SCOM 2012 - Deciding what to monitor

I'm new to SCOM and I'm having trouble determing what is being monitored and what is not.
I have been following the Technet Library, but it gets a little fuzzy after the install is completed. I have:
Added computers using the discovery wizard
Imported appropriate Management Packs (SQL, AD)
Now I want to know what is being monitored and what is not, and how can I customise what is being monitored.
Wayne Hoggett (MCITP, MCSE, MCSA, MCTS, MCP)

Personally I prefer a live test environment where I can really play with it to the structured virtual labs which are mostly just walkthroughs but that is personal choice. And the virtual labs will give a grounding in the functionality. There are also some
good guides available:
http://blogs.technet.com/b/kevinholman/archive/2010/09/02/operations-manager-101-download.aspx
http://technet.microsoft.com/library/hh769766.aspx
For overrides, never save them to the default management pack:
http://blogs.technet.com/b/kevinholman/archive/2008/11/11/cleaning-up-the-default-mp.aspx
Just be careful with deploying too many management packs and agents too quickly. It is easy to deploy a few hundred agents and a dozen management packs in a couple of days and then spend months managing operations manager alerts rather than having operations
manager manage your environment. Here is what I generally recommend for about 100 - 150 servers. It is personal but it works for me! And the basis of this is do one thing at a time and get it right before moving on to the next.
1) Have an alert management process in place before you start. You'll have to fine tune it as the deployment progresses. But if 
you install Windows, AD, SQL, Exhange, IIS, Cluster, Hardware MPs 
then the next thing is you'll have a console full of alerts and no process for managing them. A sure recipe for disaster.
2) Deploy slowly - get core components, agents and windows management pack deployed. This means that you are not fire fighting on multiple fronts (e.g. with AD, Exchange etc alerts). Just get the agents in and sorted. Get the windows MP in and sorted. The
Windows Management Pack is ideal for this as the alerts it generates are usually actionable, relevant and relatively straight forward to resolve so administrators can get familiar with OpsMgr in a fairly controlled environment that is still providing real
benefit to the organisation
3) Proitise other MPs - I like to get SQL in next as it is a relatively stable MP with less noise than AD, Exchange .. but still gives good business benefit. But deploy the MP and spend time fine tuning it. Make sure you are happy that the alerts you get
are actionable. Then move on.
4) Repeat slowly .. MP by MP ... the AD alerts you get might be relevant, they might not be. Even the relevant ones might take time to resolve. Same with Exchange.
Expect it to take a few weeks to a couple months to deploy fully rather than days depending on the size of your environment and how much fine tuning of management packs is required (plus how long it takes to fix any problems identified).
Cheers
Graham
New SCOM 2012 Blog! - http://www.systemcentersolutions.com/blog/
View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/

Similar Messages

  • Upgrading from SCOM 2012 SP1 to SCOM 2012 R2 what CU do i install? CU5?

    Hi,
    I just upgraded from SCOM 2012 SP1 to SCOM 2012 R2. What CU version should I install? CU5?
    Thanks
    K

    The most current CU version os SCOM 2012R2 is CU4
    You can download it from
    https://support.microsoft.com/kb/2906925?wa=wsignin1.0
    For detail description of SCOM 2012 R2 CU4, you may refer to
    http://support.microsoft.com/kb/2992020
    and
    http://syscentercldman.blogspot.hk/2014/12/update-of-scom-2012-r2-ur4.html
    Roger

  • Some of the SQL Server 2012 are not getting monitored in SCOM 2012 SP1.( basics monitoring is happening, expect SQL role)

    Found that all the SQL servers are getting monitored, expect few servers which are having SQL server 2012 role.
    proxy is enabled for these servers, when I checked discovered inventory for SQL 2012 database unable to find these servers in that list.
    and other servers having SQL Server 2012 monitoring properly issue is with only few servers.

    Hi,
    thanks for the all the input, we are using service account as windows account instead of action account !!
    will that also affect discovery of SQL role?
    and also found that there are many alerts in SCOM console, with alert description :
    SQL Server cannot authenticate using Kerberos because the Service Principal Name
    (SPN) is missing, misplaced, or duplicated.
    please let me know how we can resolve this issue, will it affect SQL discovery as well ?

  • SCOM 2012 SP1 Web Transaction Monitoring with Login test.

