Friday, December 18, 2009

SCOM: Importing a Management Pack fails, Event ID 26319

In this post I'll explain a case in which an import of a Management Pack fails.
A failure can be caused my numerous things, like dependencies, but in this case the cause is in the MP itself.

Let say, you create a MP with some monitors, and groups in it. (in a Test Management Group or using the Authoring Console). This is MP version
We call it MyAppMP. After finishing your MP, you import it in your SCOM Management Group.

Now you modify the MP file (Test MgmtGrp or Auth.Cons) and delete the groups because you don't need them anymore for some reason.
MP version is now

You would think importing this updated MP wouldn't give any problems. Wrong! Importing this MP shows an error in the OpsMgr Console:

The requested management pack was invalid. See inner exception for details. Parameter name: managementPack

Because of this useless error message in the Console, I searched the Operations Manager Event Log on the RMS. There I found Event ID 26319. This Event ID is used more than once for logging numerous SDK to DB operations. (RMS to SQL db)

The event showed the following

Event Type:     Error
Event Source:   OpsMgr SDK Service
Event Category: None
Event ID:       26319
User:           N/A
Computer:       RMS Server
An exception was thrown while processing ImportManagementPack for session id uuid:46c14e53-8440-41c6-8979-77f0cce2b5b3;id=264.
Exception Message: The creator of this fault did not specify a Reason.
Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.ManagementPackException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to : ManagementPack Version [] is not upgrade compatible with older version []. Compatibility check failed with 6 errors:
Error 1:
: ClassType: [UINameSpace328086d3480e4cf4a8859a3454410533.Group] is not upgrade compatible.
[ClassType]: [UINameSpace328086d3480e4cf4a8859a3454410533.Group] exists in current version [] of ManagementPack but does not exist in the new version [].
Error 2:
: ClassType: [UINameSpace51b544ce66984f46bf9cd3733b4e07ef.Group] is not upgrade compatible.
[ClassType]: [UINameSpace51b544ce66984f46bf9cd3733b4e07ef.Group] exists in current version [] of ManagementPack but does not exist in the new version [].
Error 3:
: ClassType: [UINameSpace6730031c44f34a1491ea6f608a3e674c.Group] is not upgrade compatible.
[ClassType]: [UINameSpace6730031c44f34a1491ea6f608a3e674c.Group] exis...).

For more information, see Help and Support Center at

This tells us that you cannot upgrade a Management Pack when have deleted groups which are in the current active version in your Management Group.

What should you do:
  • If you have an unsealed MP with overrides/customizations for MyAppMP
    • Export any customizations/overrides the unsealed MP
    • Delete the unsealed MP
  • Delete the old version of the MP, in this case MyAppMP, version
  • Import the new version of the MP
  • Import the unsealed MP you backup in the steps before.
Other cases:

Sunday, November 15, 2009

SCOM: Operations Console Reporting locks SDK and Config Account

Update 11-26-2009: Microsoft has documented this problem as a bug but only for internal purposes. Only when more customers are having similar problems, they will give it prority for fixing. But, if you do have this problem you can fix it on your own. Using the descriptive explanation in this blog.

Saturday, November 14, 2009

SCOM: Sealing 'Operations Console-build' Management Packs

This blog is about the problems you can run into when you seal a management pack which is build from the Operations Console and deploy it in another Management Group.

When you create a management pack from the Operation Console a few standard items are added by default like some references to standard libraries.
If you want to delegate a logical group of computers combined with some views to a group of administrators for monitoring, usually you do the following:
  • Create new Management Pack
  • Create a group
    • For example: My Computer Group
    • Create dynamic inclusion rules (like "OU matches wildcard "*Web Servers*"
  • Create a view
    • State view (for example)
      • Data related to "Windows Computer"
      • Data contained within group "My Computer Group"
So now we have a simple management pack with a group and a state view which show the Windows Computer state for 'My Computer Group'.
This will work great in the Management Group the MP is created in, but when you seal this MP and want to use it in another SCOM Management Group, a problem arrises. e.g. Creating a MP in a test SCOM Management Group, sealing the MP and deploying the MP in a production management group.

The problem: Although the group is likely to be populated with objects that comply with the group dynamic inclusion rules, none of the items show up in the State View.

The cause: The State View is targeted at the 'My Computer Group' but under the hood the group's GUID is used instead of it's ID. The GUID is the 'unique?' BaseManagementID within the Management Group. This will only get noticed when you use this MP in another Management Group as a sealed MP. As a unsealed MP the group, frankly, uses the 'same!' GUID and the view will work.

The solution: Edit the MP XML file manually and replace the GUID within the view's target to the ID of 'My Computer Group'. You can find the ID in the 'Language Pack'-section of the MP. Note that you'll find two targets. This concerns the subelement Target and not the attribute from the view element itself.


