SCCM: Get Drivers From Driver Packages (WQL)

I was searching for a way to list Driver Packages which contain Drivers. Why? I want to use Driver Packages without importing the drivers in SCCM.
Why? You can read about that here: http://hayesjupe.wordpress.com/sccm-osd-driver-best-practices/

I found an interesting script of Christjan which can detect differences in drivers between Driver Packages. The script contained the necessary WQL statements that I needed.

Here's the link to his script:
http://pr3m.pri.ee/blog/?p=653

Example WQL query for displaying the PackageID and Name of Driver Packages that contain drivers:

SELECT DPKG.Name,DPKG.PackageID FROM SMS_PackageToContent AS PTC

JOIN SMS_CIToContent AS CITC ON PTC.ContentUniqueID=CITC.ContentUniqueID

JOIN SMS_Driver AS DRV ON CITC.CI_ID=DRV.CI_ID

JOIN SMS_DriverPackage AS DPKG ON PTC.PackageID = DPKG.PackageID

SCCM: Task Sequence Import Fails with APPCRASH

Currently I'm working on automating the provisioning of SCCM environments.
One of the things that came along was exporting and importing Task Sequences between SCCM environments.
After automatically dealing with the package references I was ready to import them in the target SCCM deployment with my script.

Sadly, this didn't work. Even with the ConfigMgr Console it didn't work. As I was not presented with some kind of error, I searched the Event Viewer.

There I found multiple APPCRASH events (eventid 1000) on wmiprvse.exe.
So there had to be something in the Task Sequence export files that causes WMI to crash.

Many times WMI crashes because of bad queries or non-existing WMI classes, or ..... yep memory issues.

After (manually :'( ) comparing the two SCCM deployments, I found out I was missing the Microsoft Deployment Toolkit 2010 Task Sequence steps on the target SCCM deployment. After installing that, all issues were gone.

It would be nice though if the ConfigMgr console could present me with a simple error, stating that MDT was missing. Arghh.....

SCOM: Dynamic Group MaxDepth

This blog shows a trick to retrieve the right query depth when using contains/contained expressions in group membership rules.

If you don't know how these expressions work: Raphael Burri has an excellent blog about Dynamic Group Population: http://rburri.wordpress.com/2009/01/14/dynamic-group-membership-authoring-and-performance-impact-on-rms/

Whenever you use Contains or Contained (or their compliments NotContains or NotContained), you should use the attribute MaxDepth to save I/O on the RMS.

But how do you know what the MaxDepth is???

You could find this info in the Service Model from the Management Pack Guide. But not every MP Guide is equiped with a Service Model.
To overcome this, you can use the Group membership rule wizard (Query Builder) in the Operations Console.

In this example I want to group all IIS 7.0 Application Pools which are hosted on computers with a specific Computer Description. In most cases MaxDepth 1 will do, but not in this case.

For the Computer Description attribute I created an extended class based on Windows Computer. The attribute is filled with the value of a registry key found locally on the agent.

Let's see.....

Start the Create Group Wizard and go the the Dynamic Members tab:

Click Create/Edit rules and select IIS 7.0 Application Pool class and click Add:

Select the property drop down list and go to the last entry, which shows the host class. This shows that the IIS 7.0 Application Pool Class is hosted by the IIS 7.0 Web Server class.





















In the next steps select the parent classes until you reach the host class Windows Computer. For every host step, maxDepth is incremented.






So now you know that you'll have to use maxDepth="3" in Contains/Contained expressions on the Windows Computer class (or in my case a class which derives from this class).
The membership rule would look like this:

  $MPElement[Name="Windows1!Microsoft.Windows.InternetInformationServices.2008.ApplicationPool"]$
  $MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary6172210!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$
  
 
   $MPElement[Name="MyExtLib!MyExtLib.Windows.Computer.Extended"]$
   
  
    
   $MPElement[Name="MyExtLib!MyExtLib.Windows.Computer.Extended"]/Description$
    
    ContainsSubstring
    Web Server LOB1
  
   
 
  

Of course you can create groups based on the host properties, but sadly this doesn't work on derived classes.
If you do can work with the host properties, the membership rule can look like this:

  $MPElement[Name="Windows1!Microsoft.Windows.InternetInformationServices.2008.ApplicationPool"]$
  $MPElement[Name="MicrosoftSystemCenterInstanceGroupLibrary6172210!Microsoft.SystemCenter.InstanceGroupContainsEntities"]$
  
 
   
  
    $MPElement[Name="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer"]$
    $MPElement[Name="MicrosoftWindowsLibrary6172210!Microsoft.Windows.Computer"]/OrganizationalUnit$
  
   
   ContainsSubstring
   Web Servers
 
  

SCOM: Reserved Custom Attributes?

