Monday, October 31, 2016

Using SCOM get-scomalert criteria

The scom alerts for a particular computer can be retrieved by the following commands.

Get-SCOMAlert -ResolutionState 0 | ?{$_.PrincipalName -match 'SQL' -OR $_.PrincipalName -match 'WEB'}

Get-SCOMAlert -Criteria {ResolutionState = 0 and PrincipalName like '%SQL%'  or PrincipalName like '%WEB%'}}

There is significant difference in the time taken for the two commands to be processed.

PS C:\Windows\system32> Measure-Command{Get-SCOMAlert -ResolutionState 0 | ?{$_.PrincipalName -match 'SQL' -OR $_.PrincipalName -match 'WEB'}}
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 604
Ticks : 6047616
TotalDays : 6.99955555555556E-06
TotalHours : 0.000167989333333333
TotalMinutes : 0.01007936
TotalSeconds : 0.6047616
TotalMilliseconds : 604.7616

PS C:\Windows\system32> Measure-Command{Get-SCOMAlert -Criteria {ResolutionState = 0 and PrincipalName like '%SQL%'  or PrincipalName like '%WEB%'}}
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 156
Ticks : 1564777
TotalDays : 1.81108449074074E-06
TotalHours : 4.34660277777778E-05
TotalMinutes : 0.00260796166666667
TotalSeconds : 0.1564777
TotalMilliseconds : 156.4777

The winner is clearly the criteria field. The accepted ones are .


Some more examples using criteria.

Get-ScomAlert -criteria {"Name LIKE 'Failed to connect to computer%' and ResolutionState = 0"}

Get-ScomAlert -criteria {"TimeRaised > '01/03/2017 23:59:00' and ResolutionState != 0"}

$date = $(Get-Date).AddMinutes(-30).ToUniversalTime()
$Alerts = Get-ScomAlert -criteria "ResolutionState = 0 and TimeRaised > '$date'"

Get all new and critical alerts
 $Alerts = Get-SCOMAlert -Criteria {"ResolutionState=0 and Severity=2"};$Alerts

Get all new and warning alerts
 $Alerts = Get-SCOMAlert -Criteria {"ResolutionState=0 and Severity=1"};$Alerts

Get all new and informational alerts
 $Alerts = Get-SCOMAlert -Criteria {"ResolutionState=0 and Severity=0"};$Alerts

Important note: The criteria parameters are case sensitive  so make sure you are using the right one.


Tuesday, October 18, 2016

Increase number of objects seen in SCSM SharePoint portal query result prompt

Connect to your SharePoint portal server and open inetmgr.

Navigate to Sites - SCSMWebContentServer - ServiceHost

Double click Application Settings. From Actions select add and add the following value.

Name: MaximuminstanceCount

Value: 5000


Wednesday, October 5, 2016

When was your server rebooted last

Use this command in windows cmd to get the last time your server booted up or was rebooted.
C:\>systeminfo | findstr /i boot
System Boot Time: 10/5/2016, 1:13:08 PM
Boot Device: \Device\HarddiskVolume2
As to who rebooted it ;). You can search the system event log for events with id 1074.

Put Scom Agents and Cluster Servers in Maintenance mode and reboot

Here is a script to put your scom agents including clusters in maintenance mode and rebooting them at a specified time. First you will have to create a task and a management pack in SCOM for rebooting the servers. Link on how to create the management pack is here.
Works on System Center Operations Manager 2012 R2.

Create the input files and output files on the locations that you prefer. I have created them in C:\Reboots folder. Add your server names in the input file. Then the script given below can be put in a scheduled task and run at specified times or on demand. You can also run the script manually. Make sure that you modify the maintenance window.

I have not yet added any code to verify and alert if the rebooted servers are not back up.

Will probably do so at a later time. Till then feel free to use this one and modify any way that you like.