Orginal XML

<view id="myview1234" target="systemlib!windows computer">

<view id="myview1234" target="systemlib!windows computer">

You might say, "why is this a problem, i'll just won't seal my MP's". Well you could do that, but most people think you should develop a MP in one environment and deliver the MP as a sealed box to the other environment. This way it's not possible for a MP to have a higher version number in e.g. a production environment than the same MP in your test/development environment.

And remember even if you dó choose to work without sealing, and you and your collegues agree nót to add any changes to a MP in your production environment, one day it will happen. And then you release your amazing new version of the MP, following the standard release process, and all changes of your collegue could get lost.

Saturday, October 10, 2009

SCOM R2: New OpsMgr R2 MP released (6.1.7553.0)

Just a few days ago Microsoft released an updated version of the OpsMgr 2007 R2 Management Pack.
If you have SCOM R2 you can benefit from this release right-away. This MP package (Version 6.1.7553.0) is specific to OpsMgr 2007 R2 and will not import on product versions prior to that. You can find it in the MP Catalog.

A similar update for OpsMgr 2007 SP1 will be released in the coming weeks. It will be announced on

Some highlights:
  • Better threshold adjustments which results in less false positives
  • Updated knowledge base and display strings
  • Disabled some non-actionable rules & monitors
  • Extra performance counters
Read the updated MP guide for more information.

These updates are based on Community, Customer, and internal feedback.
See Kevin Holman's blog about SCOM agents continuously rebooting after reaching a memory threshold. This is one of the things fixed in this newly released Management Pack.

Tuesday, September 22, 2009

SCCM: SCCM R3 announced

Recently Microsoft announced a new release of System Center Configuration Manager. In this release, R3, the focus is on power management.
Nowadays more and more companies look for solutions to take on power usage of there IT infrastructure. In SCCM R3 there are going to be several functionalities that can help your business to lower power consumption.

Power Management

The goal of this capability is to enable Configuration Manager to further reduce the operational costs of IT by providing basic power management features native to the product. Our approach is based on 3 primary areas:

A. Help the organization plan a power strategy by monitoring current power state and consumption and reporting on machine utilization trends, current power settings and current energy consumption

B. Enable the Administrator to easily create, deploy and enforce specific power settings using the existing ConfigMgr infrastructure.
−Ability to set peak and non-peak schedules
−Ability to remediate settings if changed
−Ability to opt out machines from power policy

C. Provide the business meaningful report formats that are relevant to Power Management

Microsoft is still looking for TAP nominees. If you want to participate, fill in their survey before October 1st, 2009. SCCM R3 TAP Survey

For more information, see the Microsoft System Center website.

Monday, August 24, 2009

SCOM: Monitor vs. Rule

When you want to monitor specific occurences there are two options in SCOM. You can use a monitor or a rule.

In this blog post i'll will explain why you should use a monitor for a specific occasion and not a rule and vice versa.


Rules Collect data from sources like EventLog, Text or Log Files and Perfmon. That data is stored
In the Operations Manager database. If you have installed a Data Warehouse database this data is replicated to this database for Reporting purposes.
Rules always target classes. You should not target rules to groups. See the Authoring Guide from Microsoft for best practices. Targeting groups results in targeting the Root Management Server, as this is the host of all groups.


Monitors are used to determine the health state of an application component. A monitor is programmed with the intelligence to determine whether a component is healthy.

Monitors exist in two flavours, Two-state and Tree-State. Thus, a monitor can either be in one of two states (green or red) or in one of three states (green, yellow, red).
The state changes when the monitor responses to the monitoring information the monitor is using.

Monitors come in three different types: Unit Monitor, Aggregate Rollup Monitor and Dependency Rollup Monitor

Unit Monitor
A unit monitor is the fundamental monitoring component. Used to monitor specific counters, events, scripts and services. This monitor can generate an alert.

Aggregate Rollup Monitor
An aggregate rollup monitor reflects the state of unit, dependency rollup, or other aggregate rollup monitors. Use an aggregate rollup monitor to group multiple
Monitors intro one monitor. This monitor then is used to set the health state and optionally generate an alert. Each object has at least 4 of this rollup monitors: Availability, Configuration, Performance and Security.

Dependency Rollup Monitor
A depency rollup monitor rolls up health states from objects linked by either a hosting or a containment relationship. Use this monitor type to make the health state of a particular object dependent on the health state of components that are either hosted or contained. For example, the SQL Server 2005 object has an dependency rollup monitor that is related to a health monitor of a SQL Server 2005 Database object. When an application database is offline is doesn't mean the health state of SQL 2005 is critical, but when the master database has problems this has a direct impact on the SQL Server 2005 object.


