30 Aralık 2016 Cuma

Adding custom information to alert description (s) and notifications

Alert Description Variables:

For event Rules:
EventDisplayNumber (Event ID):             $Data/EventDisplayNumber$ 
EventDescription (Description):               $Data/EventDescription$ 
Publisher Name (Event Source):              $Data/PublisherName$ 
EventCategory:                                    $Data/EventCategory$ 
LoggingComputer:                                $Data/LoggingComputer$ 
EventLevel:                                          $Data/EventLevel$ 
Channel:                                              $Data/Channel$ 
UserName:                                           $Data/UserName$ 
EventNumber:                                      $Data/EventNumber$ 
Event Time:                                          $Data/@time$

For event Monitors:
EventDisplayNumber (Event ID):            $Data/Context/EventDisplayNumber$ 
EventDescription (Description):              $Data/Context/EventDescription$ 
Publisher Name (Event Source):             $Data/Context/PublisherName$ 
EventCategory:                                    $Data/Context/EventCategory$ 
LoggingComputer:                                $Data/Context/LoggingComputer$ 
EventLevel:                                         $Data/Context/EventLevel$ 
Channel:                                             $Data/Context/Channel$ 
UserName:                                          $Data/Context/UserName$ 
EventNumber:                                     $Data/Context/EventNumber$ 
Event Time:                                         $Data/Context/@time$

For Repeating Event Monitors:
EventDisplayNumber (Event ID):              $Data/Context/Context/DataItem/EventDisplayNumber$
EventDescription (Description):                $Data/Context/Context/DataItem/EventDescription$ 
Publisher Name (Event Source):              $Data/Context/Context/DataItem/PublisherName$ 
EventCategory:                                      $Data/Context/Context/DataItem/EventCategory$ 
LoggingComputer:                                  $Data/Context/Context/DataItem/LoggingComputer$
EventLevel:                                            $Data/Context/Context/DataItem/EventLevel$ 
Channel:                                                $Data/Context/Context/DataItem/Channel$ 
UserName:                                             $Data/Context/Context/DataItem/UserName$ 
EventNumber:                                         $Data/Context/Context/DataItem/EventNumber$
  
Performance Threshold Monitors:
Object (Perf Object Name):                    $Data/Context/ObjectName$ 
Counter (Perf Counter Name):                $Data/Context/CounterName$ 
Instance (Perf Instance Name):              $Data/Context/InstanceName$ 
*Value (Perf Counter Value):                  $Data/Context/Value$  
**Last Sampled Value                            $Data/Context/SampleValue$
*Value will show the actual performance value for simple and avg monitors.  It will show number of samples for consecutive threshold monitors. 
**Last Sampled Value works to show the last value evaluated in a consecutive sample value monitor.

Service Monitors:
Service Name                         $Data/Context/Property[@Name=’Name’]$ 
Service Dependencies             $Data/Context/Property[@Name=’Dependencies’]$ 
Service Binary Path                $Data/Context/Property[@Name=’BinaryPathName’]$
Service Display Name             $Data/Context/Property[@Name=’DisplayName’]$ 
Service Description                 $Data/Context/Property[@Name=’Description’]$

Logfile Monitors:
Logfile Directory :                  $Data/Context/LogFileDirectory$ 
Logfile name:                        $Data/Context/LogFileName$ 
String:                                  $Data/Context/Params/Param[1]$

Logfile rules:
Logfile Directory:                   $Data/EventData/DataItem/LogFileDirectory$ 
Logfile name:                        $Data/EventData/DataItem/LogFileName$ 
String:                                  $Data/EventData/DataItem/Params/Param[1]$

General:
To show the name of the Windows Computer host: 
$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$

