Category Archives: SCOM

Automatically Closing Old SCOM Alerts using PowerShell

If you a SCOM administrator, then you are familiar with seeing old alerts piling up in your SCOM console. No matter how much you clean up your monitoring environment, some alerts will be left over unless you manually remove them, depending on how you have configured alert resolutions.

Following PowerShell script from Microsoft SCOM blog will allow you to automatically close old SCOM alerts.The logic behind this script is, that it will traverse the active alerts and checks for alert age. If the alert age is greater than the specified number of days in the $alertsTobeClosedBefore variable, those alerts will be closed.

Remember to load the SCOM PowerShell Module before you run this script.

$alertsTobeClosedBefore = 5

$currentDate = Get-Date

Get-SCOMAlert | Where-Object {(($_.ResolutionState -ne 255) -and (($currentDate – $_.TimeRaised).TotalDays -ge $alertsTobeClosedBefore))} |Resolve-SCOMAlert


Integrating OMS Service Map with SCOM

OMS Service Map solution is capable of automatically discovering dependencies of application components in Windows & Linux servers to map the communication flow between your business services. It maps connections between servers, processes, and ports across any TCP-connected server in your datacentre. With this solution you won’t have to configure anything besides installing an agent. Microsoft has recently released a public preview version of Service Map management pack which allows you to automatically create distributed application dashboards in SCOM based on the dynamic dependency maps generated in Service Map solution. In my opinion this is a very valuable integration as organizations that use SCOM as their main monitoring tool can leverage the dynamic application dependency monitoring capabilities of OMS, where as is past they had to rely on third party tools to visualize such. 

What is inside the Service Map MP ?

Like every other management pack you need to first import the Service Map MP into SCOM. When you import the Service Map MP (Microsoft.SystemCenter.ServiceMap.mpb) following dependent MPs will be installed in your SCOM management server/s. 

  • Microsoft Service Map Application Views
  • Microsoft System Center Service Map Internal
  • Microsoft System Center Service Map Overrides
  • Microsoft System Center Service Map

This management pack is compatible with both SCOM 2016 & 2012 R2 versions.

Known Limitations of the Public Preview

In the beginning of this post I have mentioned that this MP is still in preview and hence there are few issues and limitations with it as of now. I’m not sure whether Microsoft is going to address or change the behaviour some of these when the MP releases GA, specifically the limitations around updating the diagram views in SCOM console.

  • One management group can be integrated with only one OMS workspace.
  • Adding servers to the Service Map Servers Group manually won’t immediately sync those with service maps as they will be synced from Service Map during the next synchronization schedule. 
  • Making changes to the Distributed Application Diagrams created by this MP is not useful. Because these changes will be overwritten by the Service Maps solution in the next synchronization schedule.

If you are interested in trying out this new MP, following resources might come in handy.

APM in SCOM 2016 | Doomed or Saved?

There is a scary bug with SCOM 2016. If you are using Application Performance Management (APM) feature with SCOM 2016 you may possibly run into an issue where the SCOM 2016 Agent may cause a crash for the IIS Application Pool running under .NET 2.0 runtime. The underlying cause dor this issue is that the APM code of SCOM 2016 Agent utilize memory allocation within the APM code of the Microsoft Monitoring Agent, that is incompatible with .NET 2.0 runtime. This results in a crash  if this memory is later accessed in a certain way. The SCOM 2012 R2 agent doesn’t have this issue since the code that cause this behavior is not present in that version. 

Microsoft has provided a fix for this issue with SCOM 2016 Update Rollup 3. Unfortunately this hotfix seems useless in rectifying this issue. Microsoft is working on another hotfix to correct this behavior. 

There are several workarounds that you can perform in order to remediate this issue.

  • Migrating the Application pool  to .NET 4.0 Runtime;
  • Installing the SCOM 2012 R2 Agent as it’s forward-compatible with SCOM 2016 Server and APM feature will continue to work with the older binaries;
  • Reinstalling the SCOM 2016 Microsoft Monitoring Agent with NOAPM=1 switch in msiexec.exe setup command line to exclude the APM feature  from setup;

There are some additional issues casued by this bug.

