Archive | SNMP RSS feed for this section

xSNMP for SCOM 2012

31 Oct


In the SCOM 2007 age we had a fantastic network management pack called xSNMP. Not only because it was free but also because it covered a lot of network devices that even now aren’t covered in SCOM 2012. But what happened ….

The Problem

SCOM 2012 was introduced and contained a brand new way to monitor network devices. This indirectly replaced the complete SNMP stack out of SCOM. Well not the complete SNMP stack but the discovery process was changed and not compatible with the old SNMP stack. I am not going into details if this is a good or bad thing but for the xSNMP mps it was RIP…. (as far as you didn’t do a SCOM 2012 upgrade)


.. or not …. I decided to take a couple of xSNMP MPs and redesign it to work in SCOM 2012.

For now I have changed the APC mp. Also the same for the Brocade MP and this one is now in the testing phase.
Since the complete xSNMP mps are community free I will share the compiled mps also for free. The source code I share later on.

Reminder: All the credits go to the original xSNMP devOps. I only redesigned it to work with SCOM 2012. So if it breaks down your environment don’t knock on my door ;-)))

You can download the MPs here:


Michel Kamp





Aggrr missis SCOM sometimes you drive me nuts!

12 Mar

Here we are again. I am for sure you will remember a situation where you were sure everything was configured correctly and you even had restarted the server but still it doesn’t work…… NO ??

Okay so this time it was my turn…

The problem:

I was trying to discover a new network device. Network discovery won’t find my newly added network device. Why ? I checked everything and it isn’t connectivity or security. Normally when those issue apply you will see a pending failure discovery attempt. What could be wrong..


1) First I checked the discovery rule. The network devices are explicit specified.


I made sure the device was listed in the explicit discovery.


2) I started the discovery and checked the progress events.


Hey what’s that ! One device excluded ?? Strange this option can only be applied to recursive discovery’s….

So it must be something in the discovery rule….

The solution:

So this excluded event triggered my attention.

1) open the discovery rule.  And change the Discovery method to Recursive discovery


2) Now select the Exclude Filters tab


And what do we see here . The network device I was trying to discover.

3) Now remove this exclude filter entry and save the discovery template without RUNNING IT


4) Reopen the discovery rule and change the discovery mode back to ‘explicit’ and save it again.


5) now run the discovery.

6) and what do we see here … the device is discovered successfully !



It looks like this rule was initially created in recursive discovery mode. After a while the operator decided to remove a device from the discovered device inventory. If you do that a exclude filter entry is automatically created. At the end the operator decided to change the discovery mode back to explicit (don’t ask why) and that’s causing the problem I faced…

The end

Hope I saved you a lot of time almost hating misses SCOM ; – )


Michel Kamp MVP System Center Operations Manager

How to check if a SNMP Trap is received.

2 Jul

I had wanted to give you a post on a new location OM2012 widget but I had some issues with the prototype and couldn’t figure it out yet. So that one is coming soon. But I still wanted to do my weekly post. So here we are.


A question I hear a lot, why is SCOM not detecting/reporting a SNMP trap. I’m sure it is send out but I do not see it in SCOM.


Okay we could face several problems here. For example the SNMP trap isn’t send at all or it is not send/received at the SCOM agent OR it is received but the MP has a bug so the workflow isn’t processing the trap event. First I would look if the trap is received at all, because most of the time this is the problem.


There are several tools to use for this. But I like using build-in tools. So it will be WMI to use. WMI has a SNMP provider that will do the job for us. Below I will describe in simple steps how to check if a SNMP trap is coming in at all.

1. Stop the SCOM agent.

Yes it sounds strange but since the agent uses also the SNMP trap port it will block the WMI trap receiver. By stopping the SCOM agent you set the port free.

2. Install if needed the SNMP and SNMP Trap providers


3. Restart NT service “SNMP Trap” and “Windows Management Instrumentation”.

By doing this you will reactivate the Trap listener.

4. Setup the Trap event sink

We can do this in 2 ways. (1) using WBEMTEST (2) Using PowerShell.

(1) using WBEMTEST

Open a command prompt and type “WBEMTEST”


Press on Connect to establish the connection and fill in the namespace “root\snmp\localhost”



Configure the Trap Sink press on “Notification Query” and enter

“ SELECT * FROM SnmpNotification ” (no quotes)


Now if there will be send a SNMP TRAP to this machine you will see this trap event in this window.


For example this test trap below


So now you will know the TRAP is received.

(2) Using PowerShell

Start PowerShell in admin mode and look at the 2 command lines below:

# register trap
Register-WmiEvent -Query “SELECT * FROM SnmpNotification” -Namespace ‘root\snmp\localhost’  -sourceIdentifier “SNMPTRAP” -action { Write-Host [Time:] $newEvent.SourceEventArgs.NewEvent.TIME_CREATED [IP:] $newEvent.SourceEventArgs.NewEvent.AgentAddress  [OID:] $newEvent.SourceEventArgs.NewEvent.Identification  }

# use to unregister trap
Get-EventSubscriber | where {$_.SourceIdentifier  -eq ‘SNMPTRAP’} | % {Unregister-Event $_.SubscriptionID}

First execute the register trap.

Then you get a output saying the sink is started:

Id              Name            State      HasMoreData     Location             Command                 
—              —-            —–      ———–     ——–             ——-                 
34              SNMPTRAP        NotStarted False                                 Write-Host [Time:] $n…

Now generate the Trap on your snmp box. And you will see this below in the PS window.

[Time:] 129856918917535702 [IP:] [OID:]

So now you will know the TRAP is received.

Now you unregister the TRAP by running the 2’d command


You see its very easy to get this working. I prefer using PS for this. If the TRAP is received you have to use the WFanalyzer to see why it isn’t processed by the MP.



Michel Kamp