Wim-ms’s Opsmgr 2007 Weblog

A blog about opsmgr 2007

Enterprise Vault event collection

Posted by wim-ms on July 1, 2008

So, there’s no management pack from Symantec Enterprise Vault for Opsmgr 2007. But our E-vault administrator likes to have the events from the E-vault eventlog called ‘Enterprise Vault’ as an Event View in his Opsmgr Console.

Easy peasy I thought, I just create a new Event Collection rule, pick ‘Enterprise Vault’ as my datasource, and target Windows 2003 Server for the rule, disable it by default and use an override to apply it to my evault computer group. But to my suprise I was getting alerts like this:

Alert description: The Windows Event Log Provider was unable to open the Enterprise Vault event log on computer 'xxxx' for reading.
The provider will retry opening the log every 30 seconds.
Most recent error details: The system cannot find the file specified.

Very strange and after a debug session with procmon (thank god for that tool), I found out that the name ‘Enterprise Vault’ had a space behind it in the registry … so it was actually ‘Enterprise Vault ‘, and the Event Log picker in Opsmgr didn’t care for that extra space at the end. Ofcourse E-vault is also to blame for adding that extra space (nice QA)

So we had to go into the registry editor (HKLM\System\CurrentControlSet\Services\EventLog) and remove that space. And all was well again in the universe .. for now.

Posted in opsmgr 2007 | 1 Comment »

Nagios integration – sorta (1)

Posted by wim-ms on May 16, 2008

I didn’t really wanted to use Opsmgr to send sms notifications self because some of the monitors/rules really get out of hand and would be sending gazillion of smses, like the exchange disk free monitor for example. Other monitors/rules just send a New and Closed notification very quickly after eachother, like the LDAP search time thingies.

So I decided to let the alerts be processed by Nagios, which uses a backend for sms throttling/aggregation and is integrated in our own on-call system.

The setup at the opsmgr side is as follows:

I used NSCA win 32 client for send the alerts to Nagios

For example for the Exhange alerts, I created a Notification command Channel
* channel name: “NSCA Exchange Alerts”
* Full path to file: “c:\send_nsca_win32_bin\send.bat”
* Command line parameters: $Data/Recipients/To/Address/Address$ $Data/Context/DataItem/ResolutionStateName$ $Data/Context/DataItem/AlertName$
* Initial directory: “c:\send_nsca_win32_bin”


set p1=%1
set p2=%2
set p3=%3
set p4=%4
set p5=%5
set p6=%6
set p7=%7
set p8=%8
set p9=%9
c:\windows\system32\cscript.exe c:\scom\send_nsca_win32_bin\sendnsca.vbs %p1% "%p2%: %p3% %p4% %p5% %p6% %p7% %p8% %p9%

This seemingly unnecessary complex batchfile is used because there is some issue in using quotes in the Command line parameters of the Notification channel. And I’m not the only one, it seems.

Ugly hack, but it works for me


Set oArgs = WScript.Arguments.Unnamed
Set WshShell = CreateObject("WScript.Shell")
cmd="c:\windows\system32\cmd.exe /c echo scom.mydomain.com "&oArgs.Item(0)&" 2 """ & oArgs.Item(1) & ".""" & "|C:\send_nsca_win32_bin\send_nsca.exe -H nagios.domain.com -c C:\send_nsca_win32_bin\send_nsca.cfg"

Ofcourse scom.domain.com and nagios.domain.com must be changed to your own.

Now to create a Recipient

* New notification recipient
* Choose: general
   o Notification recipient display name: "Nagios Exchange Alerts Recipient"
   o [x] always send notifications 
* Choose: Notification Devices
* Choose: Add
   o Channel - Notification Channel: "Nagios Exchange Alerts"
   o Delivery address: "exchange" 
   * Choose: Next
      o Schedule: [x] Always send notifications 
   * Choose: Next
      o General - Notification device name: "Nagios Exchange Alerts Device" 

And now you can create a subscription for Exchange alerts where you can add this recipient to.

