If you want to import a larger bunch of SNMP-devices in to OpsMgr you will probably go thru the disovery wizard way to many times.

Instead of walking thru that wizard every time I asked the network team to write a CSV-file with all the devices and then used this function to import them.

Function Add-SnmpDevice {
        PARAM (
                [Parameter(Mandatory=$true )][string] $FromIpAddress,
                [Parameter(Mandatory=$true )][string] $MonitoringProxy,
                [string] $ManagementServer,
                [string] $ToIpAddress = "",
                [string] $SnmpCommunityString = "public",
                [int32] $SnmpVersion = 2
        )

        # Single ip ?
        If ($ToIpAddress.Length -eq 0) {
                $ToIpAddress = $FromIpAddress
        }

        # Check SNMP version
        if ($SnmpVersion -ne 1 -and $SnmpVersion -ne 2) {
                Throw "Only SNMP version 1 and 2 supported"
        }

        Write-Host "Setting up discovery for SNMP-devices..."
        Write-Host "       From: $($FromIpAddress)"
        Write-Host "         To: $($ToIpAddress)"
        Write-Host "  Community: $($SnmpCommunityString)"
        Write-Host "   SNMP ver: $($SnmpVersion)"

        $networkDeviceClass = Get-MonitoringClass -name "System.NetworkDevice"
        $DeviceDiscoveryConfig = New-DeviceDiscoveryConfiguration -MonitoringClass $networkDeviceClass -FromIpAddress $FromIpAddress -ToIpAddress $ToIpAddress

        # Set Community String
        $encoding = New-Object System.Text.UnicodeEncoding
        $encodedCommunityString = $encoding.GetBytes($SnmpCommunityString)
        $DeviceDiscoveryConfig.ReadOnlyCommunity = [System.Convert]::ToBase64String($encodedCommunityString)

        # Set SNMP version
        $DeviceDiscoveryConfig.SnmpVersion = $SnmpVersion

        # Get management server
        If ($ManagementServer.Length -eq 0) {
                $mgmtServer = Get-RootManagementServer
        } else {
                $mgmtServer = Get-ManagementServer | Where-Object {$_.Name -eq $ManagementServer}
        }
        If ($mgmtServer -eq $null) {
                Throw "Cant find management server named $($ManagementServer)"
        } else {
                Write-Host "Found management server: $($mgmtServer.name)"
        }

        # Find proxy agent
        Write-Host "Lookup of proxy agent named $($MonitoringProxy) ..."
        $ProxyAgent = Get-Agent | Where-Object {$_.Name -eq $MonitoringProxy}
        If ($ProxyAgent -eq $null) {
                Write-Host "No agent named $($MonitoringProxy) found, checking managementservers"
                $ProxyAgent = Get-ManagementServer | Where-Object {$_.Name -eq $MonitoringProxy}
                $ProxyIsMgmtServer = $true
        } else {
                $ProxyIsMgmtServer = $false
        }

        If ($ProxyAgent -eq $null) {
                Throw "Can't find agent or managementserver named $($MonitoringProxy)"
        } else {
                Write-Host "Found $($ProxyAgent.Name)"
        }

        Write-Host "Starting discovery..."
        $DiscResults = Start-Discovery -ManagementServer: $mgmtServer -DeviceDiscoveryConfiguration: $DeviceDiscoveryConfig

        If ($DiscResults.CustomMonitoringObjects.Count -eq 0) {
                Write-Host "Cant discover any objects"
                Return 0
        } else {
                $ObjectCount = 0
                Write-Host "Found objects"
                $discresults | select-object -expandproperty CustomMonitoringObjects | Select-Object Name | Format-Table -HideTableHeaders

                $DiscResults | ForEach-Object {
                        Write-Host "Adding object to proxy..."
                        if ($ProxyIsMgmtServer -eq $true) {
                                $ProxyAgent.InsertRemotelyManagedDevices($_.CustomMonitoringObjects) | Format-Table SnmpDevice, ProxyAgentPrincipalName, ManagementGroup -HideTableHeaders
                        } else {
                                Add-RemotelyManagedDevice -proxyagent $ProxyAgent -device $_.CustomMonitoringObjects
                        }
                        $ObjectCount++
                }
                Return $ObjectCount
        }
}

And two examples on how you can use it to add some devices:

