Category: Administration

Building a subscription

subscribe-and-save

 

Let’s talk notifications for a minute.

Everyone complains that a tool is noisy for alerts (typically emails).

Why not find a way to limit what you receive, and eliminate, the noise.

Sure, there’s alert tuning, but there are a ton of built-in options with Subscriptions in SCOM.

 

howto

Let’s Start by talking about now a subscription is built in SCOM.

Step 1 – An owner (or ‘subscriber’) is needed

This can be an email address, group name or variable you may want to pass to a command line for a destination (e.g. support team/NOC/POC)

Step 2 – A channel is needed (simply put, a way to get the data out of SCOM)

This can be SMTP (email), or a custom executable to a ticketing system, NetCool, BMC True Sight, xMatters, Derdack, to name a few.

Step 3 – Criteria to send to an owner (details)

Time to set up a subscription, and learn as we go!

Do you have the necessary 3 parts (subscriber, channel)

Do you have a destination/subscriber already set up?

Yes, see go to Channel

No, follow the subscriber blog here

Do you have a channel set up

Yes, see go to Subscription

No, follow the Channel blog here

 

Do you have a naming convention for the subscription parts?

The Subscription name needs to be intuitive, i.e. Application Name, Team Name, Company Name (depending on the environment)

Process an Application’s alerts

Example     ‘BizTalk alerts’

If BizTalk alerts needed to go to different teams

‘BizTalk DEV Alerts’ or ‘BizTalk PROD Alerts’

or if Criteria is involved ‘BizTalk Performance Alerts’

or if alerts need to route to another company ‘Contoso BizTalk alerts’

Capitalize what needs emphasis so in the Subscriptions view (make searches or sorts easier and more intuitive)

Making sense where I’m going with this?

 

Criteria can influence the name

CLASS, MONITOR, RULE, SEVERITY, GROUP, RESOLUTION STATE

To me the value comes in with the Description field in a subscription.

Adding relevant detail here makes life easier when followed, to know what the subscription is doing.

Try this model for the Subscription Description

CRITERIA

SUBSCRIBER

COMMENTS

Example

+MONITOR = Health Service Heartbeat Failure +SEVERITY = Warning/Critical +RESOLUTION STATE NOT equals 255 +SUBSCRIBERS = GROUP Server Admins via Email +Comments: Created 2016-02-12 for SCOM Agent tuning

 

Time to set up a subscription

Subscription Summary Healthservice Watcher subscription to alert on any NEW Healthservice Heartbeat failures

Name     SCOM HealthService Watcher

Description

+MONITOR = Health Service Heartbeat Failure +SEVERITY = Warning/Critical +RESOLUTION STATE NOT equals 255 +SUBSCRIBERS = GROUP Server Admins via Email +Comments: Created 2016-02-12 for SCOM Agent tuning

 

Criteria

Notify on all alerts where

created by Health Service Heartbeat Failure rules or monitors (e.g., sources)

and of a Warning or Critical severity

and with Not Equals 255 resolution state

 

Subscribers

GROUP Server Admins via eMail

 

Channels

SMTP Channel

Basic Admin ‘How-to’ Series

443053-royalty-free-rf-clip-art-illustration-of-a-cartoon-businessman-carrying-a-heavy-manual

This is a series of blog posts to help with SCOM best practices, and things that make SCOM easier to administer.

 

Associate MPX files in Notepad++ blog

Backup management packs via PowerShell blog

Get to know your monitor blog

Load Test MP with Report blog

Load Test MP Fragments blog

Maintenance Mode PowerShell blog

Manage DB storage with DWdataRP blog

Managing Subscriptions blog

PowerShell Rule/Monitor/PerfCounter MP and Fragments blog

Registry Key discovery MP Fragment clarification blog

Run As PowerShell monitor fragment blog

Sealing Management packs with 2012R2 and 2016 blog

Subscriptions blog

Subscription Set up Guide blog

Uncommon MP Fragments blog

Verifying Overrides blog

 

Best Practices

Agent Management pack KH Blog

Enable proxy as a default KH blog

How to be heard blog

Manage alerts/events/performance KH Blog

Office Analytics (find where all the time goes) blog

Optimize SQL blog

Recommended Registry tweaks KH blog

SCOM Agent Version Addendum KH blog

Set SCOM Agent to remotely managed KH Blog

SQL Engineering Blog

SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions blog

Update VMM MP’s for SCOM when SCVMM patched blog

 

Tools

MP Viewer blog

Download Notepad++ here

Kevin Holman blog on extracting scripts from MP’s using Transform tool from codeplex

Test fire events using EventLog Explorer here

Alternate tool to fire any events here

Verifying Custom MP overrides are valid when updating sealed MP’s

kidraisedhand

I will raise my hand when asked if I prefer Notepad++ for looking at XML (because I can shrink the sections I’m not concerned about).

 

Using Notepad++ (works best for color and concatenation of XML or quotes in case of syntax errors when editing)

 

Open Overrides management pack (XML)

Click on the (-) for Manifest

Click on the dash (-) for RelationshipTypes

Click on the dash (-) for each Discovery (if it exists)

simplifyingdiscoveryview

 

Verify targets exist in MP’s to be updated

Scroll to the right to view the Targets of your Override management pack

simplifyingview

 

If changes were overrides, look at the Monitor or Rule and verify this is in the pack to be updated

overridesmonitor

 

To understand which MP is being referenced, look at the example – Windows3!

