Monitoring desktop client hardware, operating system and application faults can be of great value in terms of reducing total cost of ownership (TCO) through identification of widespread faults in the monitored environment. In Operations Manager 2007, there are actually three components for monitoring the client experience:

• Agentless Exception Monitoring (AEM)
• Customer Experience Improvement Program (CEIP)
• Management Packs for Windows-based workstation operating systems and applications

I have received a number of questions both from customers and in the community about custom AEM reports, including more information. In this post I will give you some tips how to write custom AEM reports. I wrote another post about author reports in general for Ops Mgr 2007.

I write my AEM reports in Microsoft Visual Studio 2008. When you start Visual Studio you can choose to start a new Report Server Project. When you blank project has opened you should start with creating a shared data source, specify your Operations Manager data warehouse database. Then add a new item, a report, under the Reports folder in the Solution Explorer window.

The example report below is a “per user” report, which will show you all AEM events for a specified username. I have included some numbers, with total number of users, total number of events, average number of events per user and total number of events for the specified user. I have also included info about the last event for the specified user and a table with all events for the specified user.

In my example report I use four dataset.

1. One to get all Aem users that have a event in the database
2. One to get info for the first table, for example total number of events
3. One to get last crash for the specified user
4. One to get all the events for the specified user

List usernames

SELECT DISTINCT AemUserName FROM [CM].[vCMAemRaw] Rw
INNER JOIN dbo.AemComputer Computer ON Computer.AemComputerRowID = Rw.AemComputerRowID
INNER JOIN dbo.AemUser Usr ON Usr.AemUserRowId = Rw.AemUserRowId
INNER JOIN dbo.AemErrorGroup EGrp ON Egrp.ErrorGroupRowId = Rw.ErrorGroupRowId
INNER JOIN dbo.AemApplication App ON App.ApplicationRowId = Egrp.ApplicationRowId

All info for the first table in the example

SELECT (SELECT COUNT(CrashID) FROM CM.vCMAemRaw) AS TotalEvents, (SELECT COUNT(DISTINCT AemUserRowID) FROM CM.vCMAemRaw) AS TotalUsers, (SELECT (SELECT COUNT(CrashID) FROM CM.vCMAemRaw ) / (SELECT COUNT(DISTINCT AemUserRowID) FROM CM.vCMAemRaw)) AS TotalAverage, (SELECT COUNT(CrashID) FROM [CM].[vCMAemRaw] Rw
INNER JOIN dbo.AemComputer Computer ON Computer.AemComputerRowID = Rw.AemComputerRowID
INNER JOIN dbo.AemUser Usr ON Usr.AemUserRowId = Rw.AemUserRowId
WHERE AemUserName=@UserName) AS UserTotal

Note that I use a parameter, @UserName. Last problem for the specified user

SELECT top 1 CrashTime FROM [CM].[vCMAemRaw] Rw
INNER JOIN dbo.AemComputer Computer ON Computer.AemComputerRowID = Rw.AemComputerRowID
INNER JOIN dbo.AemUser Usr ON Usr.AemUserRowId = Rw.AemUserRowId
INNER JOIN dbo.AemErrorGroup EGrp ON Egrp.ErrorGroupRowId = Rw.ErrorGroupRowId
INNER JOIN dbo.AemApplication App ON App.ApplicationRowId = Egrp.ApplicationRowId
WHERE AemUserName = @UserName ORDER BY CrashTime desc

Info for the “all events for user” table

SELECT CrashTime, AemComputerName,BucketType,Parameter1,Parameter2,CompanyName, AemUserName FROM [CM].[vCMAemRaw] Rw
INNER JOIN dbo.AemComputer Computer ON Computer.AemComputerRowID = Rw.AemComputerRowID
INNER JOIN dbo.AemUser Usr ON Usr.AemUserRowId = Rw.AemUserRowId
INNER JOIN dbo.AemErrorGroup EGrp ON Egrp.ErrorGroupRowId = Rw.ErrorGroupRowId
INNER JOIN dbo.AemApplication App ON App.ApplicationRowId = Egrp.ApplicationRowId
WHERE AemUserName = @UserName

