Scombag

  • Try this small powershell script……

    #Connect to the SCOM 2012 Management Group
    $ScomServer = ‘insert scom server hostname here’
    Import-Module OperationsManager
    $MGConn = New-SCOMManagementGroupConnection -ComputerName $ScomServer

    #Retrieve the Microsoft.EnterpriseManagement.ManagementGroup object for the current management group.
    $MG =…[Read more]

  • Just trying to verify the use of Agent Proxy setting on a SCOM agent, I always thought it was used for agentless monitoring but someone recently advised that this setting needs enabled for various MPs like AD and Exchange,if it is not enabled then the agent will only be discovered by SCOM as being in the Windows Server class and will not allow the…[Read more]

  • That’s what it was, many thanks for the prompt feedback!

  • Hi I am running SCOM 2012 SP1 management group, i am a SCOM admin and have another user who is also a SCOM admin.
    We have a view setup in the console for all closed alerts.
    There is a particular closed alert that I can search for using the hostname and it returns ok. When he does the same nothing returns, but if he enters the name of the Alert it…[Read more]

  • @Soren Excellent thank you! now working a treat

    @Stanislav I apologise I can assure you I am not doing this on purpose, I have now realised how to use the forums and will post on there in the future.

  • Thanks for the prompt response
    I am getting the following error when running this query

    Msg 102, Level 15, State 1, Line 1
    Incorrect syntax near ‘100’.

    Oh and how would I do a group by on all the fields? Afraid I am not skilled in compiling sql queries.

  • Ok tried to post this under Operations Manager by selcting this category when publishing the post, it is still showing up under general so not sure what I am doing wrong!

    Apologies

  • Hi,

    Is anyone aware of a report or SQL query that I can run to get the history of a particular alert i.e. when it has fired and what computers it has fired on?

    • Ok tried to post this under Operations Manager by selcting this category when publishing the post, it is still showing up under general so not sure what I am doing wrong!

      Apologies

    • Your creating a blog post, this would be more suited for the forums 😉

      But regardless, here’s a quick and dirty Query for the datawarehouse:

      SELECTTOP (100)adt.Owner,

      adt.TicketId,

      alt.AlertName,

      alt.AlertDescription,

      alt.Severity,

      alt.Priority,

      alt.Category,

      alt.RaisedDateTime,

      alt.RepeatCount,

      vManagedEntity.DisplayName,

      vManagedEntity.Name,

      vManagedEntity.Path

      FROMAlert.vAlertResolutionStateASarsINNERJOIN

      Alert.vAlertDetailASadtONars.AlertGuid=adt.AlertGuidINNERJOIN

      Alert.vAlertASaltONars.AlertGuid=alt.AlertGuidINNERJOIN

      vManagedEntityONalt.ManagedEntityRowId=vManagedEntity.ManagedEntityRowId

      WHERE

      alt.AlertName=‘Available Megabytes of Memory is too low’

    • Oh and you might want to do a Group by on all the fields in the select otherwise you will see duplicates, guessing it’s due to multiple records for each alert to track state changes etc.

    • Thanks for the prompt response
      I am getting the following error when running this query

      Msg 102, Level 15, State 1, Line 1
      Incorrect syntax near ‘100’.

      Oh and how would I do a group by on all the fields? Afraid I am not skilled in compiling sql queries.

    • The Query is missing some Spaces after i posted it, perhaps this works:
      Top (100) will only select the first 100 records so remove this to get everything.
      As for modding the Query, if your not comfortable with SQL then run the Query, export to Excel and you can Work you magic there, there’s a “copy with headers” function in the result table in SQL MS. (Right click the headers)

      SELECT TOP (100) adt.Owner,

      adt.TicketId,

      alt.AlertName,

      alt.AlertDescription,

      alt.Severity,

      alt.Priority,

      alt.Category,

      alt.RaisedDateTime,

      alt.RepeatCount,

      vManagedEntity.DisplayName,

      vManagedEntity.Name,

      vManagedEntity.Path

      FROM Alert.vAlertResolutionState AS ars INNER JOIN

      Alert.vAlertDetailASadtONars.AlertGuid=adt.AlertGuid INNER JOIN

      Alert.vAlert AS alt ON ars.AlertGuid=alt.AlertGuid INNER JOIN

      vManagedEntity ON alt.ManagedEntityRowId=vManagedEntity.ManagedEntityRowId

      WHERE

      alt.AlertName=‘Available Megabytes of Memory is too low’

    • and more Spaces missing in the 2nd line under FROM :)

    • SCOMbag you are always creating blogposts for questions. Please always use forums if you have questions.

    • @Soren Excellent thank you! now working a treat

      @Stanislav I apologise I can assure you I am not doing this on purpose, I have now realised how to use the forums and will post on there in the future.

  • Hi,

    At present I use the command channels in SCOM to output alert information to a text file, what I’ve noticed is that some MPs have monitors and rules that trigger alerts with the originating server hostname […]

  • Doh! Yes this was indeed a custom view that I had created in another management group a long time ago, hence the reason I thought it came out of the box. Thank you for the reminder gentlemen! I was able to manually add this view into the console.

  • Recently installed SCOM 2012 SP1 and noticed that the Closed Alerts view is missing from within the Monitoring node underneath the Active Alerts view, anyone seen this before?

    • I don’t think this is a built-in view. I’ve always had to create it myself.

    • I can’t recall ever seeing a “closed alerts” view…are you sure that’s not something you’ve manually created?

    • Doh! Yes this was indeed a custom view that I had created in another management group a long time ago, hence the reason I thought it came out of the box. Thank you for the reminder gentlemen! I was able to manually add this view into the console.

  • Just installed SCOM 2012 SP1 management group and noticed that the Closed Alerts view is missing from under the Active Alerts View in the Monitoring Node, anyone seen this before?

