Tuesday, February 14, 2017

How to create a SCOM discovery override using powershell


This is script that can be used to create a scom discovery override using powershell.


## Usage:
## Check the overridable paramters for your discoveries first and then change the parameter you would like to set in $override.Parameter. The format of the parameter may be like
## Selector          : $Config/PeriodInSeconds$. You should only add the "PeriodInSeconds" part
#$disc = Get-SCOMDiscovery -DisplayName "Windows Internet Information Services Web Applications 76-100 Discovery Rule"
## $discovery.GetOverrideableParameters()


Import-module operationsmanager
New-SCOMManagementGroupConnection -ComputerName MyRMS
$mps = Get-SCOMManagementPack |?{$_.name -match "Microsoft.Windows.InternetInformationServices.2003"}
$overridemp = Get-SCOMManagementPack -Name "IIS.Management.Pack.Discovery.Overrides"
$discoveries = Get-SCOMDiscovery -ManagementPack $mps

foreach($discovery in $discoveries)
{
if($discovery.Enabled -ne "false")
{

$override = $null
$overridemp = Get-SCOMManagementPack -Name "IIS.Management.Pack.Discovery.Overrides"
$Target= Get-SCOMClass -id $discovery.Target.Id

$overridename = $discovery.name + ".Override"
$override = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackDiscoveryConfigurationOverride($overridemp,$overridename)
$override.Discovery = $discovery
$override.Module = $discovery.DataSource
$override.Parameter = "PeriodInSeconds"
$override.value = 86400
$override.DisplayName = $overridename
$override.Context = $Target

}
}

$overridemp.Verify() ## This may fail sometimes with a validation error on 2012 R2. So just remove this line and check if your mp imports.
$overridemp.AcceptChanges()

Tuesday, January 17, 2017

Users cannot view ACS reports.

For the ACS reports the permissions have to be configured in SCOM.

Click Administration--User Roles

If you do not have a role created. Create a new role called "ACS report viewers"

In the tab that opens add the groups in your AD or users in your AD that you would like to have permissions to view reports.

Tuesday, December 20, 2016

Scom Maintenance mode scheduler

#SCOM Maintenance mode scheduler. The assemblies can be found in this folder on your management servers  C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\SDK Binaries

$scriptdir = Get-location
$ScriptDir = split-path -parent $MyInvocation.MyCommand.Path
$void = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.OperationsManager.dll")
$void3 = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.Runtime.dll")
$void1 = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.Core.dll")

$server = "testsql"

$RootMS = "testdc01"
$Minutes =  60
$Comment = "Scheduled Maintenance Request"
$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($RootMS)
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)
$Admin = $MG.GetAdministration()
$Agents = $admin.GetAllAgentManagedComputers()
$agent = $Agents | ?{$_.Computername -match $server}
$monitoring =$MG.Monitoring
$AllClasses = $MG.GetMonitoringClasses()
$MyClass = $AllClasses | ?{$_.name -eq "Microsoft.Windows.Computer"}
$Objects = $Mg.GetMonitoringObjects($Myclass)
$Object = $Objects | ?{$_.name -match $server}
$Object.schedulemaintenancemode
$startTime = [Datetime]'12/21/2016 04:26:00'
$StartTimeUTC = $startTime.ToUniversalTime()
$EndTime = $startTimeUTC.AddMinutes('10')
$Object.ScheduleMaintenanceMode($startTimeUTC,$EndTime,"PlannedOther",$Comment)

 

Friday, December 9, 2016

SCOM agent less monitoring access denied

Today I was facing and error with monitoring agentless servers. The agent proxy was getting access denied to event logs. In my environment the health services run under the local system account.

I added the server account to administrators on the agentless server but it did not help.

Then I made changes in the default action account profile for the server and and specified another action account instead of the local system action account to run the healthservices under.

Then everything was peachy...

