Contoso.se

Welcome to contoso.se! My name is Anders Bengtsson and this is my blog about Azure infrastructure and system management. I am a senior engineer in the FastTrack for Azure team, part of Azure Engineering, at Microsoft.  Contoso.se has two main purposes, first as a platform to share information with the community and the second as a notebook for myself.

Everything you read here is my own personal opinion and any code is provided "AS-IS" with no warranties.

Anders Bengtsson

MVP
MVP awarded 2007,2008,2009,2010

My Books
Service Manager Unleashed
Service Manager Unleashed
Orchestrator Unleashed
Orchestrator 2012 Unleashed
OMS
Inside the Microsoft Operations Management Suite

Inside Microsoft Operations Manager

Inside Microsoft Operations Manager is a newsletter about MOM from Silent Software Inc.
In the last number one of my reply was published, about free disk monitoring.

You will find the newsletter here

You receive duplicate alerts after you click to select the “Suppress duplicate alerts” check box and then commit configuration changes in Microsoft Operations Manager 2005

A new KB
You receive duplicate alerts after you click to select the “Suppress duplicate alerts” check box and then commit configuration changes in Microsoft Operations Manager 2005
http://support.microsoft.com/?id=918176

Perf Threshold: SMS SQL Connections > 500 over 2 hours

Do you recognize this alert? 

SMS_SERVER - SMS 2003 Perf Threshold: SMS SQL Connections > 500 over 2 hours.
SQLServer:General Statistics: User Connections: value = 300,5. The average over last 2 samples is 300.5. 

The cause might be that the MOM agent has a large number of connection from sqldmo_%/sqldmo_(number) to the database. The agent not always disconnect. Try to restart you mom agent, you can do that by the following command 

net stop mom
net start mom
   

 

Auto-resolution

A MOM Operator can sometimes experience that alerts disappear. This phenomenon depends on a function that will auto resolve alerts after a specified time if no one does anything with them. MOM will keep track how long an alert has been in a resolution state.

For example if a alert exceed times settings under “Alert Resolution States” and “Service Level Agreement” there will be an alert in the service-level exception alert view in Operators Console. This is a way to make sure alerts are handle the correct way.

Auto alert resolution gives MOM the possibility to update the MOM database (OnePoint) when an alert is not active anymore, without a operator has done anything. Under global settings in the Administrator console you can setup all times controlling when an alert will be auto resolved. There is two type of alerts “normal alerts” and “state alerts”. Normal alerts have problem state = Investigate. State problem have problem state = active or inactive. MOM cant auto resolve alerts that has problem state = active since the problem remain and no one knows if there will be more alerts. MOM will auto resolve alerts that fulfill this

resolution state = 'new' and problem state != 'active'

Default time settings is
Automatically resolved critical error alerts 90 days
Automatically resolved error alerts 2 days
Automatically resolved inactive alerts 1 hours
Automatically resolved informational alerts 4 hours
Automatically resolved security issue alerts 90 days
Automatically resolved service unavailable alerts 90 days
Automatically resolved success alerts 4 hours
Automatically resolved warning alerts 1 day

The following is a example from the history tab on an alert in Operators Console. It shows how an alert was created, according to the global settings it was auto resolved after 2 days. 2 days is default for serverity = error.

2006-06-09 05:30:03: AutoResolved
Auto Resolving Alert
Changed ‘Resolution State’ from ‘New’ to ‘Resolved’.  2006-06-07 10:51:43: NT AUTHORITY\NETWORK SERVICE
Alert is created in management group Contoso.
   

 

Microsoft System Center Essentials 2007

There is a demo of System Center Essential 2007 that you can watch here

SQL Management Pack

There is a new version of SQL Management pack for SQL 2000 and 2005 ready for download 

  • Support for