Some time ago I showed you can use PowerShell to create Events for OpsMgr 2007. And according to the comments quite some people have questions about Event parameters. After creating the first version of the PowerShell Create Events for OpsMgr 2007 script, Ken added some functionality and one was modifying the question to not only add a EventLog Description but also a EventLog Parameter.
I found some info on MOM 2005 parameters on Rory McCaw’s weblog, but except that article I could not find much info on Event Log parameters. So hopefully this will explain what parameters are and how they can be used in OpsMgr 2007.
Every Windows event has description text that is filled in by the values of different parameters. You can find the Eventlog parameters of an event by using the Log Parser. (if you know an easier way on Windows 2003 Servers let me know). Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.
Example of EventLog Parameters in an Eventlog:
C:\Program Files\Log Parser 2.2>LogParser.exe "SELECT Top1 Strings AS Parameters FROM Application WHERE EventID=301"
So in this example you can use four parameters in your OpsMgr Rules or Monitor.
Eventlog Parameters can be used in OpsMgr Rules and Monitors. An example where you can find EventLog Parameters used is the Windows Activation State Monitor in the Windows Server 2003 MP. This is a 3 State Event Log Monitor and this monitor looks for EventLog Parameters and the values found in the Eventlog change the state of the monitor.
Healthy: Look for EventId 1006 in Application Log of Source Windows Product Activation Warning: Look for EventId 1005 in Application Log of Source Windows Product Activation and Params/Param > 6 =< 15 Critical: Look for EventId 1005 in Application Log of Source Windows Product Activation and Params/Param =< 6
You can use the PowerShell Create Events script from Ken to test your monitors or rules with with one EventLog parameter. So it won’t work if you need to test a Rule or Monitor which uses more than one parameter in the Eventlog.
So if you want to test the Windows Activation State Monitor and want to Change the State to Critical, you need to create an Event with the next values:
More info about this event can be found on EventID.Net
There are so many tools currently developed that it is hard to know where to find them. Here is a list that I know of maybe it’s helpful to you.
Please let me know if I’m missing one.
Did you remember the Event Creator for MOM 2005 which was available in the Resource Kit? You could use this tool to create events for testing Management Packs. Event Creator enables you to choose event sources for the existing event logs that are currently registered. You can probably use this tool also for testing in your OpsMgr environment but why not use PowerShell?
You have at least installed PowerShell on you Management Server(s) so why not use PowerShell to create events for testing?
With some help from the PowerShell Guy I created a PowerShell script to create events in the eventlog.
Or you can download the PowerShell script from the PowerShell Code Repository.
Thanks to Jeremy Pavleck I found out that Twitterfeed is much more efficient than using a PowerShell rss2twitter script. And he is right!
But I learned some PowerShell creating the rss2twitter script ;-)
Some month ago I created a PowerShell Event Creator and quite some people liked what I did ;-) Now Ken has made some great additions to this PS script. How cool is that?
This are the additions he made:
I've tested it and and I like it.
You can download the new PowerShell Event Creator here.
Thanks Ken for making this PowerShell Event Creator script better!
During some commandline installation testing I accidentally installed the OpsMgr Data Warehouse in a wrong directory, so I wanted to uninstall the database and used the GUI setup in an effort to delete the Data Warehouse (OperationsManagerDW).
Luckily I did my testing on my demo systems because I saw some frightening screens during my uninstall of the Data Warehouse ;-)
Screenshot of current installation:
Screenshots of uninstall Data Warehouse:
Seems I only uninstalled the Data Warehouse Database. ;-) By the way I didn’t had to run ResetSRS.exe to get SQL Reporting Services in a Running State.
But wait a minute. I still see the OperationsManagerDW database (Data Warehouse)
So what did I remove during the uninstall of the Data Warehouse?
It seems that during the Data Warehouse installation the Datawarehouse.Initial.Setup.sql file is copied and run. Which creates the OperationsManagerDW database.
To remove the Data Warehouse database I had to Delete it from within the SQL Server Management Studio tool. This is probably a good thing, because you don't want to accidentally remove the Data Warehouse with all your historical data ;-)
Finally I was able to re-install the Data Warehouse through the commandline.
