SCOM monitoring of a repetitive alert

Similar Messages

• Can monitor SCCM agent health through SCOM, monitor logs like CCMeval and setup alerts

  Can monitor SCCM agent health/inactive agents through SCOM, monitor logs like CCMeval and setup alerts

  You can find some management packs here:
  http://systemcenter.pinpoint.microsoft.com/en-US/applications/search/Operations-Manager-d11?q=
  There are other sites as well but this is the MS page for hosting MP's.  The default SCCM 2012 Management pack for SCOM 2012 is pretty functional, this page talks a little bit about it:
  http://blogs.technet.com/b/kevinholman/archive/2012/12/11/monitoring-configmgr-2012-with-opsmgr.aspx
  If I remember correctly, it does NOT include a lot of client monitoring but I could be wrong.  It might take some custom monitor creation or management pack downloads to get exactly what you're wanting.  If I can find something like that
  I'll add it to this post.
  A good rule of thumb that I live by with SCOM, in case the product is new to you, is to save all your changes and customizations to the SCCM management pack in a custom-created management pack.

• SCOM monitor log file

  Ｗe'd like to user SCOM 2012 R2 to mointor log file and send alert.
  We follow this blog:
  http://jimmoldenhauer.blogspot.tw/2013/03/scom-2012-how-to-generate-alert-from.html
  However, when we completed the monitoring setting, OM did not show alert on console.
  Our OM agent is healthy, so is there anything I miss to send log file alert?

  Hi,
  I suggest you refer to the TechNet library docuement to create the rule again for a test. Thanks for your time.
  http://technet.microsoft.com/en-us/library/hh457567.aspx
  Niki Han
  TechNet Community Support

• SCOM 2012 - if it stops alerting how can I be notified

  on occasions i have noticed that alerts have stoped coming into SCOM and we have had to either restart the managment server or at least restart services.
  The problem has been that my team have not picked up on the fact it has stoppedalerting for several hours.I am looking for a simple solution so that someone gets emailed if SCOM stops giving out alerts, lets say for example SCOM hasn't had an alert for 3
  hours.
  Has anyone implmented a simple solution for this?
  tamrep

  If you monitor SCOM itself then a solution is to set the SCOM RMSE and the management servers as "Agentless" from some other SCOM Management group. This is how I used to monitor SCOM itself. This has been suggested by many SCOM experts too. Remember that
  never install SCOM agents on the RMSE and MS, that can break your whole SCOM functioning.
  You can install SCOM agents on your SCOM DB and DW, reporting server from any other SCOM group. That is fine.
   This in my opinion is the easiest solution along with the one that I proposed above. I have been using these two solutions for long time now.
  Hope this helps you too.
  Thanks, S K Agrawal

• SCOM Repetitive alerts due to fluctuating monitor state

  Hi,
  Is it possible to prevent repetitive notifications of an alert where the health fluctuates frequently between healthy and critical?
  Occasionally we get email storms of events where something is going wrong like a service fails but then is set to auto-restart or something else fixes its state so that it appears okay again - raising a new alert with the same details.
  Would like to get at least one notification the first time  it occurs but not a continuous stream of repetitive notifications.
  Ideas?
  Thanks.

  On the criteria screen – goal for this simple one is just to send me any new critical alert that comes into my environment:
  For SCOM alert notification subscription delay sending for x minutes and don’t sent if alert is auto-resolved within that time, you can refer below link
  http://www.maartendamen.com/2009/12/scom-alert-notification-subscription-delay-sending-for-x-minutes-and-dont-sent-if-alert-is-auto-resolved-within-that-time/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• How to create a customized view in SCOM monitoring to view alerts

  Hi All,
  I am trying to create a customized view in SCOM 2012 R2 monitoring for command center team to have the alerts from Server OS, AD, Exchange and few other MPs. I understand that I can use the option "Create by Specific source" and by selecting the
  required sources but I don't want all the alerts from these sources to be listed there but only few alerts which the respective teams want it to be.
  Thanks in advance.
  Regards,
  Srini

