Authoring » Pavleck.NET

Silect Agent Explorer

Mar 052010

Now this seems really promising! I’ve been involved with Silect Software since their inception years ago. They make some great tools – MP Studio in particular. But its costs has always made it a hard sell with clients, since there’s “already a way to author management packs in SCOM”.

But what there isn’t in OpsMgr is a quick, easy, and simple way to find out just what’s running on that server – until now.

Silect is announcing the Agent Explorer feature of the next version of MP Studio.
With Agent Explorer you’ll be able see exactly what rules, monitors, discoveries and management packs are running on a given server.

Interested? View the 5 min screencap and then email Randy R and tell him you want to try this out!

I have been usurped in the silly monitors department!

Authoring, Community, Fun, Management Packs 1 Response »

Oct 222009

Alas, it seems those Danes are just as goofy as I am. And I’m happy to hear it!

Jakob Svendsen over at CoreTech released a management pack today. That management pack will alert you when the coffee in your coffee pot gets low. I’ll go ahead and embed the video below, but you’ll have to go to their site to download it.

Now, I return to my dank and dark office, where I shall create a SUPERIOR coffee pot monitor!
I’m actually waiting on an order from SparkFun and Jameco to get here as we speak.

Released Now – the NEW Authoring Resource Kit!

Authoring, SCOM No Responses »

Oct 212009

Now here’s an awesome bit of good news! Just announced the OpsMgr R2 Authoring Resource Kit! It’s available at this URL.

I am REALLY excited about this! Why? Well let’s check out all the cool stuff we’re getting:

Management Pack Best Practices Analyzer
MPBPA scans management packs for best practice compliance and provides automated resolution for numerous issues. This tool integrates with the Authoring Console.
Management Pack Spell Checker
MP Spell Checker checks spelling in management packs to eliminate errors in display strings.
Management Pack Visio Generator
MP Visio Generator allows you to generate a class inheritance and class relationship diagram using Microsoft Office Visio.
Management Pack Diff
MP Diff shows the differences between two management packs.
Management Pack Cookdown Analyzer
MP Cookdown Analyzer identifies workflows which may break cookdown. Suggestions are provided for how to fix the performance problems.
All Reference Add-in
All References Add-in helps find all management pack elements that reference the specific element chosen. For example, the ability to right click a class and find all rules, monitors, overrides, as well as anything else that targets that class is provided. This tool works on most management pack elements.
Workflow Analyzer
The Workflow Analyzer provides the ability to statically analyze all types of workflows. It also allows users to trace workflows running on any Health Service.
Workflow Simulator
The Workflow Simulator provides the ability to test certain types of workflows such as discoveries, rules, and monitors without a Management Server and Management Group. Key functionality includes the ability to test workflows as well as view and validate output prior to signing and importing the MP into a Management Group for additional testing.
Management Packs
Three management packs which are frequently used as dependencies are provided as part of the tools installation. These MPs are necessary to allow the Authoring Console to open most MPs available online in the System Center Operations Manager MP Catalog.

This is great news! Finally we’ve all been given the power to generate powerful, extensive management packs. You will be able to build it, diagram it, and most importantly – test it for quality assurance. No longer will we be left guessing if a certain change is better or worse – we’ll be able to find out ourselves!

Management Pack Authoring 101

Authoring, SCOM No Responses »

Dec 172008

This post deals with 2 situations I’ve come across time and time again. One is the lack of documentation about any customizations made and the other is the general lack of any decent tutorials on using the authoring console – so I’ll combine them!

Documentation – the bane of any monitoring engineer. With a system such as OpsMgr, a lot of it is self-aware and as such, rules and monitors will deploy on their own according to what happens in a server. Someone installs IIS? Well then OpsMgr will notice and download the appropriate rules and monitors and assign them to the new groups they belong to. That’s a tough thing to stay on top of, and once I have an OpsMgr 07 version of MOMDOC, I’ll release it and make all of our lives easier – until then you’ll have to put up with it.
The other side of documentation is the general lack of it with regards to custom rules, monitors, transactions and changes made to ‘out of the box’ rules. This is a very solveable problem!

First off, go ahead and download the Authoring Console. It’s been out for 8 months now, and technically not needed for this particular management pack, but it’s a great way to ease into how it all works.

For this demonstration, I’m going to create a management pack which makes a new task called “Search Internal Documentation”. This task simply opens a browser window appending the alert name to a URL for an internal ScrewTurn Wiki. ScrewTurn is a great open-source ASP.Net wiki which doesn’t require an SQL database, making it very easy to ‘sneak in under the radar’ in a lot of environments.