Task to restart health service on agents

https://blogs.technet.microsoft.com/scom_atlas/2015/05/21/task-to-restart-scom-health-service/

Once the management pack is added go to Monitoring-.Windows Computer.

You should see the task in the Tasks pane under Windows Computer Tasks.

 

 

Tuesday, December 6, 2016

SCOM DataWare House grooming.

Query to check the size of the tables.

SELECT DB_NAME() AS DbName,
name AS FileName,
size/128.0 AS CurrentSizeMB,
size/128.0 - CAST(FILEPROPERTY(name, 'SpaceUsed') AS INT)/128.0 AS FreeSpaceMB
FROM sys.database_files;

Get size of the database.
SELECT DB_NAME(database_id) AS DatabaseName,
Name AS Logical_Name,
Physical_Name, (size*8)/1024 SizeMB
FROM sys.master_files
GO

Query to check DW data dates.

Select     min(datetime)as MinDate, max(datetime)as MaxDate ,   datediff(d,min(datetime),max(datetime)) AS NoOfDaysInDataSet from Perf.vPerfHourly

My query showed that there was 424 days of data.

MinDate    MaxDate    NoOfDaysInDataSet
2015-10-09 21:00:00.000    2016-12-06 13:00:00.000    424

Tool for modifying the datawarehouse grooming settings can be downloaded here.

https://blogs.technet.microsoft.com/momteam/2008/05/13/data-warehouse-data-retention-policy-dwdatarp-exe/

Command to run the dwdatarp.exe to get the current sizes of datasets.

C:\temp>dwdatarp.exe -s servername\instancename -d operationsmanagerdw > c:\temp\dwoutput.txt

Dataset name                          Aggregation name     Max Age         Current Size, Kb

Alert data set                             Raw data                           400          104,752 (  0%)
Client Monitoring data set     Raw data                           30              0 (  0%)
Client Monitoring data set     Daily aggregations          400            96 (  0%)
Configuration dataset             Raw data                           400            485,120 (  1%)
DPM event dataset                  Raw data                           400             0 (  0%)
Event data set                           Raw data                           100             12,315,568 ( 14%)
Performance data set              Raw data                           10                4,316,832 (  5%)
Performance data set              Hourly aggregations       400            44,009,336 ( 50%)
Performance data set              Daily aggregations          400            2,049,856 (  2%)
State data set                            Raw data                           180            121,784 (  0%)
State data set                            Hourly aggregations       400           22,979,912 ( 26%)
State data set                            Daily aggregations          400           1,395,216 (  2%)

Changing the grooming settings. Adjust the time according to my reporting requirements.

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "Alert data set" -a "Raw data" -m 180

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "Performance data set" -a "Hourly aggregations" -m 90

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "Performance data set" -a "Daily aggregations" -m 365

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "Event data set" -a "Raw Data" -m 30

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "State data set" -a "Raw data" -m 90

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "State data set" -a "Hourly aggregations" -m 90

dwdatarp.exe -s SERVERNAME\INSTANCENAME -d OperationsManagerDW -ds "State data set" -a "Daily aggregations" -m 90

Monday, October 31, 2016

Using SCOM get-scomalert criteria

The scom alerts for a particular computer can be retrieved by the following commands.

Get-SCOMAlert -ResolutionState 0 | ?{$_.PrincipalName -match 'SQL' -OR $_.PrincipalName -match 'WEB'}

Get-SCOMAlert -Criteria {ResolutionState = 0 and PrincipalName like '%SQL%'  or PrincipalName like '%WEB%'}}

There is significant difference in the time taken for the two commands to be processed.

