Operations Manager - KMS Idle Minutes Monitor Alerts - False Positives As Event ID 12290 Still Being Logged

Hi all,
I am using System Center 2012 R2 Operations Manager with the Key Management Service Management Pack at version 6.0.7234.0, and I keep receiving the following alert in Operations Manager:
"Idle Minutes Monitor Alert:
Key Management Service (KMS) inactivity exceeded threshold
Knowledge:
Summary:
The purpose of this rule is to alert system administrators to a possible KMS or network outage. This rule monitors the end-to-end operation of KMS activation. A notification event is created by KMS if no activation or renewal requests were logged by KMS
(activity event 12290) in the specified time interval. In addition to new activations, periodic renewal requests are expected to occur (default is 7 days). Whether or not this alert is serious depends on the number of machines in the KMS environment, how many
are actually connected, and the configured renewal interval.
Causes:
Any failure or incorrect configuration of the KMS service, other Windows components, firewall, hardware, network or routers can trigger the Idle Minutes Alert. This alert can also result from normal behavior, since it is possible that not enough machines
attempted to activate or renew during the specified time interval.
Resolutions:
The first step is to determine whether there really is a problem. Start with a known good KMS client and run (with elevated privileges) the script slmgr.vbs -ato . If the activation/renewal fails, it will report an error code. You can direct the client to
connect to a specific KMS machine by using the slmgr.vbs -skms option. The request event (12288) and response event (12289) in the Windows Application event log may provide additional information, including the identity of failing KMS machines. If there has
been a failure, check the following:
Software Licensing service (slsvc) is running.
Other KMS machine behavior is normal.
KMS firewall port is open (default is TCP 1688).
Attempt to connect to KMS using telnet to the KMS port(you won’t be able to do anything other than connect)
Use a network monitor (e.g. netmon) to capture and trace network problems.
There is one Idle Minutes Monitor that is used to monitor for activity. It may be desirable to adjust the time threshold, depending on expected KMS activity."
Despite what the alert says, there are activity events with ID 12290 being logged, but they are appearing under the 'Key Management Service' log instead of the general 'Application' log. I know that my clients are activating with the server without
any problems as I have run slmgr.vbs -ato with success on a number of them, and none are stating that activation is required. This issue was previously raised here:
http://social.technet.microsoft.com/Forums/systemcenter/en-US/1391acf8-f0be-4a48-9039-8d24e275f1fd/kms-idle-time-monitor-raise-wrong-alerts?forum=operationsmanagermgmtpacks, but I am running Windows Server 2008 R2 SP1 and the hotfix KB981314 comes
up as 'not applicable to this computer' so I assume it is part of SP1 now. I have also tried installing KB2692929, as that was cited as being a possible fix here:
http://social.technet.microsoft.com/Forums/systemcenter/en-US/8ec8ae5b-a310-4b0f-9a5f-e0599bceb93a/kms-managementpack?forum=operationsmanagermgmtpacks, however I am still seeing the same alerts.
Would greatly appreciate any further suggestions!
Many thanks

Hi,
I've checked for all the events that are generated by our servers, and there are periods of time where no requests are received for up to 18 hours, so that is no doubt why the alerts are appearing (we then sometimes see five requests in the same minute,
but there we go). I'll need to adjust the thresholds.
Thank you for your help, Chunky.1, I'll mark your reply as the answer, as it was very helpful in understanding the alert.
For anyone else who needs to check this, create a PowerShell script using the following content, and place your own details into the relevant sections in bold (without the brackets, of course). This will generate a csv file which will have the server
name in one column and the time that the request event was generated - you can then check the gaps between the requests. The script is quick and dirty, with no checks along the way, so feel free to embellish it as required.
Out-File "<directory to place file in>\KMS_check_results.csv"
$results = get-eventlog -ComputerName <KMS server hostname> -logname 'Key Management Service'|where{$_.message -match "<String which identifies servers instead of clients>"}
$filteredresults = @()
foreach($event in $results){
    #This splits up the message into sections, separated by commas, and places each section as an element in an array
    $event.Message -split ","|foreach{
        if($_ -match "<server domain suffix - e.g. contoso.com>"){
            $eventserver = $_
    $timegenerated = $event.TimeGenerated
    $filteredresults += New-Object PSObject -Property @{
        Server = $eventserver
        TimeGenerated = $timegenerated
$filteredresults|select-object server,timegenerated|export-csv "<directory to place file in>\KMS_check_results.csv" -NoTypeInformation