After you’ve downloaded, installed, and opened the Authoring Console, click on File > New, to create a new management pack. Under “Management Pack Template” click on “Empty Management Pack” and give it a name – I used Internal.Documentation.Search

Selecting an MP template and name it

Click on “Next” and give it a Display Name and Description. Use what I did, or enter your own information.

Entering display name and description

Immediately you’re assaulted with a whole army of choices; Sevice Model, Health Model, Presentation, Type Library, Language Packs, and all of the things inside of those. We’ll get to all of those, eventually, but for now click on the ‘Presentation’ tab on the left, then New and Console Task on the right.

SCOM - New Console Task

Up will pop up a window asking for a unique identifier. This is an internal reference used inside the Management Pack, so give it a descriptive name, something like “Search.Wiki”.

Choosing a Unique Identifier

Click ok, and now you have all of the options for our new task.

The ‘General’ tab is where you give your task a public name, description and choose the target. You can see from my example I’ve named this task “Search the Wiki” with the description of “Search the internal wiki about this alert”. Under the target click to expand it, choose ‘Browse all classes’, then search for the “System.Entity”. This will allow our task to be shown and run against all alerts from all management packs.

The general pane of the new task window

Now click on the ‘Command Line’ tab – this is where the meat of it is. Here is where we define exactly what our task will do.

Command Line pane showing the definitions for the task

As you can see from my example above, I’ve specified the command line options to open up our Wiki. The command line application was set to use Internet Explorer ((If you use a different default browser at your organization, then enter it’s path here)), and the parameter I use is the URL t0 the wiki with $NAME$ (The alert name) and “.ashx” appended to it.

Tip: If you’d rather have the URL opened in whatever the default browser the user has, you can change the application to use start.exe to open it, or even just use the URL itself. If it’s a known extension, it will be opened by whatever the default handler is for it.

Product knowledge is what we’re used to, enter what you see fit in here, then click on the Options tab and change Accessibility to “Public”, and Category to “Alert”. This allows the task to be used directly from the console, and shown in any alert view.

Setting the additional options

Then click OK, it will crunch for a little bit saving your changes, and then bam – there you go – a brand new task is born!

The completed new task

Now click on File > Save, choose a spot (and a name if you’d like) and there you have it, a brand new management pack. Now go ahead and import it, like you’d import any management pack. Click on the Monitoring tab, then on Active Alerts and select an alert. In the actions pane you should see our new task shown under the “Alert Tasks” heading.

Our new 'Search the Wiki' task

For this example I highlighted an alert that was “Percentage of Committed Memory in Use Too High” and clicked on ‘Search the wiki’. Since that page doesn’t yet exist, it suggested a few I’ve created that sound close to it, or alternatively you have the option to create it as a brand new page. Pretty slick, eh?

scom-authoring-10-examplewebpage

Contest extended, Wiki Updated

Authoring, Contests, Management Packs, Pavleck.NET, SCOM, SDK No Responses »

Dec 022008

Hey folks!

I’ve gone an extended last month’s contest a couple of weeks because I’m waiting for my lanyards to show up AND I really want more people to have signed up, because the prizes are just going to keep on getting better! So if you haven’t, go sign up @ Contest Machine – I don’t keep any personal info, seriously!

I’ve also worked over the weekend to cleanup the OpsMgr Wiki some – so please have a look. You can find all of the Command Shell cmdLet help, there’s a snapshot of the MS OpsMgr blogs, and even some management pack version info.

Additionally, the next few things I’m working on are an extension to the OpsMgr audible alert – I’ll show you 2 more ways to do it; Via WinRM & PowerShell and via a custom web service and connector. Look for that, soon!

The Alert Object’s Update method – bug, or intended feature?

Authoring, Notifications, SCOM 1 Response »

Sep 242008

I’ve talked about this before, calling it the hidden ‘nag mode’ inside of SCOM, but I really need to find out whether it’s intended or not.

Please see the following bug report I filed @Connect.

Essentially, if you grab an alert object via Get-Alert, then call the Update method, one of two things will happen depending on what parameters you fiddled with.

Open up the command console and grab an alert, something like $oneAlert = Get-Alert | Select -First 1
Now, change something in that alert, such as the resolution state ($oneAlert.ResolutionState = 111), then call $alert.Update(“”) (Or comment it with $alert.Update(“Changed resolution state”)).

What happens?

As you expect, not much, just the alert resolution state was changed. Now grab another alert and call the update method alone ($alert.Update(“”)) or with only a comment ($alert.Update(“Testing an issue”)).

What happens?

Whatever notification channel attached to that alert – usually email – will now fire again. So is it a bug, or not? If it isn’t a bug, then that’s excellent – we have more tools at our disposal and can now easily add that nag mode. If it’s a bug, that means it will be fixed, and as such shouldn’t be used.

