30 Aralık 2011 Cuma

Logical Disk free space alerts don’t show percent and MB free values in the alert description

I recently wrote about the new Base OS Monitoring Packs that shipped, adding many new features and fixes for monitoring the OS. You can read more about that new release HERE. While this MP update contained many fixes and new features which are VERY beneficial in making alerts more actionable by controlling “false positives”, some of these modifications left a bit of a negative side effect.
One of the areas this new MP focused on, was changing a lot of the “average threshold” monitors to “consecutive sample” monitors. This helps control the noise when there are short term fluctuations in a performance value, or when some counters can spike tremendously for a very short time, skewing the average. So for the most part – changing these over to consecutive samples is a good thing. That said, one of the changes made was to the Logical Disk free space monitors, both for Windows Server 2003 and 2008 disks.
The script used to monitor logical disk free space in previous versions of the Monitoring Pack would output two additional propertybags for free space in MB and Percent. This was very useful, because these values could easily be added to the alert description, alert context, and health explorer. This was very beneficial, because the consumer of the alert in a notification knew precisely how much space was left for each and every alert generated. Here are some examples of how it looked previously:


Now – when the new MP shipped – this script was changed to support the new consecutive samples monitortype, and was completely re-written. When it was rewritten, the script no longer returned these propertybags, so they were removed from the alert description, alert context, and health explorer. The current MP (6.0.6958.0) looks like this:
The monitor still works perfectly as designed, and you are alerted when thresholds that you set are breached. The only negative side effect is the loss of information in the alert description.
Several customers have indicated that they preferred to have these values back in the alert description. The only real way to handle this scenario, until the signed and sealed MP gets updated at some point in the future, is to disable the built in monitor, and enable a new monitor with an alert description that you like.
I have written two addendum MP’s attached at the bottom of this article, which do exactly that – I created two new monitors (essentially the same monitors from the previous older version of the Base OS MP’s) and included two overrides which disable the existing monitors from the sealed MP’s. These two new monitors are essentially exact copies of the monitors before they got updated. They run once per hour and have all the default settings from the previous monitors.
With the addendum MP imported – health explorer looks like the following:
Note the new name for the addendum monitor, and the fact that the existing “Logical Disk Free Space” monitor is unloaded as it is disabled via override.

These addendum MP’s for Windows Server 2003 and Windows Server 2008 each simply include a script datasource, monitortype, and monitor to use instead of the items in the current sealed Base OS MP’s. These addendum MP’s are unsealed, so you have two options:
  1. Leave them unsealed, and use them as-is. This allows you to be able to tweak the monitor names, alert descriptions, and any other settings further.
  2. Seal the MP’s with your own key (recommended) after making any adjustments that you desire. This will be necessary in order to create overrides for existing groups in other MP’s should you desire to use those.

One caveat to understand – is that any overrides you have created on the existing Base OS free space monitors will have to be re-created here on these new ones. There is no easy workaround for that.
Let me know if you have any issues using these addendum MP’s (which are provided as a sample only) and I will try to address them.

Credits – to Larry Mosley at Microsoft for doing most of the initial heavy lifting writing the workaround MP.

Kevin Holman


Danielle Grandini

I want to follow a different approach to achieve a comparable thus not identical result. The goal is to not modify the original code but rather add a diagnostic and a task to the new monitors that get the MB and % free space. The major difference with Kevin solution is you won’t have the data in the alert description but in the health explorer change state context, on the other hand you should be fairly independent from any new OS MPs release.
But before digging inside the diagnostic code I want to set some points (not necessarily ordered):
  • a diagnostic is a probe that gets executed when a monitor changes its health state from healthy to warning or error. A diagnostic should not change the system state
  • the new monitors lost the ability to report on disk free space because the MPs author decided to keep the old code and then chain a filter module to change the state only if the disk stays under threshold for n (4) samples. Since there’s no generic filter module to do this in OpsMgr the author transformed the data in performance data and then used the performance specific filter System.Performance.ConsecutiveSamplesCondition. This highlights two annoyance:
    • the lack of generic filter modules for non-performance data
    • the need, to overcome this limitation, to implement persistence, when it’s needed, in every single script. The MP author should have chose this way to implement the new monitor.
But let’s return to the diagnostic stuff, we need:
  • a probe to return disk data (%free space, MB free and anything else we thing can be useful)
  • a couple of diagnostic for the warning and error states
  • a task, since it comes for free once we get the probe done
The net effect is the following:
Once you have the probe the syntax for the diagnostic is as follows:
      <Diagnostic ID="Progel.Windows.Server.2008.LogicalDisk.FreeSpace.Error.Diagnostic" Comment="List current disk allocation." Accessibility="Public" Enabled="true"
                  Target="Win2008!Microsoft.Windows.Server.2008.LogicalDisk" Monitor="Win2008Mon!Microsoft.Windows.Server.2008.LogicalDisk.FreeSpace" ExecuteOnState="Error" Remotable="true" Timeout="300">
        <ProbeAction ID="PA" TypeID="QND.Library.DiskSpaceGet.PT">
      <Diagnostic ID="Progel.Windows.Server.2008.LogicalDisk.FreeSpace.Warning.Diagnostic" Comment="List current disk allocation." Accessibility="Public" Enabled="true"
                  Target="Win2008!Microsoft.Windows.Server.2008.LogicalDisk" Monitor="Win2008Mon!Microsoft.Windows.Server.2008.LogicalDisk.FreeSpace" ExecuteOnState="Warning" Remotable="true" Timeout="300">
        <ProbeAction ID="PA" TypeID="QND.Library.DiskSpaceGet.PT">
I just want to highlight the Diagnostic is state specific, so you have two different diagnostics one for Error state and the other one for Warning state. All the other parameters are pretty straightforward.

