Updated SCOMCore Addendum

SCOMCore Addendum - having a strong core makes bigger gains — SCOMCore Addendum – having a strong core makes bigger gains

Updated SCOMCore addendum pack now contains DWDataRP integration, and additional overrides since the last pack posted in 2023. There’s been a lot of updates made since the last update to GitHub. Github Link https://github.com/theKevinJustin/SCOMCoreAddendum

This builds on last month’s blog where you add reader rights to the SCOM Action Account for the SCOM DW. Blog https://kevinjustin.com/blog/2024/12/20/alert-on-dwdatarp-output/

Example of the DWDataRP report

Proactive DailyTasks SCOMCoreAlerts DWDataRP Script Alert Rule

NOTE the output also includes the full DWDataRP output

#============================================

Dataset name Aggregation name Max Age Current Size, Kb

—————————— ——————– ——- ——————–

Alert data set Raw data 400 1,034,128 ( 2%)

Client Monitoring data set Raw data 30 0 ( 0%)

Client Monitoring data set Daily aggregations 400 152 ( 0%)

Configuration dataset Raw data 400 2,037,216 ( 4%)

Event data set Raw data 7 235,464 ( 0%)

Performance data set Raw data 10 7,952,400 ( 16%)

Performance data set Hourly aggregations 60 21,554,016 ( 44%)

Update the file path and ComputerName in the Rule DataSource

Update StringParameterExample with FilePath and ComputerName with SCOM OpsMgrDW server name

Don’t forget to verify the additional DB rights are added to the action account!

Once verified, substitute two variables to specify the DWDataRP file path and the SCOM OpsMgrDW database server name into the rule and monitor.

Save

Upload the ‘updated SCOMCore addendum’ to SCOM Mgmt group

Enjoy!

Link to previous SCOM Core Addendum blog from 2023

SCOMCore Addendum pack

OS Addendum updates

More updates for your monitoring pleasure with OS addendum updates!

OS Addendum updates

Been busy in the monitoring ‘bat’ cave crafting up new ways to simplify things, automating recoveries, top process finds, STIG compliance, automatic services logic, and PowerShell transcription checks.

Download https://github.com/theKevinJustin/2016ServerAgnostic/

Automatic Services – monitors services with automatic service type, and includes built in recovery when monitor unhealthy

PowerShell transcription – be compliant for STIG V-257502 and V-257503, also includes Daily report (runs daily Monday-Friday)

Sets multiple overrides to reduce extraneous OS workflows that most customers never use.

Change/revision history

v1.0.7.6 13 Jan 2025 Updated EnableTranscription Report variables
v1.0.7.5 8 Nov 2024 Added additional services into excluded services, uncommented ServiceName variable
v1.0.7.4 7 Nov 2024 Updated ExcludedServices in AutomaticServices monitor DS
v1.0.7.3 21 Oct 2024 Logical Disk rollup disable, hourly monitor setting changes, event and perf collection rule disabled
v1.0.7.2 21 Oct 2024 Updated AutomaticServices DS/WA workflows
v1.0.7.1 18 Oct 2024 Updated Excluded Services array with additional services, updated AutomaticServices DS/WA workflows.
v1.0.7.0 17 Oct 2024 Updated AutomaticServices monitor timeout from 240 to 600 for OpsMgr event ID 22404
v1.0.6.8 16 Oct 2024 Updated Storport Timed Out Monitor from 5 to 10 events per hour
v1.0.6.8 11 Oct 2024 Additional EnableTranscription workflows – reports, report cleanup, transcription log cleanup
v1.0.6.7 11 Apr 2024 New weekly PowerShell Enable Transcription monitor for STIG V-257502 and V-257503, and new weekly report
v1.0.6.5 10 Apr 2024 Updated recovery logic for AutomaticServices DS/WA
v1.0.6.4 9 Apr 2024 Updated AutomaticServices DS/WA logic change, ServiceName variable change to Service

Alert on DWDataRP output

Holman's blog for DWDataRP is one way to Alert on DWDataRP findings — Holman’s blog for DWDataRP is one way to Alert on DWDataRP findings

I want to alert on DWDataRP output! While everyone’s familiar with Holman’s SCOM SQL queries blog, read below to configure a new way to maintain data warehouse integrity and retention.