Similar Messages

Operations manager failed to run a wmi query for wmi events (0x800706ba)

Hi everyone,
I've been working on this issue for a while and I am still no closer to finding out what the problem is. If anybody can offer any other advice or things to check, I'm all ears.
I'm running SCOM 2012 R2 with UR2, and the Cluster Management Pack v6.0.7063.0
My problem is on one particular batch of cluster servers where I am getting the following error.
Name: Operations Manager failed to run a WMI query for WMI events
Alert Description:
Module was unable to enumerate the WMI data
Error: 0x800706ba
Details: The RPC server is unavailable
Workflow name: Microsoft.Windows.Cluster.Node.StateMonitoring
Instance Name: servername.domain.local
Instance ID: {instance_id}
Management group: SCOM_Management_Grp_Name
I am getting this alert regardless of whether I run the Windows Cluster Action Account as Local System, or as a domain user with full local admin privileges on all the cluster nodes.
When looking at the management pack and the workflow in particular (Microsoft.Windows.Cluster.Node.StateMonitoring), I can see that it's trying to access
MSCluster_Node in the root\MSCLUSTER WMI namespace.
This is the workflow for your information...
<UnitMonitor> ID="Microsoft.Windows.Cluster.Node.StateMonitoring" Accessibility="Public" Enabled="onEssentialMonitoring" Target="ClusLibrary!Microsoft.Windows.Cluster.Node" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="ClusLibrary!Microsoft.Windows.Cluster.CheckState" ConfirmDelivery="false">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.Windows.Cluster.Node.StateMonitoring.AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter1>
<AlertParameter2>$Target/Property[Type="ClusLibrary!Microsoft.Windows.Cluster.Node"]/ClusterName$</AlertParameter2>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Online" HealthState="Success" />
<OperationalState ID="Warning" MonitorTypeStateID="Partial" HealthState="Warning" />
<OperationalState ID="Error" MonitorTypeStateID="NotOnline" HealthState="Error" />
</OperationalStates>
<Configuration>
<ClusterObjectName>$Target/Property[Type='ClusLibrary!Microsoft.Windows.Cluster.Node']/NodeName$</ClusterObjectName>
<PollInterval>60</PollInterval>
<ClusterObjectClass>MSCLUSTER_Node</ClusterObjectClass>
<OnlineExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</OnlineExpression>
<OnlineExpressionOnDemand>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</OnlineExpressionOnDemand>
<PartialExpression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</PartialExpression>
<PartialExpressionOnDemand>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</PartialExpressionOnDemand>
<NotOnlineExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</NotOnlineExpression>
<NotOnlineExpressionOnDemand>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</NotOnlineExpressionOnDemand>
<WMIFields>Name, State</WMIFields>
</Configuration>
</UnitMonitor>
I can confirm that I am able to browse the MSCluster_Node class locally, as well as remotely using WMIEXPLORER and WBEMTEST,
however it only works when I set the Authentication Level to
Packet Privacy. If I do not select Packet Privacy, a WMI event log error 5605 is logged on the remote servers application log that says...
The root\mscluster namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy
and run the script or application again.
I can confirm that all firewalls are turned off, and there are no firewalls between the management servers and the agents in question. AV exclusions have been done and appear to be in place. The nodes are all Windows 2008 R2 with SP1. As
far as I can tell there is plenty of memory available on each of the nodes in question (50%+) of RAM is available.
If I manually run the "Discover the Windows Server 2008 R2 Cluster Components" task in the Cluster Service State section of the management pack in the Monitoring Pane in the console, on the nodes in question - the discovery runs successfully.
Does anybody have any other ideas or suggestions I could try?
Many thanks in advance,
Noel.
http://www.dreamension.net

Hi,
Common causes of RPC errors include:
Errors resolving a DNS or NetBIOS name.
The RPC service or related services may not be running.
Problems with network connectivity.
File and printer sharing is not enabled.
For more information, please review the link below:
Windows Server Troubleshooting: "The RPC server is unavailable"
http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#Identify
Troubleshooting RPC Errors
http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Cisco Unified Operations Manager v Cisco Service Monitor

I am unfamiliar with both od these products. Both seem to overlap in that they seem to aim for end to end voice quality management, relying on the 1040 probe.
Am I off base here? Are they similar products, one or both maybe OEM'd???
Are they widely deployed?
Any thoughts welcome.
Regards