Today I came accross a post of Daniele Grandini in which he writes that the Exchange 2010 MP uses the Custom Attributes of alerts for it's internal Alert Correlation engine.

Why is this important to know? Custom Attributes can be used for notification purposes to send extra information.

I realised I know more Management Packs which also use these Custom Attributes. So here's a short list of the MP's:

• Microsoft Biztalk Server MP 6.0.6703.0: Custom Field 1


• Microsoft Group Policy 2003 MP (Converted): Custom Field 6


• Microsoft SCCM MP 6.0.6000.2: Custom Field 1 and 6


• nWorks VMware VEM MP 5.0.3.248: Custom Field 1 to 6 and 9, 10

This is what I came accross. It's possible these MP's use more custom attributes. Let me know when you want to add something to this list.

You can check this quickly by creating an alert view (MyWorkspace also possible), and show all alerts with a filter on custom attribute 1 to 10 with text '%'.

SCOM: Small edit for SCC Logical Disk Extension Management Pack

This blog post is about the SCC Logical Disk Extension Management Pack.

This MP is a real nice example of a combined forces from the System Center community. It contains some extra Logical Disk collection rules and two Logical Disk reports.

Using the MP is pretty simple, but i noticed two small things.
The parameter list to select a Computer Group is not sorted. Finding the right group between more that 300 groups can be a hassle. And after generating a report the Computer Group name is shown. But as many groups are created through the Operations Console, a Display Name would be nicer.

To change this I modified the RDL file directly and notified the creators of this MP. Remember that this is not the standard method for editing SCOM reports.

For sorting the computer groups...

I changed:

SELECT FullName, DisplayName
FROM OperationsManagerDW.dbo.vManagedEntity with (nolock) where Path is null and FullName not like '%:%' and DisplayName like '%Computer%'

To:

SELECT FullName, DisplayName
FROM OperationsManagerDW.dbo.vManagedEntity with (nolock) where Path is null and FullName not like '%:%' and DisplayName like '%Computer%'
ORDER BY DisplayName

And for the table footer...

I changed:

<value>=Parameters!Group.Value</value></textbox>

To:

<value>=Parameters!Group.Label</value></textbox>

I you want, you can download the RDL file here: https://sites.google.com/site/systemcentertechblogresources/scripts/Windows.LogicalDrives.FreeSpace.Report_MichielWouters_1.0.rdl?attredirects=0&d=1

SCOM: Get Overrides from Management Pack

Here's an example of how to retrieve all overrides from a specific management pack and get additional information about the overriden rule and override context.

Get-ManagementPack | Where {$_.DisplayName -match "Your Management Pack"} | Get-Override | % {Get-Rule -Id $_.Rule.Id | Select DisplayName
; Get-MonitoringClass -Id $_.Context.Id; Write-Host $_.Parameter: $_.Value}

To manage all your overrides you could use a tool like OverrideExplorer.

Searching for Management Pack authoring

Today I came accross a blog post of Brian Wren from Microsoft.
They're working on a better search solution for finding information focussed on System Center technologies.

Now information and examples are scattered around the internet on forums, blogs, technet, community sites and you name it.

The solution Microsoft is working on is called 'System Center Cloud Search'. It's using the Bing search engine with selected data sources to search in.

For now, the beta is focussed on Management Pack Authoring.

See the whole story here: http://blogs.technet.com/b/mpauthor/archive/2011/04/15/cloud-search-for-management-pack-authoring.aspx

Give it a shot to see if this works for you and help making it better!

SCOM: CU4 and Microsoft.SystemCenter.Library.mp 6.1.7221.61

This blog post is for those who updated SCOM with CU4 and have issues with the Authoring Console and Microsoft.SystemCenter.Library.mp version 6.1.7221.61.
-----------------------------
** Update: 08/09/2011 **
Microsoft published a KB-article which resolves this problem:
http://support.microsoft.com/kb/2590414
-----------------------------

After applying CU4, Microsoft.SystemCenter.Library management pack is updated.
When using the Authoring Console on MP's created in a CU4 Management Group, you are prompted for Microsoft.SystemCenter.Library.mp 6.1.7221.61.

But, the MP file is not available from the CU4 installation sources.

The management pack is updated trough the sql batch on the OperationsManager database, CU4_Database.sql.

