Thursday, December 9, 2010

SCOM: Find Specific Members in User Roles (PowerShell)

Last week I was doing some User Role testing with a test account of mine. Normally I always use Active Directory groups for adding and removing members of a user role.
But for quick testing with some views I added my test account directly to several user roles.

I wanted to know in which user roles my test account was added.
Beneath is a PowerShell script to find members of a user role which name contains the given search criteria. The name is usually a (AD) User Account or Group, like Admin1234@domain.local or DOMAIN\Admin123.

#Find member of userrole which contains a specific text
#The search criteria is case-sensitive

$searchtext = "Admin"
Get-Userrole | Sort DisplayName | % { $userrole = $_.DisplayName;$_.Users | % { If($_.Contains("$searchtext")){ Write-Host -foregroundcolor yellow $userrole;Write-Host " $_"} }}

Wednesday, December 8, 2010

SCOM: Get Nested Group Members (Powershell)

When you create nested groups in SCOM you have to use workarounds to view the actual group members of a specific type, e.g. Windows Computer. Using 'View Members' only returns the nested groups and not the contained objects.

One of the ways to view the actual members of a group, is to create a 'State View'.
As a "filter" you then change the class type to show the data related to the type you want to see and then you select the group for scoping the returned data.

So in short terms, to view the nested group members
- Create a state view
- Change "Show data related to" to a class like 'Windows Computer'
- Change "Show data contained in a specific group" to the group of which you want the members.

But, there's quicker way to achieve this. Using Powershell you can retrieve the members of a nested group in a couple of seconds. I found out about 'Recursive' using the SCOM SDK.

$group = Get-MonitoringObject | Where { $_.DisplayName -eq "YourGroupName"}
$MonitoringClass = Get-MonitoringClass -Name "Microsoft.Windows.Computer"
$group.GetRelatedMonitoringObjects($MonitoringClass,"Recursive") | Select DisplayName

Tuesday, November 30, 2010

SCOM 2007 R2 Core MP Update & Guide Inconsistency

Last week Microsoft published a new version of the Core MP for SCOM 2007 R2, version 6.1.7695.0, see Kevin Holman's blog.

The MP Guide showed 3 new rules that where added with this version as a substitution for two monitors which you could enable and disable, respectively.

However after loading the MP in my test environment, it showed that the new rules are already enabled and the substituted monitors disabled.


Manual Reset MonitorsThe Operations Manager Management Pack contains two monitors that require manual reset of health state, which are listed below. In version 6.1.7695.0 of the management pack, rules have been included that you can ??? enable in place of those monitors. The rules generate alerts for the same conditions as the monitors.

You can disable Alert Subscription Configuration Monitor and in its place, enable the following

  • Alert Subscription Configuration Critical Notification Rule, which generates a critical alert on the same critical conditions as the monitor.
  • Alert Subscription Configuration Warning Notification Rule, which generates a warning alert on the same warning conditions as the monitor.

You can disable the Alert Subscription Available monitor, and in its place, enable Alert Subscription Availability Critical Notification Rule, which generates a critical alert on the
same critical conditions as the monitor.

Just wanted to let you know.

Friday, November 19, 2010

SCOM: Deliver Reports to Sharepoint

Today I focussed on delivering SCOM reports to a Sharepoint document library with the File Share and e-mail delivery methods.

Most teams and departments have used file shares and network mappings to store their documents. These days more and more companies are using portal products for that purpose, like Microsoft Sharepoint.

In this blog I'll show you how you can deliver a report to a Sharepoint 2007 library. Although this is not difficult to setup, there are some things you need to know to get it working. In this setup SQL SRS 2005 and Sharepoint 2007 are used.

Note: SQL Reporting Services 2008 supports publishing reports directly in Sharepoint libraries, but SCOM 2007 does not support that. Atleast as far as I know. :)

Operations Manager supports two kinds of delivery, file and e-mail.
Both flavours can work, but it fully depends on how your Sharepoint implementation is setup.
There's a third but that's the Null Delivery Provider to cache reports.

E-mail delivery
For Operations Manager Reporting to deliver e-mail to a library the following has to be in place and configured.

Configure SQL Reporting Services

  • Use the Reporting Services Configuration Manager
  • Make sure the the Windows Service identity is configured with a domain user account and not with a local account (Data Warehouse Reader account).
  • Configure the E-mail Setttings
  • Make sure your SMTP server allows you to send e-mail

Configure you Sharepoint document library

  • Make sure you have administrative rights on the document library
  • Configure incoming e-mail settings on the library in which you want to deliver your reports
  • Unfortunately you cannot change the name of the file SQL Reporting Services sends along with the e-mail message.
  • As i want to archive all reports, I don't want them to be overwritten. In this case Sharepoint will create unique numbers as a postfix in the file name.
  • If you don't want everyone to be able to send documents in to your library restrict access to specific users. In this case configure the SCOM Reporting Windows Service account to be allowed to send e-mail (Data Warehouse Reader account).
  • Group items on the e-mail subject. This is the only configurable item when you schedule a SCOM report.