Scroll to the top of your MP and click on the (+) plus sign to expand manifest

mpreference1

 

NOTE Windows3 is the server 2016 Monitoring MP

decodingmpreference

 

Verify your monitor/rule name still exists, and your Override should still apply

In Server Overrides MP, look at the Monitor= section for the Monitor name

verifyoverridemonitorhighlight

 

Go to the Windows Server 2008 Monitoring MP and look for that monitor

There is no monitor for 2008

notepadmonitortypes

 

Alternatively, you can look at the SCOM console as well (if MP is installed)

There is NO 2008 Memory Pages per second monitor

 scomconsolemonitorverify

 

Now to remove the override in our MP

In Notepad++, highlight the MonitorConfigurationOverride section, and delete

monitoroverridehighlight

Rinse and Repeat

Increment the version number and import MP when finished validating overrides.

 

 

Uncommon Custom MP Fragments

new_icon_shiny_badge_svg

Building on Kevin Holman’s MP Fragment Library are additional Uncommon Custom MP Fragments

 

This is the SCOM Management Pack Fragment Library which includes VSAE Fragments you can use to make SCOM management packs quickly and easily.

V1.0 has two Event Monitors with two state, two or three criteria monitors

 

Assumptions

Visual Studio, and the VSAE Fragments are installed

Visual Studio has a powerful plugin called VSAE (Visual Studio Authoring Extensions)
https://www.microsoft.com/en-us/download/details.aspx?id=30169

If you aren’t familar with MP fragments for authoring, see instructions at:  https://blogs.technet.microsoft.com/kevinholman/2016/06/04/authoring-management-packs-the-fast-and-easy-way-using-visual-studio/

 

Background
A Management Pack fragment is simply a bit of XML, that contains all the “working parts” for a specific workflow….

Several authors have written about the power of fragments since VSAE launched, but the biggest gap I saw can be broken up into two major issues:
•Nobody provided a good “library” of workable MP fragments
•Nobody came up with a VERY simple method to reuse fragments quickly and easily

If you can do a FIND and REPLACE in notepad, you can use this.

Kevin Holman’s MP Fragments here

Gallery download for the uncommon MP fragments https://gallery.technet.microsoft.com/Uncommon-Custom-MP-c5a12a86

Associating MPX files to Notepad++ for MP Fragment Authoring

holyschnikes

Sometimes it’s shocking when you make a simple change that helps you do something easier.

For the UNIX guys in the house, using VIM, GVIM, VIMRC, all helped back in the day to make sure you closed your loops, true tests, etc.

If you use Notepad++ like I do, let alone if you’re creating MP fragments, it helps for the easy color coding.

SO, do you always open the .mpx file and then click on Language, XML?

Time to add the file type to the Style Configurator in Notepad++

In Notepad++

Click on Settings

Click on Style Configurator

Highlight XML in the language column

Add .mpx to the ‘User ext. :’ section

Click ‘Save and Close’

notepadaddmpx

Open up your next MP fragment

Spend your time updating your XML not clicking to format the file!

Save clicks!

Channel9 MSDN site

Need an Easy button to keep your knowledge fresh?

easybutton

The answer is the Channel 9 website https://channel9.msdn.com/

Subscribe to shows that interest you @ https://channel9.msdn.com/Shows

 

Corey’s channel caught my interest for Azure Network watcher

Network Watcher in Azure https://channel9.msdn.com/Shows/Tuesdays-With-Corey/Tuesdays-with-Corey-with-cool-new-functionality-of-Azure-Network-Watcher

Good to know IaaS features are included that most organizations

 

 

 

SCOM Management Pack backup

nobackup

Ever wish you had a backup of your MP?

 

It’s quite easybutton

 

Tailor to your requirements, but you can run this as a scheduled task, Orchestrator job, etc.

I would recommend running the script on a server with the Operations Manager shell (or at least add the Operations Manager snapIn to a non SCOM server)

NOTE This will unseal sealed management packs

 

# Backup Management packs to C drive

# Set up your path, my example is monadmin\backup

$date = Get-Date -UFormat “%Y-%m-%d”

c:

cd monadmin\backup

new-item -itemtype directory -path c:\monadmin\backup\$date

cd $date

# Variants accepted

# Examples – begins with OR, or Company Name, or contains Lab

Get-SCOMManagementPack -Name OR* | Export-SCOMManagementPack -Path “C:\monadmin\backup\$date”

Get-SCOMManagementPack -Name <CompanyName>* | Export-SCOMManagementPack -Path “C:\monadmin\backup\$date”

Get-SCOMManagementPack -Name *Lab* | Export-SCOMManagementPack -Path “C:\monadmin\backup\$date”

 

# Backup Management packs to E drive

# Set up your path, this example is monadmin\backup

$date = Get-Date -UFormat “%Y-%m-%d”

E:

cd monadmin\backup

new-item -itemtype directory -path e:\monadmin\backup\$date

cd $date

Get-SCOMManagementPack -Name OR* | Export-SCOMManagementPack -Path “E:\monadmin\backup\$date”

Get-SCOMManagementPack -Name *Lab* | Export-SCOMManagementPack -Path “E:\monadmin\backup\$date”