Azure Application Insights

Application Insights

Application Insights simply put is Application Performance Management for web developers (or DevOps) on multiple platforms

Are you trying to solve how to monitor application performance?

Do you need to monitor application performance for ASP.NET, Java or Node.js apps?

SCOM can monitor, but not necessarily with the same functionality

Riverbed makes products, but at a higher cost

 

Dashboard

 

 

Much like SCOM APM agent, application Insights Monitors the same information, without having to setup SCOM in Azure

This is also an OMS solution, so if you’re using Azure for Web Applications, this should be on the to-do list

 

 

 

How about application Telemetry data?

 

Overview https://docs.microsoft.com/en-us/azure/application-insights/app-insights-overview
Documentation https://docs.microsoft.com/en-us/azure/application-insights/

Verify OMS Managed Computers

Ever wondered what objects are setup for OMS?

 

Maybe you’ve seen lots of errors on servers you don’t expect ?

It’s possible someone chose a group or nearly all managed computers in your SCOM environment.

 

How do we verify, or change what computers send data to OMS from SCOM?

1) Look for a group
In SCOM console, monitoring tab

Look for the ‘advisor’ group
Maybe someone put a group in there

2) Verify OMS members

In the SCOM console, Administration tab
Click on Managed Computers
See middle pane for what is currently set up

 

Update OMS Managed computers

In the SCOM console, Administration tab
Click on Managed Computers
See middle pane for what is currently set up

Click the ‘Add a computer/group’ link on the tasks pane (right side)

Add computers or groups

Add keyword, click search, highlight and click Add

Click OK when done updating members

 

Optionally, highlight the member, click delete

 

Verify the Advisor MP’s on computer

Go to server (added or removed)

If added, look for 1201 events in the Operations Manager Log

If removed, look for 1204 events in the Operations Manager Log

 

Enjoy!!

O365 Office Analytics

Ever wonder where all your time goes each week?

 

From an executive standpoint, want to see statistics on where employees are spending most of their time?

 

Did you know Office365 has an Outlook AddIn for analytics? Personal Analytics Link

 

 

Access your analytics

Website https://microsoft-my.sharepoint.com/_layouts/15/me.aspx?v=analytics

Requires E3 add on or above (E5), and can be configured by the Office Admin

 

 

The MyAnalytics dashboard

Set your goals in meetings, email, network, focus/project time, and after hours

 

Email

Click on Email hours for insight on where you so pend your time

Click on View Details to see when you’re sending and reading email

 

Network

Click on the Network tab to add important people to your dashboard that you work with (for projects, job duties, etc.)

You can add people by using the Search Bar (top right hand corner)

 

Add Important People to your network

Click the Star to favorite people in the ‘Stay in Touch’ pane (or from the Network pane)

 

 

From the Network pane, click on Important people to see your VIP list

 

 

Meeting

Click on the Meetings

Click View Details to see what meetings you multitask

 

Focus Hours and After Hours

Review the insights, and customize to your needs

 

For more information about Office Analytics

Knowledge Link https://support.office.com/en-us/article/Microsoft-MyAnalytics-for-Office-365-admins-77590915-6eb0-47a6-a72f-8116cfcfc2c7

Personal dashboard link

 

Optimize SQL for SCOM

Maybe I’m old school, but do you ever feel like optimizing SQL is like playing a video game?

Keep on shooting, hopefully you don’t hit your thrusters and drift and then die!

 

Does your SQL DBA Team (or did you):

NTFS Allocation Unit set to 64KB for the SQL Server drives

Dedicate memory for the OS (set SQL to use max memory)

Set autogrow to be greater than 1 MB?

