Operations Manager 2012
Thursday, February 19, 2015
SCOM - Adding Alert Context to Emails
Operations Manager notifications work pretty well. There are several community solutions out there to enhance it, but many of us still use the out of the box notifications. Over the years I have noticed people asking about adding alert context to email, but never receive any good answers. The alert context is powerful, and depending on the alert can provide a ton of data. The variables we use in email is simply xml.
For example, Alert Name: $Data[Default='Not Present']/Context/DataItem/AlertName$
Notice the slashes? Dataitem is the essentially where all of the alert context data is located. Want to see EVERYTHING in there?
Simply do this:
$Data[Default='Not Present']/Context$
It will be different properties and data for each alert, and in some cases might be empty.
However, I have found it VERY useful to append to the bottom of the emails.
If you want to take a step further and actually see the different items in alert context, use powershell.
import-module OperationsManager
$a = Get-SCOMAlert | ?{$_.name -like "*SOMEALERT*"} | select -first 1
#All of the data
([xml]($a.context)).dataItem | fl *
#just one property
([xml]($a.context)).dataItem.Type
Anyway, short and simple, hopefully it helps someone.
Thursday, February 5, 2015
SCOM - Query Notification Subscription Data via SQL
First of all, lets take a look at the tables. My GUID search led me to the tables and columns below; this was very disheartening, but I kept moving forward.
- ManagementPack.MPRunTimeXML
- Module.ModuleConfiguration
- ManagementPack.MPXML
- ModuleType.MDTImplementationXML
- RuleModule
- ModuleType
- RuleView
SCOM notification essentially have 4 components:
- Channel - SMTP, command, SMS, etc. In the xml, this is actually called "Protocol".
- Subscriber - This is the recipient. A subscriber can have multiple addresses and protocols,
- Address - Email Address, phone number, command location. In the xml this is called "Device". Addresses are found as part of a subscriber.
- Subscription - The subscription is actually a SCOM rule that triggers based on the criteria specified. The rule module is where we find the components of the subscription we need.
Select r.RuleId, r.RuleModuleId, r.enabled, R.DisplayName,D.C.value('RecipientId[1]','varchar(4000)') SubscriberIdYou can filter this query to give you a single subscription Id by name, Id, enabled/disabled, etc.
FROM (
Select RuleId, rm.RuleModuleId, enabled, r.DisplayName, cast(RuleModuleConfiguration as XML) xmlquery
FROM
RuleModule rm
join RuleView r on rm.RuleId = r.Id
where r.Category = 'Notification'
and RuleModuleName = 'CD1'
) r
Cross Apply xmlquery.nodes('//DirectoryReference') D(C)
Subscriber and Device Query
The next query gets the subscriber and the subscriber's devices. When you run the query, rows may look like they are repeating. The row will repeat for each device. Because a subscriber could have an unknown number of devices, I did want to give variable columns counts. Therefore, you can use your own grouping and SQL magic to manipulate the results.
Select r.SubscriberName, r.SubscriberId,Complete Query of Subscriptions with Subscribers and Devices
D.C.value('Name[1]','varchar(4000)') DeviceName,
D.C.value('Protocol[1]','varchar(4000)') DeviceProtocol,
D.C.value('Address[1]','varchar(4000)') DeviceAddress
FROM (Select N.C.value('Name[1]','varchar(4000)') SubscriberName,
N.C.value('RecipientId[1]','varchar(4000)') SubscriberId,
n.c.query('.') as xmlquery
from (
Select cast(MDTImplementationXML as xml) Recxml
FROM [dbo].[ModuleType] mt
Where MDTName = 'Microsoft.SystemCenter.Notification.Recipients'
)a Cross Apply Recxml.nodes('//Recipient') N(C)) r
Cross Apply xmlquery.nodes('//Device') D(C)
Both queries can be used alone to provide good information. However, what I really wanted was a list of subscriptions and who those subscription go to. For this I combined the two queries to give a nice result set that I could use in an SSRS report. Once I wrote the SSRS report, I used SSRS URL parameters to call the report directly from a SCOM notification.
