MECM/SCCM Addendum pack

The 'MECM/SCCM Addendum pack' encompasses Endpoint Management which as of late, has taken on a number of names over the past few years.
The ‘MECM/SCCM Addendum pack’ encompasses Endpoint Management which as of late, has taken on a number of names over the past few years.

The ‘MECM/SCCM Addendum pack’ started from administrators and field engineers’ inputs on actionable/manual intervention required alerts.  While Endpoint Management has taken on a number of names over the past few years, monitoring the platform functionality has stayed pretty much the same.  The underlying application infrastructure is based on registry key discovery of installed roles.



Quick Download



Tailor the addendum for environment

Add monitoring for MECM servers per health model through daily team report, alert cleanup, custom groups to address subscription objects, servers, custom disk and client cache cleanup workflows, and lastly service restart automation.

Quick overview

The classes and DataSource/WriteAction alert reports require updates to target server naming convention(s).  The alert report is most effective this way, only giving the administrator/AppOwner alerts relevant to owned/supported servers.   Why – make the changes most effective, i.e. alert when manual intervention required.

Workflows, classes, and MonitorType

Addendum Classes, DataSource, WriteAction, and Unit MonitorType to build out 'manual intervention required alerting'.


Update Discovery to find/replace hashtags

Leveraging Kevin Holman’s MP fragment find/replace common variables notated by the ##variable##, we begin by updating the ##MECMServerNamingConvention## with a regular expression of the servers involved with Configuration Management.

Subscription group example of relevant classes for subscription notifications for Application/System Owners.

Second, we update the disk specific alerts if drives fill, where different amounts of space is required to alert before application/server crashes, different than the OS Logical Disk full composite alerts for % and MB free alerts.  These disk specific updates allowing administrator to get unique alerts for common disk full scenarios.

Disk specific updates allowing administrator to get unique alerts for common disk full scenarios.


Third, update MECM Group discoveries for various regular expressions.

MECM Group discovery updates for various regular expressions.


Lastly, review MECM Rules, Tasks, Monitor and Overrides for pack functionality.

MECM Rules, Tasks, Monitor and Overrides for pack functionality.


After updating relevant pieces, save file, move to SCOM MS, and Import.

My customers have loved this, hopefully this experience is shared!



Kevin Holman MP fragments

Endpoint Management

Microsoft System Center 2012 Configuration Manager Monitoring 5.0.8239.1010

Setting up OMS Capacity and Performance

Setting up OMS Capacity and Performance
Setting up OMS Capacity and Performance


Update 18 Dec 2023 – Solution retired in 2021 with OMS sunset. Repository archived by the owner on Feb 1, 2021. It is now read-only.



Do you know what your HyperV hosts are doing?

Not a HyperV fan, there’s a VMWare solution also here




Capacity dashboard

Capacity and performance preview summary
Capacity and performance preview summary


OMS dashboard
OMS dashboard



Setting up OMS Capacity and Performance

Already have the dashboard setup?  Perhaps this will help troubleshoot

Do you have network connectivity, or is a proxy required?


Troubleshooting dashboard

Windows Agents


Verify Operations Manager event log on local agent, then filter for error events and/or EventID 4506.  Look for dates/times to see when events started.

Example Event ID 4506 details the Capacity and Performance Solution, citing ‘Microsoft.IntelligencePacks.CapacityPerformance.Collector’.

Operations Manager Event Log, Event ID 4506 examples
Operations Manager Event Log, Event ID 4506 examples


Additional options

  1. Search LAW (Log Analytics workspace) logs

OMS Log search screenshot


2. Verify no proxy is set up (unless your network requires this)

OMSAgent proxy setting
OMSAgent proxy setting


3. 4506’s result from too many workflows sending data from MS to DB’s (OpsMgr and DW).  Additionally, 4506 events can be communication issues from MS to DB server(s).   Lastly, use TLS1.2 configuration as a best practice to enforce encryption from MS to SQL communication.  Beyond encryption, TLS may be a culprit if AlwaysOn or SQL clusters are involved, particularly as the SCOM console connections fail as SDK cannot talk with SQL side.  See Kevin Holman’s blog for additional TLS1.2 information and setup.

TLS blog



Learn article
TechNet blog

Setting up OMS Service Map solution


Ever wonder what happened to BlueStripe?

Anyone else have experience using it with SCOM?

If you weren’t aware, Microsoft bought Blue Stripe back in 2015 link


Looks like BlueStripe FactFinder is now Service Map in Azure

Documentation here


Service Map is very easy to add and get value from right away with OMS

Download agent

You have two choices:

  1. Choose from documentation above, or from your OMS environmentdocsagentdownload
  2. From your OMS workspace, add the Service Map solution

Click on Home icon in top left hand corner


Click on Service Map pane

Click on Download Agent link as appropriate for Windows or Linux

Save file and install on your server(s)



Windows Server Installation

Execute the MSI file downloaded from OMS (NOTE may prompt with UAC prompt)

Click ‘I Agree’


Watch the Install


Click Finish


Now go back to OMS and look for updates (mine was that fast!)


