SQL MP bloat

Updated 25 Feb 2023

Ever wish alerts were like a wad of cash?

The more you solve, the more you make!

How about performance counter data?

The SQL management packs are awesome for visualizations, and provide a bunch of data.

Tim McFadden pointed out SQL Performance counters https://www.scom2k7.com/crazy-db-performance-collection-rules-in-the-sql-mps/

His blog brings up SQL MP Disk Latency performance counters.

His blog got me thinking about SQL DB and DB file design, where multiple DB files are on the same Drive, causes duplicate performance counters (SCOM workflows) on the agent, and will typically be one of the culprits for HealthService restarts.

SQL MP creates performance counters (per DB file, group, instance, engine)

Let’s start with how I figured out why all my money goes into storage.

Start in the SCOM console

Click on the Reporting Tab

Click on the ‘System Center Core Monitoring Reports’ folder

Double click on the Data Volume by Management Pack

View of SCOM report from console reporting tab

Select the timeframe (from, to)

Click Run

Reporting Data

I have 2 2016 DB’s and 1 2014 (SCVMM) database server monitored, and it’s 50% of my data volume!

Another example – had the DW shutdown for days

Did you know there are 60+ perf counter rules in 2012 alone, and nearly 200 in 2016?

How about an OFF pack, a management pack that turns off all the performance counter rules?

The monitors still exist for health, just no pretty performance graph, should you look.

Github repo link

Check out the Gallery post for download

TechNet gallery download

Zip file contains

OFF MP’s for 2008,2012,2014,2016
XLS sheets to allow you to go to the SQL team and ask them what performance counters they use

2016 SQL SP1 patch issue

False alert?

If you have SQL2016 SP1 monitored in SCOM, you most likely have Compliance monitor warnings

This is actually a problem with SP1 where SQL did not update the registry key.

Two options to remedy:

Disable SCOM monitor per instance (or class if SP1 is NOT in your environment)
Fix the offending SQL Servers that are patched to SP1

Steps to fix the offending SQL Servers patched to SP1

Update Registry Key

Via PowerShell

TechNet forum is nice as well, but had to tweak it (blog listed here )

# Get Instance

$Instance = (Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server”).InstalledInstance )

NOTE: If you have multiple instances, you will need a foreach loop

# Get Version

$Version = (Get-ItemProperty “HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\$((Get-ItemProperty ‘HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL’).$Instance)\Setup”).Version

# Match Version and set Registry Key
if ($Version -match ‘13.1.4’)

{

Set-ItemProperty -Path “HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\$((Get-ItemProperty ‘HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL’).$Instance)\Setup” -Name ‘SP’ -Value 1

}

# Verify

Get-ItemProperty -path “HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL13.MSSQLSERVER\Setup” | ft SP

Steps broken out

Get Registry Key value via PowerShell

Get-ItemProperty -path “HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL13.MSSQLSERVER\Setup” | ft SP

Set Registry Key

Set-ItemProperty -path “HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL13.MSSQLSERVER\Setup” -name “SP” -value 1

Verification

Verify via PowerShell

Verify via RegEdit

Reset SCOM Monitor

And the false alert is gone!

Ruling out SCOM as the cause of SCHANNEL events

Ruling out SCOM notifications as the cause of SCHANNEL events

Still getting SCHANNEL error events and want to rule out SCOM

Management pack SQL events https://kevinjustin.com/blog/2017/11/08/sql-native-client-for-tls1-2/

SCHANNEL ciphers debugged https://kevinjustin.com/blog/2017/11/08/schannel-event-logging/

What command Channels are setup for notifications?

Validate Subscriptions aren’t the cause for email/text

Exchange 2013 and above typically use S/MIME to digitally sign/encrypt messages

Email communication can cause System 36871 events https://support.microsoft.com/en-us/help/305088/schannel-error-message-36871-when-receiving-an-ehlo-smtp-command

Do the events correlate with emailed alerts?
Tracing Notifications http://blog.scomskills.com/enable-tracing-of-the-notification-component-om07/

SCOM ETL traces

Run traces on suspect MS

2012R2 MS (adjust drive letter according to drive SCOM install)
cd “D:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Tools”
2012R2 GW (adjust drive letter according to drive SCOM install)
cd “C:\Program Files\System Center Operations Manager\Gateway\Tools”
2016 MS
cd ‘C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\Tools\’

# Stop Tracing
.\StopTracing.cmd
# Clean up old files
remove-item C:\windows\Logs\OpsMgrTrace\*

# Start Traces

StartTracing.cmd VER

TraceLogSM.exe -stop TracingGuidsNative

TraceLogSM.exe -stop TracingGuidsUI

# Wait until notification fires and validate if 36871 SCHANNEL event ID is logged

# Stop and format the trace
.\StopTracing.cmd
.\FormatTracing.cmd

# Review txt files from C:\windows\Logs\OpsMgrTrace

SCHANNEL event logging

First, my thanks to Bhuvnesh Kumar for his help!