Network utilization scripts in BaseOS MP version 6.0.6958.0 may cause high CPU utilization

One of the changes in this newer version of the MP is the addition of a new datasource module, which runs a script to output the Network Adapter Utilization. The name of the datasource is “Microsoft.Windows.Server.2008.NetworkAdapter.BandwidthUsed.ModuleType”. This datasource module uses the timed script property bag provider, along with a generic mapper condition detection. The script name is: “Microsoft.Windows.Server.NetwokAdapter.BandwidthUsed.ModuleType.vbs”

There are 3 rules, and 3 monitors for each OS (2003 and 2008), which utilize this datasource:
  • Rules:
    • Microsoft.Windows.Server.2008.NetworkAdapter.PercentBandwidthUsedReads.Collection (Percent Bandwidth Used Read)
    • Microsoft.Windows.Server.2008.NetworkAdapter.PercentBandwidthUsedWrites.Collection (Percent Bandwidth Used Write)
    • Microsoft.Windows.Server.2008.NetworkAdapter.PercentBandwidthUsedTotal.Collection (Percent Bandwidth Used Total)
    • Microsoft.Windows.Server.2003.NetworkAdapter.PercentBandwidthUsedReads.Collection (Percent Bandwidth Used Read)
    • Microsoft.Windows.Server.2003.NetworkAdapter.PercentBandwidthUsedWrites.Collection (Percent Bandwidth Used Write)
    • Microsoft.Windows.Server.2003.NetworkAdapter.PercentBandwidthUsedTotal.Collection (Percent Bandwidth Used Total)
  • Monitors:
    • Microsoft.Windows.Server.2008.NetworkAdapter.PercentBandwidthUsedReads (Percent Bandwidth Used Read)
    • Microsoft.Windows.Server.2008.NetworkAdapter.PercentBandwidthUsedWrites (Percent Bandwidth Used Write)
    • Microsoft.Windows.Server.2008.NetworkAdapter.PercentBandwidthUsedTotal (Percent Bandwidth Used Total)
    • Microsoft.Windows.Server.2003.NetworkAdapter.PercentBandwidthUsedReads (Percent Bandwidth Used Read)
    • Microsoft.Windows.Server.2003.NetworkAdapter.PercentBandwidthUsedWrites (Percent Bandwidth Used Write)
    • Microsoft.Windows.Server.2003.NetworkAdapter.PercentBandwidthUsedTotal (Percent Bandwidth Used Total)

Only the “Total” rules and monitors are enabled by default, the Read/Write workflows are disabled out of the box by design.

The good:

This new functionality is cool because it allows us to monitor the total utilization based on the network bandwidth as a percentage of the “total pipe”, report on this, and view the data in the console:


The issue:

Since there is no direct perfmon data to collect this, the information must be collected via script. I wrote about how to write this yourself HERE.
There are 4 known issues with this script in the current Base OS MP, which can cause problems in some environments:

1. When the script executes – it consumes a high amount of CPU (WMIPrvse.exe process) for a few seconds.
2. The script does not support cookdown, so it runs a cscript.exe process and an instance of the script for EACH and every network adapter in your system (physical or virtual). This makes the CPU consumption even higher, especially for systems with a large number of network adapters (such as Hyper-V servers).
3. The script does not support teamed network adapters very well, as they are manufacturer/driver dependent, and are often missing the WMI classes expected by the script, so you will see errors on each script execution, about “invalid class”
4. On some Windows 2003 servers, people have reported this script eventually causes a fault in netman.dll, and this can subsequently cause some additional services to fault/stop.

From a CPU perspective – below is an example Hyper-V server with multiple NIC’s. I set the rule and monitor which use this script to run every 30 seconds for demonstration purposes (they run every 5 minutes by default).

You can see WMI (and the total CPU) spiking every 30 seconds.
After disabling all the rules and monitors which utilize this data source, we see the following from the same server:

Based on these issues, I’d probably recommend disabling these rules AND monitors for Windows 2003 and Windows 2008. They seem to create a bit more impact than the usefulness of the data they provide.

Kevin Holman

5 Kasım 2011 Cumartesi

MP2XMLPRO Management Pack Conversion Tool

MP2XMLPRO is a GUI based tool I created to export MP files to XML.
Currently you can do this with Boris’s PowerShell script or the MPDumper tool.  I only need to convert management packs once in a while and I often find myself wasting time trying to remember the correct syntax for these tools.  This new GUI based tool makes it simple.

Download: Link

Scom Agent High Cpu Usage....