When you have added the fields from all datasets to your report, you can simple deploy it to your reporting server. The base SQL query I used is

select * from [CM].[vCMAemRaw] Rw
inner join dbo.AemComputer Computer on Computer.AemComputerRowID = Rw.AemComputerRowID
inner join dbo.AemUser Usr on Usr.AemUserRowId = Rw.AemUserRowId
inner join dbo.AemErrorGroup EGrp on Egrp.ErrorGroupRowId = Rw.ErrorGroupRowId
Inner join dbo.AemApplication App on App.ApplicationRowId = Egrp.ApplicationRowId

Thanks to Kevin Holman for that one. I think that with the base SQL query for AEM you can build all kind of AEM reports that your organization needs. And when doing that, check out all new cool gauges in Visual Studio 2008.

Yesterday Microsoft announced the availability of the Ops Mgr 2007 R2 RC (Release Candidate) on Connect.

News in this release are:

-New Power Management MP template (the monitored system must be either Windows Server 2008 R2 or Windows 7)
-Updated branding across all user interfaces, including a new skin (dark/black)
-Improved trace configuration tools to help support issues escalated to Customer Support (if applicable)
-Improved Run As Account Distribution Configuration
-Ability to run in-line tasks for non-Microsoft servers
-Support for upgrade from Beta deployments to the Release Candidate
-New and updated documentation, including the Usage Guide, Design Guide, Deployment Guide, Upgrade Guide, Security Guide, and Operations Guide

The RC should be upgradeable to the RTM version once that is available, but since this is a test version, do not run it in a production environment unless you have made special arrangements with Microsoft.

more info at the team blog here

In the release candidate documents there are also some news for example design documentation how to monitor non Microsoft devices and also info about the new security alternative for accounts. There is a new document named “Reporting Deployment and Usage Troubleshooting”, including several common configuration and usage issues that can cause Operations Manager Reporting errors. This document addresses the most common issues, solutions to those issues and tools that you can use to resolve these problems. The security guide includes some good info about “Authentication and Data Encryption for UNIX and Linux Operating Systems” works, also some good pictures how discovery works for non-Windows machines. The deployment guide has been updated with information how to install on Windows Server 2008 and SQL 2008.

In the “Supported configuration” document there are also some intresting info

Computers other than Windows-based computers per dedicated management server: 200
Computers other than Windows-based computers per management group: 500
Monitorable Operating Systems Other Then Windows
.AIX 5.3 (Power), 6.1 (Power)
.HP-UX 11iv2 (PA-RISC and IA64) and 11iv3 (PA-RISC and IA64)
.Red Hat Enterprise Server 4 (x64 and x86) and 5 (x64 and x86)
.Solaris 8 (SPARC), 9 (SPARC) and 10 (SPARC and X86 versions later than 120012-14)
.SUSE Linux Enterprise Server 9 (x86) and 10 SP1 (x86 and X64)

Last week Savision released a free version of Live Maps for Microsoft Operations Manager 2007. Microsoft Operations Manager administrators everywhere can now benefit from the great visualization capabilities of Live Maps v3. The free version is fully functional and allows IT organizations to create three maps of any type. Download here .

…more demos at Savision webpage.

Tool number two is from Mark Wolzak. He has created a cool Maintenance Mode GUI that you can download here.

In Operations Manager 2007 R2 we have the possibility to monitor Linux and UNIX machines. There are among with other new features two new management pack templates:

• Unix/Linux LogFile (monitor a logfile for a specified entry)
• Unix/Linux Service (monitor a service with a standalone process)

In this post I will show some ideas how to monitor file size on a linux machine. File size monitoring is not a default feature in R2, not on Windows or on Linux machines. On Windows machines I use a two state monitor and a script, describe in this post.