Hi Gordon,
They are very much complimentary. In fact, installing OM used to install SM by default on same box.
OM doesn't collect info from the 1040 probes. SM does this, and then alerts to OM if thresholds are breached.
OM will then display the alert.
Operations Manager is very much about actively monitoring the health of the UC environment. Here's a couple of practical examples of what it does:
- Maps out a logical view of the environment
- Performs scheduled tests - checks CM reg, dial tone, TFTP
- Simulates calls with both synthetic phones and even real phones
- Interactive tests - check phone features are working etc
- Performance management - view utilisation of GW's CM's etc.
- IP SLA - simulated calls, jitter testing across the network using routers / switches and IP SLA features
- Alert monitoring - dashboard view
Service Monitor is very focussed on measuring the actual user experience of calls.
- It can use CDR / CMR records (with no 1040 HW sensors deployed) to record, and monitor the quality of individual calls
- It can also use the 1040 HW sensors to collect more granular call quality details.. (it sends the details to SM via syslog constantly)
- Report and alert on call quality based on thresholds (Alerts are sent to OM and appear in your alerts window)
The only real overlap I would say is that OM does some quality tests with IP SLA, but it is based on synthetic calls rather than working with data about real calls.
There is also another module, Unified Service Statistics Monitor, I'd recommend looking at this too, it provides the historical component, and also a variety of different reporting - including service levels and executive style dashboards.
I've done a few deployments. Standard network management principles apply, and I think this is where a lot of them fall down. No product can manage your network for you automatically, the biggest part is people and process. Once you have this in place you can definitely use products like OM, SM to automate and simplify.
The larger and more complex your network, the more valuable and useful these products can become.
My recommendation is to get the eval copy, and try them out. You do need to think carefully about what you want to achieve though, without this step, an install of these products probably won't impress. The art is all about the setup.
Cheers,
Tim

Operations Manager 2012 - TCP Port Monitor

Hi,
Is it possible to have the TCP port monitor only alert if it fails on subsequent polls, instead of the single connection failure which is the default? We have 3 GPRS connections which intermittently
fail, so we only need to be alerted if they don't come back online after a 5-10 minute inverval and 2 failed connection attempts in a row. We have orchestrator so perhaps a runbook needs to be created?
Thanks

Hi,
Yes. The Runbook could do this trick. I think you need to make the monitors not to generate alerts when health state changes. Then use runbook to monitor the Health State, if some conditions are ture, an alert will be generated.
I am not so familiar with Orchestrator, you may ask at Orchestrator to get answered of how to design the Runbook.
Juke Chou
TechNet Community Support

Alert: Operations Manager failed to run a WMI query

I am having an issue with my Cluster MP. I am getting a large amount of alerts for "Alert: Operations Manager failed to run a WMI query"
Alert: Operations Manager failed to run a WMI query for WMI events
Source: Server.Domain
Path: Server.Domain
Last modified by: System
Last modified time: 6/10/2014 5:20:40 PM Alert description: Module was unable to execute the notification query.
Error: 0x80041003
Details: Access denied
One or more workflows were affected by this.
Workflow name: Microsoft.Windows.Cluster.Node.StateMonitoring
Instance name: Server.Domain
Instance ID: {A7DED311-01E2-927A-A4BF-013D443EBA84}
Management group: SCOM-GroupName
This happens for many workflows. I can not for the life of me find what access is being denied on. Any help would be great.
I have the cluster run-as profile configured to use a domain account as well as the local agent to use a domain account that has administrative rights to the clusters.
Thanks,
Seth

Yes, in a last ditch effort to over come this access denied I made my Action Account a domain admin and configured the agent default account from local system to the domain action account. nothing has worked for me.

Operations Manager 2.0

Hi,
We have installed CiscoWorks CommonServices 3.0.5 with Operations Manager 2.0.1 but unable to add devices to Operations Manager database for monitoring purpose. While adding devices to the Operations Manager database, we are getting following error message,
"cannot add device.See the NMSROOT/log/CUOM/TIS/DeviceManagement.log file for more information."
We have verified the device credentials like username,password,SNMP string but still issue persists.
Also attaching "DeviceManagement.log" file from the Operations Manager server for your reference. Kindly assist to
further troubleshoot this issue.

