2008 July » Pavleck.NET

Let’s get the community going

Jul 142008

Granted, as SCOM people we already have a lot of places available to us. There’s the newsgroups, SystemCenterForum.Org, MOMCommunity.Com, the MS community, MyITForum, FAQShop, and the whole army of bloggers – but I can’t find somewhere I can’t get live help, bounce ideas off of people, etc. Sure, I have friends on various IM programs that do the same thing, but they aren’t always around and I’d hate to bother them if I don’t have to.

I want one. From hanging out in a PowerShell chat room I’ve learned so much more, and so much faster, then I would have reading books and going through tutorials.

So I’ve setup an IRC chat room on the FreeNode network. Why FreeNode? Well, the PowerShell guys hang out there, so we might as well hang out there too. So if you’re familiar with IRC, connect to chat.freenode.net and /join channel #scom. Not familiar with it? Then use the web based chat I’ve setup (And will eventually register) or read the ‘short’ IRC primer.

Hope to see you there, as I’m fairly lonely in the channel all by myself!

A SCOM agent on your SmartPhone?

SCOM 2 Responses »

Jul 102008

Mayyyyyybe. I’m not saying anything 100% right now, but lemme say – wouldn’t it be so creepy and big brotherish if you had a SCOM agent on your SmartPhone, grabbing your current co-ordinates every 15 mins via GPS and then sending it to the RMS wirelessly?

But man, just how do we shoe horn an agent on poor Windows Mobile?

Just wait.

Setting agent failover servers & Switching SNMP device proxies

Command Shell, Powershell, SCOM, SCOM Snippets, SNMP 3 Responses »

Jul 072008

By default, you can’t really specify a failover management server in OpsMgr. Why? Not really sure, though I think it’s a ploy to ensure you setup the OpsMgr Active Directory Integration, which will handle this for you.

No fret though, we can still do it – it’ll just take a little bit of actual effort.

First, we need to define our Primary and Failover management servers. This isn’t something you can just progmatically grab, so you’ll need to know the name yourself.

In my $PROFILE, I’ve set them to be defined to 2 variables with the following:

# Set Primary Management Server
$Primary_MS = Get-ManagementServer | ? {$_.Name -like "SERVERNAME*"}
# Set Failover Management Server
$Failover_MS = Get-ManagementServer | ? {$_.Name -like "BACKUPSERVER*"}

# Set Primary Management Server

$Primary_MS = Get-ManagementServer | ? {$_.Name -like "SERVERNAME*"}

# Set Failover Management Server

$Failover_MS = Get-ManagementServer | ? {$_.Name -like "BACKUPSERVER*"}

Now that we have that set, it’s simple to do the rest. First, lets grab all of the servers that don’t have a failover management server set.

$noFailoverSpecified = Get-Agent | ? {(!$_.GetFailoverManagementServers())}

1	$noFailoverSpecified = Get-Agent \| ? {(!$_.GetFailoverManagementServers())}

What the above does is call the GetFailoverManagementServers() method on each agent. If they have a failover, it will return data and thus $True. If there aren’t any failovers, it will return nothing – which is the same as $False. So we look for all the ones that don’t return anything.

If you’re curious, you can see just how many servers are missing failovers with

 $noFailoverSpecified.Count

1	$noFailoverSpecified.Count

- in my case it was 63.

Now, we just run a quick snippet that adds the failover server to the agent:

ForEach ($agent in $noFailoverSpecified) {
Set-ManagementServer -PrimaryManagementServer $Primary_MS -AgentManagedComputer $agent -FailoverServer $Failover_MS | Out-Null
}

ForEach ($agent in $noFailoverSpecified) {

Set-ManagementServer -PrimaryManagementServer $Primary_MS -AgentManagedComputer $agent -FailoverServer $Failover_MS | Out-Null

}

That will crunch away as it’s doing it’s thing, we’re redirecting output to $null so we don’t have to see agents scrolling over and over. When it returns you to a prompt, you’re done. If you’d like to verify that you did indeed set all of the agents to have a failover, we can check real quick:

If ((Get-Agent |? {(!$_.GetFailoverManagementServers())}).Count -eq $null)
{
Write-Host "Every agent has a failover server, great job!" -ForeGroundColor Green
} else {
Write-Host "Looks like we missed some, try again!" -ForeGroundColor Magenta
}

If ((Get-Agent |? {(!$_.GetFailoverManagementServers())}).Count -eq $null)

{

Write-Host "Every agent has a failover server, great job!" -ForeGroundColor Green

} else {

Write-Host "Looks like we missed some, try again!" -ForeGroundColor Magenta

}

And that’s that. All of your agents have a primary and failover server.

But wait, you have a lot of remotely managed devices too? Monitoring SNMP on a bunch of different servers – what happens for that?

Well, we can’t setup a failover (From what I’ve seen, if I’m wrong please let me know) agent. But we can proactively write a script that will change the proxy agent on the devices, and run it as needed.

This was written in a response to this query on the newsgroups, and is only a cursory look into it. There may be other ways of doing this – and I’d love to hear it. As it stands, I’m not sure how to set them back to a management server as the monitor.

Firstly, we’ll have to pick an agent managed computer to use as the new proxy agent. You can’t use a management server for this, because they aren’t “Agent Managed” and you can’t use Set-ManagementServer because the devices aren’t “Remote Managed Computers”. I have a seperate agent-managed server on my network I call “Timex” because it acts like a watcher node. So I’ll go ahead and use him.

$proxyAgent = Get-Agent |? {$_.Name -eq "timex.pavleck.net"}

1	$proxyAgent = Get-Agent \|? {$_.Name -eq "timex.pavleck.net"}

Then gather a list of our current remotely managed devices

$remDevices = Get-RemotelyManagedDevice

1	$remDevices = Get-RemotelyManagedDevice

Now just loop through it, setting the device to use the proxy agent we just instantiated:

ForEach($device in $remDevices) {
Set-ProxyAgent -ProxyAgent $proxyAgent -Device $device | Out-Null
}

ForEach($device in $remDevices) {

Set-ProxyAgent -ProxyAgent $proxyAgent -Device $device | Out-Null

}

That will loop through things changing the proxy server that it uses. When it’s done, we can verify it by running:

Get-RemotelyManagedDevice |? {$_.ProxyAgentPrincipalName -ne $proxyAgent.Name}

1	Get-RemotelyManagedDevice \|? {$_.ProxyAgentPrincipalName -ne $proxyAgent.Name}

If it outputs nothing, then they’ve all been changed. Simple as that!

Using Resolution States to fine tune alert notifications

Authoring, Notifications, SCOM 14 Responses »

Jul 032008

Edit 09/10/2008: Fixed the script, fixed the reference in point 14.

I haven’t seen this solution offered as a way to send more customized alerts, and am fairly excited about it. With some of the previous solutions, they involve using the command shell to create an alert notification. This is fine, except if you open the subscription in the GUI – once you’ve done that, you’ve essentially undid all that work and created a ‘catch all’ that sends an alert on any event. Why? Well, the GUI itself isn’t designed for the custom settings that can be done in Powershell. This makes it fairly difficult to add people or change the alert – not acceptable to me.

After messing around with authoring console and creating classes based on event viewer errors and other equally exotic methods I came upon something that works wonderfully. The catch? You can only create 254 rules this way.

What am I talking about? Some powershell scripts and the alert resolution states!

By default, there are only 2 states defined – 0 for New, and 255 for Closed. They are always there, and can not be deleted. This leaves 1 – 254 as user definable states. We can use these to make one-to-one events.

Let me start off that this isn’t an ideal solution, but it is the most readable and elegant solution for this particular problem. You probably shouldn’t do this on a single rule basis, but target it more at a wildcard match. You do have a naming convention for your rules and monitors, right? If not, this is the perfect reason to get one. I’ll typically use a convention of <Product Type>-<Product>-<Version (If multiple)-<Rule>. So if I had a rule targeted at exchange, I’d have a rule similar to “EMAIL – Exchange – Exchange 2007 – Search for ‘Jeremy is fired’ in execs mail”. Then when I’m using an exotic config to send an alert, such as this one, I can better fine tune alerts.

