Tag Archives: scom2012

OPSMGR UR updates are now pushed using Microsoft Update (MU) but be warned, don’t get too lazy !

15 Oct

Hi really short post. I ‘m getting a lot of questions on the new Update Rollup delivery method. Microsoft is now using the long requested windows update aka Microsoft Update for patching most of the system center products. In case of operations manager 2012 you can find them in Microsoft Update under  Windows Updates –> Important updates.


I am not going to cover the installation process as described in the MS KB: http://support.microsoft.com/kb/2756127

But what I wanted to point out is that since most of the people will use this MU updating method you still need to import the supplied Managementpack files. The KB documentation is somewhat unclear on this point. You can find the MP files after applying the patches under

%SystemDrive%\Program Files\System Center 2012\Operations Manager\Server\Management Packs for Update Rollups

So i f you didn’t know you will now

happy Scomming.

Mr. SCOM, don’t play Hide and Seek with views and Mp’s !

7 Oct

Hi , a short post on how to find the management pack where a view is stored.


You see a view in the operations console. And you want to know in what MP this view is stored.


1) You could export all MPs and text search for the view display name. This will give you the language display element. And the file containing is the MP you are looking for. But you will probably see multiply matches returned because view display names aren’t unique.

2) We could simply open the native console and use the search feature. Type in the view name you search for and whala… Look at the Management Pack field and you have the answer. Two things about his: (1) it’s a flat list so difficult to overview (2) it’s a way to easy solution for me ; –)


2) So … Use a mix of c# and PowerShell to solve this. Since we don’t have a OM12 PowerShell get-views. We have to be creative. And this is the way I like it… Open PowerShell on the OM2012 server. And copy and paste the script below. Change the parameter $viewdisplayname with the view display name you are looking for. You can use PowerShell wildcards. And run it. You will then see a grid view with all the found matches. It also returns the folder that’s contains the view. Using the filter option of the grid view you can now quickly find the correct view.

# Load the Assemblies
$Script:MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($rms)
$views = $MG.Presentation.GetViews() | where { $_.DisplayName -like $viewdisplayname } | Select-object @{Name = ‘ViewName’;  expression ={ $_.DisplayName}},@{Name = ‘folder’;  expression ={ $_.GetFolders()[0].DisplayName}},@{Name = ‘Mp_Name’;  expression ={ $_.ManagementPackName}}
$views | out-gridview

The End.

Next week I will try to do a post on how to extend SCOM locations so you can now display a target on the overview world map instead of only a web availability target.. And even integrate it on a Bing interactive map with a SCOM 2012 widget…


How to check if a SNMP Trap is received.

2 Jul

I had wanted to give you a post on a new location OM2012 widget but I had some issues with the prototype and couldn’t figure it out yet. So that one is coming soon. But I still wanted to do my weekly post. So here we are.


A question I hear a lot, why is SCOM not detecting/reporting a SNMP trap. I’m sure it is send out but I do not see it in SCOM.


Okay we could face several problems here. For example the SNMP trap isn’t send at all or it is not send/received at the SCOM agent OR it is received but the MP has a bug so the workflow isn’t processing the trap event. First I would look if the trap is received at all, because most of the time this is the problem.


There are several tools to use for this. But I like using build-in tools. So it will be WMI to use. WMI has a SNMP provider that will do the job for us. Below I will describe in simple steps how to check if a SNMP trap is coming in at all.

1. Stop the SCOM agent.

Yes it sounds strange but since the agent uses also the SNMP trap port it will block the WMI trap receiver. By stopping the SCOM agent you set the port free.

2. Install if needed the SNMP and SNMP Trap providers


3. Restart NT service “SNMP Trap” and “Windows Management Instrumentation”.

By doing this you will reactivate the Trap listener.

4. Setup the Trap event sink

We can do this in 2 ways. (1) using WBEMTEST (2) Using PowerShell.

(1) using WBEMTEST

Open a command prompt and type “WBEMTEST”


Press on Connect to establish the connection and fill in the namespace “root\snmp\localhost”



Configure the Trap Sink press on “Notification Query” and enter

“ SELECT * FROM SnmpNotification ” (no quotes)


Now if there will be send a SNMP TRAP to this machine you will see this trap event in this window.