Try Bug - CSCsf17453

Systems Center Operations Manager false alerts for DFS

Last weekend, SCOM generated 87 alerts for "DFSR-R: Replicated Folder Removed" across 3 different servers. The problem being, those alerts are supposed to be generated when SCOM detects event ID 4010's, however, I checked all 3 servers, and there
were no 4010 events on any of them. Has anyone seen false positives like this? And does anyone have an idea towards preventing them in the future? I'm not even sure where to start troubleshooting this.

Thanks for the suggestion, we actually figured it out this morning. For some reason SCOM wasn't monitoring these 3 servers correctly (and possibly others). The alerts were created from valid 4010 events, though from a month ago in one case, and early last
year in others. However, that's not an issue for us to troubleshoot, we only support a handful of technologies for this customer, and SCOM itself isn't one of them (we just use it for monitoring the technologies we DO support).

SC 2012 R2 - Operations Manager - All servers except Management server show Not Monitored

Hi all,
I have installed System Centre 2012 R2 - Operations Manager and configured on our Domain and running without a problem. I used the VHD available here: http://www.microsoft.com/en-gb/download/details.aspx?id=40844
I have created a single VM called VM1 and installed Windows Server 2012 R2. VM1 has also been joined to our domain.
The management packs for Server 2012 R2 have been downloaded to the SC2012 OM.
I have discovered and added in VM1 server to the OM Server. I can see the agent running in VM1 (Microsoft Monitoring Agent) but it always shows as "Not monitored".
I have restarted both servers, found the guide regarding "Greyed out or Not monitored" but the steps outlined have not resolved the issue.
The account used in the test domain to install and run the service is a Domain Admin account. The test domain network also disabled the firewall on all member servers.
I have stopped all services on the OM server, renamed the "Health Service State" folder as suggested but nothing has resolved the issue.
Could anyone please help me? If more information is needed I would be happy to provide it.
Thanks in advance,
Graham

Thank you all. After coming into the office today I checked the event logs on VM1. All afternoon I had been getting 4 events every 15 minutes;
Three x 21023 - OpsMgr has no configuration for management group SCOM12 and is requesting new configuration from the Configuration Service
And one error, 20070 The OpsMgr Connector connected to SCOM12.test.local, but the connection was closed immediately after authentication occurred. The most likely cause of this error is that the agent is not authorized to communicate with the
server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.
However at 00:04, I can see an event log 21019 - OpsMgr has returned to communicating with it's primary hostSCOM12.test.local and since then regular Health Service logs.
I checked in OM and now it is showing as Healthy and monitored - I guess this just needed a lot of time to configure itself? Is this normal behaviour?
I also checked VM1 TCP 5723 which it says was not open (the firewall is off on the server however it is working in OM.
PS C:\PSScripts> Test-Port -computer VM1 -port 5723 -tcp
Server : VM1
Port : 5723
TypePort : TCP
Open : False
Notes : Connection to Port Timed Out
Thanks again for your help. If it goes again I shall create a new post.

Operations Manager 2012 Generates a lot of Alerts

Hello,
Please kindly help.....I deployed Operations Manager 2012 and configured the Email Notifications.Now OpsMgr is generating a lot of Email alerts.......
How can i reduce on the alerts and Email noise and only tune for the required Email notifications.
OpsMgr is currently monitoring Active Directory,Exchange,SharePoint,SQL,Lync,IIS,and other components of System Center.
Thanks and Regards,
Ronald.

Hi Ronald,
You got two option.
1) Fine tune the subscription
2) Fine tune each and every rule and monitor
Tuning subscription is easy and quick solution to stop recieveing emails. Try to narrow down subscription to very critical monitor and rules. You may not be interested in recieving emails for some service monitor and rules, you may remove them from your
subscription list.
Creating overrides to tune monitor and rules is lengthy process as you have to create override for each rule and monitor. I will suggest; first find out most noisy rules & monitor and fine tune them.
Top 20 Alerts in an Operational Database, by Alert Count
SELECT TOP 20 SUM(1) AS AlertCount, AlertStringName, AlertStringDescription, MonitoringRuleId, Name
FROM Alertview WITH (NOLOCK)
WHERE TimeRaised is not NULL
GROUP BY AlertStringName, AlertStringDescription, MonitoringRuleId, Name
ORDER BY AlertCount DESC

