Pete Zerger has a good example of a mini-report http://www.systemcenterforum.org/powershell-tip-operations-manager-2007-top-alerts-report-part-1/ . From his report I got the idea for these other mini-reports
To get a report of Top closed alerts.
>get-alert -criteria `ResolutionState = "255"' | Group-Object Name |Sort -desc Count | select-Object -first 5 Count, Name |Format-Table -auto
Count Name
----- ----
105 Microsoft Windows Internet Information Services 2003 SMTP Virtual Server...
91 Monitor Health Service Heartbeat
80 WMI Probe Module Failed Execution
71 Service Check Data Source Module Failed Execution
52 MAPI Logon Monitor reported a problem
Top 5 computers with new alerts.
>get-alert -criteria 'ResolutionState = ''0''' | Group-Object PrincipalName |Sort -desc Count | select-Object -first 5 Count, Name | Format-table -auto
Count Name
----- ----
14 SOTM.My.Company.Com
12 BIODTL.My.Company.Com
11 NONAMI.My.Company.Com
11 BLOWEDUPSRV.My.Company.Com
11 BIGSERVER.My.Company.Com
Top 5 computers with resolved alerts.
>get-alert -criteria 'ResolutionState = ''255''' | Group-Object PrincipalName |Sort -desc Count | select-Object -first 5 Count, Name | Format-table -auto
Count Name
----- ----
4933 BLOWEDUPSRV.My.Company.Com
152 NONAMI.My.Company.Com
140 BIODTL.My.Company.Com
130 SOTM.My.Company.Com
105 BIGSERVER.My.Company.Com
A few more examples of the Get-Alert cmdlet for Operations Manager 2007. These were inspired from the Virtual User group meeting. Something Marco Shaw showed in his Operations Manager powershell demo.
To get a count of all Informational alerts
>(get-alert -criteria 'Severity = ''0''').count
1150
To get a count of all Warning alerts
>(get-alert -criteria 'Severity = ''1''').count
3767
To get a count of all Critical alerts
>(get-alert -criteria 'Severity = ''2''').count
1944
To get a count of all new information alerts
>(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''0''').count
65
To get a count of all new Warning Alerts:
>(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''1''').count
344
To get a count of all new Critical Alerts:
>(get-alert -criteria 'ResolutionState = ''0'' AND Severity = ''2''').count
144
Example of criteria being case sensitive error:
>(get-alert -criteria 'Resolutionstate = ''0'' AND Severity = ''1''').count
Get-Alert : A property name in the 'Criteria' parameter is unknown.
At line:1 char:11
+ (get-alert <<<< -criteria 'Resolutionstate = ''0'' AND Severity = ''1''').count
http://www.systemcenterusergroup.org/blogs/administrator/archive/2008/06/18/first-meeting-of-the-system-center-virtual-user-group-is-6-26-time-and-registration-info.aspx
The first meeting of the System Center Virtual Users Group is on the calendar, and we have some first rate speakers ready to share their knowledge. Not surprisingly, our theme is Operations Manager 2007 this month, but we have some of the foremost experts prepared to share some info you're not likely to see anywhere else. Thanks to the folks at our event sponsor, SecureVantage.
Meeting and Registration Details
Date: June 26th
Time: 12:00 p.m. Central Standard Time (6pm GMT)
Agenda
- 12:00PM-12:10PM: Introduction
- 12:10PM-12:40PM: Anders Bengtsson (OpsMgr MVP) - Cross-PLatform Monitoring in Operations Manager 2007 SP2.
- 12:40PM-1:10PM: Ryan Brennan (SecureVantage) - ACS Best Practices & Configuration Tips
- 1:10PM-1:40PM: Marco Shaw (Powershell MVP) - PowerShell within System Center Operations Manager 2007
- 1.40PM-1:50PM: Closing
Event Registration
To sign up for this event, register at the following URL: https://www.clicktoattend.com/invitation.aspx?code=129503
Speaker Profiles
Anders Bengtsson (OpsMgr MVP) - Anders is a Microsoft MVP for System Center Operations Manager 2007, consultant and frequent contributor to the Operations Manager community. Anders can be reached via his management blog at http://www.contoso.se.