Here are the commandline parameters I used to install the Data Warehouse:
msiexec.exe /i D:\Install\OpsMgrSP1\reporting\i386\Reporting2007.msi INSTALLDIR="D:\Program Files\System Center Operations Manager 2007\" /qn /l*v "%temp%\REPORTINGDB_INSTALL.LOG" ADDLOCAL="MOMREPORTINGDB" SQLSVR_INSTANCE="OPSMGRSP1RMS01" MOMREPORTINGDBNAME="OperationsManagerDW" DB_SIZE="1000" DATA_DIR="D:\MSSQL\Data" LOG_DIR="D:\MSSQL\Logs"
As you can see I wanted to install the files on the D-drive. So I used the INSTALLDIR and DATA_DIR and LOG_DIR parameters.
Did you hear about Pro Packs or Pro Tips lately? And do you know what they are? I saw this question in an internal mail thread and I must say I didn’t knew much about it also. So here is some info about PRO which is a new feature of SCVMM 2008.
PRO or Performance and Resource Optimization is a new feature in VMM 2008 which leverages the monitoring and alerting capabilities of Operations Manager 2007 to surface Tips or recommendations within VMM which help administrators ensure a high performance and efficient virtualized environment. By leveraging OpsMgr’s MP framework partners and customers can create PRO enabled MPs which surface these Tips in VMM and have associated actions (Users can configure them to run manually or automatically) which implement the recommendations made to resolve issues or increase the efficiency of the environment.
Example: Operations Manager gets an alert that the CPU on an HP physical host is exceeding utilization threshold. The HP PRO Pack generates a PRO Tip based on that alert and sends it to VMM. Based on HP policies specified in the PRO Pack, the recommended action is to migrate VM workloads to another host to free up resources. The administrator implements the PRO Tip and VMM uses Intelligent Placement to determine the best destination for the virtual machines in the cluster. The VM is migrated to another host and Operations Manager is alerted of the fix and the status returns to green.
You can find more info on Pro Packs, Pro Tips and System Center Virtual Machine Manager 2008 on the Windows Virtualization Team Blog.
Source: Microsoft Download Center
With Microsoft Visio 2007 Pro the user now has the ability to connect data to diagrams and use data graphics to make the visualization more meaningful and impactful. The OpsManager and ConfigManager Solution for Visio 2007 Pro helps you visualize your key reports. Using the solutions framework which utilizes an easy to configure web server component provided for your environment you can now easily connect data from OpsManager and ConfigManager in Visio 2007 Pro. Download the Visio add in and the web server component to connect and generate datasets to connect to your existing diagrams or auto generate your diagrams for your infrastructure monitoring needs. See your data from OpsManager and ConfigManager live in Visio diagrams Today by downloading this valuable Visio Add-in free.
So why should you use MPViewer if you have all the features and more in Silect MP Studio Lite? You can easily install and use the MPViewer, it’s only one executable ;-) For some of the missing features you can use other tools (like the Module Explorer and Override Explorer). One thing I’m really missing is the ability (from both) to export the MP to Excel. Export to Excel is available in latest version.
This should not be that difficult I would think if you use some PowerShell commands. Here an example to export the monitors for the Windows Server 2003 ManagementPack.
Today I did my Microsoft System Center Operations Manager Configuring Exam and passed with a score of 980 points. Still room for improvement…
I thought it was easy, but I work with the product every day and I still love it ;-)
Ed Wilson has created a Scriptomatic PowerShell Version, which you can download here.
This Scriptomatic writes Windows PowerShell scripts that harness the power of WMI (Windows Instrumentation Management) for use in system management and administration.
It really has some nice features, like output options. Check it out!
Since I started at Microsoft as a Premier Field Engineer I went to quite some customers still using MOM 2005, so for all of you already working with OpsMgr 2007 (SP1) here some "old school" info on Computer Groups and Computer Rules in MOM 2005.
What are Computer Groups? Computer Groups allow you to group together similar computers so that you can assign rules to group or computer and not individually to each computer.