So what happens, if you have an Exchange alert about LDAP search time, it will be sent like this ‘exchange New: LDAP Search Time – sustained for 5 minutes’

$Data/Recipients/To/Address/Address$ = exchange
$Data/Context/DataItem/ResolutionStateName$ = New
$Data/Context/DataItem/AlertName$ = LDAP Search Time – sustained for 5 minutes

The notification command will sent the alert message to send.bat which will call sendnsca.vbs which will actually start the nsca client which will send the alert to nagios which will process the alert which ultimately send you a sms.

The nagios configuration will be done in another post

Posted in opsmgr 2007 | 4 Comments »


Posted by wim-ms on April 30, 2008

Wow, very exciting news for opsmgr 2007 with the beta release of Cross Platform Extensions for opsmgr 2007 which allows you to monitor unix/linux systems the same way as windows systems. I’m especially impressed by their usage of open standards and open source to implement the agent and interoperability on the unix/linux side. They are using stuff like putty, openpegasus, openwsman (haven’t used that myself but looks cool).

A video of these extensions and a distributed application using mysql/apache/php in action can be found on Edge.technet.com

I think that management types will love the uniform reports of all their server regardless of the OS 🙂

A whitepaper is available on the new blog about Cross Platform Extensions

Posted in opsmgr 2007 | Leave a Comment »

Powershell snippet – add operators

Posted by wim-ms on April 18, 2008

Some code to automatically add some operator roles. Just edit the hash with your own description and groups. Ofcourse, this code requires that you run it from the Opsmgr command shell, or that you add the PSSnapin

$operatorroles=@{"ISA Operators"="DOMAIN\GS.ISA.admins";"Exchange Operators"="DOMAIN\GS.Exchange.admins";"SQL Operators"="DOMAIN\GS.SQL.admins"}

function addOperatorRole {
write-host "adding operator: $operatorname"
$mg=(get-item .).ManagementGroup
$operator=$mg.GetMonitoringProfiles() | where {$_.Name -eq "Operator"}
$obj = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringUserRole
$obj.MonitoringProfile = $operator

function addOperatorRoles {
write-host "adding Operator Roles"
$operatorroles.getEnumerator() | foreach -process { addOperatorRole $_.Name}

Posted in opsmgr 2007 | Leave a Comment »

Exchange 2007 management pack

Posted by wim-ms on April 16, 2008

The management pack isn’t able to discover the Mailbox component on our Exchange cluster. Mailbox count data etc isn’t viewable, the problem seems to have something to do with DNS names of a cluster not correctly being inserted in the database. A solution I found (and which worked for me) on a forum consists of manually updating the database with the correct DNSname.

First run

select NetbiosComputerName,DNSName from OperationsManager.dbo.MT_Computer where DNSName is NULL

to find the DNSName-less servers. Then to fix it:

update OperationsManager.dbo.MT_Computer set DNSName = 'exchangecluster.test.com' where NetbiosComputerName='exchangecluster'

Another solution is to use the discoveryfix MP from Marius Sutara

A third solution is to wait on Microsoft to release a new and hopefully native instead of converted management pack for Exchange 2007 (SP1) 🙂

Posted in opsmgr 2007 | Leave a Comment »

Powershell snippet – fixing kb942865

Posted by wim-ms on April 15, 2008

Here some powershell code to fix kb942865, you’ll get this if you use dbcreatewizard to create your databases on your SQL server, instead of using the installer.

function Pause ($Message="Press any key to continue...")
Write-Host -NoNewLine $Message
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
Write-Host ""

function checkMemberDatabase {
write-host "checking if memberdatabase needs fixing"
$cn = new-object system.data.SqlClient.SqlConnection("Data Source=SQLSERVER\INSTANCE;Integrated Security=SSPI;Initial Catalog=OperationsManagerDW");
$ds = new-object "System.Data.DataSet" "dsOpsdata"
$q = "SELECT * from MemberDatabase"
$da = new-object "System.Data.SqlClient.SqlDataAdapter" ($q, $cn)
$dtOpsdata = new-object "System.Data.DataTable" "dtOpsData"
$dtOpsdata = $ds.Tables[0]
if ([string]::IsNullOrEmpty($dtOpsdata)) {
write-host "upgrading member database - fixing kb92865"
$q="EXEC MemberDatabaseAttach 'SQLSERVER\INSTANCE', 'OperationsManagerDW', 1, 1, 1"
$da = new-object "System.Data.SqlClient.SqlDataAdapter" ($q, $cn)
} else {
write-host "member database ok"