#################Script Start ####################################

$RootMS = "RMSName"
$Minutes =  90
$Comment = "Unknown"
#Setting up SCOM connection

Import-Module OperationsManager
$null = New-ScomManagementGroupConnection -ComputerName $RootMS
Add-PSSnapin "Microsoft.EnterpriseManagement.OperationsManager.Client" -ErrorAction SilentlyContinue

$eventLog = New-Object System.Diagnostics.EventLog("Operations Manager")
$eventLog.Source = "Maintenance Mode"

$Servers = GC "C:\Reboots\input.txt"
Function Out($output)
Out-File -Filepath "C:\Reboots\output.txt" -InputObject $output -Append

Out "###############  Starting Script at $(Get-Date)  ##########################"
foreach($Server in $Servers)

$output = "Starting for $Server on $(Get-date)"
Out $output

###Putting the agent and cluster in maintenance mode###########
$agent = Get-ScomAgent | Where-Object { $_.DisplayName –eq $Server -or $_.ComputerName -eq $Server -or $_.PrincipalName -eq $Server }
if(!$agent) { Write-Host "ERROR: $Server is not a monitored system in SCOM." -ForeGroundColor Red; Set-Location $originalPath; return }
$Server = $agent.PrincipalName
$startTime = (Get-Date).ToUniversalTime()
$endTime = $startTime.AddMinutes($Minutes)
if(($clusters = $agent.GetRemotelyManagedComputers())) {
$clusterNodeClass = Get-SCOMClass -Name Microsoft.Windows.Cluster.Node
foreach($cluster in $clusters) {
#$clusterObj = Get-SCOMClass -Name Microsoft.Windows.Cluster | Get-ScomMonitoringObject -Criteria "Name='$($cluster.ComputerName)'"
$clusterobj = Get-SCOMClass -Name Microsoft.Windows.Cluster | Get-SCOMClassInstance | ?{$_.displayname -eq $cluster.ComputerName}
if($clusterObj) {
$nodes = $clusterObj.GetRelatedMonitoringObjects($clusterNodeClass)
if($nodes) {
foreach($node in $nodes) {
Out "Putting $node into maintenance mode."
$eventLog.MachineName = $node.Name
$eventLog.WriteEntry("The server entered into maintenance mode $(if($Server -notcontains $node.Name){"on behalf of $Server"}).`r`n`r`nDuration:`t$Minutes minutes`r`nReason:`t$Comment","Information",42)
Out "Putting $($cluster.Computer) into maintenance mode."
New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $cluster.Computer -Reason PlannedOther -Comment $Comment
else {
Out "Putting $Server into maintenance mode."
$eventLog.WriteEntry("The server entered into maintenance mode.`r`n`r`nDuration:`t$Minutes minutes`r`nReason:`t$Comment","Information",42)
New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $agent.HostComputer -Reason PlannedOther -Comment $Comment
#####Sending commands to the server###########

$Task = Get-SCOMTask -DisplayName "Reboot Computer"
$Overrides = @{Arguments = '"$Target/Property[Type="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer"]/PrincipalName$" "true"'}
$Instance = Get-SCOMClassInstance | ?{$_.Name -eq $}
Out "Starting task to reboot $($Instance.Displayname) at $(Get-Date)"
Start-SCOMTask -Task $Task -Override $Overrides -Instance $Instance


Out "###############  Script Complete at $(Get-Date) #########################"

#################Script End ####################################

I don't take credit for all the scripts that I written. Whenever I can credit the original creators, I do.  If I don't at times please do inform me so that I can include them in the page.

Friday, September 16, 2016

Visual Studio installation failing

Visual Studio 2015 installation failing.

Applies to 2013,2015. OS Windows 8.1

Installation kept failing with the following error in event log.