Features of Computer Groups:
Are used for:
By default, the MOM server scans the network for all managed computers every 24 hours to detect changes or modifications in the network. During the scan process, the MOM server accesses the Active Directory service for the names of the computers, read certain registry keys or values, and identifies the type of computer. Then it places the computers in the appropriate computer groups and finally includes or excludes the computer.
What are Rule Groups? Rules help you specify the events, performances, and alerts that need to be monitored on the managed computers. Rules also enable you to set the actions that are to be taken in response to the monitored events, performances, and alerts.
Features of Rule Groups:
For ease of administration, you can group several rules to form a rule group. A rule group is a named set of processing rules that allows administrators to easily associate many processing rules with a computer group. Rule groups are provided by Management Packs, but you can also create your own.
All this got me triggered by a question of a customer about the Microsoft SQL Server 2005 Service Discovery Computer Group. Have you ever take a look at that Computer Group? No? Follow me...
If we look at the Formula for the computer group (AttributeValue(Microsoft Windows Current Version)>="5.0") this means that all computers with an Operating System of Windows server 2000 and higher are members of this computer group. Why would you create this Computer Group? This is because Computer Groups are used to group together similar computers so that you can assign rules to group or computer and not individually to each computer.
Ok, now this is clear we have to find which Rule Groups are associated to this Computer Group. And guess what? It's the SQL Server 2005 Detection and Group Membership Rule Group.
That Rule Group only contains one Rule SQL Server Detection and Group Membership, which runs every 30 mins a script to discover installed instances of SQL Server and Reporting Services and add them to Discovered Groups. But why is this rule running on all Windows server 2000 and higher computers and not only running on computers running SQL, you might ask? This is due the fact that the MP could never detect SQL on 64 bit machines and you used to have to do work rounds by manually adding the server to computer groups.
Have fun learn MOM and OpsMgr!
Today I stumbled on a great tool for documenting your database SqlSpec 3.7 from Elsasoft.
SqlSpec will generate easy-to-read database documentation for any of the following platforms:
You can read more about the many features of SqlSpec here.
But we as System Center specialists are probably mostly interested in our SQL Server 2005 OperationsManager, OperationsManagerDW and ReportServer databases;-)
So I connected SqlSpec to my OperationsManager database and let it run (for some time).
And when it's finished you can view you the complete OperationsManager database in a Compiled HTML file or in a Webbrowser. You even have a Dependency Graph for for instance the Alert Table. How cool is that!
If I find more interesting info with this tool about the OperationsManager databases I'll let you know.
Source: Secure Vantage Team Blog
I was lucky enough to get a preview of Secure Vantage Security Management Pack Templates and more this week and there are very cool! I wanted to write about them but it was NDA, but now the Secure Vantage Team has blogged about them. I have seen some more great new solutions but they want to present them on MMS in Las Vegas and could you blame them? So if you are there visit the Secure Vantage Team and let them show you all those new solutions. It’s difficult not to write about what I’ve seen but I can tell you it will blow your socks off!
Please visit the Secure Vantage Team Blog and read more about their Security Management Pack Templates.
Operations Manager 2007 comes with several standard management pack templates. You can use these templates to create a new management pack and then customize that management pack to your requirements. This approach provides an alternative to creating a new management pack to store the overrides for a sealed management pack.
One of the available MP templates is the OLE DB Data Source Template. Use the connection string properties to specify the instance to which you want to connect. You can find more information on how to construct OLE DB connection strings, on MSDN Connection String Syntax.
Source: System Center Forum
“Silect Studio has delivered for the Operations Manager community in a big way with MP Studio 2007 Lite, a scaled down version of MP Studio designed primarily for MP reporting (in HTML format).”
Go for download location to source.
As you might have noticed I’ve been using Twitter quite often lately. On my previous weblog I installed a Drupal Twitter module for updating Twitter with my latest blog posts. But now I migrated to Technet Blogs I didn’t had this possibility anymore, so I looked for an easy way to have my latest blog posts updated to Twitter.