    Hi, 
    we setup a web transaction monitor test and did the full recording.  The web site is one that accepts an active directory account for login.  We also setup a runas account that is a valid account for the site and configured NTLM in the settings
    for authetication and set this runas account.
    The test does not fail.    However when we change the runas account password to force a failure, we dont get a failure on the website login test but instead a runas account verfication failure from SCOM.
    How can we configure the web transaction monitor to properly login during the test?   Any guidance would be appreciated.
    Thanks Lance

    So back to the original topic of the thread.
    We setup another test on a site that uses basic authentication.  We setup the web transaction test to use a  login on a initial site that transfers to a second site.  We recorded this entire test and saved.  It seems to work as it gives
    no errors.
    However when we change the Runas account's credentials, which means it CANT login to the site, it still runs fine with no errors.  
    This tells me it is not really logging in but just seeing the http status code is less than 400.
    What am I doing wrong.
    Thanks Lance

  • SCOM 2012 SP1 - Setup SNMP monitoring = ping OK, no response SNMP.

    Hello, 
    I've tried the snmp monitoring in lab domain, everthing work. Now I work in the production environment, but I can't  make work the snmp. I've tried only snmp, but the same error occure. The Ping is ok, all my firewalls rules allows snmp and ping over
    the domain. 
    But when I launche the discovery, I've got an error after "No Response SNMP". I've analized the network with wireshark, I see the snmp get send to scom to the network device, but the netowrk device, reply " Destionation unreachable (Port unreachable)".
    I've check with "netstat -ano -p udp" but I don't see the port 162, the 161 is open and snmp.exe service use it. But 162 is not open and Healthservice.exe doesn't use it.
    I tried to reboot the server, but nothing change. And I check all my configuration, and it's the same in my lab domain and te production.
    Anybody have the same issue? Or a workaround? 
    Thank you in advance.
    KimBaxZ

    Hello Roger, 
    1. Windows Firewall 
    a. SNMP service authorized 
    b. SNMP trap not authorized 
    c. PING.exe authorized 
    d. HealthService.exe authorized 
    2. SNMP service configuration 
    a. Security => Community name + Right OK
    b. Security => Accept SNMP packets from any host
    3. SNMP trap service disabled 
    4. The network device (cisco switch is already configured and the snmp work well)
    a. It's possible to execute a snmp walk on the switch, and we get all the data (we use a différents
    computer to do this, like a linux server on the same network) 
    5. We use snmp v2 on the switch, and during the discovery scom, send v2c snmp get to the switch with the good community name.
    6. I tried to forge a snmp v2 packet and send them to the scom server, wireshark see the packet
    During the discovery the switch get the snmp request, but he can't reply, the snmp trap port (162) on the scom server is not open. And I don't know why. 

  • SCOM 2012 sp1 AD Replication monitoring.

    Hello! How to add obects (domain controllers) for wathcing data from this monitors (Replication monitoring)? Thank you!

    Hi
    As far I can tell from your screenshot, you are looking to get data for the replication Performance views. There is a detailed step by step guide in the Active Directory management pack guide
    http://www.microsoft.com/en-us/download/details.aspx?id=21357 on page 23. It is an optional configuration. Follow the MP guide...
    Cheers,
    Stefan
    Blog: http://blog.scomfaq.ch

  • Monitoring services on MSMQ cluster with SCOM 2012

    Hello guys,
    I'm looking a way that SCOM 2012 is able to monitor several services installed on MSMQ cluster. I think it's possible that SCOM 2012 can generate alert through the message queuing service associated to these services but this is an indirect monitoring. I
    would want that SCOM generates the alert for the specific service in problem.
    Any suggestion?
    Thank you very much.

    Hi,
    There is a management pack for ​Message Queuing.
    You can download it from http://www.microsoft.com/en-us/download/details.aspx?id=36775
    Hope it help's
    Greetings,
    Roel Knippen
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • SCOM 2012 SP1 - Show on event view all snmp trap (SNMP monitoring work)

