SCOM Trick 45 – ReSearch This MP

SCOM, SCOM Tricks Send feedback »

A few tricks must be dedicated to community management packs, simply because they provide a great added value to the product. Some of these are created to provide monitoring for some kind of product, some are for viewing or reporting purposes and some are for troubleshooting and researching purposes. And this is only part of it of course.

One to the topic for today…

The ReSearch This MP has been created by Cameron Fuller as a simple way to quickly move from a SCOM alert to a central community repository where it tries to find an entry for a similar alert. So after importing this mp you will find additional actions in the right-hand actions pane in your SCOM console. When you select any alert and click this action it will open a connection through your browser to the SystemCenterCentral site where it looks for entries that discuss this same alert. These entries are created by community members, such as Cameron and others. There could be several possible solutions to any problem as sometimes it is specific to the customer environment. But mostly these are very helpful and in some cases you will find several entries for the same alert. Check through the ones that cover the same alert description and it will bring you up to speed with ideas on how to fix it.

This is a management pack I deploy in a lot of SCOM environments, because it is easy and helpful when troubleshooting alerts. And it is usable for every level of SCOM operator.
You can find it here:

Back to the SCOM Tricks general list

SCOM Trick 44 – Live Maps

SCOM, SCOM Tricks 1 feedback »

When talking about dashboards in SCOM you are sure to run into Savision Live maps. I will shortly discuss several dashboarding possibilities for SCOM soon in this series, but I especially wanted to call your attention to this one. I have been working with this product for years now and in some occasions it can be used to solve some of the challenges of creating groups and distributed apps if the objects contained are very diverse. Also these guys have been very fast in responding to any enquiry/question/ feature request /bug I have ever had about their products.

As far as dashboarding for SCOM goes, the Live Maps are by far the best product I have seen. Of course the Visio add-in that was developed later has part of the functionality, but surely not all of it. If you want to see some of the common scenario’s for using Savision Live Maps you can take a look at this page for nice and simple scenarios, which already look great:
There are examples of dashboard versions of distributed apps or application topologies, network topology, business process modeling, site and location modeling and more. But like I said there are more uses for the product and I have also seen some great dashboards built by people who seemed to be graphical artists next to being able to get the necessary information from SCOM on that same screen!

The best part of the story is that there is a free 5 map version available to you to start working with it and get as enthusiastic as I am about it.
Of course the guys at Savision have not been sitting idle, so they have added more and more features to the product. Next to that they have added a Live Maps for Service Manager and a Live Maps for the Cloud.

If you are on their site, also check out Vital Signs at , another product of theirs that I will discuss later.

Back to the SCOM Tricks general list

SCOM Trick 43 – Collation

SCOM, SCOM Tricks Send feedback »

One of the things I run across and I think of a lot of people with me is having a SQL installation with the wrong collation for use with SCOM. Mostly this happens when I want to install a new SCOM at a customer site and ask for a Windows installation to start with and the local system admin has a lot of enthusiasm and installs SQL on the box with default settings. I also see this happening often in the forums and questions get asked.

Well it is very simple. The SQL instance (SQL installation) MUST have a specific collation set. If it does not things will go wrong. The database will get the right collation at installation of SCOM or running the database create wizard. Any trying to change the collation afterwards will NOT work. A default install with next next next will not have the right collation set and you best just uninstall SQL and start over.

The only right collation you have to set when installing SQL is:

Make sure you always use this one.

If you do not do this you will run into issues. For instance getting this error:
Failed to store data in the Data Warehouse. Cannot resolve the collation conflict between "SQL_Latin1_General_CP1_CI_AS" and "Latin1_General_CI_AS" in the equal to operation.
This is discussed in a KB article at
Always remember to use the correct collation and if somebody else has installed the SQL for you please make this one of the first checks to do.