For example this test trap below


So now you will know the TRAP is received.

(2) Using PowerShell

Start PowerShell in admin mode and look at the 2 command lines below:

# register trap
Register-WmiEvent -Query “SELECT * FROM SnmpNotification” -Namespace ‘root\snmp\localhost’  -sourceIdentifier “SNMPTRAP” -action { Write-Host [Time:] $newEvent.SourceEventArgs.NewEvent.TIME_CREATED [IP:] $newEvent.SourceEventArgs.NewEvent.AgentAddress  [OID:] $newEvent.SourceEventArgs.NewEvent.Identification  }

# use to unregister trap
Get-EventSubscriber | where {$_.SourceIdentifier  -eq ‘SNMPTRAP’} | % {Unregister-Event $_.SubscriptionID}

First execute the register trap.

Then you get a output saying the sink is started:

Id              Name            State      HasMoreData     Location             Command                 
—              —-            —–      ———–     ——–             ——-                 
34              SNMPTRAP        NotStarted False                                 Write-Host [Time:] $n…

Now generate the Trap on your snmp box. And you will see this below in the PS window.

[Time:] 129856918917535702 [IP:] [OID:]

So now you will know the TRAP is received.

Now you unregister the TRAP by running the 2’d command


You see its very easy to get this working. I prefer using PS for this. If the TRAP is received you have to use the WFanalyzer to see why it isn’t processed by the MP.



Michel Kamp

10 reasons NOT to use the Visual Studio Authoring Extensions VSAE

17 Jun

Hi this weekly post will be a short one all about the yet to be released VSAE.

Have you seen the title ?… Hmm what are you thinking now ? Not really something he would write … And you are correct its nonsense .. But I have your attention now , haven’t I…

Reason 1: SourceSafe integration

If you have read my previous post you know I really prio using SourceSafe for managing your management pack developments. And good news since the VSAE is a Visual studio project template is can be integrated out of the box with all VS supported SourceSafe systems. Just put the Solution to your SourceSafe system and every thing will be versioned. I use the good old VSS 2005 for this. But TSFS will also do the job.


Reason 2: MP object viewer

Yea! this feature is super. Normally you had to browse your MP by XML to view your project content. Or you use external tools for it. Now you will get it out of the box.In the View menu of the main VS window. Press Management Pack browser.


And you will see all the MPs in your solution/projects. Now you can browse it by type. You can even now browse SEALED mps at ease.


Also when double clicking on the type. For example the discovery rule. You will be jumping directly to it in your MP.
BE AWARE THAT IF YOU DO THIS AT A SEALED MP YOU WILL BE REDIRECTED TO A READONLY VERSION OF THE MP FILE. YOU CAN’T EDIT IN THIS WINDOW. Sounds logical since it’s a sealed MP. But I had this confusion situation one’s when I clicked on my own sealed MP that I use as reference in a other MP. And was wondering why I couldn’t edit it since it was checked out by VSS…

Reason 3: Find references

You can now find at ease where you MP object is used. Just use the find references find feature. Select the MP object and right click “Find all references”


And you will get:


And of course you can double click to go to MP object ‘code’. ; – )

If you don’t see the window. Just press in the VS main menu: View –> Find MP Element Reference Results.


Reason 4: Simulating your workflows

Of course you will never used this , because your MPs are faultless. ;- ) The mine aren’t so I use this a lot. The Workflow simulator is integrated in VS now. Just select in the Management Pack Browser the , for example discovery , and right click “MP Simulator”. And that all.!!


In a separate windows the already known workflow simulator will popup.


Reason 5: Jump to referenced MP objects.

Very powerful feature. When you are working in your MP project at a MP object and are using for example a MP TYPE you can easily jump to this type by right click on the name and select “Go to Definition” (F12).


Reason 6: intellisense

If you have read my post on how to enable intellisense for OM07 MPs in VS this isn’t so new. But now it even does intellisense on references also.. this really speeds up the development time. cool


Remember: This intellisense is not always automatically showing up. Most of the time you must press SHIFT+Space. Example above, press the keys at the ! sign and you will prompted a dropdown list with the possible choices.  Notice that only the valid modules of type datasource are displayed. Well done Microsoft product team( s ) !

