SCOM Trick 21 – Enable agent proxy

SCOM, SCOM Tricks 3 feedbacks »

A good number of management packs depend on an agent setting to enable proxy mode. Now this has nothing to do with using a browser to access the internet. This setting basically means that you allow the agent to forward data to the management server on behalf of another entity. For instance: a domain controller on behalf of the domain, an ISA server on behalf of the array, a cluster node on behalf of the cluster resources and so on. Each management pack guide will state if this setting is needed.

First of all, you can find this setting in the SCOM console in the administration pane -> agent managed. Open the properties of one of the agents and you will find the second tab (Security) which has a checkbox to enable “Allow this agent to act as a proxy and discover managed objects on other computers”.

Sometimes if you forget to set it and the agent is sending data on behalf of another entity you will get an alert. But in some cases you need to set this already to enable discovery of certain things, otherwise you will not get any alerts. So always read the management pack guide.

Alright, well perhaps you want to set the agent proxy through some automated way. This is where the fun stuff begins.

First of all there is a nice tool for this by Boris Yanushpolsky:

Next a command line tool by Clive Eastwood:

A PowerShell script that enables proxy agent based on a certain class by Jonathan Almquist:

A modification on this script with a few of the roles that you have to set the agent proxy for by Marc Klaver and Rob Korving:

It is also possible that you just want to enable proxy on all agents. Keep in mind that there is a theoretical risk in this as any agent could potentially flood the management servers with data on behalf of other entities when somebody makes a malicious thing for this. I don’t see this happening very fast, but the risk is always there. In any case as half your machines need this setting to enable monitoring you might want to just turn it on for all of them and be done with it.

The quick way to do this is to open the Operations Manager Shell (it is in your start menu) and use the following command:
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

For SCOM 2012:

People have been asking me if SCOM 2012 works the same way. Well I have not found the default setting yet, and of course the set-defaultsetting command is retired in 2012. SO whats left is for instance a command which gets all agents where proxy is set to disabled and you can feed it to the enable-scomagentproxy command as such:
Get-SCOMAgent | where {$_.ProxyingEnabled.Value -eq $False} | Enable-SCOMAgentProxy

Back to the SCOM Tricks general list

SCOM Trick 20 – Increase console refresh rate

SCOM, SCOM Tricks 2 feedbacks »

Having a number of consoles open places a burden on the RMS server as all consoles connect to the SDK service on the RMS server. This includes web console sessions. So if you have more than a few consoles open continuously you might consider lowering the refresh rate of the consoles. For instance a web console hanging against the wall could be set to a few more minutes than default, or when it is a full console on that wall you definitely want to slow down the refreshing of that one. Many full consoles also do not need a 15 second refresh rate as that is usually faster than you can read and you would have to really stare at the screen constantly to keep an eye on changes that often.

You know, with this great product it is great to have a lot of people looking at it and having dashboards on the wall and having screens open everywhere. Its great! But, be aware that too many of these open connections can slow your SCOM environment down. For the SCOM 2007 Sp1 version the max was set at about 25 consoles and for SCOM 2007 R2 this was raised to about 50. But we would be talking about heavy machines as well. So always try to make a compromise and have the least amount of consoles open, but also have the maximum exposure of the product to the people so things get solved fast enough and everybody is happy.

Full console

So first of all let’s take on the SCOM full console refresh rate. You can set that at the machine where the console is running at the moment by setting a registry key. As you can see the root hive is the HKCU so this is a per user setting.

Registry Path Registry Value (DWORD)
HKCU\Software\Microsoft\Microsoft Operations Manager\3.0\console\CacheParameters\PollingInterval
Values 0 – 10. 0 turns off automatic refresh and requires manual refresh via F5. The value 1 through 10 increments the refresh interval every 15 seconds. The maximum value of 10 is a refresh interval of 2 min 30 seconds).

I would start by increasing the refresh rate to 1 minute. Many also suggest you turn the auto refresh off and refresh the screen when needed by pressing F5. Consoles that hang from the wall you might want to set at a 1 to 2 minute refresh interval.

Web console

Next up is the Web Console. This one also has a refresh rate and much more configurable stuff and you can change it at the server side, so it is done for everybody at the same time. Find the web.config file on the server hosting the web console in the directory:
%programfiles%\System Center Operations Manager 2007\Web Console\

Also the Web console per default show less data than the full console. For instance it only shows 200 alerts in an alert view, it shows only critical and warning (no informational), only alerts for the last 7 days. The refresh rate is set at 5 minutes. So perhaps in order to bump performance you could change this a little bit. For instance by showing the last 100 alerts, for the last 3 days and refresh in 7 minutes. The options and value are to be found through these links:

Find your own optimum settings which still show enough data and often enough, but perhaps lower a little bit of the strain on your SCOM environment.