Notifications:
$Data/Context/DataItem/AlertId$                                       The AlertID GUID 
$Data/Context/DataItem/AlertName$                                   The Alert Name 
$Data/Context/DataItem/Category$                                    The Alert category 
$Data/Context/DataItem/CreatedByMonitor$                       True/False 
$Data/Context/DataItem/Custom1$                                     CustomField1 
$Data/Context/DataItem/Custom2$                                    CustomField2 
$Data/Context/DataItem/Custom3$                                    CustomField3 
$Data/Context/DataItem/Custom4$                                    CustomField4 
$Data/Context/DataItem/Custom5$                                    CustomField5 
$Data/Context/DataItem/Custom6$                                     CustomField6 
$Data/Context/DataItem/Custom7$                                     CustomField7 
$Data/Context/DataItem/Custom8$                                     CustomField8 
$Data/Context/DataItem/Custom9$                                     CustomField9 
$Data/Context/DataItem/Custom10$                                  CustomField10 
$Data/Context/DataItem/DataItemCreateTime$                      UTC Date/Time of Dataitem created 
$Data/Context/DataItem/DataItemCreateTimeLocal$               LocalTime Date/Time of Dataitem created 
$Data/Context/DataItem/LastModified$                                 UTC Date/Time DataItem was modified 
$Data/Context/DataItem/LastModifiedLocal$                          Local Date/Time DataItem was modified 
$Data/Context/DataItem/ManagedEntity$                               ManagedEntity GUID 
$Data/Context/DataItem/ManagedEntityDisplayName$             ManagedEntity Display name 
$Data/Context/DataItem/ManagedEntityFullName$                   ManagedEntity Full name 
$Data/Context/DataItem/ManagedEntityPath$                          Managed Entity Path 
$Data/Context/DataItem/Priority$                                          The Alert Priority Number (High=1,Medium=2,Low=3)
$Data/Context/DataItem/Owner$                                           The Alert Owner 
$Data/Context/DataItem/RepeatCount$                                  The Alert Repeat Count 
$Data/Context/DataItem/ResolutionState$                               Resolution state ID (0=New, 255= Closed) 
$Data/Context/DataItem/ResolutionStateLastModified$                 UTC Date/Time ResolutionState was last modified 
$Data/Context/DataItem/ResolutionStateLastModifiedLocal$          Local Date/Time ResolutionState was last modified 
$Data/Context/DataItem/ResolutionStateName$                       The Resolution State Name (New, Closed) 
$Data/Context/DataItem/ResolvedBy$                                     Person resolving the alert 
$Data/Context/DataItem/Severity$                                          The Alert Severity ID 
$Data/Context/DataItem/TicketId$                                           The TicketID 
$Data/Context/DataItem/TimeAdded$                                       UTC Time Added 
$Data/Context/DataItem/TimeAddedLocal$                               Local Time Added 
$Data/Context/DataItem/TimeRaised$                                      UTC Time Raised 
$Data/Context/DataItem/TimeRaisedLocal$                              Local Time Raised 
$Data/Context/DataItem/TimeResolved$                                  UTC Date/Time the Alert was resolved 
$Data/Context/DataItem/WorkflowId$                                      The Workflow ID (GUID) 
$Data/Recipients/To/Address/Address$                                    The name of the recipient
The Web Console URL: 
$Target/Property[Type="Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer"/WebConsoleUrl$
The principalname of the management server: 
Target/Property[Type="Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer"/PrincipalName$
 Ref. Kevin Holman

4 Eylül 2016 Pazar

How to add accounts from another domain into a SCOM User Role

Normally – when you have a trust with a remote account domain, and you want to add users from the rote domain to SCOM, things go perfectly.
However, if the user account in the remote domain uses a different UPN name than the SAM account name – the SCOM UI block’s it.

For instance, I have a SCOM infrastructure in OPSMGR.NET (OPSMGR), but want to grant users in DMZ.CORP (DMZ) domain access.  This works fine, if the UPN domain name for my user is the same as the SAM account name.

In the image – I am trying to add DMZ\sqlmondmz account to my SQL Ops Team role:

image

When I check names – I can see the UPN domain is different, than the actual DNS domain name of DMZ.CORP:

image

This results in the following error:

