Archive | AUTHORING RSS feed for this section

OMS: Querying OMS the Message Analyzer way

22 Sep



Short post to give you something cool I tried out today. I think about 1 year ago Microsoft dropped the Network Analyzer tool and replaced it with the Microsoft Message Analyzer tool.

With this tool you can now trace not only network traffic, like you only could do with the network analyzer tool, but also many other trace datasources. One of them is also OMS. Yes you hear it right. You can now analyse your OMS query’s using the Message Analyzer tool !

Here’s a short howto:

Download the Message Analyzer tool from:


Install and start it.


Now press the “New Session” button.

Now select the OMS datasource

Logon into you AZURE account.


YOU will need to have an active AZURE subscription !!!

Select the correct Azure subscription and Workspace.


Now in de query box you can specify the search query like you would do in the OMS Log search.


For this demo I use “*” to get all records.


Press Apply

After a couple of seconds the OMS records will be displayed. Now you can select 1 record and see all the properties filed and values.


At this time the results are limited by 10. Maybe later on it will be changed.


Happy OMS’ing!

Michel Kamp




[OMS][TIP] Graph Grouping

14 Sep


Something I noticed.

In OMS when you are making search query’s you can use the BY command to group. When you specify multiply group columns and use the INTERVAL to generate a graph you will also get a nice feature exposed.

In the legend you can now select the lines you want to see by grouping. This could be very handy.

See picture below:




One drawback when using multiply groups. If you use this query also in a custom view you will lose the legend. But this legend is useless anyway since the view space is too little to make it readable.



Happy SCOM’ing

Michel Kamp

[Workaround] OMS View Designer Pitfall alias Bug ?

5 Jul


In my last post I warned you for a design time issue when using the “Data-flow verification” on the Tile. ( )

Now because I was of course myself hit by this and afraid losing my just designed dashboard I looked for a way to just open it behind the screen.

And I found a workaround.

Steps to take:

Open the OMS home Page


Now press F12 (using IE)

And (1) select the DOM Explorer. Now (2) and (3) select your custom designed View / dashboard and copy the GUID (4)



Now copy the URL form the current OMS page (1)


Edit the URL as below:

Replace the GUID after ?Solutionid= with the GUID you got from above step (4)

Open a new IE tab

And paste this new URL above. And yes you are in !!!! Now first to do is to disable the Data-flow verification feature and save the dashboard.

Happy OMS’ing

Michel Kamp

Touching SCOM




OMS View Designer Pitfall alias Bug ?

5 Jul

Hi OMS’ers,

Just a short post to warn you for a nasty situation during designing your fantastic OMS dashboards using the brand new View designer. (Public preview)

When you add a Tile you will have the feature called “Data-flow verification”. This feature will enable you to put a message on the Tile when no data records are found in the OMS system.

This is a handy feature because you don’t want to show an empty dashboard…. But this could also raise an issue during design time.

Because … what will happen when you have setup the “Data-flow verification” to check the past x days for any data but have made a typo or the data isn’t flowing in any more…. Yes of course the dashboard will show the message you specified but you will get more (for free) ….

You CAN NOT open your custom view (dashboard) any more to edit it !!! So you are somewhat stuck here … ; – (

Be warned!


So here the steps to see what happens:

Open de View designer


Add the Ttile , and enable the Data-flow verification


Now look at the tile when you add the query, it will give you a error when it hasn’t got any data back. So this will indicate you are going to have this issue….


Now save the dashboard.

And try to open it from the Home page……


Happy OMS’ing

Michel Kamp

Touching SCOM

O no I forgot my SCOM account passwords!!

25 May



O no I forgot my SCOM account passwords!! I don’t know the password of the Data Access, Data Reader and Writer account anymore. Resetting it in AD will force me to do a lot of tweaking to correct the accounts in SCOM.

Don’t worry we will find them for you.



SCOM stores the account passwords in the “Run AS Configuration -> Accounts” section. This account information is linked to a “Run As profile”. This Run as Profile can be assigned to a SCOM Workflow (Rule/Monitor/Task…) so that this workflow is going to run under the account security context.


Nice but we still can’t see the password on the accounts.




But we can also do other things with the Run As profile. We can just assign them as a parameter to for example a script. In the script we can readout the account information and find our lost password.

In SCOM we can use the secure script provider (vbscript) aka “Microsoft.Windows.ScriptWriteAction”. The secure script provider streams the run as information as an input stream to the VBScript. So if you read this input stream at top of your script you will get the account information. This can be tricky sometimes.

See an example below:


<WriteAction ID=”sc” TypeID=”Windows!Microsoft.Windows.ScriptWriteAction”>


<Arguments />

<ScriptBody><![CDATA[ Set oAPI = CreateObject(“MOM.ScriptAPI”)

Set oArgs = WScript.Arguments


password= WScript.StdIn.ReadLine()

Call oAPI.LogScriptEvent(“ScriptName.vbs”, 101, 2, “Debug password = ” & password)


<SecureInput>$RunAs[Name=”RUNAS_PROFILE_1″]/UserName$ $RunAs[Name=” RUNAS_PROFILE_1″]/Password$</SecureInput>





Using the SecureInput parameter we can provide the Run as account information. For getting the UserName we use :


And for the password we use


The RUNAS_PROFILE_1 is the internal name of the Run as profile in SCOM. You can use Powershell “Get-SCOMRunAsProfile” to get the internal names.