PS C:\Windows\system32> Measure-Command{Get-SCOMAlert -ResolutionState 0 | ?{$_.PrincipalName -match 'SQL' -OR $_.PrincipalName -match 'WEB'}}
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 604
Ticks : 6047616
TotalDays : 6.99955555555556E-06
TotalHours : 0.000167989333333333
TotalMinutes : 0.01007936
TotalSeconds : 0.6047616
TotalMilliseconds : 604.7616

PS C:\Windows\system32> Measure-Command{Get-SCOMAlert -Criteria {ResolutionState = 0 and PrincipalName like '%SQL%'  or PrincipalName like '%WEB%'}}
Days : 0
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 156
Ticks : 1564777
TotalDays : 1.81108449074074E-06
TotalHours : 4.34660277777778E-05
TotalMinutes : 0.00260796166666667
TotalSeconds : 0.1564777
TotalMilliseconds : 156.4777

The winner is clearly the criteria field. The accepted ones are .

Id
Name
Description
MonitoringObjectId
MonitoringClassId
MonitoringObjectName
MonitoringObjectDisplayName
MonitoringObjectPath
MonitoringObjectFullName
IsMonitorAlert
ProblemId
MonitoringRuleId
ResolutionState
Priority
Severity
Category
Owner
ResolvedBy
TimeRaised
TimeAdded
LastModified
LastModifiedBy
TimeResolved
TimeResolutionStateLastModified
CustomField1
CustomField2
CustomField3
CustomField4
CustomField5
CustomField6
CustomField7
CustomField8
CustomField9
CustomField10
TicketId
Context
ConnectorId
LastModifiedByNonConnector
MonitoringObjectInMaintenanceMode
MonitoringObjectHealthState
ConnectorStatus
NetbiosComputerName
NetbiosDomainName
PrincipalName
AlertParams
SiteName
MaintenanceModeLastModified
StateLastModified

Some more examples using criteria.

Get-ScomAlert -criteria {"Name LIKE 'Failed to connect to computer%' and ResolutionState = 0"}

Get-ScomAlert -criteria {"TimeRaised > '01/03/2017 23:59:00' and ResolutionState != 0"}

$date = $(Get-Date).AddMinutes(-30).ToUniversalTime()
$Alerts = Get-ScomAlert -criteria "ResolutionState = 0 and TimeRaised > '$date'"

Get all new and critical alerts
 $Alerts = Get-SCOMAlert -Criteria {"ResolutionState=0 and Severity=2"};$Alerts

Get all new and warning alerts
 $Alerts = Get-SCOMAlert -Criteria {"ResolutionState=0 and Severity=1"};$Alerts

Get all new and informational alerts
 $Alerts = Get-SCOMAlert -Criteria {"ResolutionState=0 and Severity=0"};$Alerts



Important note: The criteria parameters are case sensitive  so make sure you are using the right one.









 

Tuesday, October 18, 2016

Increase number of objects seen in SCSM SharePoint portal query result prompt

Connect to your SharePoint portal server and open inetmgr.

Navigate to Sites - SCSMWebContentServer - ServiceHost

Double click Application Settings. From Actions select add and add the following value.

Name: MaximuminstanceCount

Value: 5000

Inetmgr

Wednesday, October 5, 2016

When was your server rebooted last

Use this command in windows cmd to get the last time your server booted up or was rebooted.
C:\>systeminfo | findstr /i boot
System Boot Time: 10/5/2016, 1:13:08 PM
Boot Device: \Device\HarddiskVolume2
As to who rebooted it ;). You can search the system event log for events with id 1074.

Put Scom Agents and Cluster Servers in Maintenance mode and reboot

Here is a script to put your scom agents including clusters in maintenance mode and rebooting them at a specified time. First you will have to create a task and a management pack in SCOM for rebooting the servers. Link on how to create the management pack is here. https://technet.microsoft.com/en-us/library/hh563486%28v=sc.12%29.aspx?f=255&MSPPError=-2147217396.
Works on System Center Operations Manager 2012 R2.

Create the input files and output files on the locations that you prefer. I have created them in C:\Reboots folder. Add your server names in the input file. Then the script given below can be put in a scheduled task and run at specified times or on demand. You can also run the script manually. Make sure that you modify the maintenance window.

I have not yet added any code to verify and alert if the rebooted servers are not back up.