GRC 10 ALERT MONITOR: FALSE/POSITIVES BIAS CALL TRANSACTION

Hi, everybody. I had an Issue related with GRC AC 10 alert monitor that is reporting that some users triggered SoD risks TR54 , TR01 and TR03 originated by transactions: ML81N - service entry against purchase order and FB05 - post with clearing. Both transactions are not available for those users because they don´t have the authorization profiles in the UMR or available in dialog mode.
Nevertheless we observed that both actions (ML81N and FB05) were invoked by a "CALL TRANSACTION" instruction from another program report.
I believe that this is a false positive alarm that were triggered even though the users have not assigned roles or functions of risk.
I will appreciate your comments.
Best Regards.
Victor Sarabia
IT GRC Manager

1) How do I not alert on first failure but initiate an immediate retry in 30 seconds and if retry fails then alert. This prevents false positives and is a feature that products such as uptrends performs as default
SCOM has no that kind of feature
2) How do I alert on with just one alert of transaction failure instead of each of the components of the transaction monitor failure. Example our first failure threw 10 alerts encompassing each part of the transaction
a) Right click web application transaction Monitoring object --> View Management Pack Object --> View Monitors
b) Expanse the web application transaction monitor --> entity Health --> Availability --> Web Application XXXX
c) Open the monitor properties of Request X -XXX and uncheck "Generate alerts for this monitor"
3) How do I create an uptime report to show monthly and quarterly uptime for the website based on the transaction monitoring.
a) go to Monitoring workspace --> Web Application Transaction Monitoring --> Web Application State
b) select the web application transaction entity and click Availability Report task on task pane
c) Select the report period and run
Roger
Roger

Basic Network Monitoring for Cisco Operation Manager 2012

Hello,
Please bear with me as i'm new the Operations Manager 2012 world. I've just installed operations manager 2012 in our environment and i've setup a network management point. I've discovered my networking gear which is primarily cisco equipment. The devices
are appearing as CERTIFIED. It appears that they are HEALTHY however in most cases i'm getting some arbitrary monitors. I have a 6509 switch where memory and processor appear to be being monitored out of the box. I'm receiving alerts and everything.
My question is how do I turn on monitoring for other discovered components. I seem to understand I can make SNMP monitors under the authoring pane if i know the OID. That sounds like it'd be tedious work for such a simple and basic monitor. However I was
under the impression I would be able to monitor a lot of these components with a simple click of a button. Is this not the case? I'm primarily interested in monitoring the state and performance of particular interfaces as well as the state of the power supplies
in our switches. Is there a guide that explains the basic principles of this. What are my options?
Thanks!
-Brandon

Hi,
You will need to edit the discovery and broaden the range. You may use recursive discovery.
Recursive discovery will try to discover any other network devices it knows about through its Address Routing Protocol (ARP) table, its IP address table, or the topology Management Information Block (MIB) to grow the network map and present all applicable
devices to you for monitoring.
You can also filter out devices that you don't want to be discovered by using properties such as the device type, name, and object identifier (OID). This is a handy option if you wanted to quickly discover all the network devices in your network except,
a small number or some with a specific criteria.
In really large networks with a lot of network devices, keep in mind that there is a default limit of 1500 network devices that can be discovered recursively. You can of course tweak this limit to suit your environment if you wish, but for most people, this
won't be needed.
More details, please go through the article below:
http://kevingreeneitblog.blogspot.com/2012/07/scom-2012-network-monitoring-explicit.html
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

VMM Agent Not Monitored By Operations Manager

I am getting this alert
VMM Agent Not Monitored By Operations Manager
I have VMM 2012 sp1 and SCOM 2012 sp1 so please kindly tell me the solution.

For VMM Agent Not Monitored By Operations Manager, Please, Send if there is error in event viewer
Also Check below link to help you in Fix your Issue
http://blogs.technet.com/b/operationsmgr/archive/2012/01/23/potential-issues-with-vmm-2012-opsmgr-integration.aspx
For Configuration of Operation Manager to monitor VMM, Refer to below link
http://www.systemcentercentral.com/configuring-pro-integration-between-opsmgr-2012-and-vmm-2012/
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer".

After creating a Powershell script monitor - how to import in Operation Manager 2012 ?

Hello!
I just completed all the steps in this article:
http://social.technet.microsoft.com/wiki/contents/articles/16752.management-pack-composition-exercise-2-creating-a-monitor-based-on-a-windows-powershell-script.aspx?CommentPosted=true#commentmessage
So now I guess that the just created Management Pack should be imported in Operation Manager 2012, and then also folders and views should be created in order to have it showing green/red based on the values returned by the script.
In the article there's no pointer to that procedure, so can you please provide a good link where the steps are explained?
thanks!