Schedule your reports

  • Choose a naming convention for delivering your reports.
  • Use that in naming your e-mail subjects, so they are neatly grouped in your Sharepoint library.
  • Choose the right document format, e.g. PDF.

And the deliver!

Windows File Share (Sharepoint Library UNC path)

The other option is deliver the reports in to a file share. This is rather easy to setup when you're using ordinary File Shares, but as I sead earlier, more and more companies are using centralised documentation solutions like Sharepoint.
What I like about this delivery method is the possibility to give your reports a more understandable name. And more, SQL Reporting Services auto increments the new files which is more readable than the generated unique numbers when using incoming email on the Sharepoint library.

What you need:
  • A domain account for authentication on the Sharepoint library. You could use "RDA" in the account name, as for Report Delivery Account.
  • Configure the account to have enought privileges to add new items to that library
  • Write down the Network UNC path of that library

Configure your Report Server

  • On Windows Server 2003: Make sure the Web Client service is running and is started automatically. You need this to connect to a Sharepoint library with UNC.
  • On Windows Server 2008: There's no Web Client in Windows Server 2008. For the UNC path to work you need to install a feature called, Desktop Experience. You can add this feature with the Server Manager > Features > Add Feature > Desktop Experience. Notice that you'll need to reboot the Reporting Server after the installation.
  • Test the UNC path of the library from your Report Server

Schedule your report

  • Select the File Delivery Method
  • Choose a naming convention for delivering your reports.
  • Use that in naming your report files (remember that file names of new items are autoincremented)
  • Fill-in the UNC path of the library that you wrote down earlier
  • Use the domain account with the necessary privileges (a.k.a. Report Delivery Account)

And then you can deliver your report.

Wednesday, September 29, 2010

SCOM: Recipient address not valid - Find with PowerShell

One of the benefits of Operations Manager 2007 is the capability for users to create and maintain their own subscription notifications.

When a user adds a notification device to there recipient configuration, it's easy to make a small mistake. Whenever the Notifcation Server on the RMS trying to send a notification to a misconfigured address an alert is triggered, "Recipient address <address> is not valid."

The alert description shows in which subscription this address is used, but it's more important to know in which recipient this address can be found.

For that you can use this PowerShell script:

$searchcriteria = "yourtext"
Get-NotificationRecipient | foreach {
$addresses = $null;
$subname = $null;
$subname = $_.Name;
$addresses = $_.Devices | Where {
$_.Address -match $searchcriteria
if ($addresses -ne $null) {
Write-Host '***' $subname '***'; $addresses
As a one-liner:
$searchcriteria = "yourtext";Get-NotificationRecipient | foreach {$addresses = $null;$subname=$null;$subname = $_.Name;$addresses = $_.Devices | Where {$_.Address -match $searchcriteria }; if ($addresses -ne $null) { Write-Host '***' $subname '***'; $addresses}}

Monday, September 27, 2010

SCOM: Average Events Per Day keeps the doctor away

First of all, because I'm very busy with actually working on SCOM projects I can't spend the time blogging about SCOM as much as I would like.

But today I found some time to blog about a simple, but handy, SQL query I used to determine the average number of events stored in the Data Warehouse database per day.

At the base I used a query from Jonathan Almquist. Then I used that query as derative to count and calculate the average number of events per day. You can adjust the number of days, if you want.

select Count(Date) as 'Number Of Days', Avg(Events) As 'Average Number of Events'
From (
SELECT CONVERT(VARCHAR(10), DateTime, 101) AS Date, Count(*) AS Events
FROM Event.vEvent
) x

So, what can you do with this?
Well, how do you know if your Management Servers can cache the event data collected by your agents when your Data Warehouse is down for a couple of hours.
Running these type of queries can help you understand how much data is stored in the Data Warehouse over time.

Tools like dwdatarp are also very helpfull to understand the data storage of the DWH.

Friday, July 30, 2010

SCOM: Operations Manager 2007 R2 Documentation

As I was browsing the Microsoft Technet site (most recent downloads) I came across a renewed documentation package for Operations Manager 2007 R2.

In this package you'll find everything you need for administering and authoring your OpsMgr environment, including XPlat! Also an easy way to complete your documentation library if it's not already up-to-date.

Here's a list with the contents:

  • Linked.Reporting.MP.xml
  • OM2007_AuthGuideXplat.exe
  • OM2007_ReportAuthoringGuide.docx
  • OM2007R2_CrossPlatformMPAuthoringGuide.docx
  • OM2007R2_DeploymentGuide.docx
  • OM2007R2_DesignGuide.docx
  • OM2007R2_MigrationGuide.docx
  • OM2007R2_MPAuthoringGuide.docx
  • OM2007R2_MPModuleReference.docx
  • OM2007R2_OperationsAdministratorsGuide.docx
  • OM2007R2_OperationsUsersGuide.docx
  • OM2007R2_SecurityGuide.docx
  • OM2007R2_UpgradeGuide.docx

If you want it all, just use the last download link

  • System Center Operations Manager 2007 R2

Microsoft's technet site:

Even for the more experienced people there's a change already known documents are updated since the last time they were used in the field. So check it out.