There are additional bugs I need to file, regarding how a lot of the OpsMgr Commandlets, while stating they support the common parameters, actually don’t. And how the filter parameter should follow basic syntax and use “-Filter” instead of “-Criteria”. But that’s for another post.

PS: It’s my birthday on Friday. Perhaps you’d like to buy something from my wish list? Or at least enter the contest. The next 2 will have considerably better prizes, I promise!

Building dynamic groups using WMI Queries

Authoring, SCOM, WMI 1 Response »

Aug 122008

Occasionally I’ll get some interesting requests from clients. One of those requests happened recently.

My client wanted to be able to see all of the servers that a certain process was running on. It was a ‘roaming’ process, and could be on any number of servers at any given time. That’s easily solved with a dynamic group, a WMI query, and a custom attribute. In this example, I’ll be using the ubiqutous Notepad.exe

First, start the console, open the Authoring pane, then right click on attributes and select “Create New Attribute“.
Give your attribute a name – I used “Notepad Running” – and a nice description, then hit next.
SCOM - Create Attribute Wizard - General Properties Page
Under “Discovery Type” select WMI Query and select your target and management pack. Windows Server_Extended is a good choice for something as open ended as our particular request is, but you can narrow it down if you’d like.
Then hit next.

SCOM - Create Attribute Wizard - Discovery Method
Under WMI Configuration we will build our query. Enter root\cimv2 for the namespace and for the query we’ll be using “Select * FROM WIN32_Process where Name = “notepad.exe”. The Property Name field is the most important part, and one not a lot of people understand right away. The “Property Name” field is what SCOM pays attention to, and what you use when you build groups and rules. In this example, I only want processes with notepad.exe to be returned, so I specify that in my query. For the Property name, I’m using Handle, which will always return something, but I could have used almost anything – such as ProcessID.
SCOM - Create Attribute Wizard - WMI Configuration

If I wanted to create a more generic attribute, I could have used the query “Select * FROM WIN32_Process”, with a property name of “Name”. Then I could create groups with attributes of <Attribute> equals <Process Name>. If you’d like to learn more about the various fields available to you, open CIM Studio, part of the WMI Administrative Tools bundle. When you execute a query, the column names are what we’re talking about here.

CIM Studio - Results of WMI Query
After you’re done, hit finish and we’ll be back at the attributes pane. Do a quick search to make sure it was added, and we’re done here.
SCOM - Search Results for custom attribute
Now right-click on groups and select “Create a new group”
Give it a nice friendly name & description and for the management pack choose the same one you used when creating your attribute! That’s important, as dynamic inclusion rules only scope to what is available in the current management pack (And any dependent ones), so you’d be going crazy wondering where your attribute is if you used a different one. Then hit Next>

SCOM - Create Attribute - Create Group Wizard
Under “Explicit Members” hit next, we don’t want to put anything in here.
Under “Dynamic Members” click on Create/Edit Rules. From the drop down, select the class your attribute was added to (In this case, it’s Windows Server_Extended) and hit add to insert a line. Click on the drop down for Property, and you should see the one we created called “Notepad Running”.
SCOM - Create Attribute - Dynamic Group Query Builder 2
Select it, then finish up the formula. In this particular case we’re using “Greater than or equal to” as the operator and “1″ as the value.
SCOM - Create Attribute - Dynamic Group Formula

To be perfectly honest, you should consider this more of a ‘hack’. What happens is the agent runs “Select * FROM WIN32_Process where Name = ‘notepad.exe’” and returns the Handle property back to the server. The Handle property will never be 0 (Except for the System Idle Process). So if notepad.exe is running on a particular server, it will always return a Handle greater than or equal to 1. If notepad.exe isn’t running on a server, this query returns $null for the handle, which evaluates to FALSE in out Greater than or equal to formula.
Click on OK, then Next. Hit next on Subgroups and again on Excluded Members, then hit ‘Create’.

You’re finished. Wait some time for the new discovery to propogate fully, then right click on your newly created group and then “View Group Members”. And now you can interact with this group just like you’ve always been. Have fun!

Using Resolution States to fine tune alert notifications

Authoring, Notifications, SCOM 14 Responses »

Jul 032008

Edit 09/10/2008: Fixed the script, fixed the reference in point 14.

I haven’t seen this solution offered as a way to send more customized alerts, and am fairly excited about it. With some of the previous solutions, they involve using the command shell to create an alert notification. This is fine, except if you open the subscription in the GUI – once you’ve done that, you’ve essentially undid all that work and created a ‘catch all’ that sends an alert on any event. Why? Well, the GUI itself isn’t designed for the custom settings that can be done in Powershell. This makes it fairly difficult to add people or change the alert – not acceptable to me.