Time to figure out what’s going on behind the curtain!

Are you seeing System Event Log, Event ID 36871 events?

Why does this matter?

Depending on OS versions and patches, the TLS Cipher Suites may not match on the various SCOM servers.

If you’re setting up TLS1.2, you need the SCOM servers to talk
The bad part, is this isn’t logged much on the GW but log more often on MS
Sometimes the 36871 events come with 36874, but in my experience they occur after Event Logging is enabled.

The unanswered question is “why are we seeing the 36871 events?”

In my example, the events only happened once a day, roughly 24 hours

Event Viewer

Are events related to the Cipher Suite, or is it a MP trying to run the old SQLOLEDB method?

This article will focus on verifying Cipher Suite on a server

See this article for MP analysis for SQL methods

SCHANNEL event logging setup

From Holman’s blog

Decimal	Description
0	Do not log
1	Log Error messages
2	Log Warnings
3	Log Error and Warning messages
4	Log Informational and Success events
5	Log Error, Informational and Success events
6	Log Warnings, Informational and Success events
7	Log Everything (Warnings, Errors, Informational and Success events

I’d recommend setting it to 3 to see errors and warnings, or 7 to see everything.

Remember to set this back to 1 when done resolving any issues.

Add

From Command Prompt or PowerShell (as administrator)

reg add “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL” /v “EventLogging” /t REG_DWORD /d 7 /f

Disable

reg delete “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL” /v “EventLogging”

Verification

reg query “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL” /v “EventLogging”

PowerShell verification

RegEdit Verification

Time to reboot!

Verify SCHANNEL events

Look at the System Event log, and filter for 36880 and 36874 events for clues

36880 provides Cipher Suite details

Event ID 36874 definitely describes the scenario

The easy answer to solve the cipher suite is to ask – is this server patched with latest security and .NET patches?

After all this, in my example, we confirmed that simple step was assumed, and inaccurate.

References
36871 event https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786445(v=ws.11)

SCHANNEL events https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786445(v=ws.11)

SChannel error codes https://docs.microsoft.com/en-us/windows/win32/secauthn/schannel-error-codes-for-tls-and-ssl-alerts

SChannel events https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786445(v=ws.11)

SSL errors https://www.experts-exchange.com/questions/28996780/event-id-36871-Schannel.html

Troubleshooting https://docs.microsoft.com/en-us/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate

SQL native client for TLS1.2

Ever try to talk to someone when language is a barrier?

Sure, we can run an app, or search our phrase to pronounce, but it’s so much better when we can communicate seamlessly.

Post TLS1.2 for SCOM

Let’s talk SQL

Part of TLS1.2 is updating SQL Native Client to talk using a secure client that uses TLS1.2

That means a different executable should be called.

Why is that important in SCOM?

Maybe you have management packs that connect to SQL or run external commands.

On MS, there are multiple clues for various errors on Management Packs that use SSL or talk to SQL via a non-TLS method. NOTE this may mean that the SQL DB that management pack is connecting to may need the same pre-req SQL updates to a TLS 1.2 enabled version.

Do you have custom SQL queries being run, CMDB get’s, OLE DB Data Source checks?
Any Event ID 1401 or 11854 events in the Operations Manager Event log?
1. These events identify management pack scripts creating SCHANNEL events
  a. Event ID 1401 event example

Cause

SQLOLEDB connection strings will cause 36871 Sytem Log events

Example (TLS1.0)
sConnectString = “PROVIDER=SQLOLEDB;DATA SOURCE=<databaseServerFQDN>;DATABASE=MSSQLSERVER;trusted_connection=yes”
SQLNCLI11 driver for TLS1.2 connection strings

Example (TLS1.2)
sConnectString = “Provider=SQLNCLI11;DATA SOURCE=<databaseServerFQDN>;DATABASE=MSSQLSERVER;trusted_connection=yes”

Identify
Look for management packs with SQLOLEDB as the Connect string to reduce 36871 SCHANNEL events

In Windows Explorer, use the Advanced Options dropdown to select File Contents
In the Search bar (top right), enter SQLOLEDB (example shows SQLNCLI11)
NOTE SQL Discovery group pack IS compliant

In Windows Explorer, use the Advanced Options dropdown to select File Contents
In the Search bar (top right), enter SQLNCLI11