Thursday, July 1, 2010

SCOM: Find those heavy group discoveries

Two days ago on the 'The Operations Manager Support Team Blog' a blog was posted about editing Groups and the slow Operation Manager Console. They advise to consolidate the number of membershiprules and expressions in regular expression.

But how do you know which groups are eligable for a consolidation? Well, for that I created this script.
It retrieves groups that comply with the given user input for the 'DisplayName'. For every group the Discovery information is retrieved. If the Discovery Configuration matches the prededined thresholds for the number of MembershipRules and/or Expressions, the output will be in red. Otherwise it will be in green. The threshold can be changed at will.

Download: ShowGroupDiscoveryDatasourceConfiguration.ps1

#User-input only works from within a script!
$strGroup = Read-Host "Enter a group discovery name (wildcard) string";

$intMembershipRuleThreshold = 3;
$intMembershipRuleExpressionThreshold = 5;
$intMembershipRuleCount = 0;
$intMembershipRuleExpressionCount = 0;

#These Id's are the base Id's which are usually used when creating groups
$strInstanceGroupBaseClassId = "4ce499f1-0298-83fe-7740-7a0fbc8e2449" #Instance group
$strComputerGroupBaseClassId = "0c363342-717b-5471-3aa5-9de3df073f2a" #Computer group

Write-Host "Retrieving class that match:" $strGroup;
$colGroups = Get-MonitoringClass | where {$_.DisplayName -match "$strGroup" -and $_.Base -ne $null} | Sort-Object -Property DisplayName

if ($colGroups -ne $null) {
$colGroups | foreach {
If (($_.Base.Id.ToString() -eq $strInstanceGroupBaseClassId) -Or ($_.Base.Id.ToString() -eq $strComputerGroupBaseClassId)){
Write-Host "Class:" $_.DisplayName;
$colDiscoveries = $_.GetMonitoringDiscoveries();
#check if discoveries exist
If ($colDiscoveries.Count -ne 0) {
$colDiscoveries | foreach {
Write-Host " Discovery:";
$config = [xml] ("" + $_.DataSource.Configuration + "");
#check wether Discovery uses membership rules
$intMembershipRuleCount = $config.GetElementsByTagName("MembershipRule").Count;
If($intMembershipRuleCount -gt 0){
If ($intMembershipRuleCount -ge $intMembershipRuleThreshold){
Write-Host " MembershipRules:" $intMembershipRuleCount -ForeGroundColor red;
} else {
Write-Host " MembershipRules:" $intMembershipRuleCount -ForeGroundColor green;
$intIndex = 0;
$config.config.MembershipRules.MembershipRule | %{
$intMembershipRuleExpressionCount = $_.GetElementsByTagName("Expression").Count;
If ($intMembershipRuleExpressionCount -gt 0) {
Write-Host " Membership Rule #$intIndex";
If ($intMembershipRuleExpressionCount -ge $intMembershipRuleExpressionThreshold){
Write-Host " Expression count:" $intMembershipRuleExpressionCount -ForeGroundColor red;
} else {
Write-Host " Expression count:" $intMembershipRuleExpressionCount -ForeGroundColor green;
$intMembershipRuleExpressionCount = 0;
$config = $null;
$intMembershipRuleCount = 0;
(ps. Save it as a script to use interactive User Input.)

Tuesday, June 29, 2010

SCOM: Agent Queue Size Script

A while ago I needed a script to adjust the SCOM Agent Queue size to make sure no auditing events were lost in case of a link failure between DC's and OpsMgr MS's.
So I created this script to do this for me.

If supports launching it from a Agent Task . The script gives a return code and quits before restarting the Health Service with a scheduled job, using 'at'.
Option Explicit

Dim blnForceRestart
Dim lngValue
Dim strComputer
Dim strManagementGroup

Const HKEY_LOCAL_MACHINE = &H80000002
blnForceRestart = False
strComputer = "."

Call Main

Sub Main()

Call GetParams()
WScript.Echo "Executing " & WScript.ScriptName
Call RegChange()

End Sub

Sub RegChange()
Dim objReg
Dim lngCurrentValue
Dim strKeyPath
Dim strValueName

Set objReg = GetObject("winmgmts:\\" & strComputer &"\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Management Groups\" & strManagementGroup
strValueName = "MaximumQueueSizeKb"

objReg.GetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, lngCurrentValue

If IsNull(lngCurrentValue) Then
WScript.Echo "An error occured while reading registry key."
WScript.Quit 201
End If

