Tag Archives: Monitoring

False Alert in SCOM | Cluster Resource Group Offline

I’ve noticed a strange alert in a Hyper-V cluster monitoring scenario earlier today. Though I did a cluster validation immediately and noticed a couple of network warnings due to an incorrect IP address configuration there was nothing wrong in the cluster itself.

Cluster Resource Offline (1)Digging into Health explorer I could see below. All three nodes in the cluster were reporting critical health states.Then I realized that there is Network adapter in each host which we haven’t assigned a Gateway or DNS and it is displaying an IP address failed error in Health explorer. But still that wasn’t the issue.

Cluster Resource Offline (3)Solution

  1. Open a PowerShell session as an administrator and type Get-ClusterGroup and press Enter. This will have an output similar to below.Cluster Resource Offline (2)
  2. Have you noticed Available Storage is offline in above screenshot? That is the culprit. What happens here is when some clusters  are built up, they won’t have Available Storage in the cluster console and therefore the Available Storage cluster group is offline by default. All you have to do is make it online by typing Start-ClusterGroup -Name “Available Storage” and et viola alert is gone.
  3. Cluster Group is displayed as failed. This is because of the IP address issue of unused adapter as I mentioned earlier. I had to bear that for the time being as we are using those NICs for a separate task later.

Alert Management Intelligence Pack | Azure Operational Insights

Alert Management Intelligence Pack brings your on-premise SCOM alerts to Azure Operational Insights. This pack allows you to analyze your SCOM alerts in more granular level by providing below key scenarios on the fly.

  • Number of Alerts raised during a specific time frame
  • Top alert sources with active alerts for a specific time frame
  • Top alerts (Active, Critical & Warning) during a specific time frame
  • Detailed alert search

Let’s see how we can add this Intelligence Pack.

  1. Login to Azure Ops Insight Portal and click Add Intelligence Packs.Alert Management IP Ops Insight 1
  2. Select the Alert Management Intelligence Pack.Alert Management IP Ops Insight 2
  3. Click Add from the gallery.Alert Management IP Ops Insight 3

Don’t expect the alerts to hit Ops Insight Portal instantaneously. It will take some time to gather the data and as usual I will give it 24 hours to settle in.

Alert Management IP Ops Insight 4My IP looks blank at the moment but let me explain what each of these tiles mean.

  • Tile 1 – Active Alerts which are in Critical state
  • Tile 2 – Active Alerts which are in Warning state
  • Tile 3 – Which servers have active alerts for the past 24 hours
  • Tile 4 – Active alerts summary

You can use the Common Alert Queries tile to build your own queries to search for specific alerts.

Alert Management IP Ops Insight 5The minimum frequency for a search is 6 hours. Beyond that you can select a custom date range as well. There are number of filters available to narrow down the search.

Also you can use the search dialog box to,

  • Save a search – Star with + sign
  • Use a saved search – Star
  • Use recent search items – Clock

If you haven’t signed up for Azure Ops Insights yet you can request an account (public preview) from here.

Azure Operational Insights | Agent Installation Explained

Microsoft has announced the all new Azure Operational Insights, the successor to System Center Advisor. It is an online service that allows you to collect statistics from your servers in your data center, analyze them and take proactive actions against any compliance issues. Apart from that Operational Insights allows you to keep you servers inline with change tracking and configuration management.

Today I’m going to discuss how do you connect your environment to Ops Insights. Actually there are two methods to achieve this.

  1. Connecting via SCOM Management server – You’ll need SCOM 2012 SP1/R2 server that is deployed in your environment for this. In this approach you’ll be collecting data from SCOM server by connecting to System Center Advisor service.
  2. Connecting to servers directly – We are going to discuss how do we enable direct connection to Ops Insights in this tutorial.


  • An active Azure Operational Insights Subscription. You can request one free from here as it’s in public limited preview yet.
  • Microsoft Account/Organizational Account – This is required for signing up with Ops Insights subscription.
  • .NET Framework 3.5 should be installed in the server for enabling intelliTrace Logs. This is a PowerShell Interface to collect advanced application diagnostics data.

Installing Operational Insights Agent

  1. Download the Ops Insight Agent from here or you can sign into your Ops Insight Account and download the agent from there as below.Azure Operational Insights Installation 1
  2. Run the setup file on the server which you need to on board. Make sure that you have opened TCP Port 5723 for the agent communication.Azure Operational Insights Installation 2
  3. Accept the EULA and select the agent install location.Azure Operational Insights Installation 3 Azure Operational Insights Installation 4
  4. In the next screen select Connect the agent to Microsoft Azure Operational Insights option.Azure Operational Insights Installation 5
  5. Provide the Workspace ID & Key in the next screen. These values can be found on Ops Insights portal > Overview > Usage > Direct Server Configuration (Refer Step 1)Azure Operational Insights Installation 6
  6. Select whether you want to configure Windows update to automatically update the agent. I’ll leave that with default NO.Azure Operational Insights Installation 7
  7. Click Install and wait for the Installation to complete.Azure Operational Insights Installation 8Azure Operational Insights Installation 9
  8. Additionally you can change the agent setting through Control Panel > System and Security > Microsoft Monitoring AgentAzure Operational Insights Installation 10Keep in mind as a regular SCOM agent setup your server won’t be visible at once in the Ops Insights portal so give it some time at least 24 hours. Once your servers are connected you can configure Intelligent Packs to analyze your environment.