SharePoint Central Administration site stops working when SCOM 2016 Agent is installed onto the server

Even though the APM feature is in disabled mode by default when you install the SCOM 2016 agents, it adds a registry setting to load inactive APM into IIS Application pools. If you don’t configure APM in the SharePoint Servers, the application pools will have APM loaded in inactive state without monitoring. It has been reported that the inactive APM may crash SharePoint Central Administration v4 application pool and prevent the application from starting.

Known Workarounds

  • Install SCOM 2012 R2 agent if APM is needed.
  • If APM is not need, re-install the SCOM 2016 agent with “NOAPM=1” from the command line.
Web Site crashes during startup when SCOM 2016 Agent is installed 

As described above, APM adds a registry setting to load inactive APM into IIS Application pools regardless of APM is disabled (but installed) or not. The application pool account needs access top the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\System Center Operations Manager\12\APMAgent registry key,. If it cannot access this registry hive, the inactive APM configuration cannot read that key and the application pool process may crash. As a workaround you can add “Read” access permission for the application pool account to this registry key.

Microsoft Monitoring Agent | New Update Rollup

Microsoft has unveiled a new update rollup 8.0.11030.0 for the Microsoft Monitoring Agent (MMA) that has fixed issues in the previous version of MMA. The fixes in this version includes below.

  • Improved logging for HTTP connection issues
  • Fix for high CPU utilization when you’re reading a Windows event that has an invalid message description
  • Support for Azure US Government cloud

How to get update rollup version 8.0.11030.0 for Microsoft Monitoring Agent (KB3206063)?

This package is available as a manual download in the  Microsoft Update Catalog. You can search for Microsoft Monitoring Agent and list down the available updates will appear in the search results.

Rolling back to a previous version of a SCOM Management Pack

In Operations Manager sometimes you may need to revert back to an older version of a Management Pack for a particular workload. The Operations Manager UI allows to delete and re-import MPs from the “Installed Management Packs” screen. The problem happenes when there are multiple and multi-level dependencies on the MP that you are trying to delete.

However now there is an enhanced version of a script available at TechNet  (developed by MSFT employee Christopher Crammond) that will help you to revert Management Packs with a single command.

Using the Script

  • Open the Operations Manager Command Shell prompt as an Administrator.
  • Download the script to remove a management pack with dependencies from here.
  • Execute the script as below. 

 .\RecursiveRemove.ps1 <ID or System Name of the MP>

  • For an example if you want to remove the SQL 2014 Disocvery MP run the script as below.

 .\RecursiveRemove.ps1 Microsoft.SQLServer.2014.Discovery

How to get the  the ID or System Name of an MP?

  • Selecting the MP that you want to delete in the Installed Management Packs view by clicking Properties in the Actions pane.
  • Copy the content in the ID : text box in the General tab.

Fix It | October 2016 Cumulative Windows Updates Crash SCOM Console

In my last post I’ve shared the console crashing issue you face after installing the security updates in  MS16-118 and MS16-126. Now Microsoft has published a new KBs to fix the console crashing issue in SCOM after applying these updates.

Individual hot fixes are available for the following list of Operating systems which you can download from here.

  • Windows Vista
  • Windows 7
  • Windows 8.1
  • Windows Server 2008
  • Windows Server 2008R2
  • Windows Server 2012
  • Windows Server 2012 R2

For Windows 10 and Server 2016, the fix was applied to the latest cumulative updates.

October 2016 Cumulative Windows Updates Crash SCOM Console

It seems like the October 2016 cumulative Windows updates (KB3194798, KB3192392, KB3185330 &KB3185331) cause the SCOM consoles 2012/2016 in all Windows versions from Windows Server 2008 R2 up to 2016 and Windows 7 up to 10 Windows 10 to regularly crash without any doubt.

According to Microsoft Germany’s SCOM PFE Dirk Brinkmann  who has blogged about this issue here, the SCOM team is working on a fix for this as of now and no ETA for an resolution has been provided yet.

