SCOM Trick 23 – Edit company knowledge

SCOM, SCOM Tricks Send feedback »

One of the features that I think does not get a lot of attention is the Company Knowledge tab available for alerts on monitors or rules. Even the product knowledge is not always used as it should be. In many cases an IT environment has been customized or spread across many systems and locations. In general you will tune some of the management packs to use different thresholds that reflect your situation a bit better than the best practices values which are mostly included in the management packs provided. But there are also cases where an alert is raised and the Product Knowledge in the alert states a few possibilities (in some cases it doesn’t state anything or an external link) and you find that in your specific case this is (almost) always related to one specific issue with one specific action to be done (inform somebody, follow a procedure, restart something). In that case it is best if you add this Company Knowledge to the alert, so colleagues can check it and immediately go for the right solutions. You can hopefully see why this is a good thing. So if you open any alert you will see a tab for Company Knowledge. And there is an Edit too. If you click it you most likely get an error stating you are missing something.

Well here are some links to how to setup your machine to do the editing of company knowledge:
(if you run CU4 and still get errors)

Now you can customize some of the alerts and add this knowledge or add a link to a procedure on a SharePoint site for instance.

Back to the SCOM Tricks general list

SCOM Trick 22 – Only seeing 7 days of alerts

SCOM, SCOM Tricks Send feedback »

In SCOM operations we often get the question where a certain alert is. For instance one person is seeing the alert and another person is not seeing it. This might seem like something easy (and it is!!), but I think I get or see one question about this each week.

This usually comes down to two kinds of scoping.

The first one can be found near the top of any alert view. It has a calendar icon next to it. If it does not say “Show all data” it might be scoped to show only the alerts of the last hour/day/week/month for instance.

The second one is next to it on the menu bar and is called Scope. If Scope is turned on it will only show items for whatever you scoped for. For example when you scoped for Exchange you will likely only see those. If the scope is turned on you can mostly see near the top of the alert view what the scope is set to (or in authoring in Monitors or Rules views as well).

Many times one of these options is turned on and this is why not all alerts are seen.

In some of the dashboards, like Savision Live Maps, there are also filters to show certain periods, objects or for instance only Critical alerts or states. When you have a feeling you might not be seeing everything just let your eyes wonder towards those menu options and see if there are any filters active.

Back to the SCOM Tricks general list

SCOM Trick 21 – Enable agent proxy

SCOM, SCOM Tricks 3 feedbacks »

A good number of management packs depend on an agent setting to enable proxy mode. Now this has nothing to do with using a browser to access the internet. This setting basically means that you allow the agent to forward data to the management server on behalf of another entity. For instance: a domain controller on behalf of the domain, an ISA server on behalf of the array, a cluster node on behalf of the cluster resources and so on. Each management pack guide will state if this setting is needed.

First of all, you can find this setting in the SCOM console in the administration pane -> agent managed. Open the properties of one of the agents and you will find the second tab (Security) which has a checkbox to enable “Allow this agent to act as a proxy and discover managed objects on other computers”.

Sometimes if you forget to set it and the agent is sending data on behalf of another entity you will get an alert. But in some cases you need to set this already to enable discovery of certain things, otherwise you will not get any alerts. So always read the management pack guide.

Alright, well perhaps you want to set the agent proxy through some automated way. This is where the fun stuff begins.

First of all there is a nice tool for this by Boris Yanushpolsky:

Next a command line tool by Clive Eastwood:

A PowerShell script that enables proxy agent based on a certain class by Jonathan Almquist:

A modification on this script with a few of the roles that you have to set the agent proxy for by Marc Klaver and Rob Korving:

It is also possible that you just want to enable proxy on all agents. Keep in mind that there is a theoretical risk in this as any agent could potentially flood the management servers with data on behalf of other entities when somebody makes a malicious thing for this. I don’t see this happening very fast, but the risk is always there. In any case as half your machines need this setting to enable monitoring you might want to just turn it on for all of them and be done with it.

