OMS: Querying OMS the Message Analyzer way

22 Sep



Short post to give you something cool I tried out today. I think about 1 year ago Microsoft dropped the Network Analyzer tool and replaced it with the Microsoft Message Analyzer tool.

With this tool you can now trace not only network traffic, like you only could do with the network analyzer tool, but also many other trace datasources. One of them is also OMS. Yes you hear it right. You can now analyse your OMS query’s using the Message Analyzer tool !

Here’s a short howto:

Download the Message Analyzer tool from:


Install and start it.


Now press the “New Session” button.

Now select the OMS datasource

Logon into you AZURE account.


YOU will need to have an active AZURE subscription !!!

Select the correct Azure subscription and Workspace.


Now in de query box you can specify the search query like you would do in the OMS Log search.


For this demo I use “*” to get all records.


Press Apply

After a couple of seconds the OMS records will be displayed. Now you can select 1 record and see all the properties filed and values.


At this time the results are limited by 10. Maybe later on it will be changed.


Happy OMS’ing!

Michel Kamp




[OMS][TIP] Graph Grouping

14 Sep


Something I noticed.

In OMS when you are making search query’s you can use the BY command to group. When you specify multiply group columns and use the INTERVAL to generate a graph you will also get a nice feature exposed.

In the legend you can now select the lines you want to see by grouping. This could be very handy.

See picture below:




One drawback when using multiply groups. If you use this query also in a custom view you will lose the legend. But this legend is useless anyway since the view space is too little to make it readable.



Happy SCOM’ing

Michel Kamp

[OMS] Complete Hidden and Available Solutions List

14 Sep

Hi here a short post.

I was doing some research work and noticed in one of my web traces that there are a lot more Intelligence Packs (aka Solutions) that are available but not shown on the solution gallery site.

Here below the list, focus on the Gallery Invisible column, if it’s True then it is real hidden but may come soon.😉

Name Description Available Visible Gallery Invisible
Capacity Planning Calculates current and future utilization of each component of your environment. True True True
Security and Audit Provides the ability to explore security related data and helps identify security breaches. True True False
System Update Assessment Identify missing system updates across your servers. True True False
Antimalware Assessment View status of antivirus and antimalware scans across your servers. True True False
Log Management Configure and manage Windows Events that you want to collect and upload to Operations Management Suite. True True True
Change Tracking Track configuration changes across your servers. True True False
SQL Assessment Assess the risk and health of SQL Server environments. True True False
SCOM Assessment Assess the risk and health of System Center Operations Manager Server environments. False True False
SQL Assessment Premier Assess the risk and health of SQL Server environments. True True True
SharePoint Assessment Premier Assess the risk and health of SharePoint Server environments. True True True
AD Assessment Assess the risk and health of Active Directory environments. True True False
AD Assessment Premier Assess the risk and health of Active Directory environments. True True True
Premier Solution Pack Add or remove solutions that are only available to premier customers. True True True
Alert Management View your Operations Manager and OMS alerts to easily triage alerts and identify the root causes of problems in your environment. True True False
MDS Provides data collection services from MDS for internal Microsoft engineers. True False True
Data Visualizer Provides insight into data allowing for customized data visualizations and log search analytics for internal Microsoft engineers. True True True
Configuration Assessment Identify configuration problems across your servers. True True True
Azure Automation Automate time consuming and frequently repeated tasks in the cloud and on-premises. True True False
Wire Data Provides the ability to explore wire data and helps identify network related issues. False True False
Azure Site Recovery Monitor virtual machine replication status for your Azure Site Recovery Vault. True True False
Backup Manage Azure IaaS VM backup and Windows Server backup status for your backup vault. True True False
Surface Hub Provides the ability to monitor Microsoft Surface Hub devices. True True False
Network Performance Monitor (Preview) Offers near real time monitoring of network performance parameters like loss and latency. True True False
Containers See Docker container performance metrics and logs from containers across your public or private cloud environments. True True False
Application Dependency Monitor Automatically discover and map servers and their dependencies in real-time. False True False
Azure Networking Analytics (Preview) Gain insight into your Azure Network Security Group and Application Gateway logs True True False
AD Replication Status Identify Active Directory replication issues in your environment. True True False
Office 365 (Preview) Get full visibility into your Office 365 user activities perform forensics as well as audit and compliance True. True False
Upgrade Analytics (Preview) Use a data-driven approach to streamline and accelerate Windows upgrades. True True False
Key Vault (Preview) Understand your Key Vault usage through Analysis of Key Vault logs True True False
Service Fabric Identify and troubleshoot issues accross your Service Fabric cluster False True False
DDI Analytics Provides security performance and operations related insights into DNS DHCP and IP address infrastructure False
Application Insights Connect Application Insights Accounts and leverage your visibility across applications. True True True
Wire Data 2.0 Provides the ability to explore wire data and helps identify network related issues. False True False
Update Analytics (Private Preview) View security update compliance and feature update status across all of your Windows 10 devices. False True True
Agent Health The Agent Health solution gives customers insight into the health performance and availability of their agents (both Windows and Linux agents). True True False
MLRecommendation Unavailable False False False

Happy OMS’ing

Michel Kamp

[Workaround] OMS View Designer Pitfall alias Bug ?

5 Jul


In my last post I warned you for a design time issue when using the “Data-flow verification” on the Tile. ( )

Now because I was of course myself hit by this and afraid losing my just designed dashboard I looked for a way to just open it behind the screen.

And I found a workaround.