Additional offenders
HP Topology MP
SQL 2005 discovery MP (discontinued)
SQL Addendum MP’s (will work to update these with Holman)
SharePoint Foundation server (v15.0.4557.1000)
PRE TLS Microsoft.SystemCenter.2007

Resolution
Unseal (if necessary), update connection string, and reimport management packs
If Sealed vendor MP, request new MP via support Incident (and/or UserVoice if Microsoft sourced pack)
If Vendor will not release MP’s, accept risk with the logged errors, update MP, or remove from SCOM

Using MP Viewer to unseal or export MP to XLS or HTML

Use MPViewer and open the management pack files (MP and MPB)

Updated 14 Dec 2018

Thanks to Daniele Muscetta for converting this so many years ago!

MPViewer tool originally at this blog https://blogs.msdn.microsoft.com/dmuscett/2012/02/19/boriss-opsmgr-tools-updated/

MPViewer v2.3.3 added to TechNet Gallery for download here

Jan Van Meirvenne spent the time to update the functionality even further

MPViewer “2012 Reloaded (release 1)” http://scug.be/jan/2016/06/06/mp-viewer-2012reloaded/

Load Management pack

GUI

In MPViewer,

Click on File, Load Management Pack

The 2012 Reloaded MPViewer allows you to open multiple management packs, or from a Management group

Go to your directory where you saved the UNIX SCOM 2016 UR2 management packs

If necessary, change the dropdown to mpb

Command line options

.\MPViewer.exe –help

Example syntax above

Remember to encapsulate your paths with quotes to be successful!

Opens MP and saves as HTML

.\MPViewer.exe “MP Path and file name” “Outputfilename.html”

Opens MP and saves as XLS

.\MPViewer.exe “MP Path and file name” “Outputfilename.xls”

Best practice is to keep same naming convention – makes it easier to track down the original MP

Example export MP to XLS

.\MPViewer.exe “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.mp” “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.xls”

Output

PS C:\Users\scomadmin\desktop> .\MPViewer.exe “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.mp” “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.xls”

PS C:\Users\scomadmin\desktop> gci “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\*.xls”

Directory: S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       12/13/2018   8:40 AM         527618 Microsoft.SQLServer.2012.Monitoring.xls

To unseal MP to view in Notepad++

Once MP is loaded

Click File

Click Unseal MP (my path defaults to desktop)

Open file in Notepad++ or XML Editor, or your favorite XML viewer of choice

To export a management pack to XLS

Once MP is loaded

Click File

Click Save to Excel (my path defaults to desktop)

Choose path

My personal preference is to append filename with XLS for visibility

Copy file to a machine with Excel installed

Open the XML file in Excel, and hide all tabs but the Monitor tabs, and rules tab

Turn on auto-filter, etc.

Use DWdataRP utility on SCOM2016

Extra, Extra, read all about it! Updated 24 June 2022

The DWdataRP utility works on SCOM2016+

This tool has been around since SCOM 2007, and blogged about by Kevin Holman and the SCOM Engineering Team

DW Retention https://kevinholman.com/2010/01/05/understanding-and-modifying-data-warehouse-retention-and-grooming/

Kevin added these –

Here is a link to the original command line tool, DWDATARP: https://kevinholman.com/files/dwdatarp.zip

Here is a tool which makes this even simpler: https://www.scom2k7.com/scom-datawarehouse-grooming-settings-super-easy-with-new-gui-tool/

And the latest new tool which adds features and simplicity, which is what I recommend: https://blakedrumm.com/blog/scom-dw-grooming-tool/

DWDataRP https://techcommunity.microsoft.com/t5/System-Center-Blog/Data-Warehouse-Data-Retention-Policy-dwdatarp-exe/ba-p/340415?search-action-id=139683980150&search-result-uid=340415

Download the link at the second link, and save to your machine (x86 or x64)

Run the executable

dwdatarp.exe -s <DB Server Name> -D <DW Database Name>

Example dwdatarp.exe -s 16DB02 -D OperationsManagerDW

Set Data sets according to SLA

Ever need to shorten up your Lab DB, so you can export it, to leverage PowerBI dashboards?