Monitor and rules both collect monitoring data, but the collected data is used very differently. Rules collect data that goes into the Operations Manager database and Operations Manager Data Warehouse.
Monitors evaluate data from various sources and only store the state changes and alerts in the Operations Manager database.
Monitor-collected data is never stored in the Operations Manager database and Data Warehouse and thus is not usable for Reporting.

You want to monitor disk usage on a file server and generate an alert when used disk space exceeds 85%. You also want to have the disk usage information available for reporting.
How to implement this?

  • Create a collection rule to collect disk usage information for reporting
  • Collection rules do not generate alerts, so you'll need to create a unit monitor for monitoring the disk usage health. This monitor will generate a health state change and an alert after the disk usage exceeds the threshold of 85%.

Source: SCOM Authoring Guide

Wednesday, August 19, 2009

SCOM: Upgrading to SCOM 2007 R2

Last week i was busy upgrading multiple SCOM 2007 SP1 environments to R2.

The upgrade process to R2 is actually very straigt forward. That is, if your environment is also straight forward.
A collegue of my was presented with an upgrade error when he tried to upgrade the Reporting Server and the Data Warehouse Database in the background.
Eventually it was caused because the user account the SCOM Reporting Server upgrade was started with, was configured as a user on the database without SQL roles.

This takes some time to figure out, especially when you have to work with different teams. A team for SCOM, a team for SQL and for example a team for IIS.

That's why here is a R2 upgrade info list for your convenience:
And remember, always create a backup of your database before installing a upgrade.

Sunday, August 9, 2009

SCOM: Implementing ADMP replication monitoring in complex environments

Installing a management pack in your SCOM environment is a piece of cake. So is implementing ADMP. Things change when your AD forest structure is a bit more challenging than a single domain forest. For example, monitoring 4 different forests without forest trusts.

A feature of ADMP is replication monitoring. The account which will be used for monitoring must have rights on domain controllers in the domains. From a 'lease privilege' point of view, you should only give that account rights to only the objects that are really neccesary for operational monitoring. The ADMP guide luckely describes this in detail.

Doing these steps for multiple domains is kind of a hassle. That's why i wanted to create a ADMP deployment script to help system administrators implement ADMP faster in more complex AD environments.
--- weeks later.......
I must confess that writing a one-for-all implementation script for ADMP is not easy. Eventually after multiple implementations i made my choice. I decided to cancel my journey for the ultimum. Even if i did continue to make such a script, who would use it. Who do you trust enough to automate a Default Domain Controller Policy deployment, in which you delegate some rights for the Replication Monitor account.
My advice:
- Read ADMP implementation guide
- Backup your GPO's
- Know about SDDL's and settings security on EventLog items.
Last but not least
There are some tools to help you deploy the ADMP management pack faster. I gathered all tools and hot links:
SDDL strings for EventLog security:
SID tools:
I made some VBscripts for this. I will publish them as soon as possible.

Wednesday, April 22, 2009

Preparing your SCOM and SCCM exam

4 Weeks ago i sat for the offical Microsoft exams SCOM and SCCM. If you want to know more about SCOM & SCCM including passing the exams you want to read this post.

You'll probably know that there are two ways of passing Microsoft exams.

  • Get the exam questions and answers in your head, pass, know nothing and get reveiled occasionally when a client askes an in-depth question.

or, better,

  • Get a book, do the Virtual Labs from Microsoft, setup your own test environment, practice lab questions and actually know what your doing. Practice some exams and then pass the actual exam.

Important topic areas


  • Know how to configure and maintain SCOM
  • Configuring Management packs including MOM 2005 MP's
  • New features in R2


  • Know about the new features compared to SMS 2003, because a lot has been added to Systems Management from MS!
  • Deployments in different test environments (desktops, offsite notebooks, OSD-deployments) with service windows and baselines.


Here's a list of the best materials for studying for SCOM exam 70-400 and SCCM exam 70-401.


Book: System Center Operations Manager 2007 Unleashed link

I really like the unleashed books. For MOM 2005 I also used the unleased book. Very complete and explained in depth.

Virtual Labs:

Microsoft info (including practice tests):


Book: System Center Configuration Manager 2007 Unleashed link

Yes, another Unleashed! For SMS 2003 I read a Microsoft Press book. It was OK, but this book for SCCM gives just more in-depth information.

(If you're familiar with other good SCCM books of which you think should be listed here, let me know)

Virtual Labs:


Microsoft info (including practice tests):


Do theory and practices. Write down things you don't understand. Search the internet for blogs like this one for possible answers. But this is just basically what you always should do when studying techninal areas.

.... oh.... I passed both exams. :)

Friday, March 27, 2009

SCOM: Reporting queries for performance counters

When you want to start making reports in your SCOM environment, you'd first have to learn how the data is stored in the SCOM DataWarehouse and which tables, views or stored procedure you can use.