Steps to take:

Open the OMS home Page


Now press F12 (using IE)

And (1) select the DOM Explorer. Now (2) and (3) select your custom designed View / dashboard and copy the GUID (4)



Now copy the URL form the current OMS page (1)


Edit the URL as below:

Replace the GUID after ?Solutionid= with the GUID you got from above step (4)

Open a new IE tab

And paste this new URL above. And yes you are in !!!! Now first to do is to disable the Data-flow verification feature and save the dashboard.

Happy OMS’ing

Michel Kamp

Touching SCOM




OMS View Designer Pitfall alias Bug ?

5 Jul

Hi OMS’ers,

Just a short post to warn you for a nasty situation during designing your fantastic OMS dashboards using the brand new View designer. (Public preview)

When you add a Tile you will have the feature called “Data-flow verification”. This feature will enable you to put a message on the Tile when no data records are found in the OMS system.

This is a handy feature because you don’t want to show an empty dashboard…. But this could also raise an issue during design time.

Because … what will happen when you have setup the “Data-flow verification” to check the past x days for any data but have made a typo or the data isn’t flowing in any more…. Yes of course the dashboard will show the message you specified but you will get more (for free) ….

You CAN NOT open your custom view (dashboard) any more to edit it !!! So you are somewhat stuck here … ; – (

Be warned!


So here the steps to see what happens:

Open de View designer


Add the Ttile , and enable the Data-flow verification


Now look at the tile when you add the query, it will give you a error when it hasn’t got any data back. So this will indicate you are going to have this issue….


Now save the dashboard.

And try to open it from the Home page……


Happy OMS’ing

Michel Kamp

Touching SCOM

O no I forgot my SCOM account passwords!!

25 May



O no I forgot my SCOM account passwords!! I don’t know the password of the Data Access, Data Reader and Writer account anymore. Resetting it in AD will force me to do a lot of tweaking to correct the accounts in SCOM.

Don’t worry we will find them for you.



SCOM stores the account passwords in the “Run AS Configuration -> Accounts” section. This account information is linked to a “Run As profile”. This Run as Profile can be assigned to a SCOM Workflow (Rule/Monitor/Task…) so that this workflow is going to run under the account security context.


Nice but we still can’t see the password on the accounts.




But we can also do other things with the Run As profile. We can just assign them as a parameter to for example a script. In the script we can readout the account information and find our lost password.

In SCOM we can use the secure script provider (vbscript) aka “Microsoft.Windows.ScriptWriteAction”. The secure script provider streams the run as information as an input stream to the VBScript. So if you read this input stream at top of your script you will get the account information. This can be tricky sometimes.

See an example below:


<WriteAction ID=”sc” TypeID=”Windows!Microsoft.Windows.ScriptWriteAction”>


<Arguments />

<ScriptBody><![CDATA[ Set oAPI = CreateObject(“MOM.ScriptAPI”)

Set oArgs = WScript.Arguments


password= WScript.StdIn.ReadLine()

Call oAPI.LogScriptEvent(“ScriptName.vbs”, 101, 2, “Debug password = ” & password)


<SecureInput>$RunAs[Name=”RUNAS_PROFILE_1″]/UserName$ $RunAs[Name=” RUNAS_PROFILE_1″]/Password$</SecureInput>





Using the SecureInput parameter we can provide the Run as account information. For getting the UserName we use :


And for the password we use


The RUNAS_PROFILE_1 is the internal name of the Run as profile in SCOM. You can use Powershell “Get-SCOMRunAsProfile” to get the internal names.

I hear you thinking, this is way too old, this is VBScript, we WANT PowerShell! And I agree completely.

So for PowerShell we can use the normal PowerShell script provider aka “Microsoft.Windows.PowerShellProbe”. We don’t have to apply a secureinput parameter but just very simple supply the RunAs as a normal parameter. And this will do the trick.

<ProbeAction ID=”Probe” TypeID=”Windows!Microsoft.Windows.PowerShellProbe”>







# output the input paramters

Write-Output “UserName: $USERNAME”

Write-Output “Password: $PASSWORD”


# end script



<SnapIns />



<Name> USERNAME </Name>




<Name> PASSWORD </Name>









Now we make a simple workflow for example a task and add use this probeaction.



You see it’s very simple to get account information that’s stored in the run as accounts / profiles. If this is good is up to you.

To make it even easier I created a MP that will display the most important account information (so the usernames and passwords).

You simply import the MP and select the Managementserver target and press the special task “GetRunAsCredentials”.

The account information will be displayed in the task output.


Download link for the Management Pack:!137890&authkey=!AEuYWi5Z6etHxno&ithint=file%2cxml

NOTICE: Please remember that the task output is stored in the SCOM Databases so it can be traced back not very secure I think. So use this only in emergencies. Or change the PowerShell script to write it to a file!!



Michel Kamp

Touching SCOM




Finding the latest System Center 2012 Rollup in the update jungle

11 Mar


This post is just a reminder for myself. Since I work in many different SCOM environments as SCOM 2012, 2012 SP1 , 2012 R2 and even 2007!! I get sometimes lost to find the latest rollup package.

Yes of course I can enable the auto update but that’s not something I would advise for the System Center updates because they have some manual task (SQL) to apply too.

Yes I know there’s a site ( ) that has all the patches on but this site is sometimes also not updated right after releasing. So I wanted a simple but effective way. By using this simple URL you can get the latest rollup packages at an easy way and download them. Also adding the RSS feed can be handy too.


Updates for SYSTEM CENTER 2012 R2

WEBSITE: and then order by ‘Last Updated’



Updates for SYSTEM CENTER 2012 SP1

WEBSITE: and then order by ‘Last Updated’



Updates for SYSTEM CENTER 2012

WEBSITE: and then order by ‘Products’ . The product “System Center 2012 – Operations Manager” is the one to use.

RSS FEED: &lang=en


So you see absolutely no rocket science going on here😉