I searched for “rss2twitter” on Windows Live Search and found a perl script but that didn’t work for me. It just failed with the next errors:
“C:\Temp\rss2twitter>rss2twitter.exe Malformed UTF-8 character (1 byte, need 4, after start byte 0xf1) at C:\Temp\rss 2twitter\rss2twitter.exe line 128.”
So I though why not use PowerShell? With the help of Out-Twitter from Doug Finke it was quite easy.
So here is the PowerShell RSS2Twitter script:
Savision showed their new version Live Maps 2.0 on MMS, and because I’ve been a beta tester I can already tell you it has some great new features.
NEW FEATURES Live Maps Web Console The Live Maps web console displays Live Maps maps in Microsoft Internet Explorer (version 6.0 and above). Any map can be accessed directly by using its unique URL.
Alarm Sounds New alerts and state changes can be announced using the new, configurable alarm sound. Alarm sounds can be customized by copying a WAV sound file to %Program Files%\System Center Operations 2007\AlarmSounds.
Updated Maps The following country map templates have been updated:
The following items have been fixed or improved in this release:
Isn’t it cool you now see the Live Maps in Microsoft Internet Explorer?
This new release will probably available at the end of next week. Please watch their website for this latest release.
Did you know you could use Windows Authorization Manager (azman.exe) to view the user roles and how they are scoped in OpsMgr?
Read more on source.
REALTECH's newly developed Management Pack for SAP Monitoring is one of the first integration modules to use the .NET interface of Microsoft System Center Operations Manager 2007 to display real-time information on the availability, performance, and error status of any SAP NetWeaver component. Thanks to the seamless integration of the management pack, Operations Manager will continue to be the primary system.
A colleague of mine found this Management Pack for SAP and this is not on the System Center Pack Catalog.
Anybody any experience with this MP? Please leave a comment.
Source: SCUG.nl Forum
One of our members of the SCUG.nl Forum found a solution for an issue when converting the MOM 2005 MP for Symantec Backup Exec 11d to OpsMgr 2007 MP.
During the import of the converted MP you see the next message "The client has been disconnected from the server. Please call ManagementGroup.Reconnect() to reestablish the connection. The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state."
If you look in the eventlog you see that the time notation is not correct. If you remove the next lines from the xml:
<TimeGenerated> <Range> <After>02/22/06 20:10:49</After> <Before></Before> </Range> </TimeGenerated>
It should work.
Thanks to Cor.
Source: Microsoft Download Center
This download contains the following documentation for System Center Operations Manager 2007: • Operations Manager 2007 Deployment Guide: This guide steps you through the deployment process for System Center Operations Manager 2007. • Active Directory Management Pack Guide for Operations Manager 2007: This document includes a Management Pack overview, deployment procedures, and monitoring scenarios for the two Active Directory Domain Services (AD DS) Management Packs • Exchange Management Pack Guide for Operations Manager 2007: This guide includes a Management Pack overview, deployment procedures, and monitoring scenarios for the Microsoft Exchange Server 2003 Management Pack for Microsoft System Center Operations Manager 2007. • SQL Management Pack Guide for Operations Manager 2007: The SQL Server Management Pack provides both proactive and reactive monitoring of SQL Server 2000 and SQL Server 2005 for an enterprise environment. • Windows Server Operating System Management Pack Guide for Operations Manager 2007: The Microsoft Windows Server Management Packs monitor the performance, health, and availability of Microsoft Windows 2000 Server and Microsoft Windows Server 2003. • Windows Client Operating System Management Pack Guide: The Windows client operating system Management Packs are intended for use in gathering data on client computers or individually monitoring designated mission-critical client computers. • Operations Manager 2007 Terminal Services Management Pack: This guide includes an overview of the Management Pack, deployment procedures, and monitoring scenarios for the Terminal Services Management Pack. • Operations Manager 2007 Security Guide: This guide provides you with security-related information as it pertains to Operations Manager 2007. • Operations Manager 2007 Management Pack Guide: This guide includes a Management Pack overview, deployment procedures, and monitoring scenarios for the Microsoft Windows Server Internet Information Services 2000 and 2003 Management Packs for Microsoft System Center Operations Manager 