Reason 7: Build and deploy.

At the end we all have to import the MP into our dev environment to test it. Normally you will do a MP verify and then import it. You can use tasks for this in VS. I already blogged about this earlier. However in VSAE the MP is build of MP fragments and has to be compiled and build. Now the great time safer is that you can now specify the OM MNG group were this MP has to be imported after a successful build. You can even configure that the MP has to be sealed before import. And yes the version number is also incremented at build.


Even when the build gives errors back you will see it in the Error list window. And you can click on it to jump to the MP object. Wow never have to use CTRL+G again ; – ) 
Notice that this jump does not apply for target typo’s . I hope this will be fixed in the RTM release.


Reason 8: Management objects templates

You can now create/insert at ease new KPIs. Just press NEW-> Add existing Item and you can choose several KPI to create. I already blogged about this. The nice part is that you can even automate this so that you can create 100x rule at ones. I have to amid that I don’t use this templates a lot. I prefer to type it manually but sometimes I use this to get a sort of snap in fragments. Just create the KPI using the template and the look at the generated code behind and copy it. Be aware that if you change the code behind you will loose it at next build… I personally would liked if this generated code was also reflexed back against the template.


Reason 9: Convert your ‘old’ OM07 MPs.

Using the VSAE you can convert your OM07 MPs to the new VSAE project types. It very easy just use the “Project from existing Management Pack” , select the om07 MP and the references and a new project will be created in your solution. If you select multiply om07 MPs there will be created a new project for every MP. Very handy. The down site is however that it will put all the MP objects into one big MP fragment. I personally would liked to have seen this split-up by type or maybe converted to templates.


Tip: If you converted MP has images it will extract this images to resources and put them in the root of the project directory. You can create a new folder and drag them into here. Be aware that there is a little bug: The resource MP objects haven’t the images file extensions. So a build will fail. Just add the file extensions .jpg ect.. to it and it will run.



Reason 10: It just a must have.

I could continue to write about the tons of great features that are build in the VSAE but over 30min the soccer Europe 2012 game Netherlands->Portugal is going to start so I will warp it up and say:
use it use it use it use it . its no question why , just use the VSAE !

Happy scomming and till next week.

Michel Kamp

Part 2 : Get more value using Visio drill trough

3 Jun

Hi Quick Update. In part 1 I promised when I had time I would make a prototype of a OM 12 Widget that would show a Visio document and update the health states on it.

So , not that I had time but the coolness factor was to high , so I offered some hours on Sunday to get this working… yes you have read it correctly. I have it working !


Make a OM 2012 widget and load a Visio document in it. Then refresh the shape data according to the OM target health states. Just the way the official Microsoft Visio SCOM plug in it does.


So far I have it working as a prototype. Yes its stable but as every prototype not fool proof. See screen shots below.


The prototype works based on Visio documents you have made with the official Visio SCOM plugin. Just create the Visio document and drag the OM targets on it and save it. Then load it in to the widget , for now with File –> open. There is one rule: You must have Visio installed on the machine running the OM console.

You don’t have to have the official Visio SCOM plugin installed when you only view the Visio sheets in the Widgets. I have made a refresh feature that connects to the OM group and gets the health state data and refreshes the Visio shapes based on the outcome. But when you have the official Visio SCOM plugin installed you get a bonus. It works also in the widget with official refreshing. See screenshot below:


After getting a try timeout it shows the login form. Better would be that it takes the credentials you are using running the OM console . But … Again prototype facts.



Sorry I really love being a nerd! (that’s what my wife says anyway) If you are honest you must admit this is really cool stuff!!. Since it will cost me for now to much time to finish a build I can share and because the VSAE is still under NDA and I maybe have plans with this. I will not share it for now. However I will try to convince the MS OM guys ( Dale , Marcin, Baelson hope you read this) to deliver this widget out of the box..

Happy Scomming and till next week!