Faulting application name: vs_professional.exe, version: 14.0.23107.10, time stamp: 0x55414f16

Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d

Exception code: 0xc0000005

Fault offset: 0x0001dd93

Faulting process id: 0x14a8

Faulting application start time: 0x01d2105f30c9cadb

Faulting application path: C:\Parag\Softwares\VS2015\vs_professional.exe

Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll

Report Id: 6e7b1bf9-7c52-11e6-8264-64006a57cea4

Faulting package full name:

Faulting package-relative application ID:

This error was seen in the installation log file located in


[1A94:1A98][2016-09-16T15:59:06]e000: Error 0x800705b4: Failed to wait for child to connect to pipe.
[1A94:1A98][2016-09-16T15:59:06]e000: Error 0x800705b4: Failed to connect to elevated child process.
[1A94:1A98][2016-09-16T15:59:06]e000: Error 0x800705b4: Failed to actually elevate.
[1A94:1A98][2016-09-16T15:59:06]e000: Error 0x800705b4: Failed to elevate.


Copied the installation files to a local drive from the ISO. Right click the vs_professional.exe. Check the box for Run this program as an administrator.

Then run the exe again.




Friday, September 9, 2016

Audit collection Services

How to determine the Server being used for Audit Collection Forwarding and Collecting.

Open the operations manager console and navigate to Monitoring--Microsoft Audit Collection Services -- Collector or Forwarder. The state view should give you the names of the specific servers.

How to determine the SQL server being used for Audit Collection Database.

  1. Log on to the management server with Administrator permissions.

  2. Click Start, select Run, type regedit in the Open box, and then click OK to start Registry Editor.

  3. Under HKEY_LOCAL_MACHINE\Software\ODBC\ODBC.INI\OpsMgrAC, check the name in  Server value.

Monday, June 6, 2016

How to zoom a page using touchpad on laptop

For those folks who would like to zoom in and zoom out of a page but do not have the luxury of an external mouse with a scroll button for a laptop. Worry no more.

Hold Ctrl key and drag two fingers across your touchpad. This will zoom out if you swipe upwards and zoom in if you swipe downwards. Tested on HP,Lenovo and Dell laptops.

Not sure about the others but go ahead and give it a try. If it works or doesn't ,do post in the comments with the make and model of your laptop to help others.

Friday, July 17, 2015

Contacts not syncing between Android and

I recently had to get a new phone because my trusty old Nokia WP stopped charging altogether. I broke the USB port on the phone.

They really should be having a backup port on the phones. It takes a whopping amount to repair once they are out of warranty.

Anyways, I got this new Android phone and added my Hotmail account. The contacts synced perfectly the first time. But then I had to factory reset it once and when I added the account I could not see any contact syncing. Not matter how many times I reconfigured my account on the phone. The contacts just did not sync. I stumbled on this post which talks about making changes to my windows live account.

But sadly I did not have the time for someone to make changes to my account. So, I made a backup of my account contacts by logging to the account from a computer. Then deleted all the contacts from my windows live account. Waited a couple of minutes, signed out.

and signed back in. Not really sure if that was required, though. Imported all the contacts from file after cleaning up the duplicates using MSExcel's "Remove duplicates button" and without reconfiguring my account on the phone all the contacts started syncing.

Monday, January 5, 2015

Export all rules and monitors with thresholds

Exporting all rules and monitors with thresholds in your SCOM environment.

I found these on the following link

[code language="css"]
##Export all rules

function GetPerfCounterName ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
return ($config.Config.ObjectName + "\" + $config.Config.CounterName)

function GetFrequency ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
$frequency = $config.Config.Frequency;

if($frequency -eq $null)
$frequency = $config.Config.IntervalSeconds;

return ($frequency)

function GetDisplayName($performanceRule)
if($performanceRule.DisplayName -eq $null)
return ($performanceRule.Name);
return ($performanceRule.DisplayName);

function GetWriteActionNames($performanceRule)
$writeActions = "";
foreach($writeAction in $performanceRule.WriteActionCollection)
$writeActions += " " + $writeAction.Name;
return ($writeActions);

$perf_collection_rules = get-SCOMRule # -criteria:"Category='PerformanceCollection'"