Monitoring web sites with System Center Global Service Monitor

SCOM is indeed a great product with regards to monitoring but sometime we require external monitoring for products like web applications. If you are familiar with solutions like site24x7 then you know how much you have to pay for those applications just to monitor your website up and and running. If you already have a SCOM deployment in your organization, you don’t need to go for such solutions. We have System Center Global Service Monitor which provides the same services and many more.

GSM is basically a cloud service which utilizes Microsoft Azure points of presence all over the world to give you end user experience of your web applications. This means the monitoring you get is how it would look like to a user in a remote location. This is a huge advantage as for application owners can get more insights regardless of external factors such as network latency, service outages etc… The beauty of this service is it focuses on the application itself not the network health or connectivity. GSM is capable of Web Application Availability monitoring (single URLs) and Visual Studio Web Tests monitoring which can be run from 15 external locations.

Let’s see how we can address the availability monitoring for a URL with GSM scenario.


You should have either a trial  or paid GSM subscription integrated with your SCOM 2012 installation. For that you need to install and import GSM Management Pack to your SCOM Management server/s. You can refer here if you want to learn how to achieve that.

Configuring availability tests for URLs

  1. Open Operations Manager Console. Navigate to Administration > Global Service Monitor, and then select Configure Web Application Availability Tests.
  2. In the next screen provide name and a description for your testing scenario. Also as usual create a custom management pack to store this custom test. If you already have created one you can select it as well.General
  3. Enter the URLs that you need monitoring in the next screen. Even you can also paste URLs from CSV file which contains the format of “Name, URL”. Make sure to include the correct protocol (http:// or https://) depending on the URL. Click Add to import names and URLs from another source.What to Monitor
  4. In the  Where to Monitor From dialog, you can select the locations from where you want the URLs to be monitored. This includes both external and internal locations. External locations include 15 locations from below countries and regions. Australia (Sydney), Brazil (Sao Paulo) , Europe (Amsterdam, London, Paris, Stockholm, Zurich), Russia (Moscow), Singapore, Taipei, United States (Chicago, Los Angeles, Miami, Newark, San Antonio)Where to Monitor FromSelect external locations
  5. As for Internal location you can add from the servers in your environment from which the URLs going to be monitored. Of course these should be internet facing if your URLs are externally hosted.Select internal locations
  6. The next dialog box allows you to view your tests (internal or external) and validate the configuration of only internal tests. To do so select the test you want run and click Run Test. To change the default settings for the tests for internal or externals tests that you created, click Change ConfigurationView and Validate Tests page by using internal and external locations
  7. Once you click Change configuration you can customize the test frequency, alerts, response times etc… For the time being you can leave them as defaults. Once you are done click Apply > then OKChange Configuration 1 Change Configuration 2
  8. If you run a test you will see a test result window that will verify whether your test  was a success or points out for any configuration error if there are any. Go through the details and once you confirm that the test is properly finished click close to return to Step 6Test Results page for internal tests
  9. The next screen provides a summary of your new URL monitor with GSM. Click Create to create the monitor. You can create a dashboard view for this monitor later on for an easier visual representation. Summary

Now you are all set to monitor your websites with GSM integrated to SCOM. Let’s talk about SCOM dashboards in a later post. If you are using a third party solution for website monitoring still now it’s time to go with GSM.

Analyze your SCOM data with Microsoft System Center Advisor

Those who have used SCOM for monitoring know what it takes to filter out the unnecessary monitoring information from all those alerts, monitors and logs. If your SCOM setup is just click click install kind of setup then you probably have more unwanted monitoring scenarios configured by default. Sometimes your boss needs to look at the big picture of monitoring once in a while, present it to the management at a meeting. How do you achieve these challenges? You can fine tune your SCOM installation, override unnecessary MPs, create reports, dashboards etc… But guess what, you don’t have to be that thorough anymore if you are using Microsoft System Center Advisor integrated with you SCOM environment.

System Center Advisor is a free (selected countries) online service which lets you to analyze your SCOM data or individual Microsoft Workloads to provide different insights on your data center health. Currently it is in Limited Public preview, so you can grab your Microsoft Account or Corporate Account to sign up for a preview. The beauty of this product is you can use it even without System Center Installation by installing Advisor agent on individual servers that you want to monitor and let the online service to worry about the rest. Below are some features that Advisor is capable of.