Ryan Brennan (SecureVantage) - Ryan is responsible for the overall technical vision and direction for Secure Vantage Technologies. Ryan brings more than twelve years of solid technology and management experience. Before joining Secure Vantage Technologies he founded Enigma Technology Solutions a consulting firm focused on Microsoft Systems Management. Ryan has worked for multiple Fortune 1000 Companies and has experience in System Management, IT & Security Operations, Software Development, Quality Assurance, Systems Administration and Project Management with focus on the industries: banking, energy, technology, software, healthcare. Ryan holds a Bachelor of Science degree in Computer Science from The University of Massachusetts, Amherst.
Marco Shaw (Powershell MVP) - Marco is a PowerShell MVP, PowerGadgets MVP, author and founder of the PowerShell Virtual User Group. Marco can be reached through his GET-POWERSHELL blog at http://marcoshaw.blogspot.com/
Sponsors
Some information that was obtained from Brian Wren's MMS Cmdshell presentation. http://blogs.technet.com/brianwren/archive/2008/03/11/mms-command-shell-presentation.aspx
When using cmdlets that fetch data in operations Manager 2007 like get-alert, get-event, get-override and many others, use the -criteria option to filter your data. When the -criteria option is used the filter or comparison will be done at the server end and the results will be sent to your cmdshell, thus reducing the amount of processing that your cmdshell has to do. One other thing about criteria, it is case sensitive. For a complete syntax reference on Criteria Expression check out this web page on the SCOM SDK http://msdn2.microsoft.com/en-us/library/bb437603.aspx
nworks the company that brought the Management Pack for VMware for Microsoft System Center Operations Manager has been aquired by Veeam. Veeam (http://www.veeam.com) which produces several utilities for VMWare has released the following press release http://www.veeam.com/pr_20080624.asp as well as the following FAQ (http://www.veeam.com/download/veeam_nworks_faq.pdf) on the aquisition of nworks.The new combined company will offers six products:
Veeam Backup – for fast recovery and file-level restore of VMware environments.
Veeam Reporter – to discover and document virtual environments.
Veeam Monitor – for performance monitoring of VMware infrastructure, either alone or with VMware VirtualCenter.
Veeam Configurator – to manage VMware configurations from a Windows interface.
nworks Smart Plug-In for VMware for HP Software Operations Manager – to directly incorporate VMware management into HP OpenView.
nworks Management Pack for VMware for Microsoft System Center Operations Manager - to directly incorporate VMware management into Microsoft SCOM.
This is so sweet! This new version of MP Viewer allows you to export data to Excel in addition to the existing HTML format that was available before. http://blogs.msdn.com/boris_yanushpolsky/archive/2008/06/20/mpviewer-1-6-exporting-to-excel.aspx
Borris also posted an Automating port monitoring using power shell with a script example, very nice! http://blogs.msdn.com/boris_yanushpolsky/archive/2008/06/20/automating-port-monitoring-using-powershell.aspx
Also an update was made to Module Explorer to version 2. http://blogs.msdn.com/boris_yanushpolsky/archive/2008/06/18/module-explorer-v2.aspx
Thanks for the great utilities Boris
thx Stefan S
A good friend recommended this xml utility to me after hearing my frustration with XML notepad 2007 when I was viewing Operations Manager 2007 management packs. XML Marker loads files really fast, and the color-coded test range highlighting when selecting objects in the tree view is very helpful. Give it a try if you have to edit or read raw xml files.
http://symbolclick.com/
I finally updgraded to PrimalScript 2007. http://www.primalscript.com/
If I find any handy featrues I'll post them.
To keep up todate with what's going on with the Sapien folks, powershell developments and what scripting books they will be putting out check out the Sapien blog, at http://blog.sapien.com/ .
Have a good weekend!
I know its really early, but the web site is up for MMS 2009. There is a link to get added to a notification DL for the event.
http://mms-2009.com/
Prior to MMS 2008 we migrated our production MOM 2005 environment to a new SQL 2005 cluster. A week and a half after the migration we noticed that our nightly maintenance mode scripts were starting to fail. After a little investigation we noticed that our onepoint db had grown in size to over 30 gigs. We try and keep it around 10 to 12 gigs. A quick glance at the SQL report Disk Usage by top tables it was easy to see that the perf data was not getting groomed out of the onepoint database.
I checked the Scheduled task log and notice that the majority of the entries were marked as successful. I checked the event log for event id 80 and reviewed the complete dts job listing which showed everything as functioning properly too. Well now time to check the OnePoint DB ReportSettings table for the TimeDTSLastRan value. It was showing a date from when the db was still on the old cluster. We manually changed the date time value for TimeDTSLastRan, and then manually kicked off MOMX Partitioning and Grooming, which did its job of pruning out the old perf tables from the onepoint db.