Once a fix is available you will be able to see it via SCOM team blog.

Savision Whitepaper | Monitoring IT Services Proactively

A lot of companies are used to waiting for a disaster to happen in order to react. Only until there’s a service outage within their IT department do they take action instead of being more proactive and in control of their IT. The problem is that they don’t know where or how to get started in having a proactive approach to monitoring, even more so when they have a lot of infrastructure that needs to be monitored.

As a first step, IT needs to understand the business: all good designs come from understanding your IT services data dependencies and knowing how they relate to one another. Then they need to find out what are the best tools available today.

Microsoft System Center Operations Manager (SCOM) is a great platform to monitor components, and which a lot of people in the industry are already familiar with. There’s a lot of useful information within SCOM that can be used by the different personas in the company, however, the presentation layer and the way it is organized within SCOM is not the way those other personas look at IT. SCOM is still pretty technical and is all about components.

Looking at the personas in the IT service delivery organization, you will see that engineers definitely can work with SCOM. However, it usually takes them a while to figure out how they can easily get to the root-cause of a service outage, and what the business impact is of this outage will be.

Savision’s new whitepaper: “Business Service Management with System Center”, shows how to stay in control of your business services and make the most out of SCOM. Click here to download the whitepaper. The whitepaper is written by three experts: Microsoft MVP Robert Hedblom, Savision’s Co-Founder & VP of Product Management Dennis Rietvink, and Approved Consulting’s CEO & Solution Architect Jonas Lenntun.

Removing SCOM MPs like a Boss

It’s not like everyday you might want to remove certain management packs from your SCOM management group. The most  painful task is removing the dependent MPs as you need to manually track all of those and delete them first in order to successfully remove the parent management pack.

Microsoft Senior Software Engineer Chandra Bose has written a PowerShell script that can  identify and remove all of the dependent management packs automatically in such situations. Lets explore that script a little in this post.

How to get started?

First of all you need to run the Operations Manager Command shell as an administrator,  which should be a member of the Operations Manager Administrators group as well.

When you execute the script you can either provide the ID or the System Name of the parent management pack as below. You can find the MP ID by visiting Administration > Management Packs > Right click the desired MP and select properties > Look for the ID field in the General tab which shows the MP ID. The System Name is the unique name of the MP (i.e Microsoft.SQLServer.2012.Discovery)

 .\RecursiveRemove.ps1 <ID or System Name of the MP>

You can download the RecursiveRemove.ps1 script from here.

Update Rollup 9 for SCOM 2012 R2 now available

Microsoft has published the update rollup 9 for System Center Operations Manager 2012 R2 yesterday. Overall this update rollup focuses on significant fixes to Application Performance Monitoring in SCOM.

Fixes for following issues are included in this update.

  • SharePoint workflows fail with an access violation under APM
  • Application Pool worker process crashes under APM with heap corruption
  • Some Application Pool worker processes become unresponsive if many applications are started under APM at the same time
  • MOMAgent cannot validate RunAs Account if only RODC is available
  • Missing event monitor does not warn within the specified time range in SCOM 2012 R2 the first time after restart
  • SCOM cannot verify the User Account / Password expiration date if it is set by using Password Setting object
  • SLO Detail report displays histogram incorrectly
  • APM Agent Modules workflow fail during workflow shutdown with Null Reference Exception
  • AEM Data fills up SCOM Operational database and is never groomed out
  • The DownTime report from the Availability report does not handle the Business Hours settings
  • Adding a decimal sign in an SLT Collection Rule SLO in the ENU Console on a non-ENU OS does not work
  • SCOM Agent issue while logging Operations Management Suite (OMS) communication failure

This update rollup introduces the APM support for IIS 10 and Windows Server 2016. This requires an additional management pack which can be found in “%SystemDrive%\Program Files\System Center 2012 R2\Operations Manager\Server\Management Packs for Update Rollups” with its dependencies once you install the update rollup.


The which is a dependency, is not included in the UR9 package so you should download and install that separately before you enable APM for IIS 10 & Windows Server 2016.

You can download the binaries from here.