  Hi All,
  I am trying to create a customized view in SCOM 2012 R2 monitoring for command center team to have the alerts from Server OS, AD, Exchange and few other MPs. I understand that I can use the option "Create by Specific source" and by selecting the
  required sources but I don't want all the alerts from these sources to be listed there but only few alerts which the respective teams want it to be.
  Thanks in advance.
  Regards,
  Srini
  Hi Srini,
  Based on the above requirement, You want to create a Dashboard view with Specific alerts but not all right ?
  Based on my understanding on your above requirement i created one in my SCOM. Please let me know if this is what you really wanted ?
  For the below you really need to know what are those alerts, ONLY those alerts you want to be displayed in the dashboard.
  Then Go to the Monitoring tab in SCOM and then Right click Active alerts and select New -> Select New Alert view
  When you select new alert view you will need to specify the Resolution state and the Specific alerts you want.
  In the below example i have selected "MSExchange Active sync Alert" as a example. So my goal is here such that only the alerts i have specified from my selection ( "MSExchange Active sync Alert") if it appears in New state will appear
  in this view not all other alerts.
  So for that i just used the below options:
  Resolution state & Alert name
  Resolution state = New
  Alert name = %MSExchange XXXXXXXX%
  Also as of i see there was no option for entering multiple alert names. But i think there is and i am still trying as it accepts some SQL Wild cards. So if any one has an idea what is the wild card what is to be used to mention multiple names in that Name
  view please let me know.
  Gautam.75801

• SCOM monitoring basics

  I realize that there are out-of-the-box monitors and alerts. But, as a learning experience, I want to view the free space on the C: drive of my production servers as a health state. It should show all of my production servers as green, unless the free
  space on the C: drive drops below 10% and then it should show red.
  1)
  Under “Administration”, I created a management pack and I called it “Production Servers MP”.
  2)
  I want a group that only contains my production servers (“PROD” is in the server name).
  Under “Authoring”, I went to the “Groups” section and I created a new group called “Production Servers Group”.
  I selected the “Production Servers MP”.
  I added “Dynamic Members” to the group.
  I created a rule that says “(Object is Windows Server AND (DNS Name Contains PROD) AND True).
  There were no Subgroups or Excluded Members.
  3)
  Under “Authoring”, I went to the “Monitors” section and I created a new “unit monitor”.  It is “Windows Performance Counter” – “Simple Threshold”.
  I selected the “Production Servers Group” that I created earlier for the “Monitor Target”.
  I selected “Performance” for the “Parent Monitor”.
  For the Performance Counter, I selected “Logical Disk” for the Object, “% Free Space” for the counter and “C:” for the Instance.
  I gave it a threshold value of 10%.
  I checked the box for “Generate alerts for this monitor”.
  I left it at Priority at Medium and Severity at Critical.
  4)
  When I go to the “Monitoring” section, I can see the “Production Servers MP” group that I created.
  I’m very confused at this point. No matter what options I try to give for creating a State View, it doesn’t show me the monitor I made.
  How do I create a “state view” that will only show the health of the free space of drive C: from the monitor that I created?

  Hi
  Just to add to what John has already stated in a more general answer. You cannot create monitoring in this way. Although it is "logical" to think that you are applying a rule or a monitor to a group, SCOM does not work this way.
  You need to target a class. Never target a rule, monitor or discovery at a group. It just won't work the way you expect:
  http://scug.be/dieter/2011/06/20/scom-2007-target-a-rule-or-monitor-to-a-computer-group/
  http://blogs.technet.com/b/momteam/archive/2007/11/14/targeting-series-part-2-why-targeting-a-computer-group-fails.aspx
  A poster called Rule and Monitor Targeting Best Practices is available in pdf format at:
  http://go.microsoft.com/fwlink/?LinkId=125048
  Equally - if you are ever looking to create a monitor that checks multiple instances of the same class, then you need to follow this:
  http://blogs.technet.com/b/kevinholman/archive/2009/11/24/writing-monitors-to-target-logical-or-physical-disks.aspx
  There is a steep learning curve to SCOM and it might be worth looking through some technet labs and also this:
  http://technet.microsoft.com/library/hh769766.aspx
  Cheers
  Graham
  Cheers
  Graham
  Regards Graham New System Center 2012 Blog! -
  http://www.systemcentersolutions.co.uk
  View OpsMgr tips and tricks at
  http://systemcentersolutions.wordpress.com/

