing off some new features of the next version of Live Maps! If you are near and you want to visit this event (and you should), go visit the agenda and more information on the WMUG page mentioned below and register for the event!

I hope to see you there!
Bob Cornelissen

Contact / Help. ©2017 by Bob Cornelissen. blog software.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.