The first step is to create a script on the Linux side. This script checks how big the file is, and if the file is bigger then 100 it will write a warning to a logfile (scriptlog.log).

#!/bin/sh
find /load.sh -printf ‘%s %p\n’ | while read size name; do
if [ “$size” -gt 100 ]; then
echo $(date) WARNING the file is $size >> scriptlog.log
fi
done

The next step is to get Linux to run it automatically, we can do that with cron. Cron is a time-based job scheduler in Linux. Cron is driven by a crontab, a configuration file that specifies what to run and when. My crontab looks like

* * * * * / root/script.sh

It is very simple, I run the script every minute. Configure it with

crontab -e

The next step is to configure a management pack template for the Linux logfile to trigger on WARNING in the scriptlog.log file, configure it to trigger on WARNING. It is also important to keep track of the cron process, fortunately that is monitored with the default SUSE management pack.

You are now monitoring if there is a problem with the file size. The next step is to get the size of the file as performance data in Operations Manager. This can also be done with a script and a collection rule. Create a Collection Rule (Probe Based/Script (Performance)) and run the following script with the rule:

Set objShell = WScript.CreateObject(“WScript.Shell”)
Set objExecObject = objShell.Exec(“cmd /c C:\plink.exe user@192.168.0.71 -pw password stat -c%s / root/script.sh”)
Do While Not objExecObject.StdOut.AtEndOfStream
strText = objExecObject.StdOut.ReadLine()

Dim oAPI,oBAG
Set oAPI = CreateObject(“MOM.ScriptAPI”)
Set oBag = oAPI.CreatePropertyBag()
Call oBag.AddValue(“PerfValue”, 10)
Call oAPI.Return(oBag)
Loop

This script runs plink.exe. Plink (PuTTY Link) is a command-line connection tool. We will use that to execute commands on the Linux side. The script will then collect the result of the command, the file size, and send it back as a performance data value (PerfValue). I have the same kind of script for Windows here.

The next thing we might want to check is if the file exists. We can do that with a two state monitor. In this post you can read how to configure a two state monitor with a script. Use the script below in your monitor

Dim oAPI, oBag
Set oAPI = CreateObject(“MOM.ScriptAPI”)
Set oBag = oAPI.CreatePropertyBag()
Set objShell = WScript.CreateObject(“WScript.Shell”)
Set objExecObject = objShell.Exec(“cmd /c C:\plink.exe user@192.168.0.71 -pw password [ -f / root/thefile.log ] && echo ok || echo bad”)
Do While Not objExecObject.StdOut.AtEndOfStream
strValue = objExecObject.StdOut.ReadLine()

If instr(strValue, “ok”) Then
Call oBag.AddValue(“Status”,”OK”)
Call oAPI.Return(oBag)
End If

If instr(strValue, “bad”) Then
Call oBag.AddValue(“Status”,”Bad”)
Call oAPI.Return(oBag)
End If

Loop

That script checks if thefile.log exists in the root directory. If it does it will send back “ok” else “bad”.

Summary: We use a couple of different scripts and forwards the result to Ops Mgr. One script echo to a logfile that we then pickup with default a Logfile management pack template. Another script is run from inside a two state monitor with the plink.exe tool. In this post I wanted to give you some ideas to get info into Operations Manager 2007 from your Linux machines.

I have received a number of questions lately regarding event collection. In this post I will show you how you can collect events and review them both in reports and in the console.

Start by creating a new rule, authoring/rules/create a rule/collection rule/NT event log. The collection rule will only collect, not generate any alerts. In my example I use Windows Server 2008 Computer as target. I will create the rule disable as default. Then override and enable it for a group including a couple of windows server 2008 computer objects.
When you have created the new rule you can create a new event view in the monitoring workspace. Remember to create the new view in the same MP as the collection rule is stored.