Michel Kamp

Get more value using Visio drill trough

28 May

And again I think I was sleeping. Long time ago when the Visio SCOM integration was released (4year ago) I always had the idea I was missing a key feature. The drill trough feature. So when I click on a shape it opens a next sheet with detailed shapes on it. Tried to established this but stopped looking due a unknown reason. I think it was RTM. (please don’t tell others).  But the idea never left my mind.  So @MMS2012 I spoke with the Operations manager team again and got my answer. O o oh what is the solution simple! Of course Microsoft I never dubbed you guys hadn’t thought about it!. Special thanks to Dale K.  (MSFT)

Lets Start:

First we install all the requirements:

1) Visio

2) SCOM Visio module see Visio and SharePoint extensions for System Center 2012 Released

3) A working SCOM Management group.

4) Knowledge of SCOM

5) One or more DAD (Distributed Application Diagram)

Make the Visio document

Open Visio and create a new sheet. Lets say a overview of your DAD applications.


Now we link the correct SCOM targets to the Visio shapes. In our case we have a DAD application that we are linking to shape named Applications A. We do the same for the B and C application.

This is what we get.


So when the DAD linked to Application A is unhealthy it will change the shape named Application A red. So far it is almost basic stuff.

Drill trough

Now the value increment. We are going to link the application shapes to a other sheets containing detailed level of the selected application.  So we create a new sheet. And Name it Application A.


And we add/link some SCOM targets related to application A to it.


Now we go back to the overview sheet (page-1) and select the Application A shape and right click –> Hyperlink.


Next we are going to create a new hyperlink.


Select the new hyperlink and press the sub-address browse.


Select the application A sheet. And the Zoom level.


And we are almost ready. This last step is important. Since clicking on a shape will only trigger the default hyperlink. We must select the just created hyperlink and set it as default. In this example we have no other hyperlinks but normally we have some default one’s.



The result

So still in Visio press F5. Now the Visio sheet will be shown full screen. Double click on shape Application A and you will we get the detailed sheet showing application A.

Cool isn’t it!!!

Tip: You can use the up/down button to switch the sheets. But better is to make a go to overview shape on every detail sheet. And hyperlink this to the overview sheet.

Will it work in SharePoint ??

YES it does!

Assuming you have configured the SCOM Visio add in for SharePoint. You just publish it to the document library and open it. You will see its working there also… Sooo cool. 

Next idea is born

The only thing is that we still can’t get this into the native SCOM console. Okay we can make a web view showing the SharePoint Visio page but this has a lot off setup overhead. The good thing is that you can write your custom widgets in OM12. When I have time I will make a prototype showing this Visio sheet into the operations manager native console using a widget. 

Happy Scomming!!

Michel Kamp

Audit SCOM SDK Usage Operations

5 May

This weekly blog post will be about the idea and wish I have a long time now: I want to see what a SCOM operator is doing with SCOM. So an Audit trail of the SCOM SDK idea was born.

The Idea:

Its very simple , as a SCOM administrator you have the world for your self. You can create rules , modify overrides , import / delete Management Packs , add users as you wish. If something went wrong they can blame you for it. That’s no problem because you are the the only one that know how to fix this.  But what when you are not the only one with administrator privileges. Who is blaming who ? And if blaming isn’t the issue how do I know What , Who and When something has changed (the 3 audit W’s)  ?


On the web there are plenty of solutions that try to solve this. Most of them are using SQL triggers to catch the functions the operator is doing and a separate DB to store the generated audit records. This solutions have a very big impact on the SQL engine and I think by applying the triggers to the tables you lose your Microsoft Support Warranty. And what will happen by applying a SCOM service pack …. So this is not the way to go.

I was thinking , since SCOM uses ADAM/AD LDS  for user&operations authorization why not just go this way. Every call to the SCOM SDK (the native scom console, web console,power shell , connectors,ect…) will be checked for authorization . This is done by the Active Directory Lightweight Directory Service (AD LDS), formerly known as Active Directory Application Mode (ADAM). And the nice part of this is that there is a tool that lets you read and edit this authorization store. The tool is called “Authorization Manager”. You can find it as a MMC Snapin. I will show you this later on. For SCOM the authorization catalog can be located on disk as XML file or as a SQL tables. Not going into the details , SCOM 2007 SDK uses a file store and (yes) SCOM 2012 SDK uses a SQL table store. And now the reason we dig into this all: The Authorization layer has a AUDIT trail build in !!!. Simply enable it and setup the correct audit policy and we are getting audit records…

That’s however in theory ….