I hear you thinking, this is way too old, this is VBScript, we WANT PowerShell! And I agree completely.

So for PowerShell we can use the normal PowerShell script provider aka “Microsoft.Windows.PowerShellProbe”. We don’t have to apply a secureinput parameter but just very simple supply the RunAs as a normal parameter. And this will do the trick.

<ProbeAction ID=”Probe” TypeID=”Windows!Microsoft.Windows.PowerShellProbe”>







# output the input paramters

Write-Output “UserName: $USERNAME”

Write-Output “Password: $PASSWORD”


# end script



<SnapIns />



<Name> USERNAME </Name>




<Name> PASSWORD </Name>









Now we make a simple workflow for example a task and add use this probeaction.



You see it’s very simple to get account information that’s stored in the run as accounts / profiles. If this is good is up to you.

To make it even easier I created a MP that will display the most important account information (so the usernames and passwords).

You simply import the MP and select the Managementserver target and press the special task “GetRunAsCredentials”.

The account information will be displayed in the task output.


Download link for the Management Pack:!137890&authkey=!AEuYWi5Z6etHxno&ithint=file%2cxml

NOTICE: Please remember that the task output is stored in the SCOM Databases so it can be traced back not very secure I think. So use this only in emergencies. Or change the PowerShell script to write it to a file!!



Michel Kamp

Touching SCOM




[FOR the MP Devs] Grooming your managed objects completely from scom

8 Feb


I some situations when you are developing a new MP you want to be sure that your discovery’s are working correctly.

The problem

Normally you would let the discovery run and watch if the managed object is created, but after the first time discovering and un-discovering the managed object it could trick you for the next discovery.

Basically we as MP devs know that we can simply manual delete a managed object from scom by using a SQL query and set the isDeleted to true. But this can be tricky. If the discovery workflow runs again and create a managed object (the same) it will just update the isDeleted to False. So basically you are getting ‘old’ discovery data. Knowing this in some cases the configuration is not updated and the workflows under this managed object just won’t get executed. So you will be stuck in having an uninitialized managed object(s). Especially when using Managed objects that are managed by a scom resource pool can be facing this issue.


Two solution could help you out. (ALL UNSUPPORTED BY MICRSOSOFT, but yhea … no guts no glory)

  1. Wait 2 days … then the normal purge will kick in
  2. Modify the purging threshold and manual run the purge

The SQL script below provides step 2. Connect to the operational DB as admin and follow the steps.

Before you run it you will have to change ‘‘ to the first parent name you want to delete. (By not including the right % in the like) In this case it’s the parent of all VMWARE monitoring managed objects.

— Delete a managed object completely from scom


— Michel Kamp


————- Find the object

from dbo.BaseManagedEntity where FullName like’

————- delete it (hmmm okay mark it as delete)

update dbo.BaseManagedEntity set IsDeleted=1 where FullName like’

— object is still in DB but now as isdeleted = true

— it will be deleted after 2 days. but we don’t want to wait.

— we force the delete by setting the purgedate delta to 0

————- Update the purge date time function

FUNCTION [dbo].[fn_DiscoveryDataPurgeThreshold]()



    –RETURN DATEADD(dd, -2, getutcdate())

DATEADD(dd, 0, getutcdate())


— now we call the purge stp to clean it all

————- do the real purge

exec p_DiscoveryDataPurging

— we do a check if it is gone.

————- Find the object

from dbo.BaseManagedEntity where FullName like’

— and there should not be any (0) result.

— End script

O don’t forget to change the DiscoveryDataPurgeThreshold back to its original when you are ready …


Michel Kamp


xSNMP for SCOM 2012

31 Oct


In the SCOM 2007 age we had a fantastic network management pack called xSNMP. Not only because it was free but also because it covered a lot of network devices that even now aren’t covered in SCOM 2012. But what happened ….

The Problem

SCOM 2012 was introduced and contained a brand new way to monitor network devices. This indirectly replaced the complete SNMP stack out of SCOM. Well not the complete SNMP stack but the discovery process was changed and not compatible with the old SNMP stack. I am not going into details if this is a good or bad thing but for the xSNMP mps it was RIP…. (as far as you didn’t do a SCOM 2012 upgrade)


.. or not …. I decided to take a couple of xSNMP MPs and redesign it to work in SCOM 2012.

For now I have changed the APC mp. Also the same for the Brocade MP and this one is now in the testing phase.
Since the complete xSNMP mps are community free I will share the compiled mps also for free. The source code I share later on.

Reminder: All the credits go to the original xSNMP devOps. I only redesigned it to work with SCOM 2012. So if it breaks down your environment don’t knock on my door ;-)))

You can download the MPs here:


Michel Kamp