Back to the SCOM Tricks general list

Microsoft Community Contributor Award

Uncategorized, SCOM 1 feedback »

Today I got the following message from Microsoft...

Congratulations! We’re pleased to inform you that your contributions to Microsoft online technical communities have been recognized with the Microsoft Community Contributor Award.

The Microsoft Community Contributor Award is reserved for participants who have made notable contributions in Microsoft online community forums such as TechNet, MSDN and Answers. The value of these resources is greatly enhanced by participants like you, who voluntarily contribute your time and energy to improve the online community experience for others.


Wow, thats cool!

As you might know by now I really like being an active member of the community on community websites and forums and blogging and beta programs of all sorts. Its great to be awarded such a community based award. Thanks to all for this! It is also another push forward to continue being active and helping others, as I have been helped by others in the past as well.

To read more about what this program is about you can go to:

SCOM Trick 19 – Remove SCOM agent command

SCOM, SCOM Tricks Send feedback »

Once in a while you will encounter a situation where you will have to uninstall the agent from a command line. For instance if somebody shutdown a SCOM test environment while forgetting to do the uninstall of all agents first. They will all be active and pointing to a non-existing server and giving errors and trouble. So here are some ways of removing an agent if you cannot use the SCOM console for instance to uninstall them.

Agents: remove configured management group or uninstall agent using command line

Brute Force Uninstall of Management Group

Windows Agent Install MSI Use Cases and Commands

If you are trying to remove or change an agent through the manual route from a machine by using the add/remove programs option you might also run into errors, especially on Windows 2008 servers: Microsoft ESENT Keys are required.

Back to the SCOM Tricks general list

SCOM Trick 18 – Removing management packs

SCOM, SCOM Tricks Send feedback »

Once in a while you will need to remove a management pack. Either because you are no longer monitoring whatever that management pack was for, or a new version of the same management pack requires you to remove the previous version first.

Well removing a management pack is not that difficult in principle. Check out the following page:

However, in some cases you will find that you have used references to this management pack from other management packs. This can be due to setting overrides or by using objects of a class in this MP to a dashboard in another management pack, or perhaps you have used it somewhere else.

Here is write-up by Jonobie Ford about removing dependencies on the default management pack (which is one of the most used management packs for setting overrides UNFORTUNATELY):

Back to the SCOM Tricks general list

SCOM Trick 17 – SCOM 2007 R2 and SQL 2008 R2

SCOM, SCOM Tricks Send feedback »

A question that comes up a lot is whether SQL 2008 R2 is supported for SCOM 2007 R2 and what to do while installing a new SCOM installation on that version of SQL.

If you do a fresh installation of SCOM on a SQL 2008 R2 you will find that you cannot connect to the SQL server. It will refuse to install the database component. In that case you will have to use the dbcreatewizard to create the databases (for operationsmanager and operationsmanagerdw databases).

Support for System Center Operations Manager 2007 R2 that runs on a SQL Server 2008 R2 database

Also you will first need to go to SQL 2008 R2 with CU5 or higher. Watch this post from Kevin pointing at the issues and fixes:

When upgrading from SQL 2008 SP1 to R2 version you might refer to this posting from Marnix:

And a posting from my friend Walter Eikenboom with videos:

Back to the SCOM Tricks general list

SCOM Trick 16 – 1106 event from HealthService

SCOM, SCOM Tricks Send feedback »

In a few cases we have seen 1106 events in SCOM environments appearing. You will see those in the operations manager event log from the HealthService with ID 1106. These will have a text referring to RunAs accounts. For instance: Cannot access plain text RunAs profile in workflow bla bla bla.

So, here are some possible solutions to this issue:

Back to the SCOM Tricks general list

SCOM Trick 15 – cross platform agent troubleshooting

SCOM, SCOM Tricks Send feedback »

So you want to do some cross platform monitoring of Linux and Unix clients with SCOM. A very good idea. As mentioned before in Trick 1: Read the product documentation at

But in some cases you might run into issues. These can range from networking, firewalls, dns, certificates, ssh, root rights and more.

There are a few good write ups on things to check to troubleshoot deployment of agents to Linux or Unix servers. In most cases encountered issues and solutions apply to any kind of cross platform agent.