• SCOM -SCVMM Post Integration Warning Alerts

  HI
  Recently we integrated SCOM 2012 and VMM 2012 as per this blog-
  http://blogs.technet.com/b/kevinholman/archive/2012/08/21/integrating-vmm-2012-and-opsmgr-2012.aspx#comments
  It was a success! However, there are lot of warning alerts popping up from most of windows computers
  Monitor - Run As Account Verification
  Context:
  Date and Time:
  2/19/2015 10:33:54 PM
  Log Name:
  Operations Manager
  Source:
  HealthService
  Event Number:
  7015
  Level:
  1
  Logging Computer:
  gooroo1.opsmgr.com
  User:
  N/A
  Description:
  The Health Service cannot verify
  the future validity of the RunAs account OpsMgr\SCVMM_Int for
  management group OM12. The error is Logon failure: the user has not
  been granted the requested logon type at this computer.(1385L).
  Event Data:
  <
  DataItem
  type ="
  System.XmlData "
  time =" 2015-02-19T22:33:54.3992478-08:00
  " sourceHealthServiceId
  =" A425A7F1-84CD-A2F8-B2F6-82FAEED9CF46
  " >
  <
  EventData
  >
  < Data
  > OpsMgr
  </ Data >
  < Data
  > SCVMM_Int</
  Data >
  < Data
  > Logon failure:
  the user has not been granted the requested logon type at this computer.
  </ Data
  >
  < Data
  > 1385L
  </ Data
  >
  < Data
  > OM12</
  Data >
  </ EventData
  >
  </ DataItem
  >
  Run as account for VMM is OpsMgr\SCVMM_Int which is distributed for "Less Secure" (By default) and the corresponding profile is set to "all targeted objects" as per blog.
  Does anyone know how to fix this?
  regards
  Guru
  Gururaj Pai

  Verify the user that used in integration is add to local administrators of SCVMM Server. Also did you check comment of Kevin in your link related to this issue "It is my opinion that this account should not be set to “less secure” which will distribute
  the credential to all healthservices in the management group. I will research if we can limit the scope and distribution. Less Secure is not a good option for most customers and I am not sure why the product chose this for a default. This will cause a large
  number of alerts to be sent from all your SCOM agents, where this credential cannot “Log on locally”. Generally, your SCVMM service account does not need, nor will it have, “Log on Locally” rights to all managed agents. If you see a ton of those alerts after
  configuring SCVMM integration – this is why.
  I personally recommend to set this to more secure, and then distribute the credential to all Hyper-V servers, the VMM server, and the SCOM server."
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"Mai Ali | My blog:
  Technical | Twitter:
  Mai Ali

• SCOM - Monitoring statistics in an Management group

  Hi All,
  Can someone share any information that how we can get a consolidated data on the monitoring statisticcs of what all things are monitored in a management group in SCOM 2007 R2. I need to give a presentationon details of parameters being monitored and comprehensive
  picture of the monitoring statistics in and environment.
  Rgs,

  Hi,
  Based on my understanding that you want to list all monitored objects within your management group, if that, then this is a very big data.
  We can use Get-SCOMClassInstance command to get one or more class instances. As there are many classes that monitored, and for each class, we also have many instances.
  As we know, with proper management pack imported, and then we can discovery proper objects to monitor. Such as Active Directory. But to know what information is monitored, we should know all monitors and rules in the management pack. This is also a very
  large data.
  Most time, we use SCOM to monitor those servers or network devices based on our need, and with the proper management packs imported, we get those monitored. And we should also read the management pack guide to use it more proper. And with those monitors
  and rules, we can get alerts, warnings. And we can also check performance viewers for those monitored objects.
  Regards,
  Yan Li
  Regards, Yan Li

• SCOM 2012 sp1 Resolving Heartbeat Alerts.