Consider the following scenario:
  1. An application or service runs in Windows Server 2008, Windows Vista, Windows XP Service Pack 3 (SP3) or another system that has Microsoft XML Core Services (MSXML) 6.0 installed.
  2. The application or service uses MSXML 6.0 to handle XML requests.
In heavy stress situations, the CPU usage of an application or service reaches 100 percent. If this problem occurs on a uniprocessor computer, the whole system stops responding. If this problem occurs on a multiprocessor computer, the whole system encounters high CPU usage. In Task Manager, you may see that the CPU usage of one processor is 100 percent.

For example, the MonitoringHost.exe process in the System Center Operations Manager 2007 encounters high CPU usage because of this problem.

26 Ekim 2011 Çarşamba

Error 25211. Failed to install performance counters..

Error 25211. Failed to install performance counters..

25211 hatasını alıyorsanız ve sunucu üzerinde Cisco Secure Monitor Service (CSMon) varsa bu servisi install işlemi sırasında durdurmanız gerekiyor.

22 Ekim 2011 Cumartesi

OpsMgr (Custom) Reporting Links

Stefan Stranger Blog:

And you can also download the OpsMgr Authoring Reporting Guide:http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=19bd0eb5-7ca0-41be-8c0f-2d95fe7ec636

System Center Operations Manager 2007 R2 Connectors

The System Center Operations Manager 2007 R2 Connectors provide System Center Operations Manager 2007 R2 alert forwarding to remote systems, such as an Enterprise Management System (EMS) or service desk system.

Quick details

Version:1.0Date Published:7/24/2009
File NameSize
SCInterop_R2_RTM.exe188.0 MBDOWNLOAD


Operations Manager 2007 R2 Connectors provide Operations Manager 2007 R2 alert forwarding to remote systems, such as an Enterprise Management System (EMS) or a service desk system. After Operations Manager 2007 R2 forwards an alert to a remote system, that alert data is synchronized throughout the lifetime of the alert. The result of that data synchronization is a robust and seamless systems management environment. Such an environment enables cross-organization support processes to take advantage of the resources and strengths of formerly independent support groups. The ultimate effect is improved enterprise systems health through improved organizational communication.

Sharing data between Operations Manager 2007 R2 and remote systems enables enterprise correlation of events from Windows-based systems, hardware, network, and UNIX and Linux systems. Correlating these events allows IT staff to determine the causes of issues and reduce the time to resolution of IT outages.

Synchronization of data between Operations Manager 2007 R2 and remote systems also enables operational groups to use familiar management interfaces. Users update an alert by using their management tool, and the data is updated in tools that are used by other operational groups.

This release of the Operations Manager 2007 R2 Connectors includes the following Connectors:
  • Microsoft System Center Operations Manager 2007 R2 Connector for IBM Tivoli Enterprise Console
  • Microsoft System Center Operations Manager 2007 R2 Connector for HP OpenView Operations for Unix
  • Microsoft System Center Operations Manager 2007 R2 Connector for HP OpenView Operations for Windows
  • Microsoft System Center Operations Manager 2007 R2 Connector for BMC Remedy ARS
  • Microsoft System Center Operations Manager 2007 R2 Universal Connector

Feature Summary:
  • Operations Manager 2007 R2 alerts are forwarded to a remote system.
  • Operations Manager 2007 R2 alerts are synchronized with remote systems throughout the lifetime of the alert.
  • Failover to backup remote system servers is supported.
  • The High Availability feature supports failover to secondary Connectors that are installed on other servers in the Operations Manager 2007 R2 domain.
  • Multiple Operations Manager 2007 R2 management groups that are communicating with a single remote system are supported.
  • Multiple different remote systems can be supported with multiple Connectors that are installed in one Operations Manager 2007 R2 management group.
  • Delivery of Operations Manager 2007 R2 alerts is guaranteed by requiring acknowledgement from remote systems.
  • The Connector user interface that is integrated into the Operations Manager 2007 R2 console provides the following functionality:
    • Connector health status can be monitored in the Operations Manager 2007 R2 console by using Connector management packs.
    • Connector configuration is limited to Operations Manager 2007 R2 administrators.
    • Operations Manager 2007 R2 servers, remote system servers, and High Availability Connectors can be configured for communications.
    • Alerts forwarding is configured by selecting alert fields, mapping severity, and mapping resolution states to equivalents in a remote system.
    • Selected alerts can be forwarded manually from the Operations Manager 2007 R2 console.
    • The Operations Manager 2007 R2 Product Connector Subscription wizard allows automatic forwarding of Operations Manager 2007 R2 alerts.
    • The Product Connector Subscription wizard allows separate alert forwarding for multiple Connectors.