Example Output

PS C:\Users\sqladmin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW
Dataset name Aggregation name Max Age Current Size, Kb
—————————— ——————– ——- ——————–
Alert data set Raw data 180 28,736 ( 0%)
Client Monitoring data set Raw data 30 0 ( 0%)
Client Monitoring data set Daily aggregations 400 136 ( 0%)
Configuration dataset Raw data 400 259,968 ( 3%)
DPM event dataset Raw data 400 0 ( 0%)
DPM.Backup.DataSet Raw data 400 0 ( 0%)
DPM.Backup.DataSet Hourly aggregations 3 0 ( 0%)
DPM.Backup.DataSet Daily aggregations 182 0 ( 0%)
DPM.DiskMgmt.DataSet Raw data 400 0 ( 0%)
DPM.DiskMgmt.DataSet Hourly aggregations 3 0 ( 0%)
DPM.DiskMgmt.DataSet Daily aggregations 182 0 ( 0%)
DPM.DiskUtilization.DataSet Raw data 400 0 ( 0%)
DPM.DiskUtilization.DataSet Hourly aggregations 3 0 ( 0%)
DPM.DiskUtilization.DataSet Daily aggregations 182 0 ( 0%)
DPM.Recovery.DataSet Raw data 400 0 ( 0%)
DPM.Recovery.DataSet Hourly aggregations 3 0 ( 0%)
DPM.Recovery.DataSet Daily aggregations 182 0 ( 0%)
DPM.SLATrend.DataSet Raw data 400 0 ( 0%)
DPM.SLATrend.DataSet Hourly aggregations 3 0 ( 0%)
DPM.SLATrend.DataSet Daily aggregations 182 0 ( 0%)
DPM.TapeUtilization.DataSet Raw data 400 0 ( 0%)
DPM.TapeUtilization.DataSet Hourly aggregations 3 0 ( 0%)
DPM.TapeUtilization.DataSet Daily aggregations 182 0 ( 0%)
Event data set Raw data 100 456,144 ( 5%)
Exchange 2013: Mailbox Database data warehouse dataset Raw data 30 0 ( 0%)
Exchange 2013: Mailbox statistics data warehouse dataset Raw data 30 0 ( 0%)
Exchange 2013: Mailbox statistics data warehouse dataset Daily aggregations 400 0 ( 0%)
Performance data set Raw data 10 216,096 ( 2%)
Performance data set Hourly aggregations 400 5,552,832 ( 61%)
Performance data set Daily aggregations 400 221,312 ( 2%)
Process Monitoring: Performance Metric State data warehouse dataset Raw data 10 0 ( 0%)
Process Monitoring: Performance Metric State data warehouse dataset Hourly aggregations 90 0 ( 0%)
Process Monitoring: Performance Metric State data warehouse dataset Daily aggregations 180 0 ( 0%)
Process Monitoring: Process Health State data warehouse dataset Raw data 10 0 ( 0%)
Process Monitoring: Process Network Ports data warehouse dataset Raw data 10 0 ( 0%)
State data set Raw data 180 6,080 ( 0%)
State data set Hourly aggregations 400 2,335,968 ( 25%)
State data set Daily aggregations 400 99,840 ( 1%)

Commands to run to clean up the warehouse…

.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds Performance -a Hourly -m 60
.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds Performance -a Hourly -m 60
.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds State -a Hourly -m 60
.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds event -a raw -m 30

Example Output
PS C:\Users\admin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds Performan
ce -a Hourly -m 60
Max data age set to 60 on dataset “Performance data set” aggregation type “Hourly aggregations”
PS C:\Users\admin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds State -a
Hourly -m 60
Max data age set to 60 on dataset “State data set” aggregation type “Hourly aggregations”
PS C:\Users\admin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds event -a
raw -m 30
Max data age set to 30 on dataset “Event data set” aggregation type “Raw data”

Don’t forget to execute cleanup

–This will manually run grooming for this dataset
DECLARE @DatasetId uniqueidentifier
SET @DatasetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘Alert’)
EXEC StandardDatasetGroom @DatasetId

–This will manually run grooming for this dataset
DECLARE @DatasetId uniqueidentifier
SET @DatasetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘Event’)
EXEC StandardDatasetGroom @DatasetId

–This will manually run grooming for this dataset
DECLARE @DataSetId uniqueidentifier
SET @DataSetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘Perf’)
EXEC StandardDatasetGroom @DataSetId

–This will manually run grooming for this dataset
DECLARE @DataSetId uniqueidentifier
SET @DataSetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘State’)
EXEC StandardDatasetGroom @DataSetId

Load Test MP with Report

Read below if you want a specific MP for load testing

I don’t know about you, but I’ve come across the situation where you need to compare performance.

This MP should help validate performance, whether to validate physical versus virtual, or a new Server Farm, storage performance between environments, etc.

Shout to Tyson Paul for his initial MP with 2016, catch his blog here!