Click on the Service Map pane to see more detail


To add additional machines is basically the same, just choose add machines



In case you caught that I have two (2) of the same named machines, it’s because I have that server set up for OMS separately.  Yes, it’s my lab, so I’m not following the best practice.



Building a subscription



Let’s talk notifications for a minute.

Everyone complains that a tool is noisy for alerts (typically emails).

Why not find a way to limit what you receive, and eliminate, the noise.

Sure, there’s alert tuning, but there are a ton of built-in options with Subscriptions in SCOM.



Let’s Start by talking about now a subscription is built in SCOM.

Step 1 – An owner (or ‘subscriber’) is needed

This can be an email address, group name or variable you may want to pass to a command line for a destination (e.g. support team/NOC/POC)

Step 2 – A channel is needed (simply put, a way to get the data out of SCOM)

This can be SMTP (email), or a custom executable to a ticketing system, NetCool, BMC True Sight, xMatters, Derdack, to name a few.

Step 3 – Criteria to send to an owner (details)

Time to set up a subscription, and learn as we go!

Do you have the necessary 3 parts (subscriber, channel)

Do you have a destination/subscriber already set up?

Yes, see go to Channel

No, follow the subscriber blog here

Do you have a channel set up

Yes, see go to Subscription

No, follow the Channel blog here


Do you have a naming convention for the subscription parts?

The Subscription name needs to be intuitive, i.e. Application Name, Team Name, Company Name (depending on the environment)

Process an Application’s alerts

Example     ‘BizTalk alerts’

If BizTalk alerts needed to go to different teams

‘BizTalk DEV Alerts’ or ‘BizTalk PROD Alerts’

or if Criteria is involved ‘BizTalk Performance Alerts’

or if alerts need to route to another company ‘Contoso BizTalk alerts’

Capitalize what needs emphasis so in the Subscriptions view (make searches or sorts easier and more intuitive)

Making sense where I’m going with this?


Criteria can influence the name


To me the value comes in with the Description field in a subscription.

Adding relevant detail here makes life easier when followed, to know what the subscription is doing.

Try this model for the Subscription Description





+MONITOR = Health Service Heartbeat Failure +SEVERITY = Warning/Critical +RESOLUTION STATE NOT equals 255 +SUBSCRIBERS = GROUP Server Admins via Email +Comments: Created 2016-02-12 for SCOM Agent tuning


Time to set up a subscription

Subscription Summary Healthservice Watcher subscription to alert on any NEW Healthservice Heartbeat failures

Name     SCOM HealthService Watcher


+MONITOR = Health Service Heartbeat Failure +SEVERITY = Warning/Critical +RESOLUTION STATE NOT equals 255 +SUBSCRIBERS = GROUP Server Admins via Email +Comments: Created 2016-02-12 for SCOM Agent tuning



Notify on all alerts where

created by Health Service Heartbeat Failure rules or monitors (e.g., sources)

and of a Warning or Critical severity

and with Not Equals 255 resolution state



GROUP Server Admins via eMail



SMTP Channel

Basic Admin ‘How-to’ Series


This is a series of blog posts to help with SCOM best practices, and things that make SCOM easier to administer.


Associate MPX files in Notepad++ blog

Backup management packs via PowerShell blog

Get to know your monitor blog

Load Test MP with Report blog

Load Test MP Fragments blog

Maintenance Mode PowerShell blog

Manage DB storage with DWdataRP blog

Managing Subscriptions blog

PowerShell Rule/Monitor/PerfCounter MP and Fragments blog

Registry Key discovery MP Fragment clarification blog

Run As PowerShell monitor fragment blog

Sealing Management packs with 2012R2 and 2016 blog

Subscriptions blog

Subscription Set up Guide blog

Uncommon MP Fragments blog

Verifying Overrides blog


Best Practices

Agent Management pack KH Blog

Enable proxy as a default KH blog

How to be heard blog

Manage alerts/events/performance KH Blog

Office Analytics (find where all the time goes) blog

Optimize SQL blog

Recommended Registry tweaks KH blog

SCOM Agent Version Addendum KH blog

Set SCOM Agent to remotely managed KH Blog

SQL Engineering Blog

SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions blog

Update VMM MP’s for SCOM when SCVMM patched blog



MP Viewer blog

Download Notepad++ here

Kevin Holman blog on extracting scripts from MP’s using Transform tool from codeplex

Test fire events using EventLog Explorer here

Alternate tool to fire any events here