System requirements

Supported Operating Systems: Windows Server 2003, Windows Server 2008
System Center Operations Manager 2007 R2 Environment System Requirements: 
  • System Center Operations Manager 2007 R2
  • The Connector Service and the Configuration UI components must be installed on computers running Windows Server 2003 SP1 or greater or Windows Server 2008 operating systems
  • The Configuration UI component must be installed on a server on which the Operations Manager 2007 R2 Operations Console is installed
  • An instance of Microsoft SQL Server 2005 must be available within the given Operations Manager 2007 R2 domain
  • .NET Framework 3.0 SP1 or a later version
  • The English version of Microsoft Visual C++ 2008 Redistributable Package (x86) if Visual C++ 2008 is not installed
  • WS-Management 1.1
Supported Enterprise Management System Versions and Platforms: 
  • Operations Manager 2007 R2 Connector for IBM Tivoli Enterprise Console
    • Tivoli Framework 4.1 or 4.11
    • Tivoli Enterprise Console 3.9 on Windows Server 2003, Solaris SPARC 10, or AIX 5.3
  • Operations Manager 2007 R2 Connector for HP OpenView Operations for Windows
    • OVO for Windows 7.5 or 8.x on Windows Server 2003
  • Operations Manager 2007 R2 Connector for HP OpenView Operations for Unix
    • OVO 8.x for Unix on HPUX 11i v2 and 11i v3 (Itanium & PA-RISC), or Solaris SPARC 10
  • Operations Manager 2007 R2 Connector for BMC Remedy ARS
    • Help Desk 6.3 or Service Desk 7.1 running on Windows Server 2003
  • Operations Manager 2007 R2 Universal Connector
    • Supports connections to systems running on the following platforms:
      • Windows Server 2003
      • Windows Server 2008
      • Solaris SPARC 10
      • AIX 5.3
      • HPUX 11i v2 (Itanium & PA-RISC)
      • HPUX 11i v3 (Itanium & PA-RISC)
      • RHEL 5
      • SLES 10
Windows-based Interop Provider System Requirements:
  • Windows Server 2003 SP1 or greater or Windows Server 2008 operating systems
  • The English version of Microsoft Visual C++ 2008 Redistributable Package (x86) if Visual C++ 2008 is not installed
  • WS-Management 1.1
Unix/Linux-based Interop Provider System Requirements: 
  • Supported Platforms for HP Operations Manager Connector:
    • HP-UX 11i v3 (IA64 & PA-RISC)
    • HP-UX 11i v2 (IA64 & PA-RISC)
    • Solaris 10 SPARC
  • Supported Platforms for IBM Tivoli Enterprise Console Connector:
    • IBM AIX 5.3
    • Solaris 10 SPARC
  • Supported Platforms for the Universal Connector:
    • IBM AIX 5.3
    • Solaris 10 SPARC
    • HP-UX 11i v3 (IA64 & PA-RISC)
    • HP-UX 11i v2 (IA64 & PA-RISC)
    • RHEL 5.1
    • SLES 10 SP1
  • Unix/Linux OS Package Dependencies:
    • IBM AIX 5.3
      • xlC.rte minimum version
      • openssl.base minimum version
    • HP-UX 11i v2 IA86
      • HPUXBaseOS minimum version B.11.23
      • HPUXBaseAux minimum version B.11.23.0706
      • HPUXBaseAux.openssl minimum version A.00.09.07l.003
      • PAM
    • HP-UX 11i v2 PA-RISC
      • HPUX11i-OE minimum version B.11.23.0706
      • OS-Core.MinimumRuntime.CORE-SHLIBS minimum version B.11.23
      • HPUXBaseAux minimum version B.11.23.0706
      • HPUXBaseAux.openssl minimum version A.
      • PAM
    • HP-UX 11i v3 IA86
      • HPUX11i-OE minimum version B.11.31. 0709
      • OS-Core.MinimumRuntime.CORE-SHLIBS minimum version B.11.31
      • SysMgmtMin minimum version B.11.31.0709
      • SysMgmtMin.openssl minimum version A.00.09.08d.002
      • PAM
    • HP-UX 11i v3 PA-RISC
      • HPUX11i-OE minimum version B.11.31
      • OS-Core.MinimumRuntime.CORE2-SHLIBS minimum version B.11.31
      • openssl/Openssl.openssl minimum version A.00.09.08d.002
      • PAM
    • RHEL 5.1
      • Gcc minimum version 4.1.1-52.el5
      • Glibc minimum version 2.5-12
      • Openssl minimum version 0.9.8b-8.3.el5
      • PAM minimum version
    • Solaris 10 SPARC
      • Required OS patch 117463-05
      • SPROcpl minimum version 11.0,REV=2005.10.13
      • SUNWlibC minimum version 5.10, REV=2004.12.22
      • SUNWlibms minimum version 5.10, REV=2004.11.23
      • SUNWlibmsr minimum version 5.10, REV=2004.11.23
      • SUNWcslr minimum version 11.10.0, REV=2005.
      • SUNWcsl minimum version 11.10.0, REV=2005.
      • OpenSSL minimum version 11.10.0,REV=2005.
      • PAM minimum version 11.10.0, REV=2005.
    • SLES 10
      • glibc-2.4-31.30 minimum version 2.4-31.30
      • OpenSSL minimum version 0.9.8a-18.15
      • PAM minimum version

To install this download:


  1. Download this file by clicking the Download button and saving to the necessary system(s).
  2. Double-click the downloaded file to extract the download and provide the HTML document with the necessary component(s) for the Interop Connectors.
  3. Select the specific Interop Provider components and copy to the Interop Provider system.
  4. Install the Interop Provider via the instructions in the Deployment Guide
  5. Select the Connector Service/Configuration UI components and copy to the appropriate system in your SCOM 2007 R2 environment
  6. Install the Connector Service/Configuration UI via the instructions in the Deployment Guide

Stefan Stranger Blog:


10 Ekim 2011 Pazartesi

System Center Monitoring Pack for Active Directory (AD)

The Monitoring Pack for Active Directory (AD) monitors Windows 2000 Server, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 domain controllers.