Data warehouse audits are included in monitoring platform checks. For those new to monitoring, basically DWDataRP analyzes SCOM Data Warehouse issues for alert/event/performance/state retention. One administration option is to utilize the SCOM Core Monitoring Addendum pack to run DWDataRP. Another option is to run DWDataRP via Holman’s blog, or recently with Blake Drumm’s GUI tool.

Using the SCOM Core Monitoring addendum pack pre-configures a number of overrides, as well as adding DWDataRP monitor/rule options. Consequently, the SCOM action account needs to have additional permissions on SCOM SQL servers where the OperationsManagerDW
resides.

Configure SCOM management server action account to alert on DWDataRP output

Example uses lab environment SVC.SCOM.PBIreader
Substitute the SCOM action account above for the SCOM data warehouse (OperationsManagerDW) databases on their respective SCOM management group(s).

Give SCOM Action account necessary rights
Update SVC account rights
Set and verify SVC account has Server role public

Click on User Mapping > select OperationsManagerDW database
Verify Default Schema shows DBO
Under Database Role Membership
Select db_datareader AND db_owner
Click OK



Verification
Reach out to SCOM team to verify execution
From SCOM, RDP to one of the management servers
Click on Start > Right click on Windows PowerShell
Click on More > click on Select PowerShell
Click on More > Click on 'Run as a different user'

Open PowerShell > right click > Run as a different user

On the Windows Security pop-up > Click on 'Use a different account'
Type the action account username and password
Click OK

Paste in the following commands, and verify output
cd "##YourPathtoDWDATARP.EXE##"
# cd D:\MonAdmin\TOOLS\DWDataRP"

# Check events
$Command = '.\dwdatarp.exe -s 16DB02 -d OperationsManagerDW -ds "Event Data
Set"'
$EventDataSet = Invoke-Expression $Command
$EventDataSet
$EventDataSet[2]
$LLineSplit = $EventDataSet[2].Split("(")
$EventDBPercent = $LLineSplit[1].Split("%")
$EventDBPercent[0]

Example PowerShell output when SVC Account cannot execute DWDataRP
PS C:\monadmin\tools\dwdatarp> whoami
testlab\svc.scom.pbireader
PS C:\monadmin\tools\dwdatarp> .\dwdatarp.exe -s 16db02 -d OperationsManagerDW -ds
Event
Dataset name
Aggregation name Max Age Current Size, Kb
----------------------------------------------------------------------------

Data Integration with SQL2022

Integration - time to integrate data sources to data lake — Integration – time to integrate data sources to data lake

Ready for a single pane of glass? Ready to have your insights in a common location? Let’s discuss Data Integration with SQL2022.

Let’s start with some background on SQL2022 and similarly SQL2025, start with the learn site link. SQL2022 by design is Azure enabled with multiple capabilities like ‘Bi-directional HA/DR to Azure SQL’ and ‘Azure Synapse Link’. Basically, Synapse link is the key.

Utilize the PowerBI Cloud Service with today’s hybrid environments. SQL2022 allows integration with other Azure capabilities like Azure Data factory/data lake, and Azure Synapse. Another reason to upgrade SQL 2022, is design simplification. However, PowerBI data gateway adds a potential break point (single point of failure). While PowerBI data gateway centralizes all premise data to a central location. In the same way, consolidating data sent to the cloud. When PowerBI data gateway fails, insights and visualizations have stale data (i.e. data NOT transferred for a near real-time display).

Why SQL2022 then?

Connect insights and visualization to justify ‘Data Integration with SQL2022’ scenarios.

SQL2022 built in capability to Azure Synapse Analytics

Use SQL2022 to configure SQL agent jobs which pull SQL scripts from your cloud environment. DevOps and common Azure Storage repository are great advantages for speed of execution.

