Contoso.se

Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP
MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
OMS
Inside the Microsoft Operations Management Suite

New MOM KB

When you try to import a Microsoft Operations Manager 2005 report, the import process fails

RSS feed about KB

At the below URL your can connect to a RSS feed about Microsoft KB articles. A great way to keep yourself updated.
http://support.microsoft.com/selectindex/?target=rss

Monitor File Modification

Sometimes it can be difficult to monitor a application. For example even if the application hand the process can still be there. A solution can be to monitor if the application still write anything to the logfile. I have written a simple VB script that will monitor that.

strComputer = "."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("c:\log.txt")
Const EVENT_WARNING = 2
Set objShell = CreateObject("Wscript.Shell")
If DateDiff("n", objFile.DateLastModified, Now) > 1 Then
objShell.LogEvent EVENT_WARNING, _
"objFile is older than 4 hours. Please investigate. The file is: " & objFile
end If

If DateDiff("n", objFile.DateLastModified, Now) > 1 Then
This line is interesting. “n” menas minute, in this case an alert will be generated if the file haven’t been updated for a minute.
You can switch “n” to one of the following:

m – months
d – days
h – hours
n – minutes
s – seconds

If the file isent newer than your settings a event will be generated in the local event viewer. That event we can collect with MOM.

This line controlls which file to monitor
Set objFile = objFSO.GetFile("c:\log.txt")

How-to make MOM send alerts

  • Insert the script into MOM
  • Create a rule that monitor the event viewer
  • Create a rule that runs the script

You insert the script as a VBscript in Administrator Console under
Administrator Console
-Management Packs
–Scripts

You dont have to create any parameters for that script.

Create a new computer group and add you server to that group. Create a new rule group and associate your new computer group with that rule group. Under event rules create a new rule with the following settings

Data Provider> Provider name: Application
Data Provider> Windows NT Event log
Criteria> From source: WSH
Criteria> of type: Warning
Alert: markGenerate alert

Then one more rule that will run the script

Data Provider> Choose a time provider with a suitable time, or create a new (Modify…) 
Responses> Add your script (Add -> Launch a script)

That should do it. Note that it can take some minutes before the new rules works.

Inside Microsoft Operations Manager

Inside Microsoft Operations Manager is a newsletter about MOM from Silent Software Inc.
In the last number one of my reply was published, about free disk monitoring.

You will find the newsletter here

You receive duplicate alerts after you click to select the “Suppress duplicate alerts” check box and then commit configuration changes in Microsoft Operations Manager 2005

A new KB
You receive duplicate alerts after you click to select the “Suppress duplicate alerts” check box and then commit configuration changes in Microsoft Operations Manager 2005
http://support.microsoft.com/?id=918176

Perf Threshold: SMS SQL Connections > 500 over 2 hours

Do you recognize this alert? 

SMS_SERVER - SMS 2003 Perf Threshold: SMS SQL Connections > 500 over 2 hours.
SQLServer:General Statistics: User Connections: value = 300,5. The average over last 2 samples is 300.5. 

The cause might be that the MOM agent has a large number of connection from sqldmo_%/sqldmo_(number) to the database. The agent not always disconnect. Try to restart you mom agent, you can do that by the following command 

net stop mom
net start mom
   

 

Auto-resolution

A MOM Operator can sometimes experience that alerts disappear. This phenomenon depends on a function that will auto resolve alerts after a specified time if no one does anything with them. MOM will keep track how long an alert has been in a resolution state.

For example if a alert exceed times settings under “Alert Resolution States” and “Service Level Agreement” there will be an alert in the service-level exception alert view in Operators Console. This is a way to make sure alerts are handle the correct way.

Auto alert resolution gives MOM the possibility to update the MOM database (OnePoint) when an alert is not active anymore, without a operator has done anything. Under global settings in the Administrator console you can setup all times controlling when an alert will be auto resolved. There is two type of alerts “normal alerts” and “state alerts”. Normal alerts have problem state = Investigate. State problem have problem state = active or inactive. MOM cant auto resolve alerts that has problem state = active since the problem remain and no one knows if there will be more alerts. MOM will auto resolve alerts that fulfill this

resolution state = 'new' and problem state != 'active'

Default time settings is
Automatically resolved critical error alerts 90 days
Automatically resolved error alerts 2 days
Automatically resolved inactive alerts 1 hours
Automatically resolved informational alerts 4 hours
Automatically resolved security issue alerts 90 days
Automatically resolved service unavailable alerts 90 days
Automatically resolved success alerts 4 hours
Automatically resolved warning alerts 1 day

The following is a example from the history tab on an alert in Operators Console. It shows how an alert was created, according to the global settings it was auto resolved after 2 days. 2 days is default for serverity = error.

2006-06-09 05:30:03: AutoResolved
Auto Resolving Alert
Changed ‘Resolution State’ from ‘New’ to ‘Resolved’.  2006-06-07 10:51:43: NT AUTHORITY\NETWORK SERVICE
Alert is created in management group Contoso.
   

 

Microsoft System Center Essentials 2007

There is a demo of System Center Essential 2007 that you can watch here

SQL Management Pack

There is a new version of SQL Management pack for SQL 2000 and 2005 ready for download 

  • Support for SQL 2003 SP1 and database mirroring
  • Improved support for X64
  • Improved support for monitoring of database space
  • Improvied product knowledge

You can download it here

Windows Media Player 11 beta 2

You can now download Windows Media Player 11 beta 2 here
You can find a FAQ here