Back to the SCOM Tricks general list

SCOM Trick 42 – Getting notified

SCOM, SCOM Tricks Send feedback »

Getting notified is a subject we often touch in some way or another. Of course when you look at the SCOM console and an alert appears you are notified. Or when using Savision Dashboard you can also add a sound to be played whenever something important happens. But outside of that there is a need to get notified. Those can be by sending emails and SMS messages (for standby purposes in many cases), but also for ticketing systems. Still the first two are the most used to get notified if something happens and you are not sitting behind the SCOM console for some silly reason like eating or sleeping. Towards ticketing systems these are mostly connectors or in some cases script based channels or even email channels. This is first about alerting people.

First of all the notification options in SCOM are already quite good. You have Notification channels based on Email (SMTP), Instant Message (IM), Text Message (SMS) and Command (scripts mostly). The channel is the enabler for the notifications and you can define what format is used. This bit relates to for instance what fields you will include into an email. For instance severity, source, resolution state and the alert and description. Or the parameters (these fields) you want to pass to a script.

Next you would define who would be notified and through what channel. These could be different people or distribution groups to send emails to.

Finally the subscriptions are built. These define what alerts are placed into what channel towards which person (subscriber). So for instance you might want to push all Critical alerts to the escalation team email address. Or all alerts belonging to a group of servers to a group of people. Or even alerts from one specific rule.

One trick would be to use resolution states to also help notification, especially for escalation if the first line support assigns it to somebody else, or if you auto-set th resolution state with scripts for some machines or server roles.

At some point it can happen you want more intricate notifications. For instance you want the standby person to get notified, and if he doesn’t respond to send him another email/sms and if he doesn’t respond within 15 minutes after that send sms to the manager. At that point you can use the solutions from Derdack who have great intelligent notification products.

Back to the SCOM Tricks general list

SCOM Trick 41 – the Default MP

SCOM, SCOM Tricks Send feedback »

One of the questions often asked is what the default management pack is for. Especially when you tell somebody they should not save overrides and stuff in there, while it is always right there as the first selected management pack to save something to! Quite logical that this confuses people and that is likely that there will be overrides/groups and other items in there after some time. One of the problems is that with every override you create more and more dependencies on the default mp, so in order to delete any mp you will probably run into SCOM complaining about the dependencies. Also it creates a lot of clutter and you will not have an overview anymore of what is where.

The first tip would be to rename the default management pack. In the SCOM console go to Administration pane and find the Management Packs entry in the left of the screen. Next find the Default Management Pack. Double click it to get the properties. In the Name field you can change the name there. Usually I add something like (DO NOT SAVE HERE!!) either before or after the name. At least it is a visual reminder you/they should not save stuff there.

For sure it will happen that stuff gets saved there so here is an article from Kevin Holman explaining more about this MP and how to clean it again:

Also a very nice one is a custom mp from Jonathan Almquist that monitors the default mp for changes:

Keep your default mp clean.

Back to the SCOM Tricks general list

SCOM Trick 40 – SNMP

SCOM, SCOM Tricks Send feedback »

As this is a short article I cannot touch upon everything there is to say about SNMP as it is a broad subject. However it is something you almost certainly will touch upon. I prefer agent based monitoring whenever possible, but there are devices which do not run a SCOM agent of course, so you would need another way of monitoring them. In most cases network attached devices are able to talk SNMP. In many cases you can connect to them with an SNMP read string and check if they are up. I have touched upon this already in trick 30 for network devices and trick 31 server hardware. However there is a lot more. For instance storage, tape libraries, UPS, operating systems, server hardware and many more.

So if you want to get cracking with this I would suggest first taking a look at a few posts in the community about the subject to get up to speed.

Pete Zerger SNMP Series:

Francois Dufour on SNMP trap monitoring:

SNMP probe based monitors David Allen

SNMP monitors and numeric data workaround by Raphael Burri

Watch Kristopher Bash as he builds the xSNMP mp for Cisco:

I am sure these will bring you up to speed. Happy monitoring!