SCOM SSRS ReportExtensions

For a smooth install, everything comes down to SCOM SSRS prerequisites. The SCOM Reporting role install really comes down to three (3) things – permissions, latest SSRS EXE downloaded (for install 2019, 2022), and ReportExtensions configuration. The go-to reference is Holman’s QuickStart deployment guides for SCOM2019 forward list the how-to starting point. This post focuses on ReportExtensions configuration, where more ‘how to’ details are needed.

Quick Start links:

SCOM 2022 – QuickStart Deployment Guide

SCOM 2019 – QuickStart Deployment Guide

SSRS learn.microsoft.com site article https://learn.microsoft.com/en-us/troubleshoot/system-center/scom/cannot-deploy-operations-manager-reports

Configure Report Extensions via SSMS (GUI)

RDP to server with enabled account

Open SSMS that has connectivity to SSRS install/server

Change ‘Server type’ drop-down to Reporting Service

Change SSMS Server Type from Database Engine to Reporting Service

Click Connect

Right click on Server > Properties

In the Server Properties window, select the Advanced Tab

Click on the AllowedResourceExtensionsForUpload, and add *.*

Click OK

Screenshot of SSMS Connected to Reporting Service, expanding SSRS Properties > Advanced Tab > showing AllowedResourceExtensionsForUpload

Don’t forget to restart SSRS to make changes take effect!

Once restarted, verify SVC/MSA account permissions, and begin SCOM Reporting role!

Configure Report Extensions via PowerShell

Testing learn article PowerShell for SSRS Defaults (pre-requisite for SCOM Reporting role with SSRS2017+ versus SSMS). > Reporting Services

SSRS Note for ServiceAddress (SSRS URL) is other than localhost

On respective server, open PowerShell as Admin

Paste the following:

$ServiceAddress = ‘http://localhost‘

$ExtensionAdd = @(

‘*’

‘CustomConfiguration’

‘Report’

‘AvailabilityMonitor’

‘TopNApplications’

‘Settings’

‘License’

‘ServiceLevelTrackingSummary’

‘CustomPerformance’

‘MostCommonEvents’

‘PerformanceTop’

‘Detail’

‘DatabaseSettings’

‘ServiceLevelObjectiveDetail’

‘PerformanceDetail’

‘ConfigurationChange’

‘TopNErrorGroupsGrowth’

‘AvailabilityTime’

‘rpdl’

‘mp’

‘TopNErrorGroups’

‘Downtime’

‘TopNApplicationsGrowth’

‘DisplayStrings’

‘Space’

‘Override’

‘Performance’

‘AlertDetail’

‘ManagementPackODR’

‘AlertsPerDay’

‘EventTemplate’

‘ManagementGroup’

‘Alert’

‘EventAnalysis’

‘MostCommonAlerts’

‘Availability’

‘AlertLoggingLatency’

‘PerformanceTopInstance’

‘rdl’

‘PerformanceBySystem’

‘InstallUpdateScript’

‘PerformanceByUtilization’

‘DropScript’

)

Write-Output ‘Setting Allowed Resource Extensions for Upload’

$error.clear()

try

{

$Uri = [System.Uri]”$ServiceAddress/ReportServer/ReportService2010.asmx”

$Proxy = New-WebServiceProxy -Uri $Uri -UseDefaultCredential

$Type = $Proxy.GetType().Namespace + ‘.Property’

$Property = New-Object -TypeName $Type

$Property.Name = ‘AllowedResourceExtensionsForUpload’

$ValueAdd = $ExtensionAdd | ForEach-Object -Process {

“*.$psItem”

}

$Current = $Proxy.GetSystemProperties($Property)

if ($Current)

{

$ValueCurrent = $Current.Value -split ‘,’

$ValueSet = $ValueCurrent + $ValueAdd | Sort-Object -Unique

}

else

{

$ValueSet = $ValueAdd | Sort-Object -Unique

}

$Property.Value = $ValueSet -join ‘,’

$Proxy.SetSystemProperties($Property)

Write-Output ‘ Successfully set property to: *.*’

}

catch

{

Write-Warning “Failure occurred: $error”

}

Write-Output ‘Script completed!’