If CLng(lngCurrentValue) <> lngValue Then
objReg.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, lngValue
WScript.Echo strValueName & ": " & lngCurrentValue & " changed to " & lngValue
Call ScheduleRestartHealthService()
WScript.Echo "Current value '" & lngCurrentValue & "' matches parameter value: " & lngValue
If blnForceRestart Then
WScript.Echo "Restart of HealthService forced."
Call ScheduleRestartHealthService()
End If
End If
End Sub

Sub ScheduleRestartHealthService()
Dim dtmTime
Dim dtmScheduleTime
Dim objShell
Dim intMinutesDelay
Dim intReturn

Set objShell = CreateObject("Wscript.Shell")
dtmTime = Now()
If Second(dtmTime) < 50 Then
intMinutesDelay = 1
intMinutesDelay = 2
End If
dtmScheduleTime = FormatDateTime(DateAdd("n",intMinutesDelay,dtmTime),4)
WScript.Echo "Scheduling a HealthService restart for " & dtmScheduleTime
intReturn = objShell.Run("at " & dtmScheduleTime & " cmd /c " & Chr(34) &_
"net stop healthservice && net start healthservice",0,False)
If intReturn > 0 Then WScript.Quit Clng(intReturn + 500)
End Sub

Sub GetParams()
If Wscript.Arguments.Named("mgmtgrp") <> "" Then
strManagementGroup = Wscript.Arguments.Named("mgmtgrp")
WScript.Echo "Missing 'mgmtgrp' argument"
WScript.Quit 101
End If

If WScript.Arguments.Named("sizekb") <> "" Then
lngValue = CLng(WScript.Arguments.Named("sizekb"))
lngValue = 15360 'Default value
WScript.Echo "Using default Queue Size, " & lngValue & " kB."
End If

If WScript.Arguments.Named.Exists("forcerestart") Then
blnForceRestart = True
End If
End Sub

Thursday, June 24, 2010

SCOM: System Center Operations Manager R2 Unleashed - Review - A GREAT Supplement

A few weeks ago I got my copy of the supplement to the book 'System Center Operations Manager 2007 Unleashed', called 'System Center Operations Manager 2007 R2 Unleashed'.

I love the 'Unleashed' books for SCCM and SCOM and couldn't wait to get my hands on this one. As I blogged a while ago, this book contains a lot of updates compared to the first book. This blogpost is a my personal review about the contents and as far as I know my first public book review.

This book is writen by the same authors as it's big brother. Along with many other SCOM specialists they managed to create a very useful and practical technical add-on. It's really loaded with in-depth information.

Why I think you should get this book:
  • A lot of best practices & examples
  • A convenient and clear summary of updates/changes on SCOM since its introduction
  • A great chapter about X-plat/Cross-platform monitoring, including a walkthrough and examples with 3rd party management packs!
  • All you need to know about Windows 2008 and System Center Operations Manager R2, it's there
  • Nice writing about upgrading SQL 2005 to SQL 2008
  • Everything you need/wanted to know about the OpsMgr PowerShell Extensions
    Including: practical documentation, examples and performance enhancements
  • A virtualization update about managing virtual infrastructures
  • Nice chapter about MP Authoring. I think this can help a lot of SCOM admins with creating management packs.
  • Many best-practices SCOM admins can find on the web are finally grabbed together in this "fat pocket guide"
  • Nice examples (SQL queries & Powershell)
  • Cross-platform in a nutshell
  • It's clearly visible the authors worked together with the known MVP's and other specialists. The MP cook down practices are a great example of this.
  • The book has answers to most of the questions that can arise with managing SCOM, like performance, scaling, backup & recovery.
  • Nice appendix with more up-to-date MP tuning tips (compilation of which moved to
Small ;) Cons:
  • VMM promo. The virtualization chapter takes the reader along the features of VMM integration with OpsMgr. It's a nice promo & walkthrough, but it would be nice to also see more of Bridgeway's of Veeam's MP. I must say the authors did a great job showing some features of the VMM MP, of which you could benefit when you use VMware virtualization technology without vCenter. (I think this could be an item of the pros list ;) )
  • The pages could use some chapter - paragraph header info. Because of the information load, it's nice to know where you're at :D (like the original book)
  • I think adding extra in-depth information about creating and using Reports is the last item that's missing for a SCOM admin to be fully equiped. This book contains a paragraph about the R2 enhancements and using a linked report in the Authoring Console. It would be nice to add some best-practices/guides about getting more from the Reporting feature like they did in the chapter about the PowerShell Extensions chapter. More examples like in the previous book would be nice!
  • On page 13 it states the R2 version of the Windows Service Management Pack template enables wildcard entry to select multiple, similarly named services. I'm still searching for this, but haven't been able to use wildcards with this template besides using the WmiProviderWithClassSnapshotDataMapper.

Book 'Rollup': Very Healthy

Great book for every SCOM admin and author. I think this is a piece of equipment every SCOM admin should have in his/her toolbox. Along with the 'System Center Operations 2007 Unleashed' book of course.

Friday, June 4, 2010

SCOM: Get-UserRole Views (PowerShell)

Currently I'm working on a OpsMgr Shell script to output the allowed Views for User Roles.