The quick way to do this is to open the Operations Manager Shell (it is in your start menu) and use the following command:
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

For SCOM 2012:

People have been asking me if SCOM 2012 works the same way. Well I have not found the default setting yet, and of course the set-defaultsetting command is retired in 2012. SO whats left is for instance a command which gets all agents where proxy is set to disabled and you can feed it to the enable-scomagentproxy command as such:
Get-SCOMAgent | where {$_.ProxyingEnabled.Value -eq $False} | Enable-SCOMAgentProxy

Back to the SCOM Tricks general list

SCOM Trick 20 – Increase console refresh rate

SCOM, SCOM Tricks 2 feedbacks »

Having a number of consoles open places a burden on the RMS server as all consoles connect to the SDK service on the RMS server. This includes web console sessions. So if you have more than a few consoles open continuously you might consider lowering the refresh rate of the consoles. For instance a web console hanging against the wall could be set to a few more minutes than default, or when it is a full console on that wall you definitely want to slow down the refreshing of that one. Many full consoles also do not need a 15 second refresh rate as that is usually faster than you can read and you would have to really stare at the screen constantly to keep an eye on changes that often.

You know, with this great product it is great to have a lot of people looking at it and having dashboards on the wall and having screens open everywhere. Its great! But, be aware that too many of these open connections can slow your SCOM environment down. For the SCOM 2007 Sp1 version the max was set at about 25 consoles and for SCOM 2007 R2 this was raised to about 50. But we would be talking about heavy machines as well. So always try to make a compromise and have the least amount of consoles open, but also have the maximum exposure of the product to the people so things get solved fast enough and everybody is happy.

Full console

So first of all let’s take on the SCOM full console refresh rate. You can set that at the machine where the console is running at the moment by setting a registry key. As you can see the root hive is the HKCU so this is a per user setting.

Registry Path Registry Value (DWORD)
HKCU\Software\Microsoft\Microsoft Operations Manager\3.0\console\CacheParameters\PollingInterval
Values 0 – 10. 0 turns off automatic refresh and requires manual refresh via F5. The value 1 through 10 increments the refresh interval every 15 seconds. The maximum value of 10 is a refresh interval of 2 min 30 seconds).

I would start by increasing the refresh rate to 1 minute. Many also suggest you turn the auto refresh off and refresh the screen when needed by pressing F5. Consoles that hang from the wall you might want to set at a 1 to 2 minute refresh interval.

Web console

Next up is the Web Console. This one also has a refresh rate and much more configurable stuff and you can change it at the server side, so it is done for everybody at the same time. Find the web.config file on the server hosting the web console in the directory:
%programfiles%\System Center Operations Manager 2007\Web Console\

Also the Web console per default show less data than the full console. For instance it only shows 200 alerts in an alert view, it shows only critical and warning (no informational), only alerts for the last 7 days. The refresh rate is set at 5 minutes. So perhaps in order to bump performance you could change this a little bit. For instance by showing the last 100 alerts, for the last 3 days and refresh in 7 minutes. The options and value are to be found through these links:

Find your own optimum settings which still show enough data and often enough, but perhaps lower a little bit of the strain on your SCOM environment.

Back to the SCOM Tricks general list

Microsoft Community Contributor Award

Uncategorized, SCOM 1 feedback »

Today I got the following message from Microsoft...

Congratulations! We’re pleased to inform you that your contributions to Microsoft online technical communities have been recognized with the Microsoft Community Contributor Award.

The Microsoft Community Contributor Award is reserved for participants who have made notable contributions in Microsoft online community forums such as TechNet, MSDN and Answers. The value of these resources is greatly enhanced by participants like you, who voluntarily contribute your time and energy to improve the online community experience for others.


Wow, thats cool!

As you might know by now I really like being an active member of the community on community websites and forums and blogging and beta programs of all sorts. Its great to be awarded such a community based award. Thanks to all for this! It is also another push forward to continue being active and helping others, as I have been helped by others in the past as well.