Have a look at the following video, it steps through how to create rules and monitors using PowerShell scripts
https://technet.microsoft.com/en-us/video/how-do-i-create-a-rule-and-monitor-using-a-windows-powershell-script-in-a-system-center-operations-manager-management-pack.aspx
Cheers,
Martin
Blog:
http://sustaslog.wordpress.com
LinkedIn:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Operations Manager log flooded with 11903 errors due to "Virtual Hard Disk free disk space" monitor

Management Pack: Microsoft Windows Hyper-V 2012 R2 Monitoring (7.1.10104.0)
Monitor: Virtual Hard Disk free disk space
There appears to be an issue with this monitor. Every hour, each of my Hyper-V servers is reporting dozens of errors similar to the following. It seems like there is a disconnect between the expected return type (integer) and the actual type (decimal) when
checking the free space on VHDX files.
Log Name:      Operations Manager
Source:        Health Service Modules
Date:          2/5/2014 7:59:47 AM
Event ID:      11903
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      BEAST.corp.technologytoolbox.com
Description:
The Microsoft Operations Manager Expression Filter Module could not convert the received value to the requested type.
Property Expression: Property[@Name='Microsoft:9AC8FCAB-800D-424F-ABCB-747063E5FCF1\559D22F4-A565-4AD4-9B71-44FC5D815C0C\0\0\L.FreeSpace']
Property Value: 488033.99609375
Conversion Type: DataItemElementTypeInteger(5)
Original Error: 0x80FF005A
One or more workflows were affected by this.
Workflow name: Microsoft.Windows.HyperV.2012.R2.VirtualDrive.FreeSpaceMonitor
Instance name: Hard Disk
Instance ID: {0C0E0759-D846-963C-21E6-3C1A1C096D5F}
Management group: HQ
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Health Service Modules" />
    <EventID Qualifiers="49152">11903</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-05T14:59:47.000000000Z" />
    <EventRecordID>32395</EventRecordID>
    <Channel>Operations Manager</Channel>
    <Computer>BEAST.corp.technologytoolbox.com</Computer>
    <Security />
</System>
<EventData>
    <Data>HQ</Data>
    <Data>Microsoft.Windows.HyperV.2012.R2.VirtualDrive.FreeSpaceMonitor</Data>
    <Data>Hard Disk</Data>
    <Data>{0C0E0759-D846-963C-21E6-3C1A1C096D5F}</Data>
    <Data>Property[@Name='Microsoft:9AC8FCAB-800D-424F-ABCB-747063E5FCF1\559D22F4-A565-4AD4-9B71-44FC5D815C0C\0\0\L.FreeSpace']</Data>
    <Data>488033.99609375</Data>
    <Data>DataItemElementTypeInteger(5)</Data>
    <Data>0x80FF005A</Data>
</EventData>
</Event>

SCOM agent is running as SYSTEM. (I used to run SCOM agents as a low-privilege domain account but eventually surrendered to "The Dark Side" due to the number of issues encountered with that approach.)
PS HKU:\.DEFAULT\Control Panel\International> dir
Hive: HKEY_USERS\.DEFAULT\Control Panel\International
Name Property
Geo Nation : 244
User Profile Languages : {en-US}
ShowAutoCorrection : 1
ShowTextPrediction : 1
ShowCasing : 1
ShowShiftLock : 1
User Profile System Backup Languages : {en-US}
ShowAutoCorrection : 1
ShowTextPrediction : 1
ShowCasing : 1
ShowShiftLock : 1

Can Operations Manager discover and monitor IPSEC VPN state

Hello everyone
Can Operations Manager discover and monitor IPSEC VPN state?
We use Vyatta routers in different locations, these are connected over GRE IPSEC VPN tunnels, SCOM has discovered the tunnels successfully which is great, but the technical team informed me that the tunnels state always UP even when the IPSEC VPN
goes down "I believe they configured keep alive option on the tunnels, I don't know why" hence i have to monitor the IPSEC VPN health state instead of the tunnels themselves, any idea, if you inform me the steps required to create new management
pack i will try this..
Thank you
Mohammad
Mohammad, IT NOC Team

The IPsec status info is provided by SNMP trap. You need to make sure the SNMP trap is enabled on the router.
Also, you can verify it by SNMP Trap Viewer.
Juke Chou
TechNet Community Support

Operations Manager - KMS Idle Minutes Monitor Alerts - False Positives As Event ID 12290 Still Being Logged

Similar Messages

Maybe you are looking for