The next step is to create a report. You can use the generic Custom Event report to create a linked report showing all the events. Run the Custom Event report and select a couple of windows server 2008 computers as objects, filter the report for example in my example Event ID equals 666. Note that you have to check its checkbox for every report field you want to include. If you check any checkboxes you will get a empty report.

If you don’t like the default event report you can author a new in Visual Studio. You can read my guide about that here and use the following query when building the data set in Visual Studio

SELECT
vEvent.DateTime,
vEventPublisher.EventPublisherName as ‘EventSource’,
vEventLoggingComputer.ComputerName as ‘Computer’,
vEventLevel.EventLevelTitle as ‘Type’,
vEvent.EventDisplayNumber as ‘EventID’,
vEventChannel.EventChannelTitle,
vEventUserName.UserName,
vEventDetail.RenderedDescription as ‘EventDescription’
FROM
Event.vEvent LEFT OUTER JOIN
vEventUserName ON vEvent.UserNameRowId =
vEventUserName.EventUserNameRowId LEFT OUTER JOIN
vEventCategory ON vEvent.EventCategoryRowId =
vEventCategory.EventCategoryRowId LEFT OUTER JOIN
vEventPublisher ON vEvent.EventPublisherRowId =
vEventPublisher.EventPublisherRowId LEFT OUTER JOIN
vEventLoggingComputer ON vEvent.LoggingComputerRowId =
vEventLoggingComputer.EventLoggingComputerRowId LEFT OUTER JOIN
vEventLevel ON vEvent.EventLevelId = vEventLevel.EventLevelId LEFT OUTER JOIN
vEventChannel ON vEvent.EventChannelRowId =
vEventChannel.EventChannelRowId LEFT OUTER JOIN
Event.vEventDetail ON vEvent.EventOriginId = vEventDetail.EventOriginId
WHERE vEventLevel.EventLevelTitle = ‘Error’
ORDER BY vEvent.DateTime, vEventLoggingComputer.ComputerName

To generate test events you can use eventcreate, which is built-in into Windows 2003 and 2008. For example run “Eventcreate /L Application /D “test” /T ERROR /ID 666” .To generate an event in the application log with event ID 666 and “test” as event description.

I have seen a number of scripts on the Internet to enable ACS forwarding for multiple machines. Unfortunately they are not always working or they have to many variables to adjust. But, there are two scripts on the Operations Manager CD that you can use, one for enable and one for disable ACS forwarders.

• DisableForwarding.ps1
• EnableForwarding.ps1

If you have a custom group, including a number of machines, for which you want to enable ACS forwarding, you can follow the steps below

1. In the Operations Console, navigate to the Monitoring  workspace, then click the Discovered Inventory view
2. Click Change Target Type, in the action pane
3. In the Select a Target Type window, select View all target, then select Computer Group and click OK
4. Right-click a group and select Open and Command Shell from the context menu
5. Input C:\EnableForwarding.ps1 <FQDN ACS Collector> and press Enter to run the script (ex C:\EnableForwarding.ps1 ms01.contoso.local)
6. In the popup window, input Operations Manager administrator credentials
7. Input cd ..
8. Input get-monitoringclass –name “Microsoft.SystemCenter.ACS.Forwarder” | get-monitoringobject | ft pathname
9. Verify that all machines in your group is in the list of ACS forwarders
10. Input exit to close command shell

If you have your groups in a unsealed management pack you might need to seal that management pack first. There are guides about that here and here.

Operations Manager 2007 collects large amounts of data from your environment. By using the Reporting feature, you can create reports based on this data that provide additional information about the health of your environment. Operations Manager can have four types of reports

• Published reports, automatically available in the console after ops mgr reporting installation
• Linked reports, based on existing reports
• Custom reports, authored from queries that you build in Visual Studio
• Report solution, defined with Visual Studio and are available in a  management pack 

I always try to solve the new report request with a linked report if possible. The next step is to use the built-in SQL Report Builder, which you find under the Reporting workspace. But when using that you will need a report model. A report model is a description of an underlying database that is used for building reports in Report Builder 1.0. For example in this post I use the ACS db (Audit Collection) report model to build custom ACS reports. In Ops Mgr there are report models for ACS, performance and event reports. But there are scenarios that you can´t solve with linked reports or SQL Report Builder, and then Visual Studio is a great tool to build reports with.