Quick details

Version: 6.0.7670.0 Date Published: 10/6/2011

Files in this download

The links in this section correspond to files available for this download. Download the files appropriate for you.
File Name Size
Active Directory Management Pack.msi 1.0 MB Download
System Center Monitoring Pack for Microsoft Active Directory.docx 229 KB Download


The Monitoring Pack for Active Directory (AD) provides both proactive and reactive monitoring of your Active Directory deployment. It monitors events that various Active Directory components and subsystems place in the Application, System, and Service event logs. It also monitors the overall health of the Active Directory system and provides alerts for critical performance issues.

The monitoring that this monitoring pack provides includes monitoring of domain controllers and monitoring of health from the perspective of clients that use Active Directory resources. To monitor domain controllers, ADMP provides a predefined, ready-to-run set of processing rules, monitoring scripts, and reports that are designed specifically to monitor the performance and availability of domain controllers.

Because client computers in your Active Directory environment can experience connectivity and service issues even when domain controllers appear to be operating correctly, ADMP includes the Active Directory Client Management Pack, which can help you identify such issues. The Active Directory Client Management Pack monitors the services that domain controllers provide. It provides information—in addition to the information that is collected directly on the domain controllers—about whether domain controllers are available by running transactions, such as Lightweight Directory Access Protocol (LDAP) binds and pings, against the directory service.

The September 2011 revision of the Monitoring Pack for Active Directory includes the following additions:

  • Fixes to problems reported by customers
  • Fixes to architectural issues to facilitate future SCOM releases.

Feature Summary
  • Replication
  • Lightweight Directory Access Protocol (LDAP)
  • Domain Controller Locator (DCLocator)
  • Trusts
  • Net Logon service
  • File Replication Service (FRS)
  • Intersite Messaging service
  • Windows Time service
  • Key Distribution Center (KDC)
  • Service availability monitoring
  • Key performance data collection
  • Comprehensive reports, including reports about service availability and service health, plus reports that you can use for capacity planning

Known Issues for Localized Releases
  • For DEU language pack, data does not show in the following reports: "AD Domain Controllers", "AD Replication Site Links", and "AD Role Holders."
  • For FRA, RUS, DEU, ESN, and PTB language packs, some parameters for discoveries may not be displayed in override properties.

Release History
  • 3/23/2007 - Initial Release, version 6.0.5000.0
  • 1/15/2008 - Updated Guide - same version
  • 03/17/2008 - QFE, version 6.0.6278.3
  • 03/26/2008 - QFE, version 6.0.6278.10
  • 11/7/2008 - Initial release for 2000/2003/2008, version 6.0.6452.0
  • 11/3/2009 - Updated release, version 6.0.7065.0, with added Windows Server 2008 R2 support
  • 10/6/2011 - Updated release, version 6.0.7670.0, with fixes to bugs reported by customers and architectural issues to facilitate future Operations Manager's releases

System requirements

Supported Operating Systems: Windows Server 2003, Windows Server 2003 R2 (32-Bit x86), Windows Server 2003 R2 x64 editions, Windows Server 2008, Windows Server 2008 R2

  • Other Supported Systems:
    • Virtual environment
    • Clustered servers
    • Writeable domain controllers
    • Read-only domain controller (RODC)
    • Domain member computers (Client and Server)
    Note: Agentless monitoring and stand-alone or workgroup member computers are not supported. Important: Migration from Microsoft Operations Manager (MOM) 2005 to Systems Center Operations Manager 2007 is not supported, but a side-by-side installation of these two products is supported. All support is subject to the Microsoft overall Help and Support life cycle and the Operations Manager 2007 R2 Supported Configurations document.


Download the monitoring pack, install the monitoring pack package, and follow the included User Guide. For more information, see How to Import a mornitoring Pack in Operations Manager 2007.

Note: Prior to install any new language packs, previous installed language packs have to be uninstalled first.

This is the first MP update for Active directory we have seen in two years. This MP update contains mostly fixes to the top reported customer issues in the MP’s.
As the ADMP is a very large and complex MP with a lot of moving parts, I recommend you consider giving sufficient time and attention in testing this MP in your lab, test, and dev environments before migration into production.

From the ADMP guide:
Fixes to problems reported by customers:
  • Active Directory databases larger than 4 GB reported incorrectly.
  • 20% of the alerts are not triggered due to wrong event ID mapping.
  • Performance data is not collected due to wrong event ID mapping.
  • Performance counter selected by default is wrong.
  • Time skew alert is not triggered due to script defect.
  • Operation master monitor is broken due to script defect.
  • Frequent operation master alert description misspelled.
Fixes to architectural issues to facilitate future System Center Operations Manager releases:
  • Discovery interval for client perspectives set to larger values.
  • Discovery scheduler class is used on several discoveries.
  • Views target a custom AD DS MP class instead of System.Entity.
  • Reports target a custom AD DS MP class instead of System.Entity.
  • Some discovery targets will not change Properties.
If you were running a custom override addendum MP, like the one posted at *** then you will not need this anymore, as the MP has been updated to resolve this key issue.

I ran a DIFF on the majority of the files – and I didn’t see anything sticking out that wasn’t covered above. There is a new or changed report for replication bandwidth, but that’s about all I noticed.