DECLARE @ver nvarchar(25)

DECLARE @compare int

SET @ver = (SELECT Mpversion FROM ManagementPack WHERE MPName = 'Microsoft.SystemCenter.Library')

-- Update Microsoft.SystemCenter.Libarary MP directly via SQL

A thread about this is going on at the Microsoft forums: http://social.technet.microsoft.com/Forums/en-US/operationsmanagermgmtpacks/thread/45d6bac1-4b10-4f36-86de-2efea895fc94

There is an easy workaround mentioned on the forum by dbabob56:
After exporting you can change the version number.

FROM

      

        Microsoft.SystemCenter.Library

        6.1.7221.61

        31bf3856ad364e35

      

TO

      

        Microsoft.SystemCenter.Library

        6.1.7221.0

        31bf3856ad364e35

      

SCOM: Account specified in the Run As Profile cannot be resolved - Troubleshooting using SSID

Update for SCOM 2012: SCOM 2012 does have a cmdlet for getting RunAs profiles: Get-SCOMRunAsProfile. As one of the commenters below added, if you want to get the SSID's in SCOM 2012, then use the cmdlet 'Get-SCOMRunAsAccount'.

Get-SCOMRunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % { 
 $string = $string + "{0:X2}" -f $_}
 $_.Name;" $string"
}

Written for SCOM 2007...
Update:

#Don't forget to add the OM2007 snapin
add-PsSnapIn "Microsoft.EnterpriseManagement.OperationsManager.Client" 
New-ManagementGroupConnection -ConnectionString:"scommssrv"
set-location "OperationsManagerMonitoring::" 

Some management packs require configuration of Run As Profiles.
This means that you configure associations between classes/objects and Run As Accounts. Whenever a workflow from a management pack is instructed to use a Run As Profile it will only work when the targeted class or object of the workflow is associated with an account. And last but not least, the Run As Account should be distributed to the servers on which that class exists.

This blogs shows you some tips on how to troubleshoot alerts associated with these kind of things.

When you misconfigure the Run As Profile, the following alert can popup in your console:
Account specified in the Run As Profile ">RunasAccountProfile<" cannot be resolved.

With some extra info:

Management Group: ###
Run As Profile: Company.Product.Role.Application.ActionAccountProfile
Account SSID: 0025F224C5251A6F4EEE112ACD9F0EB07D9178AFB500000000000000000000000000000000000000

This alert tells you that you associated the runas account, but the agent that tries to use the account, did not actually receive the account credentials.
So either you add the server to the distribution list, or you reconfigure the runas profile associations with beter classes/objects.

But he! I can't find the specified Run As Profile 'Company.Product.Role.Application.ActionAccountProfile'. That's right. That's the Name property shown in the description. If you want to find the Run As Profile as it's showed in the Operations Console, you will need the DisplayName. For that we could use the Operations Manager Shell:

Get-RunAsProfile ... oh, that cmdlet does not exist :(

What more does the alert message say? This is interesting:
Note: you may use the command shell to get the Run As Account display name by its SSID"

We could use the SSID from the alert message. The Ops Mgr Shell does have a cmdlet for showing the Run As Accounts.
The only problem we have here, is that the SSID mentioned in the alert description is a string type value. Cmdlet Get-RunAsAccount shows us that the SSID is stored as a byte array in the property SecureStorageId. So we can't compare these types.

For that i've created this script. It gets all Run As Account, formats the byte array SecureStorageId property to a readable string, and show the Run As Account DisplayName with it's SSID.

Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % { 
 $string = $string + "{0:X2}" -f $_}
 $_.Name;"  $string"
}

PowerShell does not have built-in functions for formatting numbers, therefore you can use the .Net formatting methods.

With this in mind you could add a string comparison to only show a match when the Alert Message SSID correspands with the SecureStorageId string ($string).
If you need help with that, leave a message.

SCOM: Find Notification Subscriptions for Subscriber

What to do when you want to delete a subscriber in SCOM, but you can't because get an error like this:

The notification recipient is subscribed to at least one notification subscription.
Please remove it from all notification subscriptions before deleting it.
.....cannot be deleted as its currently in use.

To solve this you would have to browse manually through all your notification subscriptions. But how much time would that take.
With this PowerShell script it takes 2 seconds!

Get-NotificationSubscription | foreach {
 $ns = $_.DisplayName
 $_.ToRecipients | foreach { 
  If ($_.Name -match "John") {
   Write-Host $ns
  }
 }
}