# Add a devices in the range 192.168.100.240-.254 with the community "SomeSecret"
# Use mgmtserver.snowland.demo to do the discovery and add the devices with snmpmonitor.snowland.demo as monitoring proxy
Add-SnmpDevice -FromIpAddress "192.168.100.240" -ToIpAddress "192.168.100.254" -SnmpCommunityString "SomeSecret" -ManagementServer "mgmtserver.snowland.demo" -MonitoringProxy "snmpmonitor.snowland.demo"

# Add a single SNMPv1 device with the "public" community, use the RMS to do discovery
Add-SnmpDevice -FromIpAddress "192.168.100.10" -MonitoringProxy "snmpmonitor.snowland.demo" -SnmpVersion 1

So we ended up with something like this:

Import-Csv ".\snmplist.csv" -Delimiter ";" | ForEach-Object {
        Add-SnmpDevice -FromIpAddress $_.IpFrom -ToIpAddress $_.IpTo -SnmpCommunityString $_.Community -ManagementServer $_.MgmtServer -MonitoringProxy $_.Proxy
}

There are loads of scripts and GUIs that you can use to set Maintenance Mode in OpsMgr, but if you want to do this from a server that doesn’t have the OpsMgr-snapins for Powershell it’s a bit harder…

But then there is Powershell v2 and Remoting… It gives you the option to run a scriptblock on another computer…

Just enable remoting on your RMS and then try this script from another machine:

Function setMaintMode {
        PARAM (
                [string] $rmsHostname,
                [string] $agentName,
                [string] $Comment,
                [string] $Reason,
                [int] $Time
        )

        Invoke-Command -ComputerName $rmsHostname -scriptblock {
                PARAM (
                        [string] $agentName,
                        [string] $Comment,
                        [string] $Reason,
                        [int] $Time
                )

                Add-PSSnapin "Microsoft.EnterpriseManagement.OperationsManager.Client"
                Set-Location "OperationsManagerMonitoring::"
                New-ManagementGroupConnection -ConnectionString:localhost | Out-Null

                $computerClass = Get-MonitoringClass -name:Microsoft.Windows.Computer
                $computerCriteria = "PrincipalName='" + $agentName + "'"
                $computer = get-monitoringobject -monitoringclass:$computerClass -criteria:$computerCriteria

                if ($computer.InMaintenanceMode -eq $false) {
                        $startTime = [System.DateTime]::Now
                        $endTime = $startTime.AddMinutes($Time)

                        New-MaintenanceWindow -startTime $startTime -endTime $endTime -Comment $comment -Reason $Reason -monitoringObject $computer
                        return $true
                }  else {
                        # Allready in maintenance mode
                        return $false
                }

        } -ArgumentList $agentName, $Comment, $Reason, $Time
}

setMaintMode -rmsHostname "rmsserver.domain.local" -agentName "currentserver.domain.local" -Comment "Some comment" -Time 30 -Reason "PlannedOperatingSystemReconfiguration"

What it does is that it run’s the OpsMgr-specific parts on the RMS instead on your local machine… so with that in place it’s easy to create a GUI around it and then spread a shortcut to all your servers that have Powershell v2 installed.

Notes:
The quick and dirty way to enable remoting on your rms, start cmd as an administrator and run winrm quickconfig
Here can you find a quick intro to PS Remoting.

Quick and easy way to get a list of all OpsMgr monitored SNMP devices

Get-MonitoringClass -name 'System.NetworkDevice' | Get-MonitoringObject | Format-Table PathName, DisplayName

The last days I have been looking in to Savision LiveMaps, thought I share some of my thoughts on the product.

My two cents

Maps

So the product is named LiveMaps, it should be good at doing maps… is it? Well, I havn’t seen any product with tight OpsMgr integration that does it better.
You can set almost any picture as a background (vector-based is preferred since they scale up/down best) and then you just drag n’ drop object from OpsMgr on to the map.
A nice feature is that you can create membership rules for every map, so if you are creating a map of a part of your network you can set rules to include every object named XYZ, have an IP-adress of 1.2.3.*… if you are know how to create a group in OpsMgr, it’s basicly the same… with all the options.

Application

Most of the things you can do on application monitoring you can do with OpsMgr Distributed Applications. The best part with doing it in LiveMaps is the placing of objects. In OpsMgr you can’t select that you want to place your database on spot X and service on spot Y. When doing this kind of applications in LiveMaps you can easily set an exact spot for you object and then if you want add an small image, colored box or something nice to give it some more bling.

