SCOM Trick 27 – Un-seal a management pack

SCOM, SCOM Tricks 1 feedback »

In some cases you will want to un-seal a management pack. I am assuming this is a sealed management pack that has not been created by you. This might be because you want to look inside for examples on how to do something. There are several possibilities to do this:

Here is a nice PowerShell script to unseal a number of management packs from Pete Zerger:

Here is a post from Boris:

A method to export management packs from the shell by Jonathan:

These are the cleanest ways to do it. If you only want a very quick peak in a management pack for examples you could also make a quick copy of the extracted mp’s in the following directory “C:\Program Files\System Center Operations Manager 2007\Health Service State\Management Packs”. But would still recommend to use one of the other methods.

Back to the SCOM Tricks general list

SCOM Trick 26 – Seal a management pack

SCOM, SCOM Tricks 2 feedbacks »

When you are doing a bit of management pack authoring you will notice that you get to a point where you will want to seal your management pack. For instance because you want to reference the objects of it from another management pack.

Here is a TechNet article on how to do that:

I have used Jonathan’s method a number of times and its working perfectly:

Richard has also written a tool to do it with. The MP Sealer. However the link that was listed here doesn't work anymore.

Also the SCOM Authoring console will provide functionality for sealing management packs you create. However you still need to create your key pair. David Allen explains how:

Back to the SCOM Tricks general list

SCOM Trick 25 – Report export to PDF in A4 format

SCOM, SCOM Tricks Send feedback »

Some customers of ours just love reporting. They create as much of them as possible and run them, schedule them, save them and print them. All very good, as reporting is a strong component in SCOM. But all of our customers are outside of the US. This means they are using A4 paper format to print on. Now the link between all this is the following. SQL Reporting Services (and thus SCOM reporting) has a button to export a report to several different formats (PDF, Excel, CSV and so on). Also when you schedule a report to run you will select the format in which you get it. Mostly we see them select the PDF option. Now per default this becomes a PDF in Letter paper format and when you print that it gives errors on an A4 type printer.

There is a simple solution to this. Add the PDF A4 formats (Landscape and Portrait) to your report server config and you will be able to use those! For most performance reports I would recommend selecting the PDF A4 Landscape format as the graphs come out better in that one.

Here is a link to a guide I wrote a few years ago on how to add the PDF A4 options to your report server.

Back to the SCOM Tricks general list

SCOM Trick 24 – Antivirus exclusions

SCOM, SCOM Tricks Send feedback »

One of the things that are regularly forgotten is to set certain antivirus scanner exclusions for SCOM (and other applications as well to be honest). All of the virus scanners can be set to exclude certain paths or processes or file extensions. Some of the scanners have some kind of script scan protection. In almost all cases it is best to set the correct exclusions as not doing so might give strange errors. These are mostly related to scripts not running or giving errors. And as you know a lot of SCOM is also script based.

These links will provide the right advice for setting your exclusions the right way:

Antivirus Exclusions for MOM and OpsMgr
Kevin's pages are always the ultimate resource :idea:

Antivirus exclusions for Operations Manager 2007

One more important thing when you are running McAfee is stopping the ScriptScan module on servers. Check out this post and links from it to the McAfee pages:
If other antivirus programs also implement something like ScriptScan than you know what to do to avoid strange errors.

Back to the SCOM Tricks general list

SCOM Trick 23 – Edit company knowledge

SCOM, SCOM Tricks Send feedback »

One of the features that I think does not get a lot of attention is the Company Knowledge tab available for alerts on monitors or rules. Even the product knowledge is not always used as it should be. In many cases an IT environment has been customized or spread across many systems and locations. In general you will tune some of the management packs to use different thresholds that reflect your situation a bit better than the best practices values which are mostly included in the management packs provided. But there are also cases where an alert is raised and the Product Knowledge in the alert states a few possibilities (in some cases it doesn’t state anything or an external link) and you find that in your specific case this is (almost) always related to one specific issue with one specific action to be done (inform somebody, follow a procedure, restart something). In that case it is best if you add this Company Knowledge to the alert, so colleagues can check it and immediately go for the right solutions. You can hopefully see why this is a good thing. So if you open any alert you will see a tab for Company Knowledge. And there is an Edit too. If you click it you most likely get an error stating you are missing something.