   Hi!
  I want to get email alerts when Computer Unreachable (windows clients with scom agents). In that guide http://technet.microsoft.com/en-us/library/hh212798.aspx I can not find Health
  Service Heartbeat Failure and Computer
  Not Reachable monitors for override them to class Windows clinets with scom agents. Could
  you tell me step-by-step how can I make this email notification. Thank you!

  Notification Subscription
  1) In the subscription condition, select created by specific rules or monitors
  2) add "computer not reachable" and "Health Service Heartbeat Failure" monitors
  Monitoring
  1) you should open the health explorer of entity health service watcher
  2) In the monitoring workspace, select discovered inventory and then click change target type
  3) Change the target type as health service watcher
  4) right click the item and select health explorer
  Roger

• SCOM/ SCVMM Integration - MonitoringObjectId in alert does not match the virtual machine GUID in SCVMM

  I am importing alerts into a 3rd party application from SCOM 2012 R2 using the powershell code below. SCOM returns me MonitoringAlert objects, I need to map the alerts to the virtual machines in SCVMM. However, the MonitoringAlert.MonitoringObjectId value
  does not match the ID (guid) of the virtual machines in SCVMM 2012 R2. Surely these IDs should correlate, any ideas anyone? 
  $mg = Get-SCOMManagementGroup -ComputerName "SCOMGR.manageiq.com"
  $criteria = New-Object Microsoft.EnterpriseManagement.Monitoring.MonitoringAlertCriteria("Description LIKE '%Heartbeat%' AND ResolutionState == 0")
  $alerts = $mg.OperationalData.GetMonitoringAlerts($criteria, (Get-Date).AddDays(-10))
  many thanks in advance
  B

  Hi,
  You could use this command get the MonitoringObjectId.
  Get-SCOMalert | Select name,
  MonitoringObjectId
  For more information, please review the link below:
  Get-SCOMAlert Cmdlet, the Criteria Parameter and the Non-Equal Operator
  http://blogs.technet.com/b/stefan_stranger/archive/2012/11/02/get-scomalert-cmdlet-the-criteria-parameter-and-the-non-equal-operator.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• SCOM 2012 R2 - Generate an alert when a specific event will not come in specific time range

  Hello SCOM people,
  I need to figure out what kind of monitor shall I choose for my monitoring of a specific event. I need to generate an alert when no specific event was generated by server.
  Our company uses FIM 2010 with scheduled tasks, after each completed task is generated an event to application log. When sync is stuck or something is wrong no event will come to application log and I need to be warned. Tasks run each 30minutes and there
  should not be an hour break between the previously created event.
  I hope it makes sense :)
  Thank you
  Liibas

  Hi Liibas,
  That sounds like a good scenario for using Orchestrator and the SCOM Integration Pack, since you can have time-triggers, etc. to check for Alerts and then trigger a Runbook to email someone if the Alert does/does not appear. 
  Please remember to click “Mark as Answer” on the post that helps you.
  AdinE MCSE, MCSA, MCITP, MCTS; (Specializing in System Center and Private Cloud)
  2015 Microsoft MVP in System Center Cloud and Datacenter Management
  LinkedIn: http://ca.linkedin.com/in/adinermie
  Website: http://micloud.azurewebsites.net

• SQL query in SCOM monitor or rule

  Hello good people,
  im looking for a script so I can create monitor's. The monitor mustl query against the ops database.
  For example:
  SELECT ManagedEntityGenericView.DisplayName, ManagedEntityGenericView.AvailabilityLastModified
   FROM ManagedEntityGenericView
   INNER JOIN ManagedTypeView ON ManagedEntityGenericView.MonitoringClassId = ManagedTypeView.Id
   WHERE (ManagedTypeView.Name = 'microsoft.systemCenter.agent') AND (ManagedEntityGenericView.IsAvailable = 0)
   ORDER BY ManagedEntityGenericView.DisplayName
  this query will display " grey agents"...so the script I need must alert on output...no output: is healthy, otherwise the output must be put in an alert....Ive seen different scripts but none of them is working or is giving the right result.
  Thx for reading this en hopefully you can provide me with a answer
  kind regards