To read more about what this program is about you can go to:

SCOM Trick 19 – Remove SCOM agent command

SCOM, SCOM Tricks Send feedback »

Once in a while you will encounter a situation where you will have to uninstall the agent from a command line. For instance if somebody shutdown a SCOM test environment while forgetting to do the uninstall of all agents first. They will all be active and pointing to a non-existing server and giving errors and trouble. So here are some ways of removing an agent if you cannot use the SCOM console for instance to uninstall them.

Agents: remove configured management group or uninstall agent using command line

Brute Force Uninstall of Management Group

Windows Agent Install MSI Use Cases and Commands

If you are trying to remove or change an agent through the manual route from a machine by using the add/remove programs option you might also run into errors, especially on Windows 2008 servers: Microsoft ESENT Keys are required.

Back to the SCOM Tricks general list

SCOM Trick 18 – Removing management packs

SCOM, SCOM Tricks Send feedback »

Once in a while you will need to remove a management pack. Either because you are no longer monitoring whatever that management pack was for, or a new version of the same management pack requires you to remove the previous version first.

Well removing a management pack is not that difficult in principle. Check out the following page:

However, in some cases you will find that you have used references to this management pack from other management packs. This can be due to setting overrides or by using objects of a class in this MP to a dashboard in another management pack, or perhaps you have used it somewhere else.

Here is write-up by Jonobie Ford about removing dependencies on the default management pack (which is one of the most used management packs for setting overrides UNFORTUNATELY):

Back to the SCOM Tricks general list

SCOM Trick 17 – SCOM 2007 R2 and SQL 2008 R2

SCOM, SCOM Tricks Send feedback »

A question that comes up a lot is whether SQL 2008 R2 is supported for SCOM 2007 R2 and what to do while installing a new SCOM installation on that version of SQL.

If you do a fresh installation of SCOM on a SQL 2008 R2 you will find that you cannot connect to the SQL server. It will refuse to install the database component. In that case you will have to use the dbcreatewizard to create the databases (for operationsmanager and operationsmanagerdw databases).

Support for System Center Operations Manager 2007 R2 that runs on a SQL Server 2008 R2 database

Also you will first need to go to SQL 2008 R2 with CU5 or higher. Watch this post from Kevin pointing at the issues and fixes:

When upgrading from SQL 2008 SP1 to R2 version you might refer to this posting from Marnix:

And a posting from my friend Walter Eikenboom with videos:

Back to the SCOM Tricks general list

SCOM Trick 16 – 1106 event from HealthService

SCOM, SCOM Tricks Send feedback »

In a few cases we have seen 1106 events in SCOM environments appearing. You will see those in the operations manager event log from the HealthService with ID 1106. These will have a text referring to RunAs accounts. For instance: Cannot access plain text RunAs profile in workflow bla bla bla.

So, here are some possible solutions to this issue:

Back to the SCOM Tricks general list

SCOM Trick 15 – cross platform agent troubleshooting

SCOM, SCOM Tricks Send feedback »

So you want to do some cross platform monitoring of Linux and Unix clients with SCOM. A very good idea. As mentioned before in Trick 1: Read the product documentation at

But in some cases you might run into issues. These can range from networking, firewalls, dns, certificates, ssh, root rights and more.

There are a few good write ups on things to check to troubleshoot deployment of agents to Linux or Unix servers. In most cases encountered issues and solutions apply to any kind of cross platform agent.

:!: I have done some extensive troubleshooting myself and blogged about it here:

A three part series on troubleshooting cross platform agent discovery and installation:

SCOM agent on Sun Solaris:

SCOM agent error: cimserver: Failed to load the Provider Manager for interface type "CMPI" from library:

Discovery wizard errors while deploying RedHat agent:

:!: Discussions by Robert Hearn:

Can’t get your Linux computer discovered? Check your network configuration

A four part series on troubleshooting cross platform discovery and agent installation:

:!: Discussions by Daniele Muscetta:

Daniele has written a number of very informative posts since the beginning of the crossplat monitoring days (the beginning of the beta period that is &#59;) ). Lots of information available under the xplat tag on his site:

Back to the SCOM Tricks general list

Contact / Help. ©2015 by Bob Cornelissen. blog software.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.