Well here are some links to how to setup your machine to do the editing of company knowledge:
(if you run CU4 and still get errors)

Now you can customize some of the alerts and add this knowledge or add a link to a procedure on a SharePoint site for instance.

Back to the SCOM Tricks general list

SCOM Trick 22 – Only seeing 7 days of alerts

SCOM, SCOM Tricks Send feedback »

In SCOM operations we often get the question where a certain alert is. For instance one person is seeing the alert and another person is not seeing it. This might seem like something easy (and it is!!), but I think I get or see one question about this each week.

This usually comes down to two kinds of scoping.

The first one can be found near the top of any alert view. It has a calendar icon next to it. If it does not say “Show all data” it might be scoped to show only the alerts of the last hour/day/week/month for instance.

The second one is next to it on the menu bar and is called Scope. If Scope is turned on it will only show items for whatever you scoped for. For example when you scoped for Exchange you will likely only see those. If the scope is turned on you can mostly see near the top of the alert view what the scope is set to (or in authoring in Monitors or Rules views as well).

Many times one of these options is turned on and this is why not all alerts are seen.

In some of the dashboards, like Savision Live Maps, there are also filters to show certain periods, objects or for instance only Critical alerts or states. When you have a feeling you might not be seeing everything just let your eyes wonder towards those menu options and see if there are any filters active.

Back to the SCOM Tricks general list

SCOM Trick 21 – Enable agent proxy

SCOM, SCOM Tricks 3 feedbacks »

A good number of management packs depend on an agent setting to enable proxy mode. Now this has nothing to do with using a browser to access the internet. This setting basically means that you allow the agent to forward data to the management server on behalf of another entity. For instance: a domain controller on behalf of the domain, an ISA server on behalf of the array, a cluster node on behalf of the cluster resources and so on. Each management pack guide will state if this setting is needed.

First of all, you can find this setting in the SCOM console in the administration pane -> agent managed. Open the properties of one of the agents and you will find the second tab (Security) which has a checkbox to enable “Allow this agent to act as a proxy and discover managed objects on other computers”.

Sometimes if you forget to set it and the agent is sending data on behalf of another entity you will get an alert. But in some cases you need to set this already to enable discovery of certain things, otherwise you will not get any alerts. So always read the management pack guide.

Alright, well perhaps you want to set the agent proxy through some automated way. This is where the fun stuff begins.

First of all there is a nice tool for this by Boris Yanushpolsky:

Next a command line tool by Clive Eastwood:

A PowerShell script that enables proxy agent based on a certain class by Jonathan Almquist:

A modification on this script with a few of the roles that you have to set the agent proxy for by Marc Klaver and Rob Korving:

It is also possible that you just want to enable proxy on all agents. Keep in mind that there is a theoretical risk in this as any agent could potentially flood the management servers with data on behalf of other entities when somebody makes a malicious thing for this. I don’t see this happening very fast, but the risk is always there. In any case as half your machines need this setting to enable monitoring you might want to just turn it on for all of them and be done with it.

The quick way to do this is to open the Operations Manager Shell (it is in your start menu) and use the following command:
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

For SCOM 2012:

People have been asking me if SCOM 2012 works the same way. Well I have not found the default setting yet, and of course the set-defaultsetting command is retired in 2012. SO whats left is for instance a command which gets all agents where proxy is set to disabled and you can feed it to the enable-scomagentproxy command as such:
Get-SCOMAgent | where {$_.ProxyingEnabled.Value -eq $False} | Enable-SCOMAgentProxy

Back to the SCOM Tricks general list

SCOM Trick 20 – Increase console refresh rate

SCOM, SCOM Tricks 2 feedbacks »

Having a number of consoles open places a burden on the RMS server as all consoles connect to the SDK service on the RMS server. This includes web console sessions. So if you have more than a few consoles open continuously you might consider lowering the refresh rate of the consoles. For instance a web console hanging against the wall could be set to a few more minutes than default, or when it is a full console on that wall you definitely want to slow down the refreshing of that one. Many full consoles also do not need a 15 second refresh rate as that is usually faster than you can read and you would have to really stare at the screen constantly to keep an eye on changes that often.

