Re-learn an old but still relevant tool – EventLog Explorer

 

Sometimes we forget about tools that can make things easier.

 

Time to talk about EventLog Explorer.

 

Need to repro and test events for an installed program, to see what SCOM will handle?

Read this old mom team blog, courtesy of Kevin Holman blog

 

 

I wanted to try it to test fire some events, had a use case where we needed to test Skype events from the SCOM MP

 

Testing on my SCOM 2016 Management server

 

Download file, run EventLog Explorer

The Paste icon next to the X is ‘Add to Execution List’ and fills out the bottom pane

The Green Arrow is ‘go’ or execute (similar to PowerShell ISE)

 

Navigate through the Event Log and Event Source on the left hand pane

Mark events with the checkbox  

 

Add to Execution

 

Verify events added to bottom pane

(see my test yesterday for fired, and not fired events from today)

 

 

 

Click Green box with white arrow to fire events, and check Event Viewer

 

 

Yesterday’s test

 

 

 

Today’s test

 

 

Verify alerting occurred as expected!

Uncommon Custom MP Fragments

new_icon_shiny_badge_svg

Building on Kevin Holman’s MP Fragment Library are additional Uncommon Custom MP Fragments

 

This is the SCOM Management Pack Fragment Library which includes VSAE Fragments you can use to make SCOM management packs quickly and easily.

V1.0 has two Event Monitors with two state, two or three criteria monitors

 

Assumptions

Visual Studio, and the VSAE Fragments are installed

Visual Studio has a powerful plugin called VSAE (Visual Studio Authoring Extensions)
https://www.microsoft.com/en-us/download/details.aspx?id=30169

If you aren’t familar with MP fragments for authoring, see instructions at:  https://blogs.technet.microsoft.com/kevinholman/2016/06/04/authoring-management-packs-the-fast-and-easy-way-using-visual-studio/

 

Background
A Management Pack fragment is simply a bit of XML, that contains all the “working parts” for a specific workflow….

Several authors have written about the power of fragments since VSAE launched, but the biggest gap I saw can be broken up into two major issues:
•Nobody provided a good “library” of workable MP fragments
•Nobody came up with a VERY simple method to reuse fragments quickly and easily

If you can do a FIND and REPLACE in notepad, you can use this.

Kevin Holman’s MP Fragments here

Gallery download for the uncommon MP fragments https://gallery.technet.microsoft.com/Uncommon-Custom-MP-c5a12a86

Console Errors in the new Active Directory Directory Services MP

New MP released that resolves this – v10.0.2.0 download here

 

Console Errors in the new Active Directory Directory Services MP

doh

 

At least it’s not the Security patch issue when you click on Health/State views, right?

https://support.microsoft.com/en-us/help/3200006/system-center-operations-manager-management-console-crashes-after-you

 

In the SCOM Console

Do you get an error when clicking on Authoring Tab, Management Pack Objects, Overrides?

overridesconsoleerror

If you are running the 2012-2016 Active Directory Directory Services v10.0.1.0 MP’s, you most likely get an error

“Microsoft.EnterpriseManagement.Common.ObjectNotFoundException: An object of class ManagementPackClass with ID <guid here>”

 

Unfortunately, the RODC group rule overrides were not referenced to the Discovery MP.

It’s an awesome MP, and I’m thankful for the new AD MP.

Check out Holman’s blog for all the fun and features.

 

Figure out which management pack has the issue with the ID

To find the offending item from the console error, see this blog.

Blog Summary = Using Ops Manager Shell, export the overrides

get-scomOverrides | out-file d:\monadmin\overrides.txt

Search for your GUID to know the ID and what in SCOM that ID is attached to.

Property          : Enabled
XmlTag            : RulePropertyOverride
Rule              : ManagementPackElementUniqueIdentifier=78ee983f-268d-0b99-0ca6-b1ca75c46621
Context           : ManagementPackElementUniqueIdentifier=0903521d-f768-3d26-a0af-ae52f8c09a29
ContextInstance   : 
Enforced          : False
Value             : false
ManagementGroup   : SCOM2012R2
ManagementGroupId : 28b70e43-4655-edfc-6127-ff4a72642488
Identifier        : 1|Microsoft.Windows.Server.AD.2012.Monitoring/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection.Override.RODCGroup||
Name              : Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection.Override.RODCGroup

The highlighted items show a Override for a Rule, named ‘DRA Outbound Bytes Comp’ (compressed)

 

Now, if you’re impatient like me, and can’t wait for the new sealed MP to fix the console error, here’s how you can fix the MP.