-- This is the 2 queries joined together to provide the data that we want
Select Subscriptions.DisplayName, Subscriptions.RuleId,
Case subscriptions.enabled When 0 Then 'No' Else 'Yes' End as SubscriptionEnabled,
Subscribers.SubscriberName, Subscribers.DeviceName, Subscribers.DeviceProtocol,
Subscribers.DeviceAddress
FROM (
--This is the whole subscriber query with Address
Select r.SubscriberName, r.SubscriberId,
D.C.value('Name[1]','varchar(4000)') DeviceName,
D.C.value('Protocol[1]','varchar(4000)') DeviceProtocol,
D.C.value('Address[1]','varchar(4000)') DeviceAddress
FROM (Select N.C.value('Name[1]','varchar(4000)') SubscriberName,
N.C.value('RecipientId[1]','varchar(4000)') SubscriberId,
n.c.query('.') as xmlquery
from (Select cast(MDTImplementationXML as xml) Recxml FROM [dbo].[ModuleType] mt
Where MDTName = 'Microsoft.SystemCenter.Notification.Recipients' )a Cross Apply Recxml.nodes('//Recipient') N(C)) r
Cross Apply xmlquery.nodes('//Device') D(C)
) Subscribers
Join
(--These are the subscriptions
Select r.RuleId, r.RuleModuleId, r.enabled, R.DisplayName,
D.C.value('RecipientId[1]','varchar(4000)') SubscriberId
FROM (Select RuleId, rm.RuleModuleId, enabled, r.DisplayName,
cast(RuleModuleConfiguration as XML) xmlquery
FROM
RuleModule rm
join RuleView r on rm.RuleId = r.Id
where r.Category = 'Notification'
and RuleModuleName = 'CD1'
--and Enabled <> 0
) r
Cross Apply xmlquery.nodes('//DirectoryReference') D(C)
) Subscriptions on Subscribers.SubscriberId = Subscriptions.SubscriberId
--Where ((Subscriptions.RuleId = Replace(Replace(@SubscriptionId,'{',''),'}','')
--or @SubscriptionId IS NULL)
--and DeviceProtocol in ('SMS','SMTP'))
order by 1,2
Please let me know if you have any questions or have any issues running the above queries.
Friday, August 1, 2014
Orchestrator - Misrepresented and Misunderstood
Wednesday, November 13, 2013
SCOM System Center Management Service is now Microsoft Monitoring Agent
Friday, July 19, 2013
SCOM 2012 Upgrade ACS Schema does not Update
Here are the steps you need to take, assuming you are having the issue. Again, if you are not sure you are having the issue, refer to the post above.
- Check the current Schema version of ACS
- Open SQL Management Studio
- Run the query Select * FROM dtConfig
- Check the row with a comment called "database schema version"
- Make sure it is at version 7. If it is at version 7, continue. If not, do NOT do the rest of the steps.
- Backup your ACS Database (Mine is Called OperationsManagerAC)
- Find the SQL script called DbUpgV7toV8.sql
- Making the assumption you already upgraded ACS, you can find the script in C:\Windows\System32\Security\AdtServer
- Execute the script against your acs database
- You might have to give it a day or so before another partition is created. If you don't receive any errors, you should be good.
Friday, May 3, 2013
Create and Assign Service Manager Incidents Directly from SCOM on Demand
As you read through below, you will notice that Microsoft has been nice enough to use some of the IDs I was using with the release of SP1. (This post was pre SP1) You will have to make small modifications to your script and Ids but the below solution still works.
The Issue
If you use Operations Manager and Service Manager, you know by now that SCOM will automatically create Incidents in Service Manager. However, for most organizations, this just doesn’t make sense because they do not have a 1-to-1 Alert-to-Action ratio. You can set up basic criteria to limit the automatic creation, but this usually still results in too many unnecessary incidents. As a result, most organizations do not utilize this connector, which at one point was one of the most requested features of SCOM – to do really cool things with ticketing systems.
The Solution
So, instead, I have created a solution that will allow you to create incidents on demand directly from a SCOM Alert, while utilizing all the cool features of the Service Manager SCOM Alert connector. All you have to do is right click the alert(s) to create the on-demand tickets.
