SCOM Agent Tasks “A hidden gem”

Back in the days when I started working with MOM 2005 (Microsoft Operations Manager 2005) I was hired to work with MOM 2005 daily as a MOM Administrator.

I was responsible for monitoring and therefore my privileges where most of the time slim to none on remote servers.

This was a hassle to get even the simplest information from the remote system and hated sending in a request to wait a couple of days just to get a service name or event.

Ever since I started working in the IT I always strive to make my life as easy as possible and avoid hassle and repetitive actions as much as possible.

This led me to scripting and finding ways of getting things done with the least amount of hassle.

One of the things we (my colleague Johan Moritz and I )discovered was in MOM 2005 the agent most of the time was running with high privileges, making it possible to run stuff as tasks on the agent ! Hot smile

This was for us the way to write tons of handy scripts which could be executed at the agent to gather information.  Since we both live by the rule “Try harder!” we figured out ways to do pretty much anything Winking smile

Some side note in MOM  2005 Security was less secure than today but the fundamentals still work.

 

The idea about this blog post is to gather information within SCOM 2012 R2 environment more easily and make SCOM work for you.(As should any IT related system in my opinion)

I have stumbled upon numerous MOM /SCOM environments talking with many different administrators from rookies to advanced and still I am amazed to find people doing stuff repetitive, manual and with a lot of hassle.

But for now just focus on retrieving information for a SCOM Administrator responsible for monitoring.

Aside from day to day maintenance you will get requests for monitoring extra applications.

Now the request most of the times is:

App Owner: “We want monitoring!”

SCOM Admin: ”Nice! But what do you want to monitor?”

App Owner: “Well our application! Isn’t that obvious?” Looking a little annoyed “ Yeah and some cool views a dashboard and reporting as well!”

SCOM Admin: “Ok but let’s start with the basics. I need to know the components like Services, Events, urls, databases, servers etc. which make up the application”

App Owner: Drops a list on your desk with server names and runs off again yelling “I want it done by tomorrow!”

If this sounds familiar let’s continue reading:

 

To gather this information yourself from SCOM (obviously an agent needs to be installed!)

Retrieve Services

There is a nice task list services which you can use to list all services! Nice! Let’s do this and write a service monitor!

After creating the monitor you quickly discover you need the Name of the service and not the display name of the service which makes this task useless.

 

Now to create a quick overview on services in PowerShell :

get-service |select DisplayName, Name, Status |Sort-Object DisplayName |ft –AutoSize

image

now how to get this in a task?

image image

Create New Task:

Agent Task\CommandLine

Task Name: _List Services

Target: Windows Computer

You can off course change the target to a other scope,but since we wants this to run on every Computer we choose Windows Computer Class.

Note! After saving the tasks you cannot change the target from the console! You need to re-create or adjust the xml to change the Target!

 

image image
Command:

%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe

Parameters:

get-service |select DisplayName, Name, Status |Sort-Object DisplayName |ft -AutoSize

and the end result

The command will always be the location of the PowerShell executable :

%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe

The parameters is the PowerShell one liner and that’s IT!

Not this is just a simple example but you can run nearly every command and output to the Task Output window>

 

Retrieve Eventlog

This one is more tricky you could start the Computer task Computer Management. Now this is a console task which means the task runs on the server or computer where you are running your console.

Accessing the eventlog this way requires access to the remote computers eventlog which will not work.

Again PowerShell and the Agent Task to the rescue.

Again create a new task as above ant he only line you need to change is the parameters part:

Get-EventLog -LogName ‘Operations Manager’ -EntryType Warning,Error -Newest 50 | Select EventID, Source, Message |fl

This will pull newest 50 warning or error events from the Operations manager Eventlog

image

you can change the PowerShell one liner anything you want to “read” the eventlog on an a server! Smile

 

Now you can test for yourself with any PowerShell one liner and fully take advantage of the Agent tasks without requiring access to the server itself!

You can query Websites, Web Application any Eventlog etc. which should make you life much easier.

And you can fully use the Power in PowerShell Smile

 

Additional Information

Stefan Roth back in 2013 wrote a MP with some tasks using scripts which is a slightly different approach and requires setting the executionpolicy and is more focussed on administrating SCOM http://stefanroth.net/2013/01/02/scom-2012-scom-task-collection-mp-v-1-0/

 

Happy Tasking!

Oskar Landman

3 thoughts on “SCOM Agent Tasks “A hidden gem”

  1. Profile photo of Cole McDonaldCole McDonald

    I’m having an issue of multiple personalities.  I have a customer server that we monitor.  I’d love to grab information from SCOM’s class instance to determine agent state (.IsAvailable), then based on that, issue stop/start service to the server.

    The problem I’m having is that of credentials.  I need one set for the SCOM query and another for the Server commands.  Is there a way to trick SCOM into looking at itself before running the command remotely with the correct credentials in both cases?

    It’s not specifically a task I’m asking about, but the mechanism is similar and this article is fantastic!  I’m attempting to run a gray agent self remediation as a timed command rule.  Is there a convoluted solution I could implement that would accomplish this from different spots in SCOM?  I’ll keep digging, but thought I’d ask in case anyone had already dealt with this question.

  2. Profile photo of Cole McDonaldCole McDonald

    For Reference, here’s the two pieces of the one liner:

    On the SCOM side, we need the class instance’s IsAvailable attribute and verify against that and the server name

    $hs = “healthservice”; $MS = “scom-server.domain.com”; $cn = “$env:COMPUTERNAME.$env:USERDNSDOMAIN”;  Get-SCClass -ComputerName $MS -name “Microsoft.Windows.Server.Computer” | Get-SCOMClassInstance -ComputerName $MS | Where-Object{ ($_.IsAvailable -eq $false) -and ($_.displayName -eq $cn) }

    Then the results need to be sent to the remote machine to stop/start the healthservice, note the pipe preceding… it should take any objects from the previous and pass them through if they exist, or not act if they don’t.

    | ForEach-Object {stop-service -ComputerName $cn -Name $hs; $(get-service -ComputerName $cn -Name $hs).WaitForStatus(“Stopped”); start-service -ComputerName $cn -Name $hs; $(get-service -ComputerName $cn -Name $hs).WaitForStatus(“Running”) }

     

    I have a standalone version of this script that takes a get-credentials and uses an invoke-command to handle the service restart… but My personal creds work to grab the SCOM info and the entered creds work to do the remote bits.

  3. Profile photo of HLHL

    Hi,

    Great post!

    I followed the guide to create SCOM task to get few windows services on all the agents installed computers, but i am not sure:-

    How can i ask the SCOM task to triggered at specific time that i want?
    Where do I see the result output?

     

Leave a Reply