Let’s start with the MP shell

Check out the upcoming Gallery download for MP’s and fragments here

NOTE: GUID’s will vary to your environment

To build the MP, you will need to update the following:

Pack ID to include the OS version

Add Reference for OS Monitoring MP (can use Visual Studio (VS) MP alias if VS is available for use in your environment)

Class Type ID with OS version

Discovery ID and Target with OS Version

Overrides ID with OS Version, and Target with OS MP Rule name and reference

Use the OS Monitoring MP to help with the rule names

The far right of the Override lists the Rule that must match to the OS MP

View ID with OS Version

Folder Item Element ID and ID

MP Display Strings with OS Version

Save and Import MP without the Report parameter to see what Group ID SCOM assigns the Load Test group

Part 2 – include report after group is imported

Don’t forget to update MP version under Identity!

Get Report parameter value for group ID

From PowerShell

get-ScomGroup | ? { $_.DisplayName -like “*Load Testing Group*” } | fl ID,DisplayName

Alternatively, obtain from SQL SSMS

select [ManagedEntityDefaultName],[ManagedEntityRowId]

FROM [vManagedEntity]

where [ManagedEntityDefaultName] like ‘%load%’

order by displayname

SSMS Output

In MP XML, update View Target GUID to your Group ID

Add Report section, and update parameter values Rule GUID

PowerShell commands to run from MS or console installed machine

The GUID’s needed for the report parameters section

get-scomrule | ? { $_.DisplayName -like “System Processor Queue Length*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “Current Disk Queue Length*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “Current Disk Queue*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “Current Dis*k Queue*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Current Disk Queue*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Average Disk Seconds Per Transfer*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Logical Disk Idle Time*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Processor Time Total*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Memory Available Megabytes*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Network Adapter Bytes Total*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*Memory Pages per Second*” } | fl ID,DisplayName,Name

get-scomrule | ? { $_.DisplayName -like “*System Processor Queue Length*” } | fl ID,DisplayName,Name

Verification

From SCOM Console, Authoring Tab
1. Update group with explicit members
2. Verify Group members
From SCOM Console, Monitoring Tab
1. Verify Performance view has performance counters
From SCOM Console Reporting Tab (this may take a few minutes to push report to Reporting server)
1. Open report and run
2. Export data for analysis

Basic Admin ‘How-to’ Series

443053-royalty-free-rf-clip-art-illustration-of-a-cartoon-businessman-carrying-a-heavy-manual

This is a series of blog posts to help with SCOM best practices, and things that make SCOM easier to administer.

Associate MPX files in Notepad++ blog

Backup management packs via PowerShell blog

Get to know your monitor blog

Load Test MP with Report blog

Load Test MP Fragments blog

Maintenance Mode PowerShell blog

Manage DB storage with DWdataRP blog

Managing Subscriptions blog

PowerShell Rule/Monitor/PerfCounter MP and Fragments blog

Registry Key discovery MP Fragment clarification blog

Run As PowerShell monitor fragment blog

Sealing Management packs with 2012R2 and 2016 blog

Subscriptions blog

Subscription Set up Guide blog

Uncommon MP Fragments blog

Verifying Overrides blog

Best Practices

Agent Management pack KH Blog

Enable proxy as a default KH blog

How to be heard blog

Manage alerts/events/performance KH Blog

Office Analytics (find where all the time goes) blog

Optimize SQL blog

Recommended Registry tweaks KH blog

SCOM Agent Version Addendum KH blog

Set SCOM Agent to remotely managed KH Blog

SQL Engineering Blog

SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions blog

Update VMM MP’s for SCOM when SCVMM patched blog

Tools

MP Viewer blog

Download Notepad++ here

Kevin Holman blog on extracting scripts from MP’s using Transform tool from codeplex

Test fire events using EventLog Explorer here

Alternate tool to fire any events here

Troubleshoot Office 365 SCOM MP Run As account

Run As Account

The Office 365 Run As account is used for Proxy access for an HTTPS connection from SCOM MS to Office 365 portal endpoint.

Must be a domain account, not an Azure account (particularly if they ‘re not the same tenant or AAD associated

Service Accounts are recommended to prevent impact should an employee leave

SCOM uses a domain account (example scom_action ID)

Verify that ID is in Azure tenant (contact your Azure Administrator if you don’t have access )

o365applicationazureidverify

To follow best practice, update the Run As account with the service account

o365applicationscomrunascredential

Verify Run As account

On SCOM console that there are no Operations Manager event log 7000 events for the ‘run as’ configured ID

Remote Desktop to SCOM MS Server

Verify if the ‘run as’ ID has a valid password

Look in the Operations Manager Event Log for Event ID 7000

Click on Find

Type in the user’s ID from the ‘run as’ account in SCOM

If no entries found, then ID is successfully authenticating against the domain

If errors found, correct ID/Password