Current status: Working from User Role perspective to output views. Too bad, the folder hierarchy has to build from another perspective. There's a challenge!
$mgmtgrp = (Get-ManagementGroupConnection).ManagementGroupGet-UserRole | Select -First 1 | foreach { If($_.IsScopeFixed -ne $true){Write-Host "--"$_.DisplayName"--"$_.Scope.MonitoringViews | foreach { $arrViews += @($mgmtgrp.GetMonitoringView($_.First).DisplayName)}$arrViews = $arrViews | Sort-Object$arrViews$arrViews = $null}}

Wednesday, June 2, 2010

Syntax Highlighting Feature

I'm running this blog for 1,5 years now, and I thought it was time to add a little bling feature.

$message = "So, for better readability,"

Dim strMessage="from now on all my code examples..."

are presented with syntax highlighting"
    Cool features
  • syntax highlighing for a lot of different code types: see here

  • code view

  • code copy

  • code printing

See SyntaxHighlighter for more information.

Powershell Example:
# SCOM Shell Script
#Returns all User Roles matching given DisplayName and show the User Role members
Get-UserRole | Where {$_.DisplayName -match "Operator Team X"} | Sort-Object DisplayName | foreach { Write-Host "Role:" $_.DisplayName ; $_.Users | foreach { Write-Host " $_"}}

To view all code items use #Code label.

Monday, May 31, 2010

SCOM: Get-UserRole Group Scope (PowerShell)

Recently I wanted to document all the User Roles from a specific Management Group with their Group Scope and Views. Because their is no UI to see this quickly, besides scrolling through a list of disabled and enabled groups, I created this script.

SCOM PowerShell script for listing a User Role with it's Group Scope.
It returns all non-system* User Roles with a (sorted) list of groups from the Group Scope.
Stay tuned because i'm working on the 'Views' part.

Get-UserRole | Sort-Object DisplayName | foreach {If($_.IsSystem -ne $true){Write-Host "--" $_.DisplayName "--";If($_.Scope.MonitoringClasses -ne $null){$_.Scope.MonitoringClasses | foreach {Get-MonitoringClass -Id $_} | Sort-Object DisplayName | foreach {Write-Host "  "$_.displayName}}else{$_.Scope.MonitoringObjects | foreach {Get-MonitoringObject -Id $_} | Sort-Object DisplayName | foreach {Write-Host "  "$_.displayName}}}}
For better readability:
Get-UserRole | Sort-Object DisplayName | foreach { 
  If($_.IsSystem -ne $true)
    Write-Host "--" $_.DisplayName "--"
    If($_.Scope.MonitoringClasses -ne $null){
      $_.Scope.MonitoringClasses | foreach {Get-MonitoringClass -Id $_} | Sort-Object DisplayName | foreach {Write-Host "  "$_.displayName}
    } else {
      $_.Scope.MonitoringObjects | foreach {Get-MonitoringObject -Id $_} | Sort-Object DisplayName | foreach {Write-Host "  "$_.displayName}
For SCOM 2012
#SCOM 2012
Get-SCOMUserRole | Sort-Object DisplayName | foreach { 
  If($_.IsSystem -ne $true)
    Write-Host "--" $_.DisplayName "--"
    If($_.Scope.Objects -ne $null){
      $_.Scope.Objects | foreach {Get-SCOMClass -Id $_} | Sort-Object DisplayName | foreach {Write-Host "  "$_.displayName}
    If ($_.Scope.Classes -ne $null) {
      $_.Scope.Classes | foreach {Get-SCOMClass -Id $_ -Id $_} | Sort-Object DisplayName | foreach {Write-Host "  "$_.displayName}

* = These roles are specified as System Roles:
Operations Manager Administrators
Operations Manager Advanced Operators
Operations Manager Authors
Operations Manager Operators
Operations Manager Read-Only Operators
Operations Manager Report Security Administrators

For exporting and importing complete user roles, see

SCCM: Configuration Manager vNext Beta released!

Microsoft released the beta for ConfigMgr vNext last week!

If you want to take a tour to see what's new in the next generation of Configuration Manager, join the beta program:
MVP Jannis Alink, visited MMS2010 and blogged about some new features

There are 3 main pilars:

User centric application management - Empowering Administrators to define intent, and end users flexible access to the right application at the right time
  • Allow the administrator to think users first
  • Application management model to capture admin intent
  • End user self-service software portal
Infrastructure simplification – Simplify management infrastructure, processes and administrative overhead
  • Unified management across PCs and devices
  • New role based administration and end-user experiences
  • Automated content distribution and troubleshooting
  • Redesigned core infrastructure and improved scalability
Simplify Client Management – Daily tasks, model based configuration management and improvements over existing capabilities
  • Automated compliance remediation
  • Client health and auto remediation
  • Remote control enhancements
  • Offline servicing of OS images

SCCM: Configuration Manager R3 Beta available (Microsoft Connect)

For those, who for some reason, mist out on last months SCCM news. Since a few weeks SCCM R3 Beta has been released.
It's available through the Open Beta program. If you are a member of the Configuration Manager 2007 R3 Open Beta program you can download it at: |

(It's an evaluation version and can only be used on previous eval versions or fresh installs, not on live SCCM R2 systems)

Want to see what's new in R3, use the link!