MaxDOP (degrees of parallelism)

TempDB’s are on separate mounts (and match the number of cores)

Database and log files are on separate mounts

Backup SQL Server encryption keys

Disable XpCommandShell

 

Most of the documentation can be had from a single link

https://docs.microsoft.com/en-us/system-center/scom/plan-sqlserver-design?view=sc-om-1711

 

Disable XpCommandShell https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql

 

SYSTEM CENTER 2016/2019 Operations Manager – Anti-Virus Exclusions

Updated 30 June, 7 July 2020 and includes docs.microsoft.com article updates

 

 

 

NOTE: Process name exclusion wildcards could potentially prevent some dangerous programs from being detected.

 

Hopefully this table is helpful (my thanks to Matt Goedtel for the docs site updates, and Matt’s efforts to keep docs the ‘go-to’ site)

 

Previously the blog left the SCOM Admin and Security teams with questions where blogs did NOT match vendor site documentation.  The blog merged the PFE UK team blog & Kevin Holman blog  into an easier tabular view per component)

 

Original Blog introduction

As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.

 

Best practice is to implement specific exclusions.

 

Exclusions\RoleMSDBGWRSWebAgent
Folder
Management Server installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\”		*
Agent installation folder
 Default: “C:\Program Files\Microsoft Monitoring Agent”		**
Gateway installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Gateway\”		*
Reporting installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Reporting”		*
WebConsole installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole”		*
SQL Data installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Data”		*
SQL Log installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Log”		*
SQL Reporting installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSRS.1x<INSTANCENAME>		*
File Types
EDB*****
CHK*****
LOG*****
LDF**
MDF**
NDF**
Processes
CShost.exe*
HealthService.exe******
Microsoft.Mom.Sdk.ServiceHost.exe*
MonitoringHost.exe******
SQL Server
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL1x.<Instance Name>\MSSQL\Binn\SQLServr.exe”		*
SQL Reporting Services
 Default: “C:\Program Files\Microsoft SQL Server\MSRS1x.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe”		**

 

Useful information for decoding the matrix

Docs site https://docs.microsoft.com/en-us/system-center/scom/plan-security-antivirus?view=sc-om-2019

Platform https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows

SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager

PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/

SQL

https://support.microsoft.com/en-us/help/309422/choosing-antivirus-software-for-computers-that-run-sql-server

https://blogs.technet.microsoft.com/raymond_ris/2014/01/16/windows-antivirus-exclusion-recommendations-servers-clients-and-role-specific/

Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008    = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012    = 11.00.xxxx
120 = SQL Server 2014    = 12.00.xxxx
130 = SQL Server 2016    = 13.00.xxxx

Setting up OMS Capacity and Performance

Setting up OMS Capacity and Performance
Setting up OMS Capacity and Performance

 

Update 18 Dec 2023 – Solution retired in 2021 with OMS sunset.  

https://github.com/uglide/azure-content/blob/master/articles/log-analytics/log-analytics-add-solutions.md Repository archived by the owner on Feb 1, 2021. It is now read-only.

 

 

Do you know what your HyperV hosts are doing?

Not a HyperV fan, there’s a VMWare solution also here

 

Documentation https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-capacity

https://github.com/uglide/azure-content/blob/master/articles/log-analytics/log-analytics-capacity.md

 

Capacity dashboard

Capacity and performance preview summary
Capacity and performance preview summary

Details

OMS dashboard
OMS dashboard

 

 

Setting up OMS Capacity and Performance

Already have the dashboard setup?  Perhaps this will help troubleshoot

Do you have network connectivity, or is a proxy required?

 

Troubleshooting dashboard

Firewall https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-proxy-firewall
Windows Agents https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents

 

Verify Operations Manager event log on local agent, then filter for error events and/or EventID 4506.  Look for dates/times to see when events started.

Example Event ID 4506 details the Capacity and Performance Solution, citing ‘Microsoft.IntelligencePacks.CapacityPerformance.Collector’.