After messing around with authoring console and creating classes based on event viewer errors and other equally exotic methods I came upon something that works wonderfully. The catch? You can only create 254 rules this way.

What am I talking about? Some powershell scripts and the alert resolution states!

By default, there are only 2 states defined – 0 for New, and 255 for Closed. They are always there, and can not be deleted. This leaves 1 – 254 as user definable states. We can use these to make one-to-one events.

Let me start off that this isn’t an ideal solution, but it is the most readable and elegant solution for this particular problem. You probably shouldn’t do this on a single rule basis, but target it more at a wildcard match. You do have a naming convention for your rules and monitors, right? If not, this is the perfect reason to get one. I’ll typically use a convention of <Product Type>-<Product>-<Version (If multiple)-<Rule>. So if I had a rule targeted at exchange, I’d have a rule similar to “EMAIL – Exchange – Exchange 2007 – Search for ‘Jeremy is fired’ in execs mail”. Then when I’m using an exotic config to send an alert, such as this one, I can better fine tune alerts.

Remember, the more you move away from the “Out of box” yfunctionality with OpsMgr, the more you should be documenting. Or even better, a wiki. Just make a reference to the wiki in the description, and people will know exactly what you’re trying to do – that’s for another post though.

Let’s get on with it, shall we?

I’m going to create a situation. I have a custom application which logs to the Application log. There’s one particular event that only one group in the organization cares about – all they want is a notification of this one single event and nothing else. How do we do it?

The Cliff’s Notes version of what we’ll be accomplishing today:

Create a custom Resolution State
Define a new rule
Deploy a PowerShell script to the RMS to update the resolution state of matching alerts
Create a notification subscription which responds to our particular state

Now, for the complete steps

First go to Authoring > Management Pack Objects > Rules – Right click and “Create new rule”
Under rule type, select Alert Generating, Event Based, NT Event Log (Alert) and select a management pack to use.
Enter a rule name that is distinctive enough that no other rules will have that same name. Then enter a description, rule category and choose a target. You can go with the shotgun approach and pick “All Computers” here if you’d like.
Now walk through the rest of the wizard and configure your event log settings – for this test I’m using the Application log, Event ID of 926 and event source of “Pavleck.NET Test”. But you can put whatever you want here ace, it’s up to you.
Configure your alert. It should automatically copy over the rule name as the alert name. The alert name is what we’ll actually be alerting on, so it’s important that you remember what it is, and ensure it’s distinctive enough to not match something that already exists.
Now we can work on the other parts of this while our rule is propagating across the environment.
Go to Administration > Settings > Alerts – this is where we’ll define a new Alert Resolution State to use. Click on “New…” and name your state and choose an ID for it, I used 10 in this example.
Click Apply, then Ok and now we’re done with part 2.
Let’s go ahead and test and see if our rule works, just open a command window and use some EventCreate.exe magic.
Open up the alert console for whatever machine you ran that on and you should see our new alert in there – yay, we did something!
Now we’ll add the magic that changes the alert resolution state. It’s a fairly simple script, and it’s meant to be that way. For simplicity’s sake, we’ll be running this script as a timed response from the RMS. Depending on how your particular environment is setup, you could also run it inside of the rule itself, as an additional response to “Create Alert”. But that only works well if you only plan on doinbg this sparingly, otherwise it makes more sense to run this from the RMS and add onto the script as needed.
First, download SCOM-UpdateResolution.ps1 here (Or view it after the jump) and edit the alert name, resolution state and RMS to what matches your environment.
Now we’ll need to go and create a new rule. Rule type is Timed Commands > Execute a command. Give it a name and description. I’ve set the rule category to “Maintenance” as that makes the most sense to me.
For the schedule, I’ve set mine to run every 2 minutes. This means there will be a delay of that much between alerts and notifications, but that’s acceptable to me. Then hit next.
Configure the command line execution settings as shown – remembering to use instead of “&”. I’ve set the timeout to 45 seconds.
Hit create and that’s almost all of it – all we need to do now is to create the alert subscription. Go to administration, right click on Subscriptions and choose “Create new notification subscription”
Step through it like normal, choosing all groups, all classes. When you get to the Alert Criteria page, uncheck “New” and “Closed” and check our new resolution state. If you keep ‘closed’ in there, it will pertain to all alerts that close. That’s one drawback to this method, you won’t get closed alerts.
Finish it up as you normally would, then lets test it! Create a few more test events, and lets see if it works.

That’s all there is to it. This works, reliably and 100% of the time. It’s extremely flexible and easy to follow for someone just walking into your environment.

By using a single PowerShell script, and targeting the RMS computer group you’ll be making sure that you have only a single simple script to edit and by mirroring the files and directory paths to any other management servers in your environment you maintain this method if you ever need to promote one to an RMS.

Pavleck.NET