SCCM: Issue with Preloadpkgonsite.exe (SCCM Toolkit v2)

In my last blog post I described a list of new functionality coming with the new SCCM Toolkit v2.
John Marcum wrote a blog about using the tool 'Preloadpkgonsite.exe', updated in Toolkit v2.

Using this tool can cause some distribution problems between the source and stored package. If you didn't specify '/UpdateStoredPkgVersion' on the cmdline, then it's possible the stored package version and the source package version are not the same.

Read more on:

Tuesday, May 4, 2010

SCCM: New ConfigMgr 2007 Toolkit (v2) available

Last week Microsoft released a new version of the SCCM toolkit. It's been a while since the last release in 2007, but there are some nice tools added to the toolkit. They aren't completely new as they were available earlier with the SMS 2003 Toolkit and updated for this toolkit.
The release also includes an updated Security Configuration Wizard Template for ConfigMgr 2007 SP2 and Windows Server 2008 R2.

Pack Contents:

Client Spy - A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on Configuration Manager 2007 clients.

Delete Group Class Tool - A tool used to remove inventory group definitions along with history data, tables, views and stored procedures for the group.

New in 2007: In addition to removing the entries in the GroupMap and AtttributeMap tables, Delete Group Class Tool also removes the inventory stored procedures, schema views and tables.

Desired Configuration Management Migration Tool - A tool used to migrate from the DCM Solution for SMS 2003 to DCM in ConfigMgr 2007.

Desired Configuration Management Model Verification Tool - A tool used by desired configuration management content administrators for the validation and testing of configuration items and baselines authored externally from the Configuration Manager console.

Desired Configuration Management Substitution Variable Tool - A tool used by desired configuration management content administrators for authoring desired configuration management configuration items that use chained setting and object discovery.

Management Point Troubleshooter Tool - A tool that checks a computer system before and after a management point installation to ensure that the installation meets the requirements for management points.

New in 2007: MP Troublshooter Tool can detect WebDAV rules and will provide simple automatic fix, which will help admin to correct issues like WebDAV authoring rules. Also supports Native Mode.

Policy Spy - A policy viewer that helps you review and troubleshoot the policy system on Configuration Manager 2007 clients.

Preload Package Tool - A tool used to manually install compressed copies of package source files on Configuration Manager 2007 sites.

New in 2007: Preload Package Tool now supports compressing packages before transferring them across the network. Supported Packages: Software Distribution Package, Virtual Application Package, Boot Image, Operating System Image, Operating System Install Package and Driver Package.

Security Configuration Wizard Template for Configuration Manager 2007 - The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server's role or roles, and disables functionality that is not required. The Configuration Manager 2007 Service Pack 2 Security Configuration Wizard template supports new site system definitions and enables the required services and ports.

Send Schedule Tool - A tool used to trigger a schedule on a Client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.

New in 2007: Send Schedule Tool can now trigger DCM Baseline evaluation.
The former VBS file has become a executable.

Trace32 - A log viewer that provides a way to easily view and monitor log files created and updated by Configuration Manager 2007 clients and servers.
I haven't noticed a difference yet between the previous version and this 'new' version, besides an increased version number ;)

More info:

(Link on SCCM Technet site is dead :)

Thursday, April 15, 2010

nWorks VMware Management Pack DONT'S

Last week i was focussing on optimizing the nWorks VMware Management Pack. (version

Running the query below, showed that this MP is really a data dumper:
SELECT TOP 50 AlertStringName, AlertStringDescription, AlertParams, Name, SUM(1) AS
AlertCount, SUM(RepeatCount+1) AS AlertCountWithRepeatCount
GROUP BY AlertStringName, AlertParams, Name

You could also use the new report, Data Volume by Management Pack, available through the new SCOM R2 management pack,System Center Core Monitoring, version 6.1.7599.0. (

I disabled any VM monitoring activities from nWorks, because the VM's were already monitored through a SCOM Agent. This can be configured through the nWorks Management Console. It's just a mather of deselect the checkboxes for VM's. As this screenshot shows:

But still, the nWorks MP was spitting out a lot of alerts coming from Virtual Machines', like CPU and MEM thresholds.

Disabling discoveries for VM's, or not?

Seeing this, i thought disabling the discovery for any VM based object would do the trick.
So i disabled the discovery 'SV100 first stage discovery' for the class 'nWorks Collector' and the class 'VM'.
Hhm yeah right.

After doing this i lost ALL nWorks discovered objects. It apeared this discovery is linked to all discovered objects and not just the VM/Virtual Machine object. :(
So this is really a NO NO. The 'SV100 first stage discovery' discoveres all objects and relationships.