You know, with this great product it is great to have a lot of people looking at it and having dashboards on the wall and having screens open everywhere. Its great! But, be aware that too many of these open connections can slow your SCOM environment down. For the SCOM 2007 Sp1 version the max was set at about 25 consoles and for SCOM 2007 R2 this was raised to about 50. But we would be talking about heavy machines as well. So always try to make a compromise and have the least amount of consoles open, but also have the maximum exposure of the product to the people so things get solved fast enough and everybody is happy.

Full console

So first of all let’s take on the SCOM full console refresh rate. You can set that at the machine where the console is running at the moment by setting a registry key. As you can see the root hive is the HKCU so this is a per user setting.

Registry Path Registry Value (DWORD)
HKCU\Software\Microsoft\Microsoft Operations Manager\3.0\console\CacheParameters\PollingInterval
Values 0 – 10. 0 turns off automatic refresh and requires manual refresh via F5. The value 1 through 10 increments the refresh interval every 15 seconds. The maximum value of 10 is a refresh interval of 2 min 30 seconds).

I would start by increasing the refresh rate to 1 minute. Many also suggest you turn the auto refresh off and refresh the screen when needed by pressing F5. Consoles that hang from the wall you might want to set at a 1 to 2 minute refresh interval.

Web console

Next up is the Web Console. This one also has a refresh rate and much more configurable stuff and you can change it at the server side, so it is done for everybody at the same time. Find the web.config file on the server hosting the web console in the directory:
%programfiles%\System Center Operations Manager 2007\Web Console\

Also the Web console per default show less data than the full console. For instance it only shows 200 alerts in an alert view, it shows only critical and warning (no informational), only alerts for the last 7 days. The refresh rate is set at 5 minutes. So perhaps in order to bump performance you could change this a little bit. For instance by showing the last 100 alerts, for the last 3 days and refresh in 7 minutes. The options and value are to be found through these links:

Find your own optimum settings which still show enough data and often enough, but perhaps lower a little bit of the strain on your SCOM environment.

Back to the SCOM Tricks general list

Microsoft Community Contributor Award

Uncategorized, SCOM 1 feedback »

Today I got the following message from Microsoft...

Congratulations! We’re pleased to inform you that your contributions to Microsoft online technical communities have been recognized with the Microsoft Community Contributor Award.

The Microsoft Community Contributor Award is reserved for participants who have made notable contributions in Microsoft online community forums such as TechNet, MSDN and Answers. The value of these resources is greatly enhanced by participants like you, who voluntarily contribute your time and energy to improve the online community experience for others.


Wow, thats cool!

As you might know by now I really like being an active member of the community on community websites and forums and blogging and beta programs of all sorts. Its great to be awarded such a community based award. Thanks to all for this! It is also another push forward to continue being active and helping others, as I have been helped by others in the past as well.

To read more about what this program is about you can go to:

SCOM Trick 19 – Remove SCOM agent command

SCOM, SCOM Tricks Send feedback »

Once in a while you will encounter a situation where you will have to uninstall the agent from a command line. For instance if somebody shutdown a SCOM test environment while forgetting to do the uninstall of all agents first. They will all be active and pointing to a non-existing server and giving errors and trouble. So here are some ways of removing an agent if you cannot use the SCOM console for instance to uninstall them.

Agents: remove configured management group or uninstall agent using command line

Brute Force Uninstall of Management Group

Windows Agent Install MSI Use Cases and Commands

If you are trying to remove or change an agent through the manual route from a machine by using the add/remove programs option you might also run into errors, especially on Windows 2008 servers: Microsoft ESENT Keys are required.

Back to the SCOM Tricks general list

Contact / Help. ©2016 by Bob Cornelissen. blog software.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.