  • Hi,

    At present I use the command channels in SCOM to output alert information to a text file, what I’ve noticed is that some MPs have monitors and rules that trigger alerts with the originating server hostname […]

  • The rule script was listing the rules but not closing them, a colleague of mine took a look and amended the script as follows to get it working, he also added some additional code to output if no alerts are present

    #Operations Manager module import
    Import-Module OperationsManager
    write-host “Getting all alerts generated by Rules for the…[Read more]

  • Curt you are the man!, this is awesome, thanks for your rapid response. I am sure many people will find this very useful, myself included.

  • Is anyone aware of a script or utility to close all alerts that relate to a specific management pack for SCOM 2012?

    • interesting. I don’t know of anything, but I’m sure it can be scripted, so here goes.

      my first reaction is that for alerts generated by monitors, you’d probably want to reset the health of those monitors as well as –or instead of– closing the alerts.

      the alerts don’t tell you what management packs they are in, but they tell you the GUID of the rule or monitor that caused them. now, assuming you follow awesome naming convention practices, your management pack ID should be in the ID of all your rules and monitors, and you can close the alerts based on the rule or monitor ID/name.

      if you don’t follow awesome naming convention practices, there are other options. once you identify the rules and monitors, they both have a method called “getmanagementpack”.

      so as an example, let’s close all open alerts created by rules in the management pack with displayname “EMC Storage Integrator Monitoring”, and list the names of the alerts we close.

      $rulealerts=get-scomalert | where {$_.ismonitoralert -eq $false -and $_.resolutionstate -ne 255}
      foreach ($rulealert in $rulealerts) {
      $rule=Get-SCOMRule -id $rulealert.monitoringRuleId
      if ($rule.GetManagementPack().DisplayName -eq “EMC Storage Integrator Monitoring”) {
      $rulealert.ResolutionState=255
      $rulealert.name}
      }

      for monitors, there are a couple of ways… we can find all unhealthy instances of classes monitored by monitors in a management pack and reset them, or we can parse through all alerts like we did with rules. I also like to assume that every monitor in the world closes its alerts when its health is reset. here’s the first way, for the same MP:

      $mpmonitors=Get-SCOMMonitor | where {$_.getmanagementpack().displayname -eq “EMC Storage Integrator Monitoring”}
      foreach ($mpmonitor in $mpmonitors)
      {
      $monitoredclass=get-scomclass -name $mpmonitor.target.Identifier.Path
      $unhealthyinstances=get-scomclassinstance $monitoredclass | where {$_.HealthState.value__ -gt 1}
      foreach ($unhealthyinstance in $unhealthyinstances){
      $unhealthyinstances.ResetMonitoringState($mpmonitor)
      }
      }

       

      you could spruce these up with parameters and whatnot, but I think they will accomplish what you want (that is to say, they worked in my testing, but your mileage may vary :) ).

       

    • that last line should be $unhealthyinstance.ResetMonitoringState($mpmonitor) (not ‘instanceS’)

    • Curt you are the man!, this is awesome, thanks for your rapid response. I am sure many people will find this very useful, myself included.

    • The rule script was listing the rules but not closing them, a colleague of mine took a look and amended the script as follows to get it working, he also added some additional code to output if no alerts are present

      #Operations Manager module import
      Import-Module OperationsManager
      write-host “Getting all alerts generated by Rules for the INSERT MP NAME” -foregroundcolor magenta

      $rulealerts = get-scomalert | where {$_.ismonitoralert -eq $false -and $_.resolutionstate -ne 255}
      $i = 0
      foreach ($rulealert in $rulealerts) {
      $rule = Get-SCOMRule -id $rulealert.monitoringRuleId

      if ($rule.GetManagementPack().DisplayName -eq “INSERT MP NAME”) {
      $i++
      “Closing alert rule – ” + $rulealert.name + “….”
      $rulealert | set-scomalert -ResolutionState 255
      }
      }
      if ($i -eq 0){
      write-host “No open rules for INSERT MP NAME found at this time” -foregroundcolor yellow
      }

    • ah.  “$rulealert.ResolutionState=255” changes the resolutionstate column to ‘closed’ if I view the alert in powershell, but apparently doesn’t actually update the alert in scom. I found some other articles online that use this method, and I just needed to follow it up with $RuleAlert.Update(“”) to actually get it to update the alert in scom.

      if ($Rule.GetManagementPack().DisplayName -like “*EMC*”)
      {
      $RuleAlert.ResolutionState = 255
      $RuleAlert.Update(“”)
      }

      i’m not sure why the Update method requires an argument, but oh well.

      there’s also a “Resolve-SCOMAlert” cmdlet we could have used.

      $RuleAlert | Resolve-SCOMAlert

       

  • Is there a way to determine who imported a Management Pack into the SCOM Console?

    I tried looking at Operations Manager event log but the logs have been cleared for the date that the MP was imported on.

  • I have had a request from our SQL dba’s to to target an override at a group of  sql user
    databases which are being mirrored or are part of the always on group for SQL
    2008 and SQL 2012. Is there a good way to do this rather than targetting them one by one. I cannot see a suitable class/object to target.

     

  • Hi Scott, appreciate your response. Don’t think targeting a group with a single server will work because it is my understanding that for SCOM 2007 R2 you need to target the override at the RMS and for SCOM 2012 you need to target the RMS emulator as this is where the correlation engine for the Exchange MP runs.

  • It seems you are restricted when applying overrides to Exchange 2010 servers with SCOM 2007 and SCOM 2012. Example:-You have multiple exchange servers in different sites but a single SCOM management group. You can’t target overrides at specific Exchange servers as you need to target the RMS because the correlation engine runs here meaning you have…[Read more]

  • Load More