SCOM 2012: ACS Security Log Retention Monitor (Update)


A couple of weeks ago I released a Management Pack with a Security Log retention monitor. This monitor uses PowerShell to determine the retention of the security log. This is important in ACS implementations and therefore you want to monitor this. Unfortunately I discovered some performance issues with the monitor so I changed the monitor to resolve these problems for Windows 2008 and later systems. Continue reading

SCOM: Windows Operating System MP’s Updated to version 6.0.7292.0


Just a short blogpost to mention that the Windows Server Operating System Management Packs are updated to 6.0.7292.0. Based on the Management Pack documentation the following fixes are included:

  • Mount point Names have been changed from GUIDs to a friendly drive letter name
  • Fixed performance collection workflows that were failing for some mount points
  • Fix was made to include Mount points without a drive letter name

I imported these management packs in my test environment and the new Management Packs are working without any errors. As Always read first the management Pack documentations and then apply the pack to your OpsMgr environment. It’s preferred to do this first in your test environment and when everything works without errors you could update them in your production environment.

You can download the updated packs here.

SCOM 2012: ACS Forwarder Security Log Retention Monitor


In an OpsMgr Audit Collection Services implementation the local security logs on the forwarders are the queue when the collector is not available. So the retention time of the Security Log is a very important, but out-of-the-box not monitored by OpsMgr. Today I decided to create a PowerShell monitor which monitors the retention time of the security event log. This PowerShell monitor uses the following script to define the retention of the Security event log of an ACS forwarder.

Continue reading

SCOM 2012: Failed to start a process due to lack of resources


Last month I presented a solution for alerting based on security events. This solution was based on an event rule and a PowerShell command channel which closes the unwanted alerts. I used this scenario for creating logon alerts. Based on my experience the volume of this kind of alerts was too high. So I received the following alerts: ‘Operations Manager failed to start a process due to lack of resources’

Continue reading

SCOM 2012: ACS Collector automatic failover v2


Last month I created an OpsMgr ACS Collector failover script. This script worked but was not able to failover the ACS Collector role in all scenarios. This was mainly based on the fact that I used the existing ACS collector service monitor. This monitor checks the AdtServer service and alert when this service fails. Only when the complete server is down this monitor goes into a gray state instead of critical state. So I decided to add some additional components to the failover script. An updated version of the failover script (management pack) can be at the end of this blogpost.
Continue reading

SCOM 2012: Get all computers with a specific alert (PowerShell)


Yesterday I received a question about: ‘Can you give me all unique computers with the following active alert’. My answer was ‘Yes, I Can!’. My first idea was to solve this with a PowerShell script and here it is. A short script of 2 lines which gives you all unique agents with the alert: ‘Workflow Initialization: Failed to start a workflow that runs a process or script’.

Import-Module OperationsManager
New-SCOMManagementGroupConnection -Computername "<<MGMT_SRV>>"

#Get all alerts complaining about missing credentials "System Center Management Health Service Credentials Not Found Alert Message"
$hosts = Get-SCOMAlert | Where-Object {$_.Name -eq "Workflow Initialization: Failed to start a workflow that runs a process or script" -and $_.ResolutionState -ne '255'} | Select PrincipalName
$hosts.GetEnumerator() | Sort-Object -Property PrincipalName -Unique

Before you can use this script in your environment you have to change the string: <<MGMT_SRV>> and probably the name of the alert. The string <<MGMT_SRV>> needs to be replaced with one of your SCOM management servers.

Have fun!


Speaker at Experts Live 2014


Experts_Live_logo_2014I’m honored that I can present a System Center Operation Manager session at the Dutch community event of the year! Experts Live is a great event with session about Microsoft different technologies like Azure, Hyper-V, System Center, PowerShell, SQL and Office365. My session at Experts Live is about how to transform your OpsMgr environment from component monitoring to Service Monitoring. Continue reading