Deleting and Re-importing the nWorks VMware MP

I decided a reimport would be best.
I made a backup of the customizations Management Pack linked to the nWorks VMware MP and deleted it.
Then i deleted the nWorks VMware MP itself.

And then. Nothing.... Nothing?? Well, deleting this specific Management Pack deletes all MP related objects from the database. This resulted in locking the OperationsManagerDB for 40 minutes.
So beware of this.

After this i gave the OperationsManagerDB the necessary days to groom itself and then reimported the nWorks VMware MP and the customizations Management Pack.

Why the MP still monitors the VM's, even this is disabled through the nWorks Management Console, that's the question. I will follow up on this one.

Thought this info could be handy for some situations.

Sunday, March 21, 2010

SCOM: SecureStorageBackup.exe password failed from command line

A short (simple/funny) blog about using SecureStorageBackup.exe from the command line.

Tonight i was doing a (lab) restore for a SCOM 2007 R2 environment. After the initial install for that management group i made a backup of the encryption key with SecureStorageBackup.exe. Then, as a well raised IT-guy, i used a strong password with some great non-standard characters.

The restore process...

After restoring my OperationsManager database, i had to restore the encryption key using SecureStorageBackup.exe.

There a 2 modes for using SecureStorageBackup.exe.
  1. GUI, just start the executable from Windows Explorer. A wizard will take you through the steps required.
  2. Command Line, open command prompt and run the executable from there. Use the syntax:
    • SecureStorageBackup.exe Backup|Restore
I'm a fan of using the command line, so i did just that. But my password wasn't working. First i thought i had the wrong password. But then i remembered that using the command prompt some special characters do NOT work for passwords, like the dollar ($) sign.

So don't give up right away when you're trying to restore your encryption key and it fails. It might be something rather stupid as using special unsupported character in your encryption key password. Just use the GUI mode. click click....

Saturday, February 27, 2010

New Core MP for SCOM R2

Just came across two very interesting and detailed blogs by Marnix Wolf about the core MP update for SCOM R2.
Marnix really did a great job showing all what's new!

Part 1 - Core Monitoring Reports
Part 2 - Agent Management (nice!)

Configuring OperationsManagerDW grooming

Last week i did some maintenance on a Operations Manager 2007 R2 Data Warehouse. Because this piece of OpsMgr maintenance is sometimes 'forgotten', i thought it would be nice to blog about this.

After this initial deployment, there has not been much maintenance. Thanks to the integrated maintenance jobs through the Operations Manager 2007 internal management pack library and having enough disk space, no actual problems did arise.

You should, probably, know that an out-of-the-box deployment of OpsMgr 2007 keeps the collected information in your Operations Manager Datawarehouse for 400 days.

Using the sizing tools from Microsoft and from books like 'Unleashed' you can calculate how much disk space you would need keeping 400 days of historical information.
Also keep in mind the backup method you will need to use, because of the rather large database files. Always consult the Database Administrator for your implementation and maintenance plans.

When a company starts of with OpsMgr 2007 with a number of 500 agents and no known future company aquisitions no problems arise. But when that company begins to expand and more agents are becoming managed by this management group, you should really do some recalculation of the your database growth for your OperationsManagerDW as well as for your OperationsManager DB. There are some pretty handy built-in reports in Operations Manager you can use to see the daily growth. Also use the Operations Console Monitoring views to view the Database Size performance counters.

If you find that the current span of historical data is not right and has to be modified there a multiple ways for doing this.

The old way: Using a sql queries and stored procedure
The new and easier way: Using a simple tool, dwdatarp.exe

I prefer the new and easier way for obvious reasons :). I you don't want to wait for the next groom workflow, run the procedure 'p_partitioningandgrooming' on the SQL database.

Within the next two weeks i'll be performing a OperationsManagerDW relocation. Of course I'll post the details and my experiences with this actions. Note that a complete 'OpsMgr shutdown' is neccesary to do this, so your agents should be configured with enough cache memory to hold on.

Wednesday, January 27, 2010

SCOM: System Center Operations Manager R2 Unleashed - status update

The authors of SCOM 2007 Unleashed have posted an update for the release of the book System Center Operations Manager R2 Unleashed.

The 'Unleashed' books have always been a favorite of mine. Let's hope that this upcoming release is as good as its predecessors.

A copy from their Space:

System Center Operations Manager 2007 R2 Unleashed - a supplement to the earlier System Center Operations Manager 2007 Unleashed - is announced for availability mid-March 2010. As a supplement, the R2 ebook includes 9 chapters of new material covering OpsMgr 2007 R2 and additional topics not in the first book. Here's the chapter lineup:

1. Introduction and What's New
2. Unix/Linux Management: Cross Platform Extensions
3. Operations Manager 2007 R2 and Windows Server 2008
4. Using SQL Server 2008 in OpsMgr 2007 R2
5. PowerShell Extensions for Operations Manager 2007
6. Management Solutions for Small and Midsize Business
7. Operations Manager and Virtualization
8. Management Pack Authoring
9. Unleashing Operations Manager 2007

Appendix A. OpsMgr R2 by Example

Appendix B. Reference URLs

Appendix C. Available Online

Chapter 9 includes a "deep dive" into managing distributed environments, high availability, business continuity, the new Visio add-in, going beyond the basics of ACS, network monitoring using distributed applications, and targeting.