The question remained, why isn’t the TimeDTSLastRan value getting updated? The stored procedure that is run to update the time date stamp on the TimeDTSLastRan field of the ReportSettings table in the onepoint db is:
p_UpdateDTSLastRunTime 'May 11 2008 3:13:30:284AM', 'SQLHOSTNAME\INSTANCE#'
The value 'SQLHOSTNAME\INSTANCE#' needs to match the same value in the onepoint db reportingsettings table column datawarehouseDataSource. For some reason our datawarehouseDataSource value was still the name of the old SQL server cluster. After updating this value to the current SQLHOSTNAME\INSTNACE# everything started working as expected.
Specail shout out to Steve on this one!
A new batch of Operations Manager 2007 Management Pack Guides have been released online. For the cool part select a MP guide you want to check out, scroll to the bottom of the page and there is community content area, to submit comments. To access that part you must have a passport logon, and select an alias to go by, when you leave comments.
Management Pack Guides for Server Products: http://technet.microsoft.com/en-us/library/cc540357(TechNet.10).aspx
Management Pack Guides for Windows Operating Systems and Technologies: http://technet.microsoft.com/en-us/library/cc540358(TechNet.10).aspx
I hope to see more of this from Microsoft.
If you use SCCM or SCOM you should join this Virtual User Group! You only have to go as far as your computer to get there. There are forums to post questions, and a contest for an XBOX! Get the word out!
System Center Virtual User Group web site: http://www.systemcenterusergroup.org/
Link to Contest information: http://www.systemcenterusergroup.org/blogs/administrator/archive/2008/05/23/system-center-user-group-updates.aspx
Once you've joined the community become a member of the linked in System Center Virtual User Group!
I encountered this when creating Alert Rules for Event log entries.
Enter a string of text in the alert description memo area.
Click the ... button to access the Target information.
Go to the middle of the text and try and insert Target information.
My target information gets added to the end of the string of text instead of where my cursor is located.
Not sure if this is a bug or a feature.
A SQL Admin I work with shared this Custom Report with me the other day. This custom report will show a taskpad similar to the one seen in SQL 2000. If you miss the taskpad view you will like this. Link to the authors blog entry with a download link.
http://sqlblogcasts.com/blogs/simons/archive/2007/03/28/Update-to-the-taskpad-custom-report.aspx
I love looking for stuff in the registry. In case you do not want to look for it here it is.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mission Critical Software
New virtual users group:
http://www.systemcenterusergroup.org/
Brian Wren's Powershell Post from the MMS Command Shell presentation
http://blogs.technet.com/brianwren/default.aspx
Once again MMS for 2009 will be in Las Vegas, April 27 thru May 1 2009. Just waiting for the location.
I was awarded Best New Columnist at the MyITforum.com party at MMS this past Tuesday night. I was unaware that I was going to get an award and was at Microsoft party when the awards were handed out. Fortunately Rick Jones sent me an email letting me know I was getting an award. I picked up the award from Rod later that evening. Once again another scheduling nightmare from MMS, which session lab or which party to go to? Its hard to decide sometimes. Thanks Rod!
http://www.myitforum.com/mms2008awards/MMS_2008_Awards_files/frame.htm
I'll try to summarize a weeks worth of sessions, labs and meetings in a short entry. Things to look for in the near future. To be sure there were a boat load of other things that happened but these are the things that will be available in the near future.
Notification Testing Tool: Create alerts with specific criteria, where the alert is from, what server, what rule, etc. Release date TBD.
Connectors: It looks like Microsoft is putting some resources behind getting some connectors out the door. Connectors for Operations Manager 2007
Delivered in SP2 Time frame
IBM Tivoli Enterprise Console (TEC) (beta)
HP OpenView Operations for Unix (beta)
HP OpenView Operations for Windows (beta)
BMC Remedy ARS (not in beta)
Universal Connector
The new connectors when released are to support high availability and x64. The connectors will also have easy to configure control panels that are accessible on the windows side, very nice.
Resources: I was in a focus group discussing a new Microsoft Site on a topic which I'm looking forward to working with in the near future. When the site is ready I'll post a link to it.
Cross Platform: System Center Operations Manager 2007 Cross Platform Extensions Beta were introduced at the Microsoft Management Summit 2008.