Back to the SCOM Tricks general list

SCOM Trick 39 – RMS reconnect to SQL feature (post CU4)

SCOM, SCOM Tricks Send feedback »

In the past when the SQL server for SCOM had been down for whatever reason (installing updates, downtime and so on) the RMS would have trouble re-connecting to the database and thus having trouble to start running again. Actually I have only seen this happen in the larger SCOM setups and with a bit more downtime than just a cluster failover on the SQL side. But when it does happen you might want to use an optional feature that was introduced in SCOM 2007 R2 CU4.

Kevin Holman explains the feature and how to enable it, but the procedure is pasted below for your convenience:

To enable this feature - On the RMS – create two new registry entries:
Under the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\DAL” key, create two new DWORD values, as below:
DALInitiateClearPool should be set to Decimal value “1” to enable it.
DALInitiateClearPoolSeconds should be set to Decimal value “60” to represent 60 second retry interval.

You can refer to Kevin’s post for the whole story:

Back to the SCOM Tricks general list

SCOM Trick 38 – Gateway

SCOM, SCOM Tricks Send feedback »

Using a SCOM gateway server (SCOM GW) can be very helpful. Mostly a reason to use a gateway is because you want to monitor a domain which has no Kerberos trust with the domain where your management servers are located. In this case you can just setup a certificate trust between the SCOM MS and the SCOM GW and have the gateway talk to the other agents in his domain. Of course there are some other advantages as well, such as compression of data between the gateway and the management server, you only need to open 1 firewall port for one server if you find the need to cross firewalls, you can have the gateway add a site name which you can use to separate agents and alerts coming from that location. I think Satya Vel had a very good post about the ten reasons to use a gateway at

All information on how to setup a gateway is in the documentation as mentioned in trick 1.

Marnix Wolf has a very nice article on when to use a dedicated gateway server

There is a nice article on how to use multiple gateways by Anders Bengtsson:

And yet another good article from Marnix about some of the advantages of a gateway:

Back to the SCOM Tricks general list

SCOM Trick 37 – Backup RMS encryption key

SCOM, SCOM Tricks Send feedback »

In SCOM 2007 the root management server (RMS) uses an encryption key to be able to decrypt secure data in the SCOM database. When you first install SCOM at the end of the step to install the first management server (RMS) you will get the option to backup the encryption key. This is a good start to make a backup of it and you will provide a password. But there is also a way to create a backup of the encryption key after the installation. In most cases I would use the same password as the SDK/config/dataaccess account is using. Just something that works for me as I can remember that I use this most of the times and most of the times I know the SDK account. You will need to have this backup of the encryption key when you need to restore your RMS or when you need to promote another management server to RMS. One more reason why it is a good idea to also store the key backup on another location (for instance on the second management server), as you will use it when your RMS is dead most of the times.

So how to backup the key:

Of course it is also nice to list how to restore it:

In a few cases we have seen somebody get an error like this:
could not load file or assembly ', Version=6.0.4900.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies.
In that case copy securestoragebackup.exe to the program files directory for scom where lives and run backup from there from an elevated command prompt.

Back to the SCOM Tricks general list

SCOM Trick 36 – Capacity planning

SCOM, SCOM Tricks Send feedback »

When starting out with a new SCOM deployment or sometimes after running some time you might find yourself asking for an estimation of what resources are needed to run SCOM.

To start with I would suggest using the SCOM design guide:

Next check out the Operations Manager 2007 R2 sizing helper:

These will help in giving an idea of what you will be up against for SCOM deployments of different sizes. I would suggest always using some margin with this. Reason is because you might find yourself adding more and more to the monitoring. For instance cross platform monitoring, network monitoring, hardware and storage and so on can give a performance hit on the SCOM servers and increase the size of the databases.

Back to the SCOM Tricks general list

Contact / Help. ©2016 by Bob Cornelissen. blog software.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.