Successfully set property to: *.*
PS C:\Windows\system32> Write-Output ‘Script completed!’
Script completed!
PS C:\Windows\system32>

Don’t forget to restart SSRS.

Verify SVC/MSA account permissions, then begin SCOM Reporting role!

Enjoy!

DNS Scavenging alerts

Need DNS Scavenging alerts, to see what’s cleaned up, or that scavenging failed? Download the DNS Addendum pack from my GitHub repo https://github.com/theKevinJustin/DNSAddendumAgnostic

Latest revision first includes a EventID 2502 monitor for scavenging failed. Second, the monitor has count logic (setup to alert with 2 events in 30 minutes). Third, EventID 2501 rule details scavenging totals. Lastly, built a weekly report to summarize the scavenging alerts (cliff notes!).

Some quick ‘how-to’ setup DNS scavenging

Example of RegKey showing that Scavenging is setup – note Scavenging Interval key

Example of AD integrated DNS setup with 21 day scavenging interval, and prompts to configure (click OK twice)

DNS Scavenging setup on AD integrated DNS server

Import management pack, and run DNS scavenging.

Verify scavenging alerts

SCOM Monitoring Tab > Active Alerts > ‘Look for:’ scavenging

Example output

Additional SCOM PowerShell commands

Run PowerShell commands from the SCOM management server (MS)

$DNSAlerts = get-scomalert -name "*Scavenging*"
$DNSAlerts
$DNSAlerts | format-table PrincipalName,TimeRaised,Description -auto -wrap

Example Output

PS C:\Users\scomadmin> $DNSAlerts = get-scomalert -name “*Scavenging*”

PS C:\Users\scomadmin> $DNSAlerts

Severity Priority Name TimeRaised

——– ——– —- ———-

Warning Normal Windows DNS Event 2502 Scavenging Failed monitor addendum alert 8/19/2024 2:02:3…

Warning Normal Windows DNS Event 2502 Scavenging Failed monitor addendum alert 8/19/2024 1:07:0…

Information Normal Proactive DailyTasks DNSAlerts Scavenging Summary Report Alert 8/19/2024 10:11:…

DNS alerts formatted

PS C:\Users\scomadmin> $DNSAlerts | format-table PrincipalName,TimeRaised,Description -auto -wrap

PrincipalName TimeRaised Description

————- ———- ———–

DC02.testlab.net 8/19/2024 2:02:32 PM Windows DNS Event 2502 Scavenging Failed monitor alert 1 alert in 15 minutes

Event Description:

The DNS server has completed a scavenging cycle but no nodes were visited.

Possible causes of this condition include:

…

The next scavenging cycle is scheduled to run in 168 hours.

Learn articles for more details https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-scavenging-setup

SCOM Agent Maintenance

When we talk about best practices for monitoring, this will typically include (SLA) Service Level Availability. SLA is an important piece in your environment, as uptime and happy customers come with a high SLA. There are some cases where IT Teams do work on demand. On-demand work is outside of a standard change window, a scheduled change. Typically this is outside configuration management tools, responsible to update software (applications/packages), machines, drivers, compliance settings, and more. In the one-off, non-scheduled maintenance or recovery, try leveraging ‘SCOM Agent Maintenance’ PowerShell commands on SCOM agents.

SCOM Agent maintenance PowerShell commands

cd “C:\Program Files\Microsoft Monitoring Agent\Agent”

Import-module .\MaintenanceMode.dll

Start-SCOMAgentMaintenanceMode -Duration 10 -Reason PlannedOther

# Verify

# If messages show with current timestamp, Agent objects are in maintenance.

get-eventlog -LogName “Operations Manager” -newest 50 | ? { $_.Message -like “Suspending monitoring*” } | ft TimeGenerated,Message -autosize

TimeGenerated Message

————- ——-

6/25/2020 8:37:57 AM Suspending monitoring for instance “modeldev” with id:”{F9E45AA4-7DF7-C1F1-70C9-5D76C9F2725C}” …

6/25/2020 8:37:57 AM Suspending monitoring for instance “C:” with id:”{ED00048A-7DDC-D4BE-901D-D64DA281B7C6}” as the…