I did not do an extensive search to see if this had already been done, so I just slapped this together from what someone else did and added what I needed to it. Check out Jonathan Almquist's blog at http://blogs.technet.com/jonathanalmquist/default.aspx , the script I borrowed from him is documented in the script.
My modification gets the UTC date and time from one day ago, and closes any alerts whose TimeLastModified is older than that date and time.
'==========================================================================
' NAME: Scott Moss
' DATE : 4/20/08
' http://myitforum.com/cs2/blogs/smoss/default.aspx
' I modified an existing script MOM 2005 - Close all alerts rasied before
' (date) Original code from the web page below,
' http://blogs.technet.com/jonathanalmquist/archive/2008/04/02/mom-2005-close-all-alerts-raised-before-date.aspx
' The modification I made is to get the UTC from the date and time one day ago,
' and close all open alerts whose TimeLastModified property is older than that
' time and date. Change Now-1 to Now-2 for two days ago etc.
'==========================================================================
Set dUTC = CreateObject("WbemScripting.SWbemDateTime")
dUTC.SetVarDate Now-1, True
dtUTC = Left(dUTC,14)
Set objWMI = GetObject("winmgmts://./root/MOM")
strQuery = "select * from MSFT_Alert where ResolutionState <> 255"
Set colAlerts = objWMI.ExecQuery(strQuery)
For Each objAlert In colAlerts
If Len(Trim(objAlert.AlertHistoryComment)) = 0 Then objAlert.AlertHistoryComment = Null
If Len(Trim(objAlert.CustomField1)) = 0 Then objAlert.CustomField1 = Null
If Len(Trim(objAlert.CustomField2)) = 0 Then objAlert.CustomField2 = Null
If Len(Trim(objAlert.CustomField3)) = 0 Then objAlert.CustomField3 = Null
If Len(Trim(objAlert.CustomField4)) = 0 Then objAlert.CustomField4 = Null
If Len(Trim(objAlert.CustomField5)) = 0 Then objAlert.CustomField5 = Null
If Len(Trim(objAlert.Description)) = 0 Then objAlert.Description = Null
If Len(Trim(objAlert.OwnerName)) = 0 Then objAlert.OwnerName = Null
If Len(Trim(objAlert.ResolvedBy)) = 0 Then objAlert.ResolvedBy = Null
If Len(Trim(objAlert.TimeResolved)) = 0 Then objAlert.TimeResolved = Null
If ObjAlert.TimeLastModified <= dtUTC Then
objAlert.ResolutionState = 255
objAlert.Put_
End If
Next
Well someone finally asked for this so I'm sharing. 
Enjoy!
-- Scott Moss
-- 04-11-2008
-- mom 2005 query to enumerate managed windows server cluster computers
-- that belong to a specific computer group
select [Name] from Computer
WHERE [type]= 67108864 and [ManagedType] = 3 and [DesiredManagedType]= 3
AND [Name] in (SELECT [ComputerName]
FROM [OnePoint].[dbo].[SDKComputerToComputerGroupView]
WHERE ComputerGroupName = 'Your Computer Group Name Here')
order by [Name]
Boris Yanushpolsky recently updated MPViewer to version 1.4. For the downloads and impovements http://blogs.msdn.com/boris_yanushpolsky/archive/2008/03/25/mpviewer-1-4.aspx
I recently ran into this problem, where a management server would get rebooted, the mom service would start however no events or alerts would be passed from the Management Server to the onepoint db. Restarting the service would not help the connection get reestablished.
I tried the following test from the remote management server, I created a test ODBC connection using the SQL Server instance name but not specify the SQL port just left it at dynamically determine and the connection to the database failed. So I created a second ODBC connection this time specifying the port number to be used, and this time the connection was good.
I check the registry on that management server to see how it was connecting and sure enough the port number was not specified, I change the following registry key and restarted the MOM Service and the management server was back in business.
HKLM\SOFTWARE\Mission Critical Software\DASServer\DataSource
SQLServerName\InstanceName,YourSQLPortNumber
There is a second place where the SQL Database connection is mentioned in the registry for MOM 2005 and I wanted to bring it up.
HKLM\SOFTWARE\Mission Critical Softare\Configurations\*YourMgtGroupName*\Operations\Database
I made the changes in both places just in case that registry key is ever referenced.
This posting was inspired by a recent discussion on the MOM/OpsMgr email discussion list.