Remember, the more you move away from the “Out of box” yfunctionality with OpsMgr, the more you should be documenting. Or even better, a wiki. Just make a reference to the wiki in the description, and people will know exactly what you’re trying to do – that’s for another post though.

Let’s get on with it, shall we?

I’m going to create a situation. I have a custom application which logs to the Application log. There’s one particular event that only one group in the organization cares about – all they want is a notification of this one single event and nothing else. How do we do it?

The Cliff’s Notes version of what we’ll be accomplishing today:

Create a custom Resolution State
Define a new rule
Deploy a PowerShell script to the RMS to update the resolution state of matching alerts
Create a notification subscription which responds to our particular state

Now, for the complete steps

First go to Authoring > Management Pack Objects > Rules – Right click and “Create new rule”
Under rule type, select Alert Generating, Event Based, NT Event Log (Alert) and select a management pack to use.
Enter a rule name that is distinctive enough that no other rules will have that same name. Then enter a description, rule category and choose a target. You can go with the shotgun approach and pick “All Computers” here if you’d like.
Now walk through the rest of the wizard and configure your event log settings – for this test I’m using the Application log, Event ID of 926 and event source of “Pavleck.NET Test”. But you can put whatever you want here ace, it’s up to you.
Configure your alert. It should automatically copy over the rule name as the alert name. The alert name is what we’ll actually be alerting on, so it’s important that you remember what it is, and ensure it’s distinctive enough to not match something that already exists.
Now we can work on the other parts of this while our rule is propagating across the environment.
Go to Administration > Settings > Alerts – this is where we’ll define a new Alert Resolution State to use. Click on “New…” and name your state and choose an ID for it, I used 10 in this example.
Click Apply, then Ok and now we’re done with part 2.
Let’s go ahead and test and see if our rule works, just open a command window and use some EventCreate.exe magic.
Open up the alert console for whatever machine you ran that on and you should see our new alert in there – yay, we did something!
Now we’ll add the magic that changes the alert resolution state. It’s a fairly simple script, and it’s meant to be that way. For simplicity’s sake, we’ll be running this script as a timed response from the RMS. Depending on how your particular environment is setup, you could also run it inside of the rule itself, as an additional response to “Create Alert”. But that only works well if you only plan on doinbg this sparingly, otherwise it makes more sense to run this from the RMS and add onto the script as needed.
First, download SCOM-UpdateResolution.ps1 here (Or view it after the jump) and edit the alert name, resolution state and RMS to what matches your environment.
Now we’ll need to go and create a new rule. Rule type is Timed Commands > Execute a command. Give it a name and description. I’ve set the rule category to “Maintenance” as that makes the most sense to me.
For the schedule, I’ve set mine to run every 2 minutes. This means there will be a delay of that much between alerts and notifications, but that’s acceptable to me. Then hit next.
Configure the command line execution settings as shown – remembering to use instead of “&”. I’ve set the timeout to 45 seconds.
Hit create and that’s almost all of it – all we need to do now is to create the alert subscription. Go to administration, right click on Subscriptions and choose “Create new notification subscription”
Step through it like normal, choosing all groups, all classes. When you get to the Alert Criteria page, uncheck “New” and “Closed” and check our new resolution state. If you keep ‘closed’ in there, it will pertain to all alerts that close. That’s one drawback to this method, you won’t get closed alerts.
Finish it up as you normally would, then lets test it! Create a few more test events, and lets see if it works.

That’s all there is to it. This works, reliably and 100% of the time. It’s extremely flexible and easy to follow for someone just walking into your environment.

By using a single PowerShell script, and targeting the RMS computer group you’ll be making sure that you have only a single simple script to edit and by mirroring the files and directory paths to any other management servers in your environment you maintain this method if you ever need to promote one to an RMS.