Network Topologies

When creating network topologies for a large network you should probably use Jalasoft XianIo as well. Today, with a plain vanilla OpsMgr you can’t autocreate relations between devices. So if you have a large network, this will take time… loads of time.
I hope that Savision will post some information on how we can use this to create relations in our own environments without the need of third party products, even with XianIO there are SNMP-enabled devices that XianIO doesn’t cover…

Take a look at this YouTube video: and you understand why you should look in to XianIO Today.

Dashboards

Together with maps, this is the easy way to get project-fundings.
Starting with a map or distributed application, just drag and drop your objects and within seconds you have the dashboard your CIO always wanted. “Economy App – Green”, “HR App – Yellow”, “Mail – Green”… easy to set up, easy to understand.

Notes, suggestions and general thoughts to Savision

Live Maps in OpsMgr

When using large maps it’s hard (well, not hard… just to many clicks) to zoom in/out and then pan around.

Some easier way (than this blogpost) to control the health rollup.
For a OpsMgr admin this shouldn’t be a problem… but we are aiming on having network guys draw the maps and relations between network equipment.

Authoring Console

Where is the export/import button? I want to create my maps in test/dev, export them and then import them to production. Ok, I understand that you need the refering objects GUID when you import a map…
…what if you make it like this: When you export a map you don’t save GUID, instead you save the name of the object. Then, when you import the object you get a wizard that alows you to map saved names against the real object in the new environment.

A “replace this object”-Icon would be nice. When creating larger overviews (say country) I start out by creating the easy dynamic lists for the tier 2 maps (say city). Then, when I have the right amount of information, a background map and so on, I want to replace the dynamic list with a nice map for that city. But today you will loose all connections from and to that city-object on the country map. So… a replace button would be nice.

Missing a global option to set different (default) Sate-icons. I would like to have one for every object with Class X or Class Y.
For instance I want to create Server-icons, Network device-icons and so on. With that option you can remove the image and only use stateicon to describe the equipment.

Missing the option to place the State Icon in the center of the image.

Option to mark the Visible-flag on/off for a folder instead of separate maps.
I know that you can do this by creating a OpsMgr User Role and scope that one… When you have the option for every map/list, why not on folders?

Web

I want to be able to create a Web-url without alerts and the right-click menu, only icons.

An option to grant anonymous access to a single drawing. Say that you want to do a dashboard with your larger applications and publish it on the intranet…

Is it possible to integrate tighter with the OpsMgr Web Console, you do not want to have two consoles for one monitoring solution. Yes, I know that you can work around that by linking in the weburl… It works but it isn’t the nice way to do it.

And please, give some basic support for users not using MSIE.

Licensemodel

How about test/dev-environments? Today the licenses is based on MgmtGroups and most of us have a separate test/dev environment. Ok, you can use the free version but it’s limited to 5 maps and I want my dev environment to reflect the production environment.

Information / Relations

I have been in contact with Savision support, I wanted to know how I can enable the automagic relations-button. Got an answer and they will look in to it.
I want to discover hardware devices, SAN-Switches for instance, how nice wouldn’t it be if LiveMaps could draw the relations to servers for me?

This will not be a post with the technical content you might be used to read on this blog.

In the last 5 years I have been working on “a few” OpsMgr projects with different customers… one thing I have to remind almost every customer of is that they should not use the acronym SCOM for System Center Operations Manager.

Why?
The main reason is the community. Today everyone (well… the most of us) use OpsMgr in writing.
When you search for SCOM you get more hits than a search for OpsMgr, but most of the hits are pointing you to old articles and blogposts.
A few years back the most of us (even Microsoft) used the acronym SCOM, but as I just pointed out… today almost everyone is using OpsMgr.

Ok I’ll use OpsMgr, but what to say?
You probably go nuts if you try to say “System Center Operations Manager” every time…
I have heard a few:
OpsMgr
Ops Manager
Operations Manager
Operations

I probably use Ops Manager the most.

So why this blogpost?
Ehrm… to give you “new guys” an easier way to search for new articles and to give myself an easier way to search for new articles.

So… please, do not write SCOM, write OpsMgr instead.

When we tried to run new-TestCasConnectivityUser.ps1 to create some mailboxes for the test-cmdlets we ran in to some strange problems.

