Update: SCOM: October 2016 patch makes your Console crash

Awesome Microsoft, way to go with QA when you make your own core products crash…


It seems that the bundled October patch for Windows Server 2008x and 2012x makes the SCOM Console crash when viewing different state views.
The patches mentioned:

Server 2008 – https://support.microsoft.com/en-us/kb/3192391
Server 2012 – https://support.microsoft.com/en-us/kb/3192392

After uninstalling theese in my environment, the Console started working again.

This has now been officially aknowlegded, and MS is working on a solution:

Follow the MOMTeam blog for more info on when the fix will arrive:


The product group released a hotfix for this issue: https://support.microsoft.com/en-us/kb/3200006


– F

SCOM: Get Subscriber in Subscription

This little thing will search through, and get all subscribers containing your searchword in any subscription you may have set up in SCOM.


$sub = Get-SCOMNotificationSubscription | select displayname,torecipients

write-host "Searchword: ""$searchword"" exists in the following subscriptions:"
foreach ($s in $sub){
    $recipient = $s.torecipients.name
    if ($recipient -like "$searchword"){
    write-host ""$s.displayname""

– F

SCOM: Get Maintenance Mode History

I use this query whenever I need to investigate Maintenace Mode history for SCOM agents.

USE OperationsManagerDW
SELECT ManagedEntity.DisplayName, MaintenanceModeHistory.*
FROM ManagedEntity WITH (NOLOCK) 
MaintenanceMode ON ManagedEntity.ManagedEntityRowId = MaintenanceMode.ManagedEntityRowId 
MaintenanceModeHistory ON MaintenanceMode.MaintenanceModeRowId = MaintenanceModeHistory.MaintenanceModeRowId
where DisplayName Like '%SERVERNAME%'
order by ScheduledEndDateTime

– F

Useful SQL queries for OpsMgr DB

Here are some of the SQL scripts I usually use in case of… whatever.
Many of these must be credited to Kevin Holman

Set ALL agents to Remotely Managable

UPDATE MT_HealthService 
SET IsManuallyInstalled=0 
WHERE IsManuallyInstalled=1

Get Agents not Remotely Managable

select bme.DisplayName from MT_HealthService mths 
INNER JOIN BaseManagedEntity bme on bme.BaseManagedEntityId = mths.BaseManagedEntityId 
where IsManuallyInstalled = 1

Set Agent Remotely Managable

UPDATE MT_HealthService 
SET IsManuallyInstalled=0 
WHERE IsManuallyInstalled=1 
AND BaseManagedEntityId IN 
(select BaseManagedEntityID from BaseManagedEntity 
where BaseManagedTypeId = 'AB4C891F-3359-3FB6-0704-075FBFE36710' 
AND DisplayName = '-- Servername Here --')

Get Unix Duplicates (Run if the *Nix agent view in console fails)

DECLARE @NeededTypeName NVARCHAR(256)
DECLARE @ManagedTypeIdForManagedEntitiesByManagedTypeAndDerived UNIQUEIDENTIFIER
SET @NeededTypeName = 'Microsoft.Unix.OperatingSystem'
SET @ManagedTypeIdForManagedEntitiesByManagedTypeAndDerived = (
SELECT ManagedTypeId
FROM ManagedType
WHERE TypeName = @NeededTypeName

NULL AS SourceEntityId

FROM dbo.ManagedEntityGenericView
SELECT DISTINCT [BaseManagedEntityId]
FROM dbo.[TypedManagedEntity] TME WITH(NOLOCK)
JOIN [dbo].[DerivedManagedTypes] DT
ON DT.[DerivedTypeId] = TME.[ManagedTypeId]
DT.[BaseTypeId] = @ManagedTypeIdForManagedEntitiesByManagedTypeAndDerived AND
TME.IsDeleted = 0
) AS ManagedTypeIdForManagedEntitiesByManagedTypeAndDerived
ON ManagedTypeIdForManagedEntitiesByManagedTypeAndDerived.[BaseManagedEntityId] = [Id]
[IsDeleted] = 0 AND
[TypedMonitoringObjectIsDeleted] = 0 AND
[ManagedEntityGenericView].[Path] IN (
SELECT [BaseManagedEntity].[Path]
FROM [BaseManagedEntity]
GROUP BY [BaseManagedEntity].[Path]
HAVING COUNT([BaseManagedEntity].[Path]) > 1

ORDER BY [ManagedEntityGenericView].[Path]