Don’t forget to replace “SQLSERVER\INSTANCE” (2 times) in your SQL server (and instance) containing the OperationsManagerDW

Posted in opsmgr 2007 | Leave a Comment »


Posted by wim-ms on April 14, 2008

Production day is coming closer, after testing Opsmgr for a few months in vmware it’s almost time to put it in production with the rest of our brand new servers. We’re going to use one (R)MS with the OperationsManager database ,the OperationsManager Datawarehouse database, the ACS database and the SRS Report database all in one (active/passive) SQL cluster. The SRS with IIS itself is put on a third server.

I’ve scripted the whole installation, SP1 upgrade, and post-installation configuration in powershell and .NET managed code as much as possible, the only things I couldn’t script were the dbcreatewizard and some post-installation configuration like installing agents (problems with permissions).

In a future post I’ll come back about the post-installation scripting.

Posted in opsmgr 2007 | Leave a Comment »

SP1 evaluation

Posted by wim-ms on April 13, 2008

After all those errors and problems it’s time to say something good about the product 😉 I’ve been running the RC of SP1 for a while and now the final SP1 and some of the fixes that everybody will immediately notice is the speed, snappiness of the interface. Als the ‘override summary box’ is very handy.

Also some errors/bugs fixed and new ones introduced, like performance counter bug which -ofcourse- popped up on my server too. But all in all, a must-have release, it almost feels like a finished product now.

Posted in opsmgr 2007 | Leave a Comment »

SQL cluster gotcha’s – part three

Posted by wim-ms on March 13, 2008

In a test environment I did a SP1 install (actually first an RTM and then a SP1 upgrade, because there’s no slipstreamed install yet). And the dreaded “A Bind Data Source in Management Group ManagementGroupName has posted items to the workflow, but has not received a response in NNNN seconds.” message popped up again. This time the error was caused by using dbcreatewizard.exe to create the datawarehouse on the server.

I found a solution for this problem on http://support.microsoft.com/kb/942865/en-us

Again very strange that following the installation instructions can cause errors like this.

Posted in opsmgr 2007 | Leave a Comment »

Errors, errors, errors! (and no solutions?)

Posted by wim-ms on February 12, 2008

During this week I encountered the following errors:


Event Source: OpsMgr SDK Service
Event ID: 26319
An exception was thrown while processing GetRelationshipTypesByCriteria for session id uuid:17ce6e56-aef7-47e9-810b-47a9a433eaec;id=2.
Exception Message: The creator of this fault did not specify a Reason.
Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UnauthorizedAccessMonitoringException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UnauthorizedAccessMonitoringException: The user DOMAIN\scom_datareader does not have sufficient permission to perform the operation.).

Apparently the culprit is the DNS management pack, the fix on
ihaveablog didn’t work for me though. Removing the DNS management pack did.

Error 2

Event Source: Health Service Modules
Event Category: Data Warehouse
Event ID: 31551
Failed to store data in the Data Warehouse. The operation will be retried.
Exception ‘SqlException’: Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.One or more workflows were affected by this.Workflow name: Microsoft.SystemCenter.DataWarehouse.CollectEventData
Instance ID: {61F1F03D-351A-CBA1-377C-84DF6FFAAD89}

This error only pops up occasionally.. to be followed with event id 2115 and id 31554, basically it succeeds to write the data in the datawarehouse after a few minutes. No idea why this happens and no solution found on the interwebs

Posted in opsmgr 2007 | 2 Comments »