Operations Manager Event Log, Event ID 4506 examples
Operations Manager Event Log, Event ID 4506 examples

 

Additional options

  1. Search LAW (Log Analytics workspace) logs

https://github.com/uglide/azure-content/blob/master/articles/log-analytics/log-analytics-log-searches.md

OMS Log search screenshot

 

2. Verify no proxy is set up (unless your network requires this)

OMSAgent proxy setting
OMSAgent proxy setting

 

3. 4506’s result from too many workflows sending data from MS to DB’s (OpsMgr and DW).  Additionally, 4506 events can be communication issues from MS to DB server(s).   Lastly, use TLS1.2 configuration as a best practice to enforce encryption from MS to SQL communication.  Beyond encryption, TLS may be a culprit if AlwaysOn or SQL clusters are involved, particularly as the SCOM console connections fail as SDK cannot talk with SQL side.  See Kevin Holman’s blog for additional TLS1.2 information and setup.

TLS blog https://kevinholman.com/2018/05/06/implementing-tls-1-2-enforcement-with-scom/

 

Documentation

Learn article https://learn.microsoft.com/en-us/answers/questions/212007/scom-errors-no-data-in-summary-performance-dashboa
TechNet blog https://social.technet.microsoft.com/Forums/ie/en-US/10b38121-b0e1-43ec-bf3a-d22ae9ef0220/event-4506-data-was-dropped-due-to-too-much-outstanding-data-in-rule
MS RMSe https://www.system-center.me/opsmgr/event-4506-and-new-root-management-server-rms-management-server-ms/

SQL Engineering Blog

hmmmm

Ever wonder when a SQL MP is published?

Wonder no longer, look for the SQL Engineering Blog!

 

New https://techcommunity.microsoft.com/t5/SQL-Server/bg-p/SQLServer/label-name/SQLReleases

Old – redirect in effect https://blogs.msdn.microsoft.com/sqlreleaseservices/

 

 

Setting up OMS Service Map solution

hmmmm

Ever wonder what happened to BlueStripe?

Anyone else have experience using it with SCOM?

If you weren’t aware, Microsoft bought Blue Stripe back in 2015 link

 

Looks like BlueStripe FactFinder is now Service Map in Azure

Documentation here

 

Service Map is very easy to add and get value from right away with OMS

Download agent

You have two choices:

  1. Choose from Docs.Microsoft.com documentation above, or from your OMS environmentdocsagentdownload
  2. From your OMS workspace, add the Service Map solution

Click on Home icon in top left hand corner

omshome

Click on Service Map pane

Click on Download Agent link as appropriate for Windows or Linux

Save file and install on your server(s)

oms-initialscreen

 

Windows Server Installation

Execute the MSI file downloaded from OMS (NOTE may prompt with UAC prompt)

Click ‘I Agree’

servicemapinstall

Watch the Install

servicemapinstalling

Click Finish

servicemapinstallcomplete

Now go back to OMS and look for updates (mine was that fast!)

servicemapsolution

Click on the Service Map pane to see more detail

servicemapdetail

To add additional machines is basically the same, just choose add machines

oms-addmachines

 

In case you caught that I have two (2) of the same named machines, it’s because I have that server set up for OMS separately.  Yes, it’s my lab, so I’m not following the best practice.

servicemapsolutionwclients

Enjoy!

Building a subscription

subscribe-and-save

 

Let’s talk notifications for a minute.

Everyone complains that a tool is noisy for alerts (typically emails).

Why not find a way to limit what you receive, and eliminate, the noise.

Sure, there’s alert tuning, but there are a ton of built-in options with Subscriptions in SCOM.

 

howto

Let’s Start by talking about now a subscription is built in SCOM.

Step 1 – An owner (or ‘subscriber’) is needed

This can be an email address, group name or variable you may want to pass to a command line for a destination (e.g. support team/NOC/POC)

Step 2 – A channel is needed (simply put, a way to get the data out of SCOM)

This can be SMTP (email), or a custom executable to a ticketing system, NetCool, BMC True Sight, xMatters, Derdack, to name a few.