Remove *NIX Duplicates

DECLARE @TypedManagedEntityId uniqueidentifier
SET @TimeGenerated = GETUTCDATE()
SELECT TME.TypedManagedEntityId
FROM TypedManagedEntity TME

OPEN EntitiesToBeRemovedCursor
FETCH NEXT FROM EntitiesToBeRemovedCursor
INTO @TypedManagedEntityId
EXEC @LastErr = [p_TypedManagedEntityDelete] @TypedManagedEntityId, @TimeGenerated

IF @LastErr <> 0
FETCH NEXT FROM EntitiesToBeRemovedCursor
INTO @TypedManagedEntityId
CLOSE EntitiesToBeRemovedCursor

DEALLOCATE EntitiesToBeRemovedCursor


Get Alerts where CustomField1 is used, and ResolutionState is 1

select  alertname, alertdescription, statesetbyuserid, resolutionstate, statesetdatetime, severity, repeatcount, ars.alertguid, customfield1
from Alert.vAlertResolutionState ars 
join alert.valert alt on ars.alertguid = alt.alertguid
join alert.valertdetail on ars.AlertGuid = vAlertDetail.AlertGuid
where ResolutionState like '1' AND customfield1 IS NOT NULL
order by statesetdatetime

Get the reason why your agent was gray

HSO.StartDateTime AS OutageStartDateTime,
DATEDIFF (DD, hso.StartDateTime, GETDATE()) AS OutageDays,
DS.Name AS ReasonString
FROM  vManagedEntity AS ME
INNER JOIN     vHealthServiceOutage AS HSO ON HSO.ManagedEntityRowId = ME.ManagedEntityRowId
INNER JOIN     vStringResource AS SR ON HSO.ReasonCode =
REPLACE(LEFT(SR.StringResourceSystemName, LEN(SR.StringResourceSystemName)
- CHARINDEX('.', REVERSE(SR.StringResourceSystemName))), 'System.Availability.StateData.Reasons.', '')
INNER JOIN     vDisplayString AS DS ON DS.ElementGuid = SR.StringResourceGuid
WHERE (SR.StringResourceSystemName LIKE 'System.Availability.StateData.Reasons.[0-9]%')
AND DS.LanguageCode = 'ENU'
AND ME.FullName like '% SERVERNAME HERE %'
ORDER BY OutageDays

– F

SCOM: Command Channel Script

This little script is what I use in cooperation with the SCOM Command Channel to parse and send SCOM alerts to a logfile.
The script will take the SCOM alert parameters and put them neatly in a .log file, one file for each alert I want. This, of course, is customizable – I just like to see the amount of files being generated.

The Channel:


The above channel parameters:

Path: C:\windows\system32\WindowsPowershell\v1.0\powershell.exe
Cmd: -file “C\:Script\AlertExport.ps1” “$Data[Default=’Not Present’]/Context/DataItem/AlertId$##$Data[Default=’Not Present’]/Context/DataItem/AlertName$##$Data[Default=’Not Present’]/Context/DataItem/AlertDescription$##$Data[Default=’Not Present’]/Context/DataItem/EntityPath$##$Data[Default=’Not Present’]/Context/DataItem/EntityDisplayName$”
Startdir: c:\

This will get you the following (of MANY) Alert details: AlertID, Alert Name, Alert Description, Path and Displayname.

The Script:

# Alert Params
$params = $parameters.split('##') | ? {$_ -ne ''}

# Build params (added commented blocks of Alert parameter data for your convenience)
$AlertID = $params[0] # $Data/Context/DataItem/AlertID$
$AlertName = $params[1] # $Data/Context/DataItem/AlertName$
$AlertDesc = $params[2]# $Data/Context/DataItem/AlertDescription$
$Path = $params[3] # $Data/Context/DataItem/ManagedEntityPath$
$DisplayName = $params[4] # $Data/Context/DataItem/ManagedEntityDisplayName$

# Sharestuff
$date = get-date
$Alertfile = "SCOM Alert - $(get-date -Format "dd.MM.yyyy HH.mm.ss").log"

# Format AlertMessage
$AlertMessage = @()

$AlertMessage += "ID: $AlertID"
$AlertMessage += "Date: $date"
$AlertMessage += "DisplayName: $DisplayName"
$AlertMessage += "AlertName: $AlertName"
$alertMessage += "Path: $Path"
$AlertMessage += "Description: $AlertDesc"

# Output alert to textfile
$AlertMessage >> $share$alertfile

Put the script on all your Management Servers, in this case in the C:\script folder, and suddenly, if all goes well, your selected Alerts will start pumping out to this share.