Got an errormessage stating “CreateTestUser : Mailbox could not be created. Verify that OU ‘Users’ exists and that password meets complexity require”

The OU exist and the password is OK… strange. Googled and didn’t find anything that could relate to that problem. Then I started to disect/debug the powershell script…

Ended up with a command like:

$SecurePassword = Read-Host "Enter password" -AsSecureString
new-Mailbox -Name:ext_dummy -Alias:ext_dummy -UserPrincipalName: -SamAccountName:ext_dummy -Password:$SecurePassword -Database:somestrangeguid -OrganizationalUnit:Users

When running that command it says that “Multiple organizational units match identity “Users”. Specify a unique value.”

OK, we have another OU in the hierarchy named “Users”…
Edited the script and changed the value of $OrganizationalUnit to another OU and did a new test with “get-mailboxServer | .\new-TestCasConnectivityUser.ps1″ and a few seconds later we have the users.

A while ago I wrote a little PHP-application for demostrating webmonitors in System Center Operations Manager 2007.
It will probably work for any monitoring solution that catches http errorcodes or textstrings on a page.

Free to use, so give it a try.

You can find it at: https://snowland.se/demo/

After a while my demo environment with OpsMgr data warehouse (and loads of other stuff) needed some more space.

I haven’t looked in to grooming of the DW before. So as usual Google is a nice friend.

Stefan Stranger has a nice post with loads of grooming information.

So what I did was to download the dwdatarp tool.

First I ran it to see the current status

dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW

Looks like most of the datasets are stored 400 or 180 days… That is somewhat to much data for a demo environment.
I took the values and divided them by 4. Then ran the following to free up 75% of the database.

dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds Alert -a Raw -m 100
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds "Client Monitoring" -a Raw -m 8
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds "Client Monitoring" -a Daily -m 100
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds Configuration -a Raw -m 100
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds Event -a Raw -m 25
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds Performance -a Raw -m 45
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds Performance -a Hourly -m 100
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds Performance -a Daily -m 100
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds State -a Raw -m 45
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds State -a Hourly -m 100
dwdatarp.exe -s SNWSQL01 -d OperationsManagerDW -ds State -a Daily -m 100

OK… when you have a database full of free space you need to truncate it, but that’s another story…

At a customer-site today we discovered some interesting things installing a few OpsMgr management servers.

The scenario is:
- A active/active SQL Cluster running SQL 2005 SP3 (This is where we want to host the OpsMgr-database)
- A couple of Server 2008 as RMS and MS

When you install the database on you run the setup on one of the clusternodes… works fine.

Then… when it’s time to install the RMS the problems kicks in.
A few steps in to the setup you are prompted to name the SQL-Server, Databasename and what port… this works fine.
The next steps are for the accounts you want to use…
Then when at the end of the progress bar the text says something like “Executing SQL Strings” it fails.

If you look in to the log file you can see that it cant create a connection to the SQL Server, kinda strange since it did verify that the database existed in the step where you point out server and name.

After trying everything we started to create logs… massive amount of logs, traces and dumps.
We couldn’t see that the msiexec tried to connect to the SQL… so after googling, reading and googling some more we found the problem.

IP-Sec and the broker-service.

What happens is that the msiexec tries to connect to the SQL Server, what it does in a clustered environment is that it talks to the SQL Broker who then says “Hey the instance you are looking for is located on port 123″… But, when the broker responds, it doesn’t respond from the same IP as the SQL server.

And what do a standard IP-Sec-setup do with packages from “another” IP… drop.

So, to work around this you need to install the SQL Client on the RMS/MS.
Then set up an alias (32-Bit alias if you are using a x64, if you are using a x86 you don’t have to bother) that’s named the same as the SQL-Server and with the right port.
When that’s done you can install your RMS or MS.

A small and simple script to monitor number of connected SCOM-consoles.

Set oLocator = CreateObject("WbemScripting.SWbemLocator")
Set oWmi = oLocator.ConnectServer(".", "root/snmp/localhost", "")
Set oStats = oWmi.ExecQuery("select * from SNMP_RFC1213_MIB_tcpConnTable where tcpConnLocalPort = 5724 AND tcpConnLocalAddress <> '0.0.0.0' AND tcpConnLocalAddress <> '127.0.0.1'")

Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "ConnectedConsoles", oStats.Count
oAPI.AddItem(oBag)
oAPI.ReturnItems