6/25/2020 8:37:57 AM Suspending monitoring for instance “central_log” with id:”{EA619D69-D1CC-3B19-D93C-2E3FCD1409AE…

PS C:\Program Files\Microsoft Monitoring Agent\Agent> get-eventlog -LogName “Operations Manager” -newest 25 | ? { $_.Message -like “Resuming monitoring*” } | ft TimeGenerated,Message -autosize

343998 Jun 25 08:50 Information HealthService 1073743040 Resuming monitoring for instance “modeldev” wit…

343997 Jun 25 08:50 Information HealthService 1073743040 Resuming monitoring for instance “C:” with id:”…

343996 Jun 25 08:50 Information HealthService 1073743040 Resuming monitoring for instance “central_log” …

343995 Jun 25 08:50 Information HealthService 1073743040 Resuming monitoring for instance “dnmll05s1.UNE…

New SQL management pack

SQL Server Blog – New SQL Management pack released!

The blog posting the pack release fell through the cracks. Released on 10 July, I’ve had some issues getting the updated MSI’s, but they’re live now. I normally use the SQL Tech Community SQL releases site https://techcommunity.microsoft.com/t5/sql-server-blog/bg-p/SQLServer/label-name/SQLReleases

Don’t forget to look for SQL Security updates, (CU) Cumulative Updates, or (SP) Service Pack updates at the SQL releases link! https://techcommunity.microsoft.com/t5/sql-server-blog/bg-p/SQLServer/label-name/SQLReleases

New SQL pack released

Microsoft System Center Management Pack for SQL Server enables the discovery and monitoring of SQL Server 2012, 2014, 2016, 2017, 2019, 2022, and upcoming versions.

Download link https://www.microsoft.com/en-us/download/details.aspx/?id=56203

Version:
7.6.5

File Name:
SQLServerMP.Windows.msi

SQLServerMP.CustomMonitoring.msi

SQLServerMP.Linux.msi

SQLServerMPWorkflowList.pdf <missing as of today>

Date Published:
7/10/2024

Functionality https://learn.microsoft.com/en-us/system-center/scom/sql-server-management-pack-changes-history?view=sc-om-2022

https://www.microsoft.com/en-us/download/details.aspx/?id=56203

June 2024 – 7.5.19.0 CTP

What’s New

Added new “Table Clustered Index Fragmentation” monitor that targets databases and checks for high fragmentation of clustered indexes
Added new “Property Bag” step in the custom monitor setup to extend the alert context with a property from the query result
Updated the “Product Version Compliance” monitor with the most recent version of public updates for the SQL Server
Reworked the “Long Running Queries” alert rule to improve security
Improved accessibility for the Summary Dashboard view and Monitoring Wizard template, including the following major changes:
- implemented Keyboard Navigation using the A and D buttons on the tiles in the dashboard
- added the ability for the screen reader to announce buttons and errors in the SQL Server wizard
- redesigned dashboard list controls for greater accessibility

Pretty simple steps

Download and save to your SCOM server, or SCOM console connected machine

Navigate to the Administration tab

Expand Management Packs

Click on Installed Management packs

Click the Add drop-down, select the packs

Verify selections, and click Install button

Importing new SQL v7.6.5.0 packs into the SCOM Console

Click Close after import

v7.6.5.0 management packs are imported into the SCOM console

Enjoy!

Configure SNOW Subscriptions

ServiceNowLogo - Create SCOM subscriptions — ServiceNowLogo – Create SCOM subscriptions

Depending on requirements, creating multiple subscriptions within SCOM to leverage subscriber/channels required. Selecting rules/monitors, and resolution state conditions to help Application teams get incidents for key issues requiring intervention. NOTE Depending on what was command channels were created for various AssignmentGroup(s) and Team(s) within the organization.