Date: 7/19/2016 2:25:18 PM
Application: Operations Manager
Application Version: 7.1.10226.1177
Severity: Error
Message:
Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException: Unable to resolve the user sqlmondmz@zzz.com associated with the user role. Error code 1332. Check your active directory configuration.
   at Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String methodName, Message message)
   at Microsoft.EnterpriseManagement.Common.Internal.SecurityConfigurationServiceProxy.UpsertUserRolesV2(ICollection`1 urUpdateResults, ICollection`1 urScopeUpdateResults, ICollection`1 urViewScopeUpdateResults, ICollection`1 urTaskScopeUpdateResults, ICollection`1 urConsoleTaskScopeUpdateResults, ICollection`1 urTemplateScopeUpdateResults, ICollection`1 urDashboardReferenceScopeUpdateResults, ICollection`1 urUserUpdateResults)
   at Microsoft.EnterpriseManagement.SecurityConfigurationManagement.UpdateUserRoles(ICollection`1 userRoles)
   at Microsoft.EnterpriseManagement.Mom.Internal.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

The workaround?
A common previous workaround to this was to add these accounts a Global Group, then add the global group to the role.  This workaround did well when you needed to add a large number of users to an unscoped Operator role.  However, if you have a lot of different user roles with customized scopes, you will constantly be creating groups.  Another alternative?

Use PowerShell to add these users to the role:

$Role = Get-SCOMUserRole -Name “SQL Ops Team”
$Role | Set-SCOMUserRole -User ($Role.Users + “DMZ\sqlmondmz”)

This doesn’t have the same UI restriction:

image

Ref: Kevin Holman

Windows Server Operating System 6.0.7316.0 released

The base operating system MP’s have been updated:

Previously, there were a couple interim releases that were pulled due to issues, mostly affecting older operating system versions.  This was due to the MP focusing on changes for Windows Server 2016.  This MP update addresses those issues caused by the interim MP changes.  The previous stable MP version was 6.0.7297.0 so I will focus on changes since that MP:

  • MP used to discover physical CPU, which performance monitor instance name property was not correlated with Windows PerfMon object (expecting instance name in (socket, core) format). That affected related rules and monitors. With this release, MP discovers logical processors, rather than physical, and populates performance monitor instance name in proper format
  • Microsoft.Windows.Server.ClusterSharedVolumeMonitoring.mp and Microsoft.Windows.Server.Library.mp scripts code migration to PowerShell in scope of Windows Server 2016 Nano support (relevantly introduced in Windows Server 2016 MP version 10.0.1.0).
  • Updated Microsoft.Windows.Server.ClusterSharedVolumeMonitoring.ClusterSharedVolume.Monitoring.State monitor alert properties and description. The fix resolved property replacement failure warning been generated on monitor alert firing.

  • Several bugs located in Cluster Shared Volumes MP were fixed (see below); error handling migrated to common recommended scenario. Enabled Quorum monitoring via changing the monitoring logic. The monitoring logic is splitting for Nano Server (with usage of PowerShell) and all other operation systems.
    • Fixed bug: disk free space monitoring issue on Quorum disks in failover clusters; the monitor was displayed as healthy, but actually it did not work and no performance data was collected.
    • Fixed bug: logical disk discovery did not discover logical disk on non-clustered server with Failover Cluster Feature enabled.
    • Fixed bug: Clustered Shared Volumes were being discovered twice – as a Clustered Shared Volume and as a logical disk; now they are discovered as Clustered Shared Volumes only.
    • Fixed bug (partially): mount points were being discovered twice for cluster disks mounted to a folder – as a cluster disk and as a logical disk. See Troubleshooting and Known Issues section for details.
    • Fixed bug: Cluster Shared Volume objects were being discovered incorrectly when they had more than one partition (applied to discovery and monitoring): only one partition was discovered, while the monitoring data was discovered for all partitions available. The key field is changed, and now partitions are discovered correctly; see Troubleshooting and Known Issuessection for details.
  • Error handling was corrected. Logical disk correct discoveries on non-cluster server with Failover Clustered Server Feature is installed.
  • Created new overrides for Cluster Shared Volume MP, as long as the old ones did not work.
  • Cluster disk monitors alert messages: alert title might be disorienting and was corrected.