What are some features of the solution in conjunction with the native Connector:
- Right click one more multiple alerts and assign incidents directly to the specified group/user
- Closing the alert closes the ticket and vice-versa
- The Assigned User and the Ticket Id are maintained in the alert as sourced from SCSM
- The affected component in SCOM is automatically added as a related configuration item in SCSM
- Easily can be extended to do more fun stuff with only basic PowerShell Knowledge
The solution utilizes the following components:
- SCOM and SCSM obviously
- A very small PowerShell Script
- SCOM CMDLETS
- A user right clicks the alert and sets the resolution State.
- A Command Subscription triggers based on the resolution state, sets a couple of custom fields, and changes the resolution state to “Generate Incident” a
- The SCSM Alert connector triggers based on the new resolution state, generates an incident, and applies an incident template based on data in the custom fields.
How to Implement the Solution
These Steps need to be performed in SCOM
Step OneCopy the following PowerShell script code and save on your SCOM management server as UpdateCustomFieldPowershell.ps1. (I took this code from another blog online and modified it as my own. Unfortunately, I don’t know who wrote the original script.)
Param($alertid)
$alertid = $alertid.toString()
write-eventlog -logname "Operations Manager" -source "Health Service Script" -eventID 1234 -entrytype "Information" -message "Running UpdateCustomFieldPowershell"
Import-Module OperationsManager; "C:\Program Files\System Center 2012\Operations Manager\Powershell\OperationsManager\Functions.ps1"; "C:\Program Files\System Center 2012\Operations Manager\Powershell\OperationsManager\Startup.ps1"
$alert = Get-SCOMAlert -Criteria "Id = '$alertid'"
write-host $alert
If ($alert.CustomField2 -ne "AlertProcessed")
{
$AlertResState = (get-SCOMAlertResolutionState -ResolutionStateCode ($Alert.ResolutionState)).Name
$AlertResState
# $alert.CustomField1 = $alert.NetBIOSComputerName
$alert.CustomField1 = $AlertResState
$alert.CustomField2 = "AlertProcessed"
$alert.ResolutionState = 254
$alert.Update("")
}
exit
Step Two
We need to create some new alert resolution states. The alert resolution states will trigger the script. You want to create a resolution state for each support group you would assign an alert. You can use whatever format you want. I used the format of “Assign to GROUPNAME”. Also keep in mind the Resolution State Ids and order you will use. I made my alphabetical. DO NOT use the resolution state 0,1,254, or 255.
To create new resolution states:
- Go to the SCOM Console
- Go to the Administration Workspace
- Go to Settings
- Select Alerts
- Select the new button, create a resolution state and assign an Id. Resolution states will always be ordered by their Id
- Repeat for each resolution state
Step Three
We need to set up a command channel and subscription that will trigger and run the script.
- Open the SCOM Console
- Go the the Administration Workspace
- Go to Channels
- Create a new Command Channel
- Enter the full path of the above script
- Enter the command line parameters as shown in the example below (Be sure the use the double and single quotes correctly)
- "C:\OpsMgrProductionScripts\SCOMUpdateCustomField.ps1" '$Data/Context/DataItem/AlertId$'
- Enter the startup folder as C:\windows\system32\windowspowershell\v1.0\
- Save the new Channel
- Open the SCOM Console
- Go the the Administration Workspace
- Open subscribers
- Create a new subscriber
- In the addresses tab, click Add
- In the subscriber address, set the channel type to command and then select the channel you set up in the previous steps.
- Save the address and the subscriber
- Open the SCOM Console
- Go the the Administration Workspace
- Open Subscriptions
- Create a new Subscription
- On the subscription criteria, check the checkbox “with a specific resolution state”
- Select all the new resolution states except “Generate Incident” (Do not select anything other than the assignment states)
- On the subscribers, add the new subscriber you created in the previous steps
- On the Channels, add the new channel you created in the previous steps
- Save the subscription
The last thing we have to do in SCOM is set up the Alert connector. The alert connector will be triggered based on the resolution status of “Generate Incident”.