Configure ‘TEST Holman’s Command Channel’ subscription

Configure channel to execute logAlert.ps1 command channel to verify SCOM outputs

SCOM Navigation steps:

Click on Administration Tab > Notifications > Channels

Click New

Name

TEST Holman’s Command Channel

Description

C:\MonAdmin\Scripts\LogAlert.ps1 Utilize LogAlert.ps1 example from Holman’s blog. Specific Subscription details: +CRITERIA = ALL Alerts +RESOLUTIONSTATE = NEW (0) +SUBSCRIBER = CHANNEL SCOM Command Channel Subscriber via POWERSHELL +CHANNEL Test LogAlert.ps1 SCOM Command Channel

Setup and use Holman’s script execution channel blog to test what account SCOM uses for notifications

https://kevinholman.com/2021/08/25/what-account-will-command-channel-notifications-run-as-in-scom/

Click on Settings

Example screenshot from Holman’s blog

Full path of Command file:

C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe

Command line parameters

-executionPolicy bypass -noprofile -file “C:\MonAdmin\scripts\logalert.ps1” -AlertID “$Data[Default=’NotPresent’]/Context/DataItem/AlertId$” -AlertName “$Data[Default=’NotPresent’]/Context/DataItem/AlertName$” -AlertDescription “$Data[Default=’NotPresent’]/Context/DataItem/AlertDescription$” -Severity “$Data[Default=’NotPresent’]/Context/DataItem/Severity$” -ResolutionState “$Data[Default=’NotPresent’]/Context/DataItem/ResolutionState$” -ManagedEntityPath “$Data[Default=’NotPresent’]/Context/DataItem/ManagedEntityPath$” -ManagedEntityDisplayName “$Data[Default=’NotPresent’]/Context/DataItem/ManagedEntityDisplayName$” -ManagedEntityFullName “$Data[Default=’NotPresent’]/Context/DataItem/ManagedEntityFullName$” -ManagedEntity “$Data[Default=’NotPresent’]/Context/DataItem/ManagedEntity$” -CreatedByMonitor “$Data[Default=’NotPresent’]/Context/DataItem/CreatedByMonitor$” -WorkflowId “$Data[Default=’NotPresent’]/Context/DataItem/WorkflowId$” -DataItemCreateTimeLocal “$Data[Default=’NotPresent’]/Context/DataItem/DataItemCreateTimeLocal$” -WebConsoleUrl “$Target/Property[Type=”Notification!Microsoft.SystemCenter.AlertNotificationSubscriptionServer”]/WebConsoleUrl$?DisplayMode=Pivot&AlertID=$UrlEncodeData/Context/DataItem/AlertId$”

Startup folder for the command line:

C:\MonAdmin\SCRIPTS

Click Finish

Configure New-SNOWEvent command channel in SCOM

Grab file from GitHub repository https://github.com/theKevinJustin/New-SNowEvent

As needed, save TXT file as .ps1 on SCOM MS’s

Design recommendation

Create multiple command channels depending on assignment group and team(s) to pass these variables to the script.

NOTE path to setup channel execution, AssignmentGroup, and Team variables

Configure ‘TEST SNOW Event Creation’ SCOM Notification command channel

NOTE Use these steps to create multiple command channels, as the AssignmentGroup and Team may differ depending on Application Owners

SCOM Navigation steps:

Click on Administration Tab > Notifications > Channels

Click New

Name

TEST SNOW Event Creation

Description

C:\MonAdmin\Scripts\New-SNowEvent.ps1 Outputs 711 Events into Operations Manager event log.

Specific Subscription details: +CRITERIA = ALL Alerts +SUBSCRIBER = CHANNEL New-SNowEvent.ps1 via POWERSHELL +CHANNEL ServiceNow SNOW Event Creation Channel

New-SNOWEvent.ps1 command channel creates ServiceNow SNOW events for alerts and incidents.

This channel will also update the SCOM alert TicketID, Owner, ResolutionState to modify SCOM alert with SNOW information, or information passed in SNOW event.