  • Due to incompatibility issues in monitoring logic, several Cluster Shared Volumes MP bugs remained in version 6.0.7310.0. These are now fixed in the current version (see the complete list of bugs below). To provide compatibility with the previous MP versions, all monitoring logic (structure of classes’ discovery) was reverted to the one present in version 6.0.7297.0.
    • Fixed bug: disk free space monitoring issue on Quorum disks in failover clusters; the monitor was displayed as healthy, but actually it did not work and no performance data was collected.
    • Fixed bug: logical disk discovery did not discover logical disk on non-clustered server with Failover Cluster Feature enabled.
    • Fixed bug: Clustered Shared Volumes were being discovered twice – as a Clustered Shared Volume and as a logical disk; now they are discovered as Clustered Shared Volumes only.
    • Fixed bug (partially): mount points were being discovered twice for cluster disks mounted to a folder – as a cluster disk and as a logical disk. See Troubleshooting and Known Issues section for details.
    • Fixed bug: Cluster Shared Volume objects were being discovered incorrectly when they had more than one partition (applied to discovery and monitoring): only one partition was discovered, while the monitoring data was discovered for all partitions available. The key field is changed, and now partitions are discovered correctly; see Troubleshooting and Known Issuessection for details.
    • Fixed bug: physical CPUs are now discovered on Windows Server 2008 R2 platforms; logical CPUs are no longer discovered, see Troubleshooting and Known Issues section for details.
    • Fixed bug: Windows Server 2008 Max Concurrent API Monitor did not work on Windows Server 2008 platform. Now, it is supported on Windows Server platforms starting from Windows Server 2008 R2.
    • Fixed bug: when network resource name contained more than 15 symbols, the last symbols of the name were cut off, which was resulting in cluster disks and Cluster Shared Volume discovery issues.
  • Cluster disk monitors alert messages: alert title might be disorienting and was corrected.

I have been running this version for a few weeks now, and I haven’t seen any major issues.  However, like ALL MP’s, I recommend careful testing and evaluation in your lab and test environments before moving to production.

Ref: Kevin Holman

12 Nisan 2016 Salı

Base OS MP’s have been updated – version 6.0.7303.0

***WARNING***  There are some significant issues in this release of the Base OS MP, I do not recommend applying this one until an updated version comes out.
Issues:
  • Cluster Disks on Server 2008R2 clusters are no longer discovered as cluster disks.
  • Cluster Disks on Server 2008 clusters are not discovered as logical disks.
  • Quorum (or small size) disks on clusters that ARE discovered as Cluster disks, do not monitor for free space correctly.
  • Cluster shared volumes are discovered twice, once as a Cluster Shared Volume instance, and once as a Logical disk instance, with the latter likely cause by enabling mounted disk discovery.
  • On Hyper-V servers, I discover an extra disk, which has no properties:
image


What was changed?

From the guide:
MP used to discover physical CPU, which performance monitor instance name property was not correlated with Windows PerfMon object (expecting instance name in (socket, core) format). That affected related rules and monitors. With this release, MP discovers logical processors, rather than physical, and populates performance monitor instance name in proper format
That was a real problem for anyone trying to monitor individual CPU’s in the past – we actually discovered “sockets” not cores – so this didn’t jive with Perfmon at all.  I look forward to testing this.
Microsoft.Windows.Server.ClusterSharedVolumeMonitoring.mp and Microsoft.Windows.Server.Library.mp scripts code migration to PowerShell in scope of Windows Server 2016 Nano support (relevantly introduced in Windows Server 2016 MP version 10.0.1.0).
It is these changes that likely broke cluster disk discovery.
Updated Microsoft.Windows.Server.ClusterSharedVolumeMonitoring.ClusterSharedVolume.Monitoring.State monitor alert properties and description. The fix resolved property replacement failure warning been generated on monitor alert firing.

Ref: Kevin Holman

31 Mart 2016 Perşembe

All Management Servers Pool Unavailable

HKEY_LOCAL_MACHINE\SYSTEM\SurrentControlSet\services\HealthService\Parameters

Create PoolManager folder/key...

Create 2 D-WORDs

1- PoolLeaseRequestPeriodSeconds Decimal 600
2- PoolNetworkLatencySeconds Decimal 120

Restart Managemet Server...

28 Mart 2016 Pazartesi

Failed Authentication Attempts Check

* Start\Run ->cmd(Run as admin)
* cd\Program Files\System Center 2012\Operations Manager\Server
* HSLOCKDOWN.EXE “Management Grup 1” /R “NT AUTHORITY\SYSTEM”
* Restart Health Service