Step 3 – Criteria to send to an owner (details)

Time to set up a subscription, and learn as we go!

Do you have the necessary 3 parts (subscriber, channel)

Do you have a destination/subscriber already set up?

Yes, see go to Channel

No, follow the subscriber blog here

Do you have a channel set up

Yes, see go to Subscription

No, follow the Channel blog here

 

Do you have a naming convention for the subscription parts?

The Subscription name needs to be intuitive, i.e. Application Name, Team Name, Company Name (depending on the environment)

Process an Application’s alerts

Example     ‘BizTalk alerts’

If BizTalk alerts needed to go to different teams

‘BizTalk DEV Alerts’ or ‘BizTalk PROD Alerts’

or if Criteria is involved ‘BizTalk Performance Alerts’

or if alerts need to route to another company ‘Contoso BizTalk alerts’

Capitalize what needs emphasis so in the Subscriptions view (make searches or sorts easier and more intuitive)

Making sense where I’m going with this?

 

Criteria can influence the name

CLASS, MONITOR, RULE, SEVERITY, GROUP, RESOLUTION STATE

To me the value comes in with the Description field in a subscription.

Adding relevant detail here makes life easier when followed, to know what the subscription is doing.

Try this model for the Subscription Description

CRITERIA

SUBSCRIBER

COMMENTS

Example

+MONITOR = Health Service Heartbeat Failure +SEVERITY = Warning/Critical +RESOLUTION STATE NOT equals 255 +SUBSCRIBERS = GROUP Server Admins via Email +Comments: Created 2016-02-12 for SCOM Agent tuning

 

Time to set up a subscription

Subscription Summary Healthservice Watcher subscription to alert on any NEW Healthservice Heartbeat failures

Name     SCOM HealthService Watcher

Description

+MONITOR = Health Service Heartbeat Failure +SEVERITY = Warning/Critical +RESOLUTION STATE NOT equals 255 +SUBSCRIBERS = GROUP Server Admins via Email +Comments: Created 2016-02-12 for SCOM Agent tuning

 

Criteria

Notify on all alerts where

created by Health Service Heartbeat Failure rules or monitors (e.g., sources)

and of a Warning or Critical severity

and with Not Equals 255 resolution state

 

Subscribers

GROUP Server Admins via eMail

 

Channels

SMTP Channel

Basic Admin ‘How-to’ Series

443053-royalty-free-rf-clip-art-illustration-of-a-cartoon-businessman-carrying-a-heavy-manual

This is a series of blog posts to help with SCOM best practices, and things that make SCOM easier to administer.

 

Associate MPX files in Notepad++ blog

Backup management packs via PowerShell blog

Get to know your monitor blog

Load Test MP with Report blog

Load Test MP Fragments blog

Maintenance Mode PowerShell blog

Manage DB storage with DWdataRP blog

Managing Subscriptions blog

PowerShell Rule/Monitor/PerfCounter MP and Fragments blog

Registry Key discovery MP Fragment clarification blog

Run As PowerShell monitor fragment blog

Sealing Management packs with 2012R2 and 2016 blog

Subscriptions blog

Subscription Set up Guide blog

Uncommon MP Fragments blog

Verifying Overrides blog

 

Best Practices

Agent Management pack KH Blog

Enable proxy as a default KH blog

How to be heard blog

Manage alerts/events/performance KH Blog

Office Analytics (find where all the time goes) blog

Optimize SQL blog

Recommended Registry tweaks KH blog

SCOM Agent Version Addendum KH blog

Set SCOM Agent to remotely managed KH Blog

SQL Engineering Blog

SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions blog

Update VMM MP’s for SCOM when SCVMM patched blog

 

Tools

MP Viewer blog

Download Notepad++ here

Kevin Holman blog on extracting scripts from MP’s using Transform tool from codeplex

Test fire events using EventLog Explorer here

Alternate tool to fire any events here