ADMP for Windows Server 2008 – Alerts not generated for some Rules
I recently found that many Event Log rules in the Active Directory Management Pack for Windows Server 2008 (version 6.0.7065.0) do not work correctly, resulting no alert being generated for these rules. This is happening because the MP uses the old event sources from Server 2003 in its event rules, rather than the new ones for Server 2008/R2.
The existing event monitoring rules filter on the PublisherName property rather than the EventSourceName property.
For example:
NTDS Replication

should read:

NTDS Replication

I’ve written an “Addendum” Management Pack that contains corrected versions of all of these rules. You’ll just need to import this MP into your environment and leave the original one in place.
This problem should be fixed with the next release of the ADMP.
Attached to this blog is an unsealed version of my “Addendum” MP.

4 Ekim 2011 Salı

OpsMgr: MP Update: New Base OS MP 6.0.6957.0 adds Cluster Shared Volume monitoring, BPA, new reports, and many other changes

Get it from the download center here:  http://www.microsoft.com/download/en/details.aspx?id=9296

This really looks like a nice addition to the Base OS MP’s.  This update centers around a few key areas for Windows 2008 and 2008 R2:

  • Adds Cluster Shared Volume discovery and monitoring for free space and availability.  This is critical for those Hyper-V clusters on Server 2008 R2.
  • Adds a new monitor to execute the Windows Best Practices Analyzer for different discovered installed Roles, and then generate alerts until these are resolved.
  • Changes to many built in rules/monitors, to reduce noise, database space and I/O, and increase a positive “out of the box” experience.  Also added a few new monitors and rules.
  • Changes to the MP Views – removing some old stuff and adding some new
  • Addition of some new reports – way cool

Let take a look at these changes in detail:

Cluster Share Volume discovery and monitoring:
We added a new discovery and class for cluster shared volumes:

We added some new monitors for this new class:

NTFS State Monitor and State monitor are disabled by default.  The guide states:
  • This monitor is disabled as normally the state of the NTFS partition is not needed (Dirty State notification).
  • This monitor is disabled as it when enabled it may cause false negatives during backups of the Cluster Shared Volumes
I’d probably leave these turned off.  Smile

The free space monitoring for CSV’s is different than how we monitor Logical disks.  This is good – because CSV’s are hosted by the cluster virtual resource name, not by the Node, as logical disks are handled.   What CSV’s have is two monitors, which both run a script every 15 minutes, and compare against specific thresholds.  Free space % is 5 (critical) and 10 (warning) while Free space MB is 100 (critical) and 500 (warning) by default.  Obviously you will need to adjust these to what’s actionable in your Hyper-V cluster environment.
BOTH of these unit monitors act and alert independently, as seen in the above graphic for state, and below graphic for alerts:

Some notes on how free space monitoring of CSV’s work:
  • Each unit monitor has state (critical or warning) and generate individual alerts (warning ONLY)
  • There is an aggregate rollup monitor (Cluster Share Volume – Free Space Rollup Monitor) that will roll up WORST STATE of any member, and ALSO generate alerts, when the WORST state rolls up CRITICAL.  This is how we can generate warning alerts to notify administrators, but then also generate a new, different CRITICAL alert for when error thresholds are breached.  I really like this new design better than the Logical Disk monitoring…. it gives the most flexibility to be able to generate warning and critical alerts when necessary.  Perhaps you only email notify the warning alerts, but need to auto-create incidents on the critical.  The only downside is that if a CSV volume fills up and breaches all thresholds in a short time frame, you will potentially get three alerts.

There are also collection rules for the CSV performance:

Best Practices Analyzer monitor:

A new monitor was added to run the Best Practices Analyzer.  You can read more about the BPA here:

We can open Health Explorer and get detailed information on what's not up to snuff:


Alternatively – we can run this task on demand to ensure we have resolved the issues:


Changes to built in Monitors and Rules:

Many rules and monitors were changed from a default setting, to provide a better out of the box experience.  You might want to look at any overrides you have against these and give them a fresh look:
  • “Logical Disk Availability Monitor” renamed to “File System error or corruption”
  • “Avg Disk Seconds per Write/Read/Transfer” monitors changed from Average Threshold monitortype to Consecutive Samples Threshold monitortype.
    • This is VERY good – this stops all the noise for the default enabled Sec/Transfer monitor, caused by momentary perf spikes.
    • The default threshold is set to “0.04” which is 40ms latency.  This is a good generic rule of thumb for the typical server.
    • The default sample rate is once per minute, for 15 consecutive samples.
    • Note – make sure you implement or at least evaluate hotfixes 2470949 or 2495300 for 2008R2 and 2008 Operating systems, which affect these disk counters.
    • Make sure you look at any overrides you had previously set on these – as they likely should be reviewed to see if they are still needed.
  • Disabled “Percentage Committed Memory in Use” monitor
    • This monitor used to change state when more than 80% of memory was utilized.  This created unnecessary noise due the fact that more and more server roles utilize all available memory (SQL, Exchange) and this monitor was not always actionable.
  • Disabled “Total Percentage Interrupt Time” and “Total DPC Time Percentage”. 
    • These monitors would often generate alert and state noise in heavily virtualized environments, especially when the CPU’s are oversubscribed or heavily consumed temporarily.  These were turned off by default, because there are better performance counters at the Hypervisor host level to track this condition than these OS level counters.
  • Added “Free System Page Table Entries” and “Memory Pages per Second” monitors.  These are both enabled out of the box to track excessive paging conditions.  Also added MANY perf collection rules targeting memory counters, some disabled by default, some enabled.
  • “Total CPU Utilization Percentage” monitor was increased from 3 to 5 samples.  The timeout was shortened from 120 to 100 seconds (to be less than the interval of 120 seconds).
  • Disabled the following perf counter collection rules by default:
    • Avg Disk Sec/Write
    • Avg Disk Sec/Read
    • Disk Writes Per Second
    • Disk Reads Per Second
    • Disk Bytes Per Second
    • Disk Read Bytes Per Second
    • Disk Write Bytes Per Second
    • Average Disk Read Queue Length
    • Average Disk Write Queue Length
    • Average Disk Queue length
    • Logical Disk Split I/O per second
    • Memory Commit Limit
    • Memory Committed Bytes
    • Memory % Committed Bytes in use
    • Memory Page Reads per Second
    • Memory Page writes per second
    • Page File % use
    • Pages Input per second
    • Pages output per second
    • System Cache Resident Bytes
    • System Context Switches per second
  • Enabled the following perf counter collection rules by default:
    • Memory Pool Paged Bytes
    • Memory Pool Non-Paged bytes

A full list of all disabled rules, monitors and discoveries is available in the guide in the Appendix section.  The disabling of all these logical disk and memory perf collections is AWESOME.  This MP really collected more perf data than most customers were ready to consume and report on.  By including these collection rules, but disabling them, we are saving LOTS of space in the databases, valuable transactions per second in SQL, network bandwidth, etc… etc..  Good move.  If a customer desires them – they are already built and a quick override to enable them is all that’s necessary.  Great work here.  I’d like to see us do more of this out of the box from a perf collection perspective.

Added 10/3 - I just found some more changes to the MP’s:
  • The Windows Computer discovery added a “ProductType <> WinNT” to further filter out incorrect discoveries.
  • The Windows Disk partition discovery changed a propertyname from “Bootable” to “BootPartition” to fix an old issue.
  • Added a new Monitortype for NetworkAdapter.PercentBandwidthUsed
  • Memory Available megabytes script was updated.
  • Minor update to the Logical disk defrag monitor
  • Modified the tolerances and ToleranceTypes of several optimized performance collection rules.

Changes to MP views:

The old on the left – new on the right:

Top level logical disk and network adapter state views removed.
Added new views for Cluster Shared Volume Health, and Cluster Shared Volume Disk Capacity.

New Reports!  Performance by system, and Performance by utilization:

There are two new reports deployed with this new set of MP’s (provided you import the new reports MP that ships with this download – only available from the MSI and not the catalog)

To run the Performance by System report – open the report, select the time range you’d like to examine data for, and click '”Add Object”.  This report has already been filtered only to return Windows Computer objects.  search based on computer name, and add in the computer objects that you’d like to report on.  On the right – you can pick and choose the performance objects you care about for these systems.  We can even show you if the performance value is causing an unhealthy state – such as my Avg % memory used – which is yellow in the example:

Additionally – there is a report for showing you which computers are using the most, or the least resources in your environment.  Open “Performance by Utilization”, select a time range, choose a group that contains Windows Computers, and choose “Most”.  Run that, and you get a nice dashboard – with health indicators – of which computers are consuming the most resources, and potentially also impacted by this:
Using the report below – I can see I have some memory issues impacting my Exchange server, and my Domain Controller is experiencing disk latency issues.

By clicking the DC01 computer link in the above report – it takes me to the “Performance by System” report for that specific computer – very cool!

In summary – the Base OS MP is already a rock solid management pack.  This made some key changes to make the MP even less noisy out of the box, and added critical support for discovering and monitoring Cluster Shared Volumes.

Known Issues in this MP:

1.  A note on upgrading these MP’s – I do not recommend using the OpsMgr console to show “Updates available for Installed Management Packs”.  The reason for this, is that the new MP’s shipping with this update (for CSV’s and BPA) are shipped as new, independent MP’s…. and will not show up as needing an update.  If you use the console to install the updated MP’s – you will miss these new ones.  This is why I NEVER recommend using the Console/Catalog to download or update MP’s…. it is a worst practice in my personal opinion.  You should always download the MSI from the web catalog at http://systemcenter.pinpoint.microsoft.com  and extract them – otherwise you will likely end up missing MP’s you need.

2.  There might be an issue when you try and execute the reports:
An error has occurred during report processing
Query execution failed for dataset ‘PerfDS’ or Query execution failed for dataset ‘PerformanceData’
The EXECUTE permission was denied on the object ‘Microsoft_SystemCenter_Report_Performace_By_System’, database ‘OperationsManagerDW’, schema ‘dbo’.
I recommend enabling remote errors on you reporting server so the report output will show you the full details of the error:  http://technet.microsoft.com/en-us/library/aa337165.aspx   (without remote errors enabled – you might only see the top two lines in the error above)

This is due to a security permission on the new stored procedures which are deployed with this report. Thanks to PFE Tim McFadden for bringing this to my attention and to PFE Antoni Hanus for determining a resolution before we even had a chance to look into it:
  • Open SQL Mgmt Studio and connect to the SQL server hosting the Data Warehouse (OperationsManagerDW)
  • Navigate to OperationsManagerDW > Programmability > Stored Procedures > dbo.Microsoft_SystemCenter_Report_Performace_By_System

  • Right click dbo.Microsoft_SystemCenter_Report_Performace_By_System and choose Properties
  • Click the Permissions Page. Click the Search button. Hit Browse. Check [OpsMgrReader] and Click OK. Click OK again.