2007. • Operations Manager 2007 Management Pack Terminal Services: This guide includes an overview of the Management Pack, deployment procedures, and monitoring scenarios for the Terminal Services Management Pack. • The Operations Manager 2007 Design Guide: This guide steps the reader through the steps necessary to develop a complete architectural plan for their OpsMgr2007 implementation. • Operations Manager 2007 Backup and Recovery Guide: This guide provides guidance in planning for backup and recovery of System Center Operations Manager 2007 server roles and components. The information in this guide will complement your existing recovery strategy to avoid service disruption. • Operations Manager 2007 Operations Guide: This guide s a comprehensive resource that can be used to understand and use your Operations Manager 2007 implementation to your best advantage. It teaches the Operations Manager administrator what to do after successfully deployed a Management Group for the first time. • Operations Manager 2007 MigrationGuide: This guide is intended to help you understand the migration process from Microsoft Operations Manager 2005 (MOM 2005) to Operations Manager 2007 and the tools that are used in the process. • Operations Manager 2007 Management Pack Authoring Guide The Microsoft Operations Manager 2007 Management Pack Authoring Guide provides detailed information on how to author management packs for System Center Operations Manager 2007. This guide includes detailed conceptual documentation, tutorials, and a reference section. • Operations Manager 2007 Report Authoring Guide This guide provides an overview of the Operations Manager reporting feature, including procedures for generating pre-populated reports and authoring custom reports. There is also reference information for users looking to create custom reports.
Martin Buckly of Microsoft talks with Andreas Typaldos, CEO of Xandros about working with Microsoft System Center Operations Manager 2007 Cross Platform Extensions and the new opportunities Xandros is seeing.
Andreas Typaldos: “Xandros is looking to be a leader in offering a suite of Management Application Packs not just one or two. That is a great benefit for a customer…but in addition to getting dept in the application we are able to offer the customer not one, two, three, four,five or as many MPs he needs. So he doesn’t have to go to three, four vendors to get that.”
Secure Vantage is offering a free download of their Security Top Alerts Management Pack (STAMP).
STAMP is designed to provide key alerting for Windows Server Security events leveraging System Center Operations Manager 2007. STAMP is intended to provide security alerting and operations for key Windows Security events for the following:
The Security Top Alerts MP provides base Alerting of key Windows Server security events with predefined views and knowledge content. The primary intent of this Free Management Pack is to provide Auditing on key Windows Security events. This MP only provides a subset (10%) of the Windows Security Auditor MP.
To get the MP you need to fill in the Online Request Form and after that you will receive an email with the download location of the MP.
So hereby my first impression of this MP from Secure Vantage.
The only thing I don’t know is why they fill Custom Field 10: with “WinSec.Policy"? Conclusion: This is a good MP to start getting experience with Security Alerting in OpsMgr. The installation is straight forward if you have configured the Audit Policy correctly and there is enough extra Product Knowledge available inside the MP and through hyperlinks to online knowledge on the Ultimate Windows Security Website. And if that is not enough there is a link to Infront Consulting (SystemCenterTraining.com) where you can get an OpsMgr training;-) I would suggest taking a look at the Audit Policy section of the WinSec Wiki for some basic knowledge about configuring Auditing: Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events
The only thing I don’t know is why they fill Custom Field 10: with “WinSec.Policy"?
This is a good MP to start getting experience with Security Alerting in OpsMgr. The installation is straight forward if you have configured the Audit Policy correctly and there is enough extra Product Knowledge available inside the MP and through hyperlinks to online knowledge on the Ultimate Windows Security Website. And if that is not enough there is a link to Infront Consulting (SystemCenterTraining.com) where you can get an OpsMgr training;-)
I would suggest taking a look at the Audit Policy section of the WinSec Wiki for some basic knowledge about configuring Auditing:
I already posted an article on using Twitter and now I’ve create a MPNotifier Twitter account.
So if you want to know about the latest MPs just follow the MPNotifier Twitter.