$perf_collection_rules | select-object @{name="Type";expression={foreach-object {(Get-MonitoringClass -id:$_.Target.Id).DisplayName}}},@{name="RuleDisplayName";expression={foreach-object {GetDisplayName $_}}} ,@{name="CounterName";expression={foreach-object {GetPerfCounterName $_.DataSourceCollection[0].Configuration}}},@{name="Frequency";expression={foreach-object {GetFrequency $_.DataSourceCollection[0].Configuration}}},@{name="WriteActions";expression={foreach-object {GetWriteActionNames $_}}}  | sort Type,RuleDisplayName,CounterName | export-csv  "C:\Outputs\CollectionRules.csv"


[code language="css"]

## Export all monitors

function GetThreshold ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
$threshold = $config.Config.Threshold
if($threshold -eq $null)
$threshold = $config.Config.MemoryThreshold
if($threshold -eq $null)
$threshold = $config.Config.CPUPercentageThreshold
if($threshold -eq $null)
if($config.Config.Threshold1 -ne $null -and $config.Config.Threshold2 -ne $null)
$threshold = "first threshold is: " + $config.Config.Threshold1 + " second threshold is: " + $config.Config.Threshold2
if($threshold -eq $null)
if($config.Config.ThresholdWarnSec -ne $null -and $config.Config.ThresholdErrorSec -ne $null)
$threshold = "warning threshold is: " + $config.Config.ThresholdWarnSec + " error threshold is: " + $config.Config.ThresholdErrorSec

if($threshold -eq $null)
if($config.Config.LearningAndBaseliningSettings -ne $null)
$threshold = "no threshold (baseline monitor)"
return $threshold
Function GetFrequency ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
$Frequency = $config.Config.Frequency
if($Frequency -eq $null)
$frequency = $config.Config.Frequency;
return ($frequency)
Function GetNumsamples ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
$Samples = $config.Config.Samples
if($Samples -eq $null)
$Samples = $config.Config.NumSamples;
return ($Samples)
Function GetCounterName ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
$Counter = $config.Config.Counter
if($Counter -eq $null)
$Counter = $config.Config.CounterName;
return ($Counter)
Function GetObject ([String] $configuration)
$config = [xml] ("<config>" + $configuration + "</config>")
$Object = $config.Config.Object
if($Object -eq $null)
$Object = $config.Config.ObjectName;
return ($Object)
$perfMonitors = get-scommonitor
$perfMonitors | select-object @{Name="MP";Expression={ foreach-object {$_.GetManagementPack().DisplayName }}},@{name="Target";expression={foreach-object {(Get-SCOMClass -Id:$_.Target.Id).DisplayName}}},DisplayName,enabled,@{name="Threshold";expression={foreach-object {GetThreshold $_.Configuration}}}, @{name="Frequency";expression={foreach-object {GetFrequency $_.Configuration}}}, @{name="Samples";expression={foreach-object {GetNumSamples $_.Configuration}}}, @{name="Counter";expression={foreach-object {GetCounterName $_.Configuration}}}, @{name="Object";expression={foreach-object {GetObject $_.Configuration}}} | sort Target, DisplayName | export-csv "C:\Outputs\PerformanceMonitors.csv"


Connecting to SCOM 2012 using powershell

Use the below snippet to connect to your OpsMgr powershell using Windows Powershell ISE.
There after you can use the cmdlets present in SCOM 2012 freely

## Common script for connecting to SCOM 2012 Management Server
$reg = Get-Item "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Agent Management Groups\SCOM2012PROD\Parent Health Services"
$RMS = $reg.GetValue("NetworkName")
Import-Module -Name OperationsManager
New-SCmanagementGroupConnection $RMS | Out-Null
Write-Host $RMS -foregroundcolor Red

Wednesday, October 15, 2014

In organizations where you have multiple management groups. And have production environments which need SCOM to be working all the time. Its advisable to have two action accounts in the SCOM environment. When one account's password is near expiry you can switch to another account and change your healthservice to run from that account.
Its a big task to rotate the action accounts on all management groups and this is where my script comes handy. It helps change the default action account on SCOM 2012 and also changes the Data Warehouse Report Deployment Account. The script files are below.
Change the extension to .ps1 after downloading. The usage is given at the top of the scripts.