See blog for more details https://kevinjustin.com/blog/2024/03/27/servicenow-event-integration/

Click on Settings

Full path of Command file:

C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe

Command line parameters

-executionPolicy bypass -noprofile -file “C:\MonAdmin\scripts\New-SNowEvent.ps1” -AlertID “$Data[Default=’NotPresent’]/Context/DataItem/AlertId$” -AlertName “$Data[Default=’NotPresent’]/Context/DataItem/AlertName$” -AssignmentGroup “JustinTime System Admin” -Team SYM

Startup folder for the command line:

C:\MonAdmin\SCRIPTS

Click Finish

Create new channel for New-SNowIncident.ps1

Grab file from GitHub repository https://github.com/theKevinJustin/New-SNOWIncidents

As needed, save New-SNowIncident file as .ps1 on SCOM MS’s

Design recommendation

Create multiple command channels depending on assignment group and team(s) to pass these variables to the script.

NOTE path to setup channel execution, AssignmentGroup, and Team variables

Configure ‘TEST SNOW Event Creation’ SCOM Notification command channel

NOTE Use these steps to create multiple command channels, as the AssignmentGroup and Team may differ depending on Application Owners

SCOM Navigation steps:

Click on Administration Tab > Notifications > Channels

Click New

Name

TEST SNOW Event Creation

Description

C:\MonAdmin\Scripts\New-SNowEvent.ps1 Outputs 711 Events into Operations Manager event log.

Specific Subscription details: +CRITERIA = ALL Alerts +SUBSCRIBER = CHANNEL New-SNowEvent.ps1 via POWERSHELL +CHANNEL ServiceNow SNOW Event Creation Channel

New-SNOWEvent.ps1 command channel creates ServiceNow SNOW events for alerts and incidents.

This channel will also update the SCOM alert TicketID, Owner, ResolutionState to modify SCOM alert with SNOW information, or information passed in SNOW event.

See blog for more details https://kevinjustin.com/blog/2024/03/27/servicenow-event-integration/

Click on Settings

Full path of Command file:

C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe

Command line parameters

Startup folder for the command line:

C:\MonAdmin\SCRIPTS

Click Finish

Configure SCOM Subscribers

Read the ‘Configure SCOM Subscribers’ blog to build out the SNOW subscribers for multiple PowerShell command channels. Create subscribers according to design requirements.

CHANNEL New-SNowEvent.ps1 via POWERSHELL

Follow the screenshots and fill in the wizard per the steps below.

Subscriber Name:

CHANNEL New-SNowEvent.ps1 via POWERSHELL

Click Next

SCOM subscriber wizard to Configure SCOM Subscribers - New-SNowEvent subscriber wizard — SCOM subscriber wizard to Configure SCOM Subscribers – New-SNowEvent subscriber wizard

Verify ‘always’ radio button is selected

NOTE If notifications required during specific times, configure as needed

Click Next

SCOM subscriber wizard - New-SNowEvent for Schedule radio button — SCOM subscriber wizard – New-SNowEvent for Schedule radio button

Type SnowEvent in Address name: text box

Click Next

SCOM Subscriber New-SNowEvent Address field in wizard

Change ‘Channel Type’ dropdown to Command

Select ‘ServiceNow SNOW Event Creation Channel’ Command Channel from dropdown

Click Next

SCOM Subscriber wizard - New-SNowEvent Channel drop down details — SCOM Subscriber wizard – New-SNowEvent Channel drop down details

On the Schedule tab, click Finish

SCOM Subscriber wizard - New-SNowEvent Schedule tab > Always send radio button — SCOM Subscriber wizard – New-SNowEvent Schedule tab > Always send radio button

Click Finish again to complete subscriber

SCOM Subscriber wizard - Suscriber final Finish window — SCOM Subscriber wizard – Suscriber final Finish window

Repeat steps to ‘Configure additional ‘SCOM Subscribers’

CHANNEL Test LogAlert.ps1 SCOM Command Channel via POWERSHELL

Optional create subscriber, depending on design requirements

CHANNEL Test New-SNowIncident.ps1 SCOM Command Channel via POWERSHELL

Additional Documentation to Create SCOM subscribers

SCOM2019 https://learn.microsoft.com/en-us/system-center/scom/manage-notifications-create-subscriptions?view=sc-om-2022

SCOM2022 https://learn.microsoft.com/en-us/system-center/scom/manage-notifications-create-subscriptions?view=sc-om-2022