Archive | Uncategorized RSS feed for this section

A better place to handle your KQL queries.

5 Aug

This time a short post on creating Kusto KQL queries.

If you are into Azure monitoring you probably have used the log query editor webpage a lot in the azure portal. And you noticed that sometimes its hard to edit the query and that is could be slow or even crash….

Also one of the main disadvantage is that you can’t attach a Git repo to it. So you end up in copy and pasting the final query into a Git connected repro..

To solve this I use the Kusto.Explorer.

You have 2 flavours of this tool: A web and a native version. (

I this example I use the native version (since I want to use a Git repro and want to avoid web apps) , you can download it here : Kusto.Explorer tool

After installing the tool and starting it you will have to add a connection. As below:

Step 1 and 2 i am not going to explain

At step 3 you enter the connection string. How do we get this connection string ?

  • Be sure you are logged on to the azure portal using the correct tenant.
  • Construct the connection string as :<subscription GUID>/resourcegroups/<resource group name>/providers/microsoft.operationalinsights/workspaces/<workspace name>

    Use the Azure portal to lookup the to be replaced values.

For example it looks like:

  • Tip: use a Alias to provide some meaning full name to this connection like Production or Test

At step 4 we set it to use AAD credentials. Important is that the account that you are using at your workstation is joined to an local AD that is synced with the AAD in azure. (aka Federated)

At step 5 you will be able to press Ok to connect to the Log analytics workspace.

If the connection was successful you will see under the alias you used the log tables. See picture below:


And at this step you are ready to open a new work book and edit your query

And you can even do graphs


Connection troubleshooting

If you are having issues connecting to the log analytics workspace it could be that your AAD account is not part of the tenant were the workspace is placed.

So for example you have a AAD account in tenant A and the workspace is in tenant B . You check the access and it looks fine since you have the correct permissions setup to access tenant B by opening the workspace in the azure portal of tenant B.

In this case you will have to add a special tag “Authority Id” to the connection string as below and provide the tenant ADD guid:

Authority Id=<tenant AAD guid>

Use the advanced option to specify it.


Happy KQL’ing !!

Michel Kamp


AZURE ARM template deployment

30 Nov



When you are developing ARM templates in Visual studio and want to deploy you will get an error:

[ERROR] The running command stopped because the preference variable “ErrorActionPreference” or common parameter is set to Stop: Container name ‘dev_mka_extentiontest-stageartifacts’ is invalid. Valid names start and end with a lower case letter or a number and has in between a lower case letter, number or dash with no consecutive dashes and is 3 through 63 characters long.

[ERROR] + CategoryInfo : InvalidArgument: (:) [Set-AzureStorageBlobContent], ArgumentException

[ERROR] + FullyQualifiedErrorId : ArgumentException,Microsoft.WindowsAzure.Commands.Storage.Blob.SetAzureBlobContentCommand



Reading the error message it should be something with the name of the artifacts container the deployment script wants to create.

I use the deployment configured as below:

So I just took the Azure storage explorer and tried to create exactly the same container. And guess … same error.

So I changed the _ in the name to – and guess … it worked.


So be sure you don’t create a Resource group with_ in the name. Yes I know Azure will accept it but the deployment script used in Visual studio has an issue with this.



Happy Azurering

Michel kamp

[OMS] Complete Hidden and Available Solutions List

14 Sep

Hi here a short post.

I was doing some research work and noticed in one of my web traces that there are a lot more Intelligence Packs (aka Solutions) that are available but not shown on the solution gallery site.

Here below the list, focus on the Gallery Invisible column, if it’s True then it is real hidden but may come soon. 😉