- Open the SCOM Console
- Go the the Administration Workspace
- Go to connectors and select Internal Connectors
- Open the SCSM Alert Connector
- Create a new subscription in the connector
- In the criteria of the subscription
These Steps need to be performed in SCSM
Step OneThe first thing you want to do is enable and connect your SCSM SCOM Alert Connector. If you do not know how to do that, you can refer to technet. http://technet.microsoft.com/en-us/library/hh524325.aspx. Verify it works before moving any further.
Step Two
- Create a new Management Pack dedicated to storing the SCOM Incident Templates in SCSM
- Create a SCOM incident template for each group that you want to assign via SCOM. Typically, this is about 10-20 templates. For testing purposes, I would just start with one or two.
- Add the correct group as the assigned to in each template. It is not necessary to fill any other information.
- In SCSM open the SCOM Alert Connector
- Go to the alert routing rules and add a new rule
- For each rule select one of the templates that you created
- On the select criteria type, select the Custom Field radio button
- For custom field one, enter the exact name of the resolution state you used in SCOM. For example, if you are going to assign to the server team, and the name of resolution state is called “Assign to ServerTeam”, this is the exact phrase you need to enter into Custom Field one.
- Select Custom Field two from the drop down
- For custom field two, enter “AlertProcessed”
- Click OK
- Repeat for each template
Time for Testing!
Now you are ready to test. Find an alert in SCOM, right click the alert and set it to a resolution state for assignment. Give the subscription time to run and the SCSM connector time to run. Usually, if the connector is running every 2 minutes, it takes the total process about 5 minutes to complete. While the actual workflows are running in a second, it simply takes time for both of them to trigger.Troubleshooting
If there are any issues with the configuration, the event logs will usually tell you about failures. If it is not working, but you don’t see any failures, your criteria probably do not match.Conclusion
This is a great alternative solution to automatically creating tickets from SCOM. You can still automatically create tickets as well simply by adding subscriptions to the SCSM SCOM Alert connector. If you have any issues, question, leave a comment.Wednesday, February 27, 2013
SCOM Availability Report Monitoring Unavailable SOLVED (Unsupported)
I have seen numerous posts floating around regarding the SCOM Availability Reports showing "Monitoring Unavailable" even though the objects were healthy for the time period. For example, I can run the SCOM Availability Report, select "Exchange 2007 Service”, select the date range and expects lots of green, yellow, and red, but instead I primarily see dark gray.
The issue could be caused by the following:
- Bad Calculations during health rollups
- Bad Performance
- The Data Warehouse is behind
- and others
Several blog posts already exist regarding the above issues and can be found with Google/Bing. We will not be addressing those specific issues. We will be dealing with a very specific issue, which as far as I can tell is a bug, but I am not going to hold my breath.
Data Warehouse Availability Aggregation Process
SCOM has a process called the Data Warehouse Availability Aggregation Process. The Data Warehouse Availability Aggregation Process is somewhat complicated with about 10 steps that you probably don't care about. If you do, you can check this diagram, which gives a fairly decent picture of what is going on in the process.
Remember the issues various people continue to have with Management Server Resource Pools becoming unavailable in SCOM 2012? That resource pool unavailability is calculated just like any other object. Inside the Data Warehouse, a table called "dbo.HealthServiceOutage" keeps the outage data when this occurs on all objects. However, sometimes, it forgets to enter an outage end time. And that is the key to our current issue.
So lets take a look at the Health Service Outage table.
- The object that is "unavailable" is truly still unavailable. This SHOULD be NULL.
- The object is now healthy, but an EndDateTime did not get written. Unless you have a big problem in your environment, you should have very few of these.
- This is NOT supported by Microsoft
- You SHOULD backup your Data Warehouse before making any changes
- After we make the changes, you Data Warehouse might have to do A LOT of recalculate, causing a kick in performance for a short period of time, or it might cause you data warehouse to fall behind for a little while. If you are having performance issues with your Data Warehouse, you should address them first.
How to Make my objects available again in SCOM Availability Reports
- Gets the rows from the query above
- Updates the DWLastModifiedDateTime to the current UTC Date and Time
- Updates the EndDateTime to match the StartDateTime