  How should I adjust the following script si its suitable for my needs? the script works because its not generating any event id's but is not alerting also :-)
  Dim objCN, strConnection
  Set objCN = CreateObject("ADODB.Connection")
  Dim objAPI, oBag
  Set objAPI = CreateObject("MOM.ScriptAPI")
  Set oBag = objAPI.CreateTypedPropertyBag(StateDataType)
  strConnection = "Driver={SQL Server};Server=XXXXX;Database=XXXXX;Trusted_Connection=TRUE"
  objCN.Open strConnection
  Dim strSQLQuery
  strSQLQuery = "SELECT ManagedEntityGenericView.DisplayName, ManagedEntityGenericView.AvailabilityLastModified FROM ManagedEntityGenericView INNER JOIN ManagedTypeView ON ManagedEntityGenericView.MonitoringClassId = ManagedTypeView.Id WHERE (ManagedTypeView.Name
  = 'microsoft.systemCenter.agent') AND (ManagedEntityGenericView.IsAvailable = 0) ORDER BY ManagedEntityGenericView.DisplayName"
  Dim objRS
  Set objRS=CreateObject("ADODB.Recordset")
  Set objRS = objCN.Execute(strSQLQuery)
  Do Until objRS.EOF 'WScript.Echo objRS.Fields("Expr1?)
  if objRS.Fields("Expr1?) = "SPECIFY TRIGGER FROM RESULT TO SET MONITOR in BAD State" then
  Call oBag.AddValue("State","BAD") Call oBag.AddValue("Custom1?,objRS.Fields("Expr1?)) Call objAPI.Return(oBag)
  else
  Call oBag.AddValue("State","GOOD") Call objAPI.Return(oBag)

• SCOM monitoring on windows services in starting or stopping state

  Hi,
  Any chance if somebody can help me to set alarm on stopping and starting state  windows services  (automatic services) in SCOM for client servers.
  Balys

  1) Using Windows Service Template to create a windows service monitor with enabled "monitor only automatic service" option
  2) Export the management pack containing the monitor which created in step 1)
  3) Modidy data source from
  TypeID="Windows!Microsoft.Windows.Win32ServiceInformationProviderWithClassSnapshotDataMapper">
      <ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
      <ServiceName>XXXX</ServiceName>
  into
  TypeID="Windows!Microsoft.Windows.WmiProviderWithClassSnapshotDataMapper">
      <NameSpace>root\cimv2</NameSpace>
      <Query>select * from win32_service </Query>
  AND
  <Setting>
            <Name>$MPElement[Name="MicrosoftSystemCenterNTServiceLibrary!Microsoft.SystemCenter.NTService"]/ServiceProcessName$</Name>
            <Value>$Data/Property[@Name='BinaryPathName']$</Value>
          </Setting>
  into
   <Setting>
            <Name>$MPElement[Name="MicrosoftSystemCenterNTServiceLibrary!Microsoft.SystemCenter.NTService"]/ServiceProcessName$</Name>
            <Value>$Data/Property[@Name='PathName']$</Value>
          </Setting>
  4) Import the management pack
  http://blogs.technet.com/b/brianwren/archive/2008/03/07/using-wildcards-with-the-windows-service-template.aspx
  Roger

• Capturing the communication channel monitoring error into an alert.

  Hi,
  The following is my scenario:
  File adapter polls using file content conversion,if the source file is not in a proper format the file wont be picked up and communication channel will show error in channel monitoring.
  I have to configure an alert for the same.
  Can i capture the error message shown in communication channel monitoring and raise alert?
  Many Thanks,
  Pritish

  refer todays thread on the same issue;
  FILE ADAPTER ISSUE