  • Click the check box in the Grant column for EXECUTE in the Permission row. It should look like this:

  • Click Ok
  • Repeat steps 3-9 above - for the stored procedure dbo.Microsoft_SystemCenter_Report_Performace_By_Utilization

If you are getting a specific error about “System.Data.SqlClient.SqlException: Procedure or function Microsoft_SystemCenter_Report_Performace_By_Utilization has too many arguments specified” that is still under investigation.

3.  The logical disk free space monitortypes for both Windows 2003 and Windows 2008 were re-written.  These we changed to a consecutive samples monitortype.  However – in doing the modifications –  several changes were made that might cause an impact:
The following three override-able properties were changed:
  • DebugFlag – removed
  • TimeoutSeconds – removed
  • SystemDriveWarningMBytesThreshold – renamed to “SystemDriveWarningMBytesTheshold”  (I am sure this wasn’t by design)
If you previously had overrides referencing any of these properties before, you might get an error when importing or modifying your existing override MP:
Date: 10/3/2011 2:14:21 PM
Application: System Center Operations Manager 2007 R2
Application Version: 6.1.7221.81
Severity: Error

: Verification failed with [1] errors:
Error 1:
: Failed to verify Override [OverrideForMonitorMicrosoftWindowsServer2003LogicalDiskFreeSpaceForContextMicrosoftWindowsServer2003LogicalDisk02b92b47f8f74b2393f88f6a673823f5].
Cannot find OverridableParameter with name [SystemDriveWarningMBytesThreshold] defined on [Microsoft.Windows.Server.2003.FreeSpace.Monitortype]

Failed to verify Override [OverrideForMonitorMicrosoftWindowsServer2003LogicalDiskFreeSpaceForContextMicrosoftWindowsServer2003LogicalDisk02b92b47f8f74b2393f88f6a673823f5].Cannot find OverridableParameter with name [SystemDriveWarningMBytesThreshold] defined on [Microsoft.Windows.Server.2003.FreeSpace.Monitortype]
: Failed to verify Override [OverrideForMonitorMicrosoftWindowsServer2003LogicalDiskFreeSpaceForContextMicrosoftWindowsServer2003LogicalDisk02b92b47f8f74b2393f88f6a673823f5].
Cannot find OverridableParameter with name [SystemDriveWarningMBytesThreshold] defined on [Microsoft.Windows.Server.2003.FreeSpace.Monitortype]
: Cannot find OverridableParameter with name [SystemDriveWarningMBytesThreshold] defined on [Microsoft.Windows.Server.2003.FreeSpace.Monitortype]
You will be stuck and will not be able to save any more overrides to that MP until you resolve the issue.
You MUST export the XML of your broken override MP at this point.  In the XML – search for:  “SystemDriveWarningMBytesThreshold”
Modify the following:
change it to:
Save the modified XML, and reimport.  (always save a backup copy FIRST before making any changes!)  You will now be able to use your existing override MP again.
If your issues was caused by the fact you have overridden timeout or debugflag – then simple delete those overrides in XML.

4.  The knowledge is out of date for the new default values in the free space monitors.  The changed values are referenced below:
ParameterDefault Value
System Drive Error Mbytes Threshold100  (now 300)
System Drive Error Percent Threshold5
System Drive Warning Mbytes Threshold200 (now 500)
System Drive Warning Percent Threshold10
Non-System Drive Error Mbytes Threshold1000
Non-System Drive Error Percent Threshold5
Non-System Drive Warning Mbytes Threshold2000
Non-System Drive Warning Percent Threshold10

5.  The BPA monitors can be noisy for Server 2008R2 systems.
The new BPA monitor runs a powershell script that calls the built in BPA in the Server 2008 R2 operating System.  It runs this once per day.  It does not have any capability to filter out known configurations or BPA issues that you choose not to resolve.  While the UI provides the ability to create exclusions for specific issues in the BPA results, this monitor does not support that functionality.  The result is, that this monitor could cause a large percentage of your servers to generate an alert and enter a warning state.  This is designed as a very simple monitor to bring attention to the BPA in Server 2008 R2, and to recommend adherence to best practices.  If you don’t want this monitor to generate alerts or affect health state – then disable this monitor via overrides.

6.  The “performance by utilization” report section dealing with Logical Disk % Idle time is flip-flopped…. in “Most Utilized” it reports “%100” as the highest, descending down to smaller numbers.  When in fact, 100% idle is NOT utilized at all.  The same issue shows up with the “least utilized” report model.  So for now – these specific values don’t work in a helpful manner.  However, as a workaround – you can still run a “performance top objects” report for this same counter, and choose “top N” and “bottom N” in the report to gain access to the same data.