– F

Request Template Certificates using CertReq and Powershell

Installing SCOM agents on non-domain servers can be a real time-consuming affair, especially the Create template-request-export-import-certificates procedure.
I decided to use my basic certificate and CertReq knowlegde to create this little script that helps me automate the whole thing.

NOTE: This is meant for inspiration only. If will for the most part not work in your environment unless you heavily modify it.

Basically it requests a new certificate from your CA server, based on a predefined Template.
It then works some magic, and you are left with the *.pfx certificate file with private key, necessary for the SCOM agent on the non-domain server to communicate with the rest of the SCOM environment.

In the end, the certificate can be copied to the non-domain server, and import it using MOMCertImport found in the SCOM Agent Support Tools folder.

#$password = Read-Host -Prompt "Enter Password" -AsSecureString
$server = read-host -Prompt "Enter FQDN for DMZ Server"

$CERTPATH = "Location you want to save Certificate to"
$CAFQDN = "CAserver.domain.net"
$CASERVER = "CAserver.domaint.netIssuing CA1 example"

write-host "Variables set. Continue to create .inf"  -foregroundcolor green

write-host "Generating Certificate INF File..."
$certinf = @"
ProviderName="Your Provider"
CertificateTemplate=CA Template Name

$certinf >> "$CERTPATH$server.inf"

write-host ".inf created. Continue to create .req file"  -foregroundcolor green

CertReq.exe -new "$CERTPATH$server.inf" "$CERTPATH$server.req"

write-host ".req created. Checking to see of files exist"  -foregroundcolor green

$testinf = Test-Path "$CERTPATH$server.inf"
$testreq = Test-Path "$CERTPATH$server.req"

if ($testinf -eq $true){
write-host "$CERTPATH$server.inf successfully generated." -foregroundcolor green
else {
write-host "$CERTPATH$server.inf could not be found. Check for errors." -ForegroundColor Red
if ($testreq -eq $true){
write-host "$CERTPATH$server.req successfully generated." -foregroundcolor green
else {
write-host "$CERTPATH$server.req could not be found. Check for errors." -ForegroundColor Red

write-host "Submitting new Certificate for $server"

CertReq -Submit -config "CAserver.domaint.netIssuing CA1 example" "$CERTPATH$server.req" "$CERTPATH$server.cer"

write-host "Importing .cer"

certreq -accept "$CERTPATH$server.cer"
write-host "All OK. Continue"  -foregroundcolor green

#Exporting certificate with Private Key
write-host "exporting shit with private key"
certutil -exportpfx -p "YOUR CERTIFICATE PASSWORD" my "$server" "$certpath$server.pfx" "nochain" 

Move-Item -Path "$CERTPATH*cer","$CERTPATH*inf","$CERTPATH*req" -Destination "$CERTPATHold"

And there you have it. The task that normally was done in 10-20 minutes is now done in 10-20 seconds.
I also have a script that copies SCOM agent files to the non-domain server, installs the SCOM agent based on bit-architechture, imports the certificate using MOMCertImport.exe and restarts the Microsoft Monitoring Agent, but this was not written by me, and I don’t remember where I found it (or who to credit) – so if you want it, hit me up in the comment section, and I’ll send it to you.

– F

Output displayname and IP address for SCOMagents

Got bored – wrote this little thing to output FQDN and IPaddress for all Windows and UnixLinux agents in my lab environment.

Could be useful for some people maybe.

ipmo operationsmanager
$nixservers = get-scomclass -name "Microsoft.Unix.Computer" | Get-SCOMMonitoringObject
$winservers = Get-SCOMClass -name "Microsoft.Windows.Computer" | Get-SCOMMonitoringObject

    Write-host "-----------------------------------------------------------------"
    write-host "-------------------- Unix Computers and IPs ---------------------"
    Write-host "-----------------------------------------------------------------"
foreach ($nix in $nixservers) 

        write-host ([System.Net.Dns]::GetHostAddresses($nix) | foreach {echo $nix - $_.IpAddressToString})

    Write-host "-----------------------------------------------------------------"
    write-host "------------------- Windooze Computers and IPs ------------------"
    Write-host "-----------------------------------------------------------------"
foreach ($win in $winservers) 

        write-host ([System.Net.Dns]::GetHostAddresses($win) | foreach {echo $win - $_.IpAddressToString})

Thank god it’s Friday…


Monitor Active/Passive Clustered Services… in SCOM?