The first thing you need to do in Visual Studio when you start a new reporting project is to add a data source. A data source represents a connection to an external data source. The second thing is to add a report and a data set. A data set retrieves rows of data from a data source based on an SQL query. You can for example the query string below when working with performance reports. As you can see it looks for performance counters including Available MBytes in the name.

SELECT
vManagedEntityTypeImage.Image,
vPerfHourly.DateTime,
vPerfHourly.SampleCount,
vPerfHourly.AverageValue,
vPerfHourly.StandardDeviation,
vPerfHourly.MaxValue,
vManagedEntity.FullName,
vManagedEntity.Path,
vManagedEntity.Name,
vManagedEntity.DisplayName,
vManagedEntity.ManagedEntityDefaultName,
vPerformanceRuleInstance.InstanceName,
vPerformanceRule.ObjectName,
vPerformanceRule.CounterName
FROM
Perf.vPerfHourly INNER JOIN
vManagedEntity ON Perf.vPerfHourly.ManagedEntityRowId =
vManagedEntity.ManagedEntityRowId INNER JOIN
vManagedEntityType ON vManagedEntity.ManagedEntityTypeRowId =
vManagedEntityType.ManagedEntityTypeRowId LEFT OUTER JOIN
vManagedEntityTypeImage ON vManagedEntityType.ManagedEntityTypeRowId =
vManagedEntityTypeImage.ManagedEntityTypeRowId INNER JOIN
vPerformanceRuleInstance ON
vPerformanceRuleInstance.PerformanceRuleInstanceRowId =
Perf.vPerfHourly.PerformanceRuleInstanceRowId INNER JOIN
vPerformanceRule ON vPerformanceRuleInstance.RuleRowId =
vPerformanceRule.RuleRowId
WHERE
(vPerformanceRule.CounterName LIKE N’%Available MBytes%’)
ORDER BY vPerfHourly.DateTime

 There are a number of good query strings at this TechNet page. The next thing to do is to start designing your report. You can drag and drop report objects from the toolbox. Report items add data, structure, and formatting to a report and come in two varieties; data regions and independent items. A data region renders data from an underlying data set.Independent report items are items that are not associated with a data set, for example a line or a rectangle. If we continue with the available Mbytes example a chart would be a good start. By drag and dropping a chart from the toolbox and then fields from the dataset you can easily create a chart. But it is not that easy-to-read.

To make the report more precise we could start by adding a drop down menu to select which machine to look at performance data from. To do that we first need to create a new dataset. You can use the same SQL query as before, but in this dataset only

select DISTINCT vManagedEntity.Path

, as we only want machines in the drop down menu. Then go to the Report menu and select to add a report parameter. Select to create a report parameter with a query based value and then select your new dataset and the path field. Then you need to add this parameter to your first dataset, as you want to only see performance data for the selected machine. To do that add vManagedEntity.Path and your parameter to the SQL query.

(vPerformanceRule.CounterName LIKE N’%Available MBytes%’) AND (vManagedEntity.Path = @Server)

If we now preview the report there is a drop down menu with all machines where the chart only show data shows data related to the selected machine.

The next think would be to change the time range. You can do that with report parameters and then add them to your SQL query. If you want to add a dynamic time range, for example NOW minus 7 days you can use the DateAdd command in your SQL query.

If you then right-click the chart there are a number of settings, for example change the scale, change chart type, enable 3-D and add a title to the chart. Other things that you might want to add is a header and some text to your report, then a table with details about the data in the chart. You can drag and drop both text box and matrix from the toolbox.

 

When you are satisfied with your report you can right-click the report project (top left side of visual studio) and deploy the report to your reporting server.