    Hello everybody, 
    Sorry for my english, I write normaly in french, but we have more result in english. 
    I have a problem with SCOM 2012. I try to catch all snmp traps sended by a 2960 CISCO switch on a EventView with a specific rule (Authoring->Rule->Collection Rules -> Event Based -> SNMP Trap (Event) based on the object target "Node")
    I creat a specific management pack juste for the rule and the views. 
    SNMP Monitoring - CISOC 2960 => It's OK, I can have the processor state, utilization, etc ...
    SNMP Monitoring Ubuntu computer => It's OK, I can have all the state I want.
    SNMP Traps => The switch or the computer send traps over the network, and I can see in wireshark, the server receive the traps
    SNMP Service (Windows service) => Disabled
    SNMP trap (Windows service) => Disabled
    Health Service (Windows service) => Enabled
    Port 162 UDP => Open and listenning by the MonitoringHost.exe
    Firewall rules => Everythinks is OK
    SNMP Trap send version is => 2c
    SNMP Monitoring device version is => 2c
    I try too many of solution on different web site like :
    http://scom-2012.blogspot.ch/2012/07/setting-up-snmp-monitoring-in-scom-2012.html
    http://social.technet.microsoft.com/Forums/systemcenter/en-US/731661b9-10a1-4d3f-ba83-8e84d25ab760/event-collection-for-network-devices-scom-2012
    http://social.technet.microsoft.com/Forums/systemcenter/en-US/a15bce49-fb62-4fd4-93cf-f87c3b734d58/snmp-trap-based-monitoring?forum=operationsmanagergeneral
    http://social.technet.microsoft.com/Forums/systemcenter/en-US/41f5b6ef-c8b9-461d-bdcb-81fde5a89f50/scom-2012-unable-to-monitor-snmp-traps?forum=operationsmanagergeneral
    http://social.technet.microsoft.com/Forums/systemcenter/en-US/4051fbd1-06f1-49e0-9ad4-4cbe4d2d7d4d/discover-windows-computer-as-network-device-w-snmp?forum=operationsmanagerauthoring
    http://technet.microsoft.com/en-us/library/hh563870.aspx
    http://social.technet.microsoft.com/Forums/en-US/cad1d3f9-594f-4f06-a5aa-660ccc2e9192/snmp-trap-based-monitoring-in-scom-2012-sp1?forum=operationsmanagerauthoring
    http://social.technet.microsoft.com/Forums/en-US/41f5b6ef-c8b9-461d-bdcb-81fde5a89f50/scom-2012-unable-to-monitor-snmp-traps?forum=operationsmanagergeneral
    http://social.technet.microsoft.com/Forums/en-US/e05a1c8f-7280-4f80-86cf-aabb4269bb87/scom-2012-customizing-snmp-trap-event-data?forum=operationsmanagergeneral
    http://social.technet.microsoft.com/Forums/en-US/6826f6a6-bbc3-444b-9b18-288d7fedac3e/scom-unable-to-monitor-snmp-traps?forum=operationsmanagergeneral
    http://social.technet.microsoft.com/Forums/en-US/7cd1571a-d292-4efc-9921-5a068f6f1691/scom-2012-sp1-ur2-snmp-monitoring?forum=operationsmanagermgmtpacks
    Do you know a workaround? Or a different way to catch all the traps from a network device and show them (traps) on a event views.
    Thank you in advance. 
    KimBaxZ
    Computer expert system technology

    Hello Yan Li,
    I read your link, and I found this : 
    The network devices must be discovered and registered as ICMPSNMP devices.
    And when I make the dicovery the first time, ICMP doesn't work, so I put only SNMP. This morning I tried with ICMP and SNMP, but the same problem come to me. And I found the rootcause of the problem with this post : http://www.code4ward.net/main/Blog/tabid/70/EntryId/105/Troubleshooting-Network-Discovery-in-SCOM-2012.aspx
    I allowed the SNMP service, ping, and Health Service, just after I try a second time to dicover my device and it's work (ICMP and SNMP).
    I recreat all my management pack and the rule. And now it's work! Thank you very much for your help!!
    Have a nice day
    Best regards
    KimBAxZ
    Computer expert system technology

  • SCOM 2012 SMS Alert Notification

    Hi,
    I am using SCOM 2012 and I have a requirement of SMS Alert. but the issue that I am facing here is I have a Single Virtual Box for SCOM 2012, and what ever I experienced from SCOM 2007 physical was I had to configure a Modem through the USB device
    few years back..
    now I have to configure the SMS notification on a Virtual Box of SCOM 2012...
    any idea ? what could be done ?
    Regards, Owais

    Hi,
    I think you need to make the SMS modem work with the virtual machine first. Then, configure the notification in SCOM consol.
    How to Enable a Text Message (SMS) Notification Channel
    http://technet.microsoft.com/en-us/library/hh212811.aspx
    Thanks.
    Nicholas Li
    TechNet Community Support