Unseal the three monitoring MP’s

After unsealing the MP, update the RulePropertyOverride(s) for 2012, 2012R2, and 2016 Monitoring management packs, and then import into your SCOM Management group.

MP Viewer How-To, Tool Download

 

Add Referencing MP to the Rule overrides
For 2012 – AD2012Core! was missing (See Manifest section for AD2012Core MP info)
For 2012R2 – AD2012R2Core! was missing (See Manifest section for AD2012R2Core MP info)
For 2016 – AD2016Core! was missing (See Manifest section for AD2016Core MP info)
The RODC group is created with each version of AD Directory Services (2008, 2012,2016)
In the 2008 MP the overrides exist in the Discovery MP
To correct the 2012, 2012R2, 2016 MP’s, the discovery MP reference must be added to the Rule

 

Verify overrides in SCOM Console

Click on Authoring Tab, Management Pack Objects, Overrides

overridesconsoleerror  “Microsoft.EnterpriseManagement.Common.ObjectNotFoundException: An object of class ManagementPackClass with ID <guid here>”

Through persistence, you may be able to search for Overrides

 

In ‘Look For’ bar, type RODC

Hit enter

Verify there are 4 (fyi there are 4 rules per AD version you have installed in your management group)

 

Remove Sealed AD Monitoring MP’s

Import unsealed MP’s

 

Verify in Console that overrides show up (No Errors seen)

 

Click on Authoring Tab, Management Pack Objects, Overrides

In ‘Look For’ bar, type RODC

Hit enter

 

Verify 16 (4 rules per AD version (2008, 2012,2012R2, 2016;  or 12 rules will display if AD 2008 packs are not installed)

Sample XML for Overrides
<Overrides>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAIntersiteOutBytes.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAIntersiteOutBytes.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesComp.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesNotComp.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesNotComp.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
<RulePropertyOverride ID=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesTotal.Collection.Override.RODCGroup” Context=”AD2012Core!Microsoft.Windows.Server.2012.AD.RODCGroup” Enforced=”false” Rule=”Microsoft.Windows.Server.2012.AD.DomainController.DRAOutboundBytesTotal.Collection” Property=”Enabled”>
<Value>false</Value>
</RulePropertyOverride>
</Overrides>

 

Enjoy!

woohoo

 

 

Supported SQL version for System Center

I’ve also been asked what versions of SQL work with System Center, so here’s references to see what the latest supported SQL version and patch.

Here is the System Center SQL matrix

2016 https://docs.microsoft.com/en-us/system-center/scom/plan-sqlserver-design?view=sc-om-2016#sql-server-requirements

2019 https://docs.microsoft.com/en-us/system-center/scom/plan-sqlserver-design?view=sc-om-2019#sql-server-requirements

2012R2 https://technet.microsoft.com/en-us/library/dn281933.aspx

Sizing SCOM 2012R2 and 2016

Many times, the question comes up for Microsoft sizing guidelines for Operations Manager/SCOM.  The Sizing Calculator XLS is a great resource to use to help answer some of the storage and SQL DB questions as it relates to the various features you enable in your environment.

The sizing calculator takes features beyond windows agents to help size SQL and storage needs, as well as management servers.

The SCOM Sizing Calculator XLS from TechNet helps determine capacity and storage needs for 2012 and 2016.  Here is the 2016 System Center SQL matrix

http://download.microsoft.com/download/C/A/6/CA60425C-950B-456E-986C-C5F2FCD5668D/System%20Center%202012%20Operations%20Manager%20Sizing%20Helper%20Tool%20v1.xls

Other SCOM features that change the Operations Manager environment

# of Unix Servers

Network monitoring

Application Performance Monitoring (APM)

URL monitoring (transactional and availability)

DB Data retention requirements