I use SQL Server Business Intelligence Development Studio. You can use Report Builder, but it is less featured.
After you create a Shared DataSource and a new report, you can create your query for your Data Set.

Below is a query to get performance data from the aggregated view 'PerfDaily' for a computer from counter name 'Working Set'.

SELECT Perf.vPerfDaily.DateTime, Perf.vPerfDaily.AverageValue, vManagedEntity.Path, vPerformanceRule.ObjectName, vPerformanceRule.CounterName,
vManagedEntity.FullName, vPerformanceRuleInstance.InstanceName
FROM vPerformanceRuleInstance INNER JOIN
Perf.vPerfDaily ON vPerformanceRuleInstance.PerformanceRuleInstanceRowId = Perf.vPerfDaily.PerformanceRuleInstanceRowId INNER JOIN
vManagedEntity ON Perf.vPerfDaily.ManagedEntityRowId = vManagedEntity.ManagedEntityRowId INNER JOIN
vPerformanceRule ON vPerformanceRuleInstance.RuleRowId = vPerformanceRule.RuleRowId
WHERE (vPerformanceRule.CounterName = 'Working Set') AND (vManagedEntity.Path = @ComputerName)
ORDER BY Perf.vPerfDaily.DateTime


@ComputerName is a parameter which can be entered by a user. Another option is to fill this value with server names based on another query. Like "give me all servers from a specific group".

Such a query could be:
SELECT dbo.vManagedEntity.Name
FROM dbo.vManagedEntity INNER JOIN
dbo.vRelationship On dbo.vManagedEntity.ManagedEntityRowId = dbo.vRelationship.TargetManagedEntityRowId INNER JOIN
dbo.vManagedEntity As CompGroup On dbo.vRelationship.SourcemanagedEntityRowId = CompGroup.ManagedEntityRowId
WHERE CompGroup.DisplayName = 'MyServers'

Wednesday, March 25, 2009

SCOM: Maintenance Mode with PowerShell

There are situations where you want to set maintenance windows on certain machines within your SCOM infrastructure. This can be accomplised with the Operations Console or Command Shell.
The great advantage for SCOM (in comparison with MOM) is that maintance mode can be set on all monitored classes. So it's possible to set maintance mode for a webapplication, without setting your complete IIS webserver to maintenance mode.

This post is about the Command Shell. When you install the SCOM Command Shell (Powershell is a prequirement), you'll get access to numerous SCOM cmdlets for different managing tasks.

To get all cmdlets concerning 'MaintenanceWindow', type:
>get-operationsmanagercommand where-object { $_.Name -match "MaintenanceWindow"}

Below are some examples...

Create a new maintenance window for a computer
# Ask user for input
$strComputerName = Read-Host "Enter computer name"

$objComputer = Get-Agent | Where-Object {$_.Name -match $strComputerName}
$objComputer.HostComputer | New-MaintenanceWindow -StartTime:"3/25/2009 22:00" -EndTime:"3/25/2009 23:30" -Comment: "Server maintenance"

Create a new maintenance window for a group
# Ask user for input
$strGroupName = Read-Host "Enter group name"

$objGroup = get-monitoringobject | Where-Object {$_.DisplayName -eq $strGroupName}
$objGroupAgents = $objGroup.getrelatedmonitoringobjects()

# Looping throug group object
foreach ($objAgent in $objGroupAgents)
New-MaintenanceWindow -startTime::"3/25/2009 22:00" -EndTime:"3/25/2009 23:30"
-monitoringObject:$objComputer -comment:"Server group maintenance"

Create a new maintenance window on a Web Application
Below is a script that puts a Web Application in maintenance mode. Using the extra get-monitoringclass cmdlet resulted in a faster script, then only using the cmdlet get-monitoringobject with a where clause.
# Ask user for input
$strWebApp = Read-Host "Enter the Web Application name"

# Get class object
$objMonClass = get-monitoringclass where-object { $_.Name -eq "Microsoft.SystemCenter.WebApplication.Perspective"}

# Connect object and add Maintenance Window
get-monitoringobject -MonitoringClass $objMonClass | Where-Object { $_.DisplayName -match $strWebApp } | New-MaintenanceWindow -StartTime:"3/25/2009 22:00" -EndTime:"3/25/2009 23:30" -Comment: "Server maintenance"

.... more examples to come.

See for ready made scripts to add computer, groups to maintance mode including the related health service.

Start of a System Center blog

Today i started my blog about System Center. A product suite of Microsoft for managing and maintaining your complete client/server IT-Infrastructure.

Because of my experience with various products from System Center, i wanted to share my knowledge with others.

Have a greate time!