  • Update agent from SCoM 2007 to SCOM 2012

    Expets,
    We have SCOM 2007 R2 CU7on 1 server.
    we installed another single SCOM 2012 r2 on another server.
    when i push the agent from the SCOM 2012 to machine still monitored by SCOM 2007, the machine appear in pending management under device management under  setting
    tab
    but when i remove the SCOM 2007 manualy, there is no problem and the installing of SCOM 2012 agent done successfully
    any way to make SCOM 2012 agent automatically without remove SCOM 2007 agent ?
    Ahmad Samir | MCSE 2003 | MCTS: Exchange 2010, MCTS: Lync 2010. MCTS: SCOM 2007

    Hi,
    If SCOM 2012 and SCOM 2007 R2 belong to the same management group, then you are trying to make your agents multi-homing, and if so, just discovery them and push agent to them should work.
    Here is a similar thread, please go through it:
    http://social.technet.microsoft.com/Forums/en-US/c6d15d7f-1779-47ea-a437-bc6ab00e2f64/upgrading-scom-2007-r2-to-scom-2012?forum=operationsmanagergeneral
    And we may need to logon to one agent and check its event viwer for operation manager log for more details.
    Regards,
    Yan Li
    Regards, Yan Li

  • SCOM 2012 R2 agent with SCOM 2007 R2?

    Server: SCOM 2007 R2 (now); eventual upgrade to SCOM 2012 R2
    OS to monitor: Windows Server 2012
    I understand SCOM 2012 agents can be installed on Windows Server 2012 and report back to SCOM 2007 R2 MGs.
    I haven't been able to find documentation for or against whether SCOM 2012 R2 agents can be installed on Windows Server 2012 and can report back to SCOM 2007 R2 MGs...  Is this supported?
    I can't find anything on any specific CU level that might be required on SCOM 2007 R2 to support this.

    Hi,
    I have not found any document talking about this. The only thing I can find is SCCM 2012 r2 agent can talk with SCCM 2012 SP1.
    Juke Chou
    TechNet Community Support

  • Monitoring servers in SCOM 2012 via different locals within the same management group

    Hi,
    I have 2 management servers in a same management group. The 1st one is having English (US) locale while other is installed on Swedish locale. Both are accessed by different users having same admin rights.
    Once a USER 1 try to register a server through authoring tab from 1st management server(installed on English locale), a profile/group wrt the server registered is created successfully but the USER on 2nd management server (installed on Swedish locale) can
    not see the same in Authoring tab. He can view it in Monitoring tab as as well as Administration tab.
    The Vice versa is also true.
    Does any one have idea that is it SCOM 2012's expected behaviour wrt 2 2 different users on 2 different locales within a same management group ?
    Thanks in advance.

    Hi,
    I am a little confused, what do you mean by "register a server through authoring tab"?
    Do you mean that when you discover a server on 1st MS with discovery wizard then you cannot see it on 2nd MS(and the vice versa)?
    As far as I know, all those information should be stored in the operation database which is shared to both MSs within the same management group.
    We may use SQL query to find the discovered server on the operation database. Please also check operation manager event logs to get more information to troubleshoot this issue.
    Regards,
    Yan Li
    Regards, Yan Li

  • Performance of Network Monitoring in SCOM 2012 SP1

    Hi all!
    I´ve problems with performance of the network monitoring feature in SCOM 2012 SP1.
    According to the
    guide the following should be adeqate:
    •1000 network devices (approximately 12,500 monitored ports) managed by a resource pool that has three or more management servers
    •500 network devices (approximately 6,250 monitored ports) managed by a resource pool that has two or more gateway servers
    We have 800 network devices with a total of 24000 ports,
    BUT only 1500 of them are monitored. This is basically what happens automatically after discovery, since only ports between monitored devices are monitored by default.
    For this setup I first used only one management server dedicated to the Network Pool,
    based on my assumption that if two servers could monitor 6250 ports, one server would be more than enough for 1500. I found this configuration working very poorly so I added another server. I now have two servers
    dedicated for the Network Resource Pool. (They are NOT members of the “All management servers resource pool”)
    Still, I get constant alerts regarding Health Services Private Bytes on these servers. They vary between 1-2Gbytes. Furthermore, if one of the servers goes offline, the network devices that was monitored by that server becomes grey for
    several hours. Even if the server only is rebooted it takes forever to get everything online and green again.
    I don´t really know what I should do now. I had a plan to replace our current network monitoring system (SNMPc) which easily handles this load on only one server. They are of course completely different beasts, but still. SCOM seems to
    require a massive back-end to produce equivalent real life results.
    Any suggestions or reflections from the field are highly appreciated!
    Regards
    Peter