The particular thread started a discussion about SCOM Slowness, and snow balled into full blown discussion of the good, the bad, and the ugly of Operations Manager (v3) which is currently at SP-1. In mid-discussion the following was brought up by Operations Manager - MVP Pete Zerger, I'll go ahead and copy a portion of his email to this post so I do not muddle up his words:
"We have a responsibility as the community to be constructively critical of the platform and communicate our concerns back to the product team in our bug reporting and feature requests so MS knows what needs work and attention. Remember that everyone can and should definitely communicate their day-to-day frustrations and hurdles back to MS through https://connect.microsoft.com. It's how we'll ultimately get what we want and need in the next revision."
If everyone who works with SCOM could take some time out to write down their pain points with SCOM in a constructively critical manner, and toss them on https://connect.microsoft.com this could help the entire Operations Manager Community. I know this can be difficult to do if you are in the trenches all day; however, we are the ones they are making the software for. If we do not tell them what features the product is missing or lacking how will they know?
Many good points of discussion were brought up in this thread, and I'm hoping that it will continue the next few weeks before MMS. It would be great if we could get this dialog going in birds of a feather discussion group at MMS with a few SCOM product managers so they can hear this too. You can easily subscribe to the myITForum.com email discussion lists here http://myitforum.com/lists/
To those who participate in the MOM email list, keep up the good work!
http://www.microsoft.com/technet/prodtechnol/scp/opsmgr07.aspx
Overview
The Exchange 2003 Management Pack monitors the performance and availability of Exchange 2003 Server systems. It can also issue alerts for possible configuration problems Availability and performance monitoring is done using synthetic transactions. In addition, the Management Pack collects Event Log alerts and provides associated knowledge articles with additional user details, possible causes, and suggested resolutions. The Management Pack discovers and monitors the individual server components and functional areas on an Exchange 2003 Server.
Feature Bullet Summary: This management pack monitors Microsoft Exchange Server 2003 and includes monitors and rules to track performance, availability, and reliability of Exchange core components and functionality. • MAPI, OWA, OMA, EAS synthetic logon transactions • Mail flow synthetic transaction • Mail Queue monitoring using Self-Tuning Thresholds • Comprehensive performance metric collection • 1000+ Event rules with associated knowledge • Database status • Database size • Mailbox statistics • Public folder statistics • Message tracking log statistics • Exchange and related OS Service monitoring • Configuration monitoring • Topology discovery of Exchange deployment • Integration in Exchange Best Practice Analyzer and ExDiag tools • Reports in the area of Configuration and Configuration changes, Availability, Performance
Management Pack Release History:
3/23/2007 - Initial Release Version 6.0.5000.0
6/25/2007 - Updated Release Version 6.0.5000.11, version details
Microsoft.Exchange.Server.Library.mp 6.0.5000.0
Microsoft.Exchange.Server.2003.Discovery.mp 6.0.5000.11
Microsoft.Exchange.Server.2003.Monitoring.mp 6.05000.11
1/15/2008 - Updated Guide - same version
2/25/2008 - Updated MP Guide and Management Pack. Please refer to the MP Guide for details.
Microsoft.Exchange.Server.Library.mp 6.0.6278.0
Microsoft.Exchange.Server.2003.Discovery.mp 6.0.6278.0
Microsoft.Exchange.Server.2003.Monitoring.mp 6.0.6278.0
3/17/2008 Updated MP Guide and Management Pack. Please refer to the MP Guide for details.
Microsoft.Exchange.Server.Library.mp 6.0.6278.2
Microsoft.Exchange.Server.2003.Discovery.mp 6.0.6278.2
Microsoft.Exchange.Server.2003.Monitoring.mp 6.0.6278.2
The Resolve-Alert commandlet resolves open alerts. In order to utilize the Resolve-Alert commandlet, you will need to get some unresolved alerts, by using the get-alert commandlet. Here is an example of the Resolve-Alert commandlet in action.
get-alert -criteria 'LastModified >= ''3/13/2008'' AND ResolutionState = ''0'' AND Category = ''Alert'''| resolve-alert -comment "Resolve-Alert Cmdlet Test"
The first part gets or collects the alerts we want to resolve, we want all alerts that are greater or equal to 3/13/2008 and whose resolution state is 0 (new) and whose category is Alert. The results of this commandlet are piped to the resolve-alert commandlet which resolves those alertst. It also adds the following comment to each alert it resolves 'Resolve-Alert Cmdlet Test'.
More Posts
Next page »