Name Description Available Visible Gallery Invisible
Capacity Planning Calculates current and future utilization of each component of your environment. True True True
Security and Audit Provides the ability to explore security related data and helps identify security breaches. True True False
System Update Assessment Identify missing system updates across your servers. True True False
Antimalware Assessment View status of antivirus and antimalware scans across your servers. True True False
Log Management Configure and manage Windows Events that you want to collect and upload to Operations Management Suite. True True True
Change Tracking Track configuration changes across your servers. True True False
SQL Assessment Assess the risk and health of SQL Server environments. True True False
SCOM Assessment Assess the risk and health of System Center Operations Manager Server environments. False True False
SQL Assessment Premier Assess the risk and health of SQL Server environments. True True True
SharePoint Assessment Premier Assess the risk and health of SharePoint Server environments. True True True
AD Assessment Assess the risk and health of Active Directory environments. True True False
AD Assessment Premier Assess the risk and health of Active Directory environments. True True True
Premier Solution Pack Add or remove solutions that are only available to premier customers. True True True
Alert Management View your Operations Manager and OMS alerts to easily triage alerts and identify the root causes of problems in your environment. True True False
MDS Provides data collection services from MDS for internal Microsoft engineers. True False True
Data Visualizer Provides insight into data allowing for customized data visualizations and log search analytics for internal Microsoft engineers. True True True
Configuration Assessment Identify configuration problems across your servers. True True True
Azure Automation Automate time consuming and frequently repeated tasks in the cloud and on-premises. True True False
Wire Data Provides the ability to explore wire data and helps identify network related issues. False True False
Azure Site Recovery Monitor virtual machine replication status for your Azure Site Recovery Vault. True True False
Backup Manage Azure IaaS VM backup and Windows Server backup status for your backup vault. True True False
Surface Hub Provides the ability to monitor Microsoft Surface Hub devices. True True False
Network Performance Monitor (Preview) Offers near real time monitoring of network performance parameters like loss and latency. True True False
Containers See Docker container performance metrics and logs from containers across your public or private cloud environments. True True False
Application Dependency Monitor Automatically discover and map servers and their dependencies in real-time. False True False
Azure Networking Analytics (Preview) Gain insight into your Azure Network Security Group and Application Gateway logs True True False
AD Replication Status Identify Active Directory replication issues in your environment. True True False
Office 365 (Preview) Get full visibility into your Office 365 user activities perform forensics as well as audit and compliance True. True False
Upgrade Analytics (Preview) Use a data-driven approach to streamline and accelerate Windows upgrades. True True False
Key Vault (Preview) Understand your Key Vault usage through Analysis of Key Vault logs True True False
Service Fabric Identify and troubleshoot issues accross your Service Fabric cluster False True False
DDI Analytics Provides security performance and operations related insights into DNS DHCP and IP address infrastructure False
Application Insights Connect Application Insights Accounts and leverage your visibility across applications. True True True
Wire Data 2.0 Provides the ability to explore wire data and helps identify network related issues. False True False
Update Analytics (Private Preview) View security update compliance and feature update status across all of your Windows 10 devices. False True True
Agent Health The Agent Health solution gives customers insight into the health performance and availability of their agents (both Windows and Linux agents). True True False
MLRecommendation Unavailable False False False

Happy OMS’ing

Michel Kamp

New OMS Mobile App released

22 Oct

Hi OMS’rs,

Last past weeks I have worked together with the Microsoft OMS team to review and test the new OMS mobile App. And yesterday they officially released it !

(Not all planned features are implemented yet, so keep watching for updates.)

Now you can get even better OMS access using your mobile to browse your data.

So go pick it up at your mobile app store for Windows Phone, Android and even iOS !!!

Below some screenshots from my (of course) windows phone:


Backstage ticket to OMS: Setting up the debug environment

26 Jun

Hi since OMS (Microsoft Operations Management Suite) is a new product on the market it is always a challenge to see how the internals are working. So I was planning to take you on an OMS backstage trip.
I will post a couple of blog post explaining how OMS works and how I figured it out.

This first post will be all about how to setup your debug environment, with this you can see what data is transferred and is a good starting point of see what’s going on. Since OMS uses HTTPS we have to do some more than a normal http trace.

Here we go. I assume you are not a real rookie DEVOPS so I won’t explain every step in detail. 😉

  1. Setup your OMS connection on your SCOM management group and enable the log collection.
  2. Watch if you see any events in the OMS event dashboard. If this is true then you can continue. If not first fix this.
  3. Install fiddler on your management server (for debugging I always use only 1 MS , so I know where it runs)
    1. Configure fidller proxy to 8888


    2. Enable https decription



    3. Copy the DO_NOT_TRUST_FiddlerRoot cert from user ssl to computer ssl store:



    1. Copy the DO_NOT_TRUST_FiddlerRoot root cert to the computer trusted ca



    1. Set OMS insight to proxy hjttp://localhost:8888



    1. Watch the sessions. Now if you see a session like below “PostDataItems” you click on it (1).

      Now you press on the inspectors (2) and headers (3). A message asking you to decode (yellow part) will popup (4) . And you do this.



    After the decode step you get the message request body , open the XML tab (1) and you see the request body send (2)



    And now you can continue to see what is transferred and received. In this case the data that is transferred to OMS is in the DataItem element.


    So far part 1. In the next part I will show you how to read data back from OMS


    Happy SCOMMING

    Michel Kamp


Joining the Opslogix Dev Team

26 Feb


Just a quick note. Since begin February 2014 i changed job. I wanted to do more deep dives into creating System Center add-ons like SCOM Management Packs. So I joined the OpsLogix Dev team. I will be working on the Opslogix released Management packs , for example VMWARE , Oracle and Blackberry.

Right now I have finished an IBM WebSphere MQ MP and I’m now designing the ORACLE RAC monitoring MP. Many other new products will follow in our roadmap. If you need any custom MP or have a need for authoring assistance please let me know.

Let’s do some “Happy Scomming”!

Michel Kamp


Oracle Monitoring:

vmware Monitoring:

Blackberry Monitoring:


Starting blogging again

6 Nov


Maybe you noticed that I didn’t post no more for a couple of month.


Yes I bought a new home. Knipogende emoticon  So I had to renovate it all. It took(and still takes) a lot of time. But I will try to post regular again.

WP_001616 WP_001849image


1) do not buy a new home ! it will save you time…

2) stop blogging. …. not a option

3) start again if you have time … hmmm

I prefer #3. Knipogende emoticon

Happy scomming soon

Michel Kamp