Will probably do so at a later time. Till then feel free to use this one and modify any way that you like.

#################Script Start ####################################

$RootMS = "RMSName"
$Minutes =  90
$Comment = "Unknown"
#Setting up SCOM connection

Import-Module OperationsManager
$null = New-ScomManagementGroupConnection -ComputerName $RootMS
Add-PSSnapin "Microsoft.EnterpriseManagement.OperationsManager.Client" -ErrorAction SilentlyContinue

$eventLog = New-Object System.Diagnostics.EventLog("Operations Manager")
$eventLog.Source = "Maintenance Mode"

$Servers = GC "C:\Reboots\input.txt"
Function Out($output)
{
Out-File -Filepath "C:\Reboots\output.txt" -InputObject $output -Append
}

Out "###############  Starting Script at $(Get-Date)  ##########################"
foreach($Server in $Servers)
{

$output = "Starting for $Server on $(Get-date)"
Out $output

###Putting the agent and cluster in maintenance mode###########
$agent = Get-ScomAgent | Where-Object { $_.DisplayName –eq $Server -or $_.ComputerName -eq $Server -or $_.PrincipalName -eq $Server }
if(!$agent) { Write-Host "ERROR: $Server is not a monitored system in SCOM." -ForeGroundColor Red; Set-Location $originalPath; return }
$Server = $agent.PrincipalName
$startTime = (Get-Date).ToUniversalTime()
$endTime = $startTime.AddMinutes($Minutes)
if(($clusters = $agent.GetRemotelyManagedComputers())) {
$clusterNodeClass = Get-SCOMClass -Name Microsoft.Windows.Cluster.Node
foreach($cluster in $clusters) {
#$clusterObj = Get-SCOMClass -Name Microsoft.Windows.Cluster | Get-ScomMonitoringObject -Criteria "Name='$($cluster.ComputerName)'"
$clusterobj = Get-SCOMClass -Name Microsoft.Windows.Cluster | Get-SCOMClassInstance | ?{$_.displayname -eq $cluster.ComputerName}
if($clusterObj) {
$clusterObj.ScheduleMaintenanceMode($startTime,$endTime,"PlannedOther",$Comment,"Recursive")
$nodes = $clusterObj.GetRelatedMonitoringObjects($clusterNodeClass)
if($nodes) {
foreach($node in $nodes) {
Out "Putting $node into maintenance mode."
$eventLog.MachineName = $node.Name
$eventLog.WriteEntry("The server entered into maintenance mode $(if($Server -notcontains $node.Name){"on behalf of $Server"}).`r`n`r`nDuration:`t$Minutes minutes`r`nReason:`t$Comment","Information",42)
}
}
}
Out "Putting $($cluster.Computer) into maintenance mode."
New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $cluster.Computer -Reason PlannedOther -Comment $Comment
}
}
else {
Out "Putting $Server into maintenance mode."
$eventLog.WriteEntry("The server entered into maintenance mode.`r`n`r`nDuration:`t$Minutes minutes`r`nReason:`t$Comment","Information",42)
New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $agent.HostComputer -Reason PlannedOther -Comment $Comment
}
#####Sending commands to the server###########

$Task = Get-SCOMTask -DisplayName "Reboot Computer"
$Overrides = @{Arguments = '"$Target/Property[Type="MicrosoftWindowsLibrary7585010!Microsoft.Windows.Computer"]/PrincipalName$" "true"'}
$Instance = Get-SCOMClassInstance | ?{$_.Name -eq $agent.name}
Out "Starting task to reboot $($Instance.Displayname) at $(Get-Date)"
Start-SCOMTask -Task $Task -Override $Overrides -Instance $Instance

}

Out "###############  Script Complete at $(Get-Date) #########################"

#################Script End ####################################


I don't take credit for all the scripts that I written. Whenever I can credit the original creators, I do.  If I don't at times please do inform me so that I can include them in the page.