Home » Articles posted by Anders Bengtsson (Page 52)

Author Archives: Anders Bengtsson


Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
Inside the Microsoft Operations Management Suite

Multiple resultats paneler in Operator Console

Do you think there is to less information in Operators Console and that you have to click a lot before you get a overview? One solution would be to add another result panel. For example then you can always is state about your network, even if you are working with another alert.  add more result panels:

  1. In Operator Console, click File and Console Settings
  2. In “Console Settings” raise “view pane configuration” to max tree. Then click Ok


and to see anything in your new result panel

  1. Click the new panel so it is marked
  2. Click a view (Alerts, State, Events Performance, Diagram…) for example Alert View




Operations Manager 2007 movies

I would like to tip you about these Operations Manager 2007 movies from Microsoft.

Installing OpsMgr 2007

Using OpsMgr 2007 Management Packs

Introduction to Agentless Exception Monitoring (AEM)

Introduction to Audit Collection Services (ACS)

Vmware Server RC2

VMware Server RC 2 har been released! You can download it here.

A great news is that it is now working with startup order, System Startup Options. It was suppose to work in RC1 but it dident…

Some news:

VMware Server RC 2 includes:

Full support for SUSE Linux 10.1 as host and guest operating systems.
Full support for 32-bit Ubuntu 6.x as host and guest operating systems.
Full support for 32-bit Sun Solaris 10.x as guest operating systems.
Full support for 32-bit and 64-bit FreeBSD 6.0 as guest operating systems.
Experimental support for Red Hat Enterprise Linux 3.0 Update 8 and Red Hat Enterprise Linux 4.0 Update 4.

Experimental support for 64-bit Ubuntu 6.x as host and guest operating systems.

Experimental support for 64-bit Sun Solaris 10.x as guest operating systems.

RC 1 introduced:
Experimental support for 32-bit and 64-bit FreeBSD 6.0 as guest operating systems.
Experimental support for SUSE Linux 10.1 as host and guest operating systems.

Beta 3 introduced:
Support for taking and reverting to snapshots in the background.
Experimental support for running 32-bit and 64-bit versions of Sun Solaris 10 as guest operating systems.
VMware Virtual Machine Importer version 1.5.
VMware DiskMount Utility for master installation, which lets you mount a Microsoft Windows host file system as a separate drive without connecting to the virtual disk from within a virtual machine.

Beta 2 introduced:
Support for using the VMware Server Console to connect to and configure VMware GSX Server 3 hosts as well as to run virtual machines on VMware GSX Server 3 hosts.
Support for using and upgrading legacy virtual machines.
The Programming API (previously called C API). The Programming API is installed on a Windows host when you perform a complete installation.

Source: VMware Server RC 2 Release Notes http://www.vmware.com

MOM and IPSec

Do you know which part of MOM that is encrypted?

When a new agent is installed is that traffic not encrypted. When the installation is done the communication is encrypted as default, if the agent is member of a domain. When the information has reached the Management server and is going to the database, the traffic is no longer encrypted. IPSec is a protocol that can provide this security.  

IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by encrypting and/or authenticating each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment.
Source: Wikipedia 

IPSec can be used between the following machines

  • Management server and MOM database server
  • MOM database server and reporting database
  • Management server and computer without agent
  • Management server and operator console or administrator console (if they are running from another computer)

Traffic between agent and management server is encrypted by default and don’t need IPSec.

In this example the traffic will be encrypted based on information from the domain. If the machines is not in a common domain you can use shared keys or certification to encrypt the traffic. Below there is a walkthrough how to enable IPSec. There is other ways, for example Netsh and group policy objects.

  1. Start by running MMC and add the “IP Security on Local Computer” snap-in
  2. Right-click and choose “Create IP Security Policy
  3. Input a suitable name, for example MOM IPSec Policy
  4. Uncheck “Activate the default response rule”
  5. In “IP Security Policy Wizard” verify that “Edit Properties” is marked and then click “Finish”
  6. In “Policy Properties” unmark “Use Add Wizard” and verify that ” is unmarked and then click add..
  7. Under “IP Filter List” click Add..
  8. Input a suitable name in “IP Filter List”, then uncheck “Use Add Wizard” and click Add
  9. Choose “My IP Address” under “Source address” and choose “A specific IP Address” under “Destination address”. Input the IP of the other server and verify that “Mirrored” is marked, then click “OK”
  10. In “IP Filter List” click OK
  11. Back in “New Rule Properties” mark you new rule under “IP Filter Lists:”
  12. Under “Filter Action” choose “Require Security”
  13. Under “Authentication Methods” choose “Kerberos”
  14. Under “Tunnel Settings” choose “This rule does not specify an IPSec tunnel”
  15. Under “Connection Type” choose “All network connection”
  16. Click Apply and then OK
  17. In Properties, choose the new policy and click OK
  18. Right-click the new policy and choose Assign
  19. If you add “IP Security Monitor” snap-in in MMC you can verify that your new policy is active

Now do the same steps on the other server, don’t forget to change IP at 9.