The real world

Of course I have tried it out before I wrote this post. And yes we are getting audit events and yes it are events for every SDK operation and NO they do not contain parameter information. (95%not) So we can see what operation is executed but can’t see the parameters supplied with the call. For example add user X to role Y. We see the add user role operation but don’t see X and Y in the audit event. Does this make my ideas useless ?  I think not. I found out that there are still some events useable. And hopefully I can get the SCOM product team so far implementing the missing parameter logging.

Some LAB testing

I will now show you how to get the audit events.

Login to the OM2012 MNG server. Open the MMC console. And add the “Authorization Manager” snapin.


The first time you will see this below:


Now we are going to make the connection to the OM SDK Authorization Store. Remember for OM2012 this in SQL.  Right click and choose “Open Authorization Store..”


Now choose Microsoft SQL. And type in the Store name. I say it very easy but believe me this one cost me hours to find out (maybe because my IQ ;–) ). There is almost no documentation on Authorization manager and SQL connection. And for sure no information where the SCOM store is located. But never mind that’s your luck , because I share it with you guys.

The connection string format I got from http://technet.microsoft.com/en-us/library/cc770467(v=ws.10).aspx and looks like:

mssql://Driver={SQL Server};Server={SCOMSQLSERVER\INSTANCE};/OperationsManager/AzmanStore

Replace SCOMSQLSERVER\INSTANCE to the SQL server and Instance where your SCOM database is on.

Replace OperationsManager with the database name you have used for the operations manager database name while installing SCOM 2012.

For my LAB it will be :


Press OK and you are ready.

You will see the store and all it groups. Browse to AzmanStore\Microsoft System Center\Role Definitions and you will see the screen shot below. And I am sure you know it from the operations manager console!


Now press right button and select properties –> Definition. And you will see all the SDK operations (tasks) a SCOM administrator role can do. So every time the SDK receives a operations from for example the native console it will first check if this operation may be executed by this user. You can even add or change some operations.  So you can add for example Rule__Get to a normal operator so the operator can now see the rule properties. REMEMBER IF YOU DO YOU MAY LOOSE YOUR MICROSOFT SUPPORT.


If you are curios what all the operations availably in SCOM are, Go to the Add… and press Operations. Now you will see the complete list of operations. And this one is huge..


So explained all of this you may forget it quickly now. They only thing we have to do is set the auditing flag on the store. Right click on the azmanstore and choose properties.


Now go to Auditing and enable the 2 auditing boxes.


I just wanted to show you all of this because it is fun core level stuff. But as it seems this 2 boxes are enabled by default. So the next time you can skip this part too. Sorry if I wasted your time

The only real step we have to do is enabling the security auditing policy. So lets do that. First this. The audit records are written to the server eventlog where the SQL server instance is installed. So if you have a 2 box scom installation , one OM , one SQL. You must login to the SQL server to proceed. If you have a 1box scom installation you login to the OM server.

Open the Local Security Policy editor. And enable “Audit object access” for Success and Failure.  Press OK and the events will flow in.



So lets look at the events. Open the windows event viewer and go to the security logs. This will show a huge number of events. Better is to create a custom view by only selecting events with Source  MOMSDK Service Security or Task Category (3).


Now if you look at a event you will notice that it has some basic information about the operation and the user plus session it belongs too. The part that is missing for a lot of operations are the parameters belonging to the operation (Data access method) if this was supplied we where done. However I found some operations that give the missing parameter information. For example when you create a new MP you will see this event. Look at the extra info given. 


Same for the MP delete


I haven’t looked at all the operations but as far I can see now there are not a lot of operations with extended information. Again I hope it will be added soon with a service pack release.


With the solution described we can see What is done and Who has done it and When its done. The only part missing is some extra information on the What part. So we can really see what this operator is trying to do. But better than having nothing it’s a good start.

To be continued:

I am trying to convince the OM product team to look at this. Meanwhile I have a other idea I will try to work out to solve this.  I will try to post it soon.

Hope you had a good time and again…