I was playing around in Powershell the other day, and made this little thingy to help me monitor clustered Windows Services in an Active/Passive Windows Cluster solution.
The script checks if specific Windows Services are running or not, and determines which node is active in the cluster by using the get-wmiobject cmdlet.

There are many different uses for this, and can easily be modified to for example create events on the server you’re executing the script from.

This is also a really easy way to monitor Clustered Active/Passive services in Operations Manager, which is a REAL pain to do without making some overly complicated Service Monitors.
Why complicated you ask? Clusterservers do not have SCOM Agents installed,only the logical clusternode has agents. Read more about this here.
Alternatively you can do it like the pros do, and add intelligence to the monitors, described here.

Wow that was some sidetrack – enough fufflin’ around! Let’s look at this awesome script!

# Monitor Clustered Windows Services v 1.0
# www.fuffle.net

$getcluster = Get-WmiObject win32_computersystem -computername {"ENTER LOGICAL CLUSTERNAME HERE"} | select-object name
$activenode = $getcluster.name
$cluservice = 'BTSSvc$SingleReceiveHost','BTSSvc$SingleReceiveHost32','BTSSvc$SingleSendHost','BTSSvc$SingleSendHost32','BTSSvc$SingleWcfSqlHost','w3svc','Btsaalsvc','ENTSSO','RuleEngineUpdateService'

# Alternativly you can list all servicenames in a file - uncomment line 10 and comment line 7
#$cluservice = get-content "C:tempservicelist.txt"

foreach ($node in $activenode)

$service = get-service -computername $activenode $cluservice | Select-Object Status,Name,displayname

# Check all services for state, then write out result
foreach ($s in $service)
    # If services are in a "running" state
    if($service.status -eq "running")
    {write-host "The service" $s.displayname "is running on active clusternode" $getcluster.name"- All is well."}
        # If services are in a "stopped" state
        elseif($service.status -eq "stopped")
        {write-host "The service" $s.displayname "has stopped on active clusternode" $getcluster.name"- Some poo has hit the fan."}
            # If services are in a different state than "Running" or "Stopped"
            {write-host "The service" $s.displayname "is returning with status" $service.status "- Investigate this on " $getcluster.name}

Feel free to contact me if you have any questions or remarks about the script. I am a Powershell newbie, and I have no doubt that there is some better way to do this sort of thing.

– F

Awesome SCOM 2012 tools!

Here’s a link to some awesome SCOM tools that we use often for our SCOM 2012 environment.
Thanks to Daniele for these new versions (SCOM 2012 compatible).

MPViewer 2.3 (View sealed and unsealed Management Packs, also has a very useful export-as-unsealed function).
Proxy Settings 1.2 (Select groups or multiple agents and enabledisable Proxysettings)
OverrideExplorer 3.6 (Understand witch overrides exist in a Management Group, provided with Type Based and Computer Based views)
OverrideCreator 1.5 (Multi-select a number of RulesDiscoveriesMonitors and disableenable overrides for these)

Link below:

SCOM: Alert Task – Copy alert to clipboard

In our daily line of work, we sometimes need to show server admins and system managers alerts related to their infrastructure. Have you ever tried to copy/paste the Alert Details for an alert? It looks like crap, and contains alot of information the server admins and system managers couldn’t care less about.

To make this a little easier, we created an Alert Task which copies relevant information in the Alert Details to clipboard, namely Timeraised, PrincipalName, Name and Description.

1. Go to Authoring > Tasks.
2. Click «Create a New Task» in the  Tasks pane to the right.
3.  Choose «Alert Command Line» under the Console Tasks folder.
4. Select a management pack to use, or create a new one.
5. Select a Task name, and type in some description if necessary.

6. Type in the application location and parameters exactly as shown below. (The additional settings is not that important).


import-module operationsmanager;Get-scomalert -id $ID$ | fl Timeraised,PrincipalName,Name,Description | clip

7. Click Create, and you are done. Now you will find the Alert Task in the Task pane to the right in the Active Alerts view under Monitoring in the Operations Manager Console.

Sidenote: If you want to create a .txt file with the alert, just replace the pipe and clip (| clip) with >> C:tempalert.txt like so:

import-module operationsmanager;Get-scomalert -id $ID$ | fl Timeraised,PrincipalName,Name,Description >> C:tempalert.txt