    Hi,
    Try to overide the monitor Health Services Private Bytes by the following steps.
    ◾Go Authoring space – Management Pack Objects – Monitors
    ◾Go to change scope – select clear all – look for Health Service – tick it and press OK.
    ◾Expand Health Service – expand Entity Health – expand Performance – expand Health Service Performance
    ◾Select the Health Health Service Private Bytes Threshold.
    ◾Right click the mouse and choose to overide the monitor for a group
    ◾Select the group called Management Server Computer Group and press OK
    ◾Select the Agent Performance Monitor Type – Threshold and change the value 104857600 to ex. 2610612736.
    ◾Select to store the overide in a management pack you have created and press OK
    Juke Chou
    TechNet Community Support

  • Turn off the SQL DB monitoring entirely in scom 2012 (SP1)

    Is there a way to centrally target and turn down monitoring of all the servers running SQL DB in SCOM 2012. We actually created groups using the OU's to target the SQL servers but some of the servers which have SQL DB are not in that OU and they are still
    triggering DB alerts.
    Some of the alerts also include 
    Management Group: Ancestry Ops. Script: DiscoverSQL2012FileGroups.js : Cannot login to database [XXserver.domain.com][SQLD114B:model]
    and these servers are in the OU but still trigerring this DB alert.
    Any information about this ll be greatly useful.
    Thanks
    Hari V

    Pretty much what Hopeless guy said.  I have scom 2007 in prod, so I use remove-disabledmonitoringobject after I override a discovery.   The issue is that these SQL dbs are still being discovered.  So if you want to disable sql monitoring
    in total for them, override the seed discovery which will have a target of windows server/computer.  Then after the override is in palace execute the remove command from SCOM commandshell.  You then should scope to the class you want to disappear
    (discovered inventory pane), and refresh every 15 min or so to see if they are being removed.  I have had to run the remove command a few times to clean some large discovered inventory up.
    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/ If my response was helpful, please mark it as so, if it answered your question, then please also mark it accordingly. Thank you.

  • Monitor Dell Powerconnect Switches/Routers using SCOM 2012

    Hello,
    We are trying to find a way to monitor approximately 20-25 Dell Powerconnect switches/routers (models 5324,5424,5448,5548,6224,6024) through SCOM 2012.
    Using SCOM network discovery we are able to get all Dell Powerconnect switches listed, but we are unable to get a network node dashboard, nor vicinity view 1 or 2 hops further. We are able to only see connected network printers and some serial/ethernet devices
    we have.
    In addition, SCOM 2012 seems to be able to recognize the model of only Dell Powerconnect 5224 switches. We have found that on the SCOM management server the "C:\Program Files\System Center 2012\Operations Manager\Server\NetworkMonitoring\conf\discovery\oid2type_Dell.conf"
    only lists Dell Powerconnect 5224 switches as well as several models from the 3000 series.
    We have contacted Dell PRO support, but their reply was that there is no management pack for SCOM available for their networking devices.
    Would it be recommended to use http://xsnmp.codeplex.com/ on SCOM 2012 to monitor those switches and get a network digram view or are there any plans to include those MIBs in a future CU or SP of SCOM 2012? 

    Hi Alex
    Network monitoring has changed from SCOM 2007 R2 to SCOM 2012 so this statement
    "but if this works for SCOM 2007, it should apply to SCOM 2012"
    is not accurate when it comes to network monitoring:
    http://blogs.technet.com/b/momteam/archive/2011/10/24/migrating-operations-manager-2007-network-monitoring.aspx
    Would it be recommended to use http://xsnmp.codeplex.com/ on SCOM 2012? 
    The codeplex solutions for SCOM 2007 R2 will not work on a new \ clean install of SCOM 2012 (if you upgrade from SCOM 2007 R2 they continue to work as legacy devices but you can't add more monitoring).
    SCOM 2012 seems to be able to recognize the model of only Dell Powerconnect 5224 switches
    What do you mean by recoginse? SCOM can discover network devices but there is an "approved" list that allows for extended monitoring:
    http://www.microsoft.com/en-us/download/details.aspx?id=26831
    You should still be able to discover and monitor other devices though:
    http://blogs.technet.com/b/momteam/archive/2011/09/20/what-gets-monitored-with-system-center-operations-manager-2012-network-monitoring.aspx
    Cheers
    Graham
    Regards Graham New System Center 2012 Blog! -
    http://www.systemcentersolutions.co.uk
    View OpsMgr tips and tricks at
    http://systemcentersolutions.wordpress.com/

Maybe you are looking for