:!: I have done some extensive troubleshooting myself and blogged about it here:

A three part series on troubleshooting cross platform agent discovery and installation:

SCOM agent on Sun Solaris:

SCOM agent error: cimserver: Failed to load the Provider Manager for interface type "CMPI" from library:

Discovery wizard errors while deploying RedHat agent:

:!: Discussions by Robert Hearn:

Can’t get your Linux computer discovered? Check your network configuration

A four part series on troubleshooting cross platform discovery and agent installation:

:!: Discussions by Daniele Muscetta:

Daniele has written a number of very informative posts since the beginning of the crossplat monitoring days (the beginning of the beta period that is &#59;) ). Lots of information available under the xplat tag on his site:

Back to the SCOM Tricks general list

SCOM grey RMS and agents with 7022 events after deleting crypto folder

SCOM Send feedback »

The other day I had been called in to help troubleshoot another case where management servers and agents turned to a grey state. It was a case with a reason I had not seen before so I thought I might mention it here.

What happened was that due to some reason the contents of the "C:\Documents and Settings\" folder got deleted from all machines. These were Windows 2003 machines. This happened right before the agents went into a grey state, so it was very likely to be linked. Some other programs (IIS, SCCM agent) also seemed to not have liked this. At first sight of course this only contains a few user profiles, so what the heck, right? But there are also some other directories in there (sometime of them hidden) that actually do have a function.

In the end what had happened was that the "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto" folder had been deleted which contains machine keys. Aha...

So we started out focussing on the management servers and the SQL box in order to get that up and running first. What you will see on agents and management servers are events 7022 saying something to the effect of that it has downloaded secure configuration but that it does not have the certificate or private key to decrypt it. So it fails. Crypto folder deleted, decrypt errors, looks like we have a link here. Now the management servers also had this, so we first had to get those talking again (and make sure we monitor its SQL as well in order to see if we had any other issues). We want to see an event 7023 please.

So the way to get this running was to:

  • Stop the System Center Management service
  • Clear the default value under the following registry key (making an export first might be a good idea!):
  • We deleted the contents of the following folder, also in order to flush the cache and have it re-download configuration and management packs:
    "C:\Program Files\System Center Operations Manager 2007\Health Service State\*.*"
  • Start the System Center Management service

After a while we finally got the 7023 event back and a minute later we saw the long list of 1201 events which means it is downloading the management packs again. Few minutes later the monitoring of those machines came back and the performance counters and health state.
Next we pulled down a list of all agents from the OpsMgr Shell with get-agent and we used that as input to run the above as a script on all other agents.

An hour later and everything was green\red again.

So if you ever delete that folder or have a corruption in it this is a way to try to get it fixed.

Good luck!
Bob Cornelissen

SCOM Trick 14 – Troubleshoot grey agents or management server

SCOM, SCOM Tricks 4 feedbacks »

Very often you will see some SCOM agent turn into a grey state. In some cases this can happen to your management server or RMS as well (I hope not!!). This can have several reasons and range from an agent being down or a machine being down to more serious issues.
Normally your first step might be to ping the agent (using the tasks in the actions pane), followed by a check if the agent service is running on the remote computer (System Center Management service).

I have already talked about machines that can turn grey in SCOM Trick 10 and SCOM Trick 11 in case you might be looking at stale data in your console or when a machine actually is not part of SCOM anymore. For instance if somebody turned the machine off at the end of its life cycle. Those pages discuss getting rid of objects that you know are not monitored anymore and you do not want them. Everything below this point I assume you actually do want these objects to be monitored and have a nice and green state (if possible).

:!: How to find grey agents?
In the SCOM console is one place of course.

There is a management pack that will show you alerts for grey agents:

Combining it with Opalis to find grey agents by Marcus Oh:

Find grey agents in PowerShell:
$WCC = get-monitoringclass -name "Microsoft.SystemCenter.Agent"
$MO = Get-MonitoringObject -monitoringclass:$WCC | where {$_.IsAvailable -eq $false}
$MO | select DisplayName

Find grey agents in SQL:
SELECT ManagedEntityGenericView.DisplayName, ManagedEntityGenericView.AvailabilityLastModified
FROM ManagedEntityGenericView
INNER JOIN ManagedTypeView ON ManagedEntityGenericView.MonitoringClassId = ManagedTypeView.Id
WHERE (ManagedTypeView.Name = 'microsoft.systemCenter.agent') AND (ManagedEntityGenericView.IsAvailable = 0)
ORDER BY ManagedEntityGenericView.DisplayName

:!: Troubleshooting grey agents:

Troubleshooting grey agents KB article KB2288515
Troubleshooting gray agent states in System Center Operations Manager 2007 and System Center Essentials
This is a very complete discussion on the subject.

Back to the SCOM Tricks general list

Contact / Help. ©2015 by Bob Cornelissen. blog software.
Design & icons by N.Design Studio. Skin by Tender Feelings / Evo Factory.