Restart a process

This is a script that will monitor if a process is running more that once, if it is this script will kill them and restart it.  This example check if notepad.exe is running more than twice.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcesses = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = 'notepad.exe'")
'mineapp = "notepad.exe"
If colProcesses.Count => 2 Then
' Wscript.Echo mineapp & " is running 2 or more instances"
Set colProcessList = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = 'notepad.exe'")
For Each objProcess in colProcessList

Set objShell = CreateObject("WScript.Shell")
objShell.Run "notepad.exe"

' Wscript.Echo mineapp & " is running less than 2 instances"
End If

Dell management pack

Dell have released a new version of Dell managmenet pack

You can download it here

1) Added support for the latest versions of Dell OpenManage Server Administrator v5.0 (including the enhanced Storage Management Service 2.0) and Dell OpenManage Array Manager. See read me for more detail.
2) Remote power control tasks and LED Identification tasks for Dell servers with BMC hardware and Server Administrator installed.
3) Support for new events in Storage Management and battery events in Server Administrator.
4) Additional tool tips for Dell Computers – Server Administrator version, BMC IP Address, IPMI Version, BIOS Version, and RAC Web address.
5) State View with Dell OpenManage Services along with Dell hardware agents’ status.
6) Additional classification for Dell systems without Server Administrator and a Warning alert for the Dell systems where Server Administrator is required to be installed.
7) Update of Dell Knowledge Base information to support new event processing rules of Server Administrator (including the enhanced Storage Management Service) and Array Manager.
8) Fixed the issue where Dell scripts were spawning multiple instances of cmd.exe and omreport.exe when the agent managed nodes were on load.

Beta management pack

A couple of beta management packs has been released. Please note this is BETA! 

Project Server 2007 Beta 2 Pack for Microsoft Operations Manager 2005

Windows SharePoint Services 3.0 Beta 2 Pack for Microsoft Operations Manager 2005

SharePoint Server 2007 Beta 2 Pack for Microsoft Operations Manager 2005


When you try to import a Microsoft Operations Manager 2005 report, the import process fails

RSS feed about KB

At the below URL your can connect to a RSS feed about Microsoft KB articles. A great way to keep yourself updated.

Monitor File Modification

Sometimes it can be difficult to monitor a application. For example even if the application hand the process can still be there. A solution can be to monitor if the application still write anything to the logfile. I have written a simple VB script that will monitor that.

strComputer = "."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("c:\log.txt")
Set objShell = CreateObject("Wscript.Shell")
If DateDiff("n", objFile.DateLastModified, Now) > 1 Then
objShell.LogEvent EVENT_WARNING, _
"objFile is older than 4 hours. Please investigate. The file is: " & objFile
end If

If DateDiff("n", objFile.DateLastModified, Now) > 1 Then
This line is interesting. “n” menas minute, in this case an alert will be generated if the file haven’t been updated for a minute.
You can switch “n” to one of the following:

m – months
d – days
h – hours
n – minutes
s – seconds

If the file isent newer than your settings a event will be generated in the local event viewer. That event we can collect with MOM.

This line controlls which file to monitor
Set objFile = objFSO.GetFile("c:\log.txt")

How-to make MOM send alerts

  • Insert the script into MOM
  • Create a rule that monitor the event viewer
  • Create a rule that runs the script

You insert the script as a VBscript in Administrator Console under
Administrator Console
-Management Packs

You dont have to create any parameters for that script.

Create a new computer group and add you server to that group. Create a new rule group and associate your new computer group with that rule group. Under event rules create a new rule with the following settings

Data Provider> Provider name: Application
Data Provider> Windows NT Event log
Criteria> From source: WSH
Criteria> of type: Warning
Alert: markGenerate alert

Then one more rule that will run the script

Data Provider> Choose a time provider with a suitable time, or create a new (Modify…) 
Responses> Add your script (Add -> Launch a script)

That should do it. Note that it can take some minutes before the new rules works.