Log Management

System Center Advisor can collect, combine, correlate and visualize all your machine data. That is it can separate required monitoring history from the noise. It is also capable of searching through multiple systems in your data center to identify root cause for any issues.

Capacity Planning

With advisor you can be proactive not reactive. Advisor enables you to see what capacity shortages such as storage, Allocation bottlenecks such as CPU, Memory & Network and it even let you to plan capacity for future workloads

Configuration Assessment

You can avoid configuration issues with Advisor as it proactive assess the best practices that you define in your data center. This feature doesn’t require SCOM installation and can be separately configured.

Update Assessment

Advisor is capable of keeping track of your system patches. Be it on-premise or cloud, Advisor sees through the data center for any non-compliant servers and reports back for remediation.

Threat Assessment

As you have probably guessed by now, Advisor is also capable of monitoring your environment for viruses & malware. It can report which of your servers have security threats and any actions to rectify same.

Now let’s see how we setup Advisor in your SCOM environment. Though there are some per-requisites for this.

  • You should be running either System Center 2012 Service Pack 1 or System Center 2012 R2
  • Microsoft .NET Framework 3.5 SP1 should be installed
  • Windows Server 2008 upwards
How does System Center Advisor Works?

Supported technologies for analysis

Advisor analyzes the following workloads.

  • Windows Server 2012/2012R2/2008/2008 R2 (Active Directory, Hyper-V Host, General operating system)
  • Hyper-V Server 2012/2012R2
  • SQL Server 2008 and later (SQL Engine)
  • Microsoft SharePoint Server 2010
  • Microsoft Exchange Server 2010
  • Microsoft Lync Server 2010
  • Microsoft Lync Server 2013 (new in October 2013)
  • System Center 2012 SP1 – Virtual Machine Manager

Setting up Advisor with SCOM

  1. Sign in to the Advisor Limited Public Preview through here. You may have to sign up if you already don’t have an account (requires Microsoft Account or Corporate Account).
  2. Open Operations Manager Console and navigate to Administration
  3. Select System Center Advisor, and then select Advisor Connection.
  4. Click Register to Advisor Service.
  5. Sign in with your Microsoft or Organizational accounts in step 1.
  6. Create a new Advisor account or choose an existing Advisor account associated with your Microsoft/Corporate account.
  7. Save the changes.
  8. Select Actions, click Add a Computer/Group.
  9. Under Options, select Windows Server or All Instance Groups, and then add servers that you want data to be collected from.

Below are some useful references that you can use to learn more about System Center Advisor.

Monitoring Linux Servers with SCOM 2012 R2

The world is heterogeneous. All though Windows Server is running on 75% of data centers, organizations use various Linux distributions to run enterprise applications. If you are in to middleware you know for a fact how critical these applications are and the need to monitor same very closely to avoid service interruption.

Let’s have a quick look on how to setup a monitoring solutions for your Linux servers with SCOM. I’m going describe the process in a high level.

  1. Set up the environment for monitoring
  2. Install & import the SCOM Management Pack for Linux/Unix Monitoring in the SCOM management server
  3. Install the Operations Manager agent in the server to be monitored.
  4. Define monitors, rules and tasks an necessary

Step 1 | Setup the environment

Below are a list of prerequisites that you need to configure prior setting up the monitoring.

  1. SSH should be up and running on the destination server. It’s how SCOM talks to the agent.
  2. Port 22 (for SSH) & Port 1270 (for SCOM Agent) should be opened on both sides.
  3. OpenSSL should be up and running to for certificate signing. This is vital if you have couple of SCOM management servers and wish to use a SSH key for authentication
  4. Configure resource pool & Run As accounts for Linux servers. If you’re not sure about this I’ve provided some great articles in the end to refer courtesy of TechNet

Step 2 | Installing the MP for Linux/Unix

Now you already know that a management pack contains the parameters & functions that are require to monitor a specific application, be it an OS or just an application. So in our scenario we will have to install the latest MP for Linux/Unix monitoring installed and imported to SCOM in order to setup basic health monitoring for Linux. You can download these through here.

Step 3 | Agent installation and Discovery

Now for those who wish to automatically discover the Linux resources can run an Discovery Wizard in SCOM. But remember the linux user assigned for the Run As account should have enough privileges (best if that user is in the sudoers list) for the agent installation.  If you want to do a manual agent installation all you have to to is to install the System Center SCX agent which comes as an rpm file in the SCOM installation directory in the Linux server using rpm command. Once you run the discovery against the server it will automatically identify that a proper agent is already in place.

Step 4 | Define your own monitoring criteria

Now that you have installed the agent after a short while you may notice the basic system health data is being reported to SCOM. You can start creating your own custom MP to store overrides for existing monitors or create new ones. What I recommend is to leave the system for couple of hours to get settled in and the to start defining the monitoring subjects.

Below are some great resources that I’ve come across when I setup monitoring for Linux. Hope you will find same useful .