SCOM: Cumulative Update 1 for System Center Operations Manager 2007 R2

 Microsoft released Cumulative Update 1 for System Center Operations Manager 2007 R2. Many things have been fixed with this update.

Here the list as posted on the Microsoft website:
  • The Product Knowledge tab is displayed as the Company Knowledge tab after you import a language pack for System Center Operations Manager 2007 R2.
  • An agent cannot be removed successfully from a Windows Cluster service node.
  • The Heathservice.exe process on a Windows Cluster service passive node may have excessive CPU utilization.
  • The Healthservice.exe process may crash when it uses the OLE DB module.
  • The workflows that use the OLE DB data source may unload themselves if the underlying provider returns a null string or an empty string.
  • An instance of the MonitoringHost.exe process may cause a memory leak in nonpaged pool memory.
  • The notification subscriptions do not work if they are configured to parse a CustomField field or an AlertOwner field.
  • The Operations console loses the status as the current object that is in focus when a search filter is applied.
  • The SRSUpdateTool.exe process returns an error that states “Failed while updating registry entry for reporting code MSI component” when you try to upgrade SQL Reporting Services 2005 to SQL Reporting Services 2008.
  • The Operations Manager UI may crash when the Connector column and the Forwarding Status column are added to an Alert view.
  • The agents may re-process old Windows event log entries and then incorrectly generate alerts for these events that are not new.
  • Health state reliability fixes and improvements.
  • The Operations Manager Audit Collection Service (ADTServer.exe) does not start on an ACS Collector if the operating system is upgraded to Windows Server 2008 R2.
  • In a performance report that is exported, the list of object instances is not displayed.
Official Microsoft KB:

Kevin Holman (Microsoft) has done extensive research. See his blog for an upgrade plan & and what other users are experiencing:

SCOM: Registry discovery on 64 bit OS

When you're running 32 bit applications on 64 bit servers with a 64 bit SCOM Agent, you really should read this post. Same goes for people who wonder why their discovery does work on 32 bit servers and not on 64 bit servers.

32 bit Application on 64 bit OS

When a 32 bit application is installed on a 32 bit Windows OS, the registry keys are usually writen to :

This changes when the OS is a 64 bit version.
Then a 32 bit installation sets its registry keys in:

Attribute Discovery
This is tricky when you don't know if one or both of these scenarios exists in your environment. There is more than one solution for your attribute discovery. (SCOM 2007 R2 is required for solution #2).
  1. Copy the right child keys from the key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ to HKEY_LOCAL_MACHINE\Software\
  2. Add an extra XML element to the Registry Discovery in your MP to make a '32 bit discovery' work on a 64 bit Agent.
  3. Use a VBScript for the discovery in which you have multiple ways of checking for CPU Archicture en reading registry keys
I will show you how to use solution 2. If you also would like to see how to work with solution 3.

Enable the Discovery using the 32 bit part of 64 bit registry
  • Open your Management Pack with a text editor, e.g. notepad.exe
  • Go to Discoveries section
  • Search for the Discovery in which you want to enable 32 bit discovery
  • Within the section , add the following XML element
    • <registryview>32bit</registryview>
  • Save your Management Pack
  • Done!
In XML it will probably will look like this:

As other users have already noticed: If you make a change to the attribute from the Operations Console or Authoring console, the RegistryView element is deleted. So watch out for that!

See also:

Wednesday, January 20, 2010

SCOM: Creating and Using Dynamic Groups

Today i stubled upon a, somewhat older, but rather interesting blog post of Raphael Burri. He wrote an extensive article about creating dynamic groups in Operations Manager and what the impact is on the Root Management Server (RMS).

Raphael created some pdf's with examples of how you can create more advanced membership rules for dynamic groups.

When you use the Operations Manager Console for creating groups you may find that you're pretty limited in using more complex constuctions, like using contains/not contains expression in the membership element clauses.

Instance and Computer Groups

When you look closer to the XML code that is created when exporting a MP with a 'OC'-created Group in it, you will notice that those groups are always instanced from the InstanceGroup class.

Taking a peek at all your groups in the OC, shows Computer Groups besides the Instance Groups. What's the difference? The icon :P and the relationship type. A Computer Groups only contains computer whereas an Instance Group can contain all types of objects.
Micrsoft uses both Group type in various management packs, like the IIS and Exchange 2007 MP.

Asking around gives me the impression almost everybody is just using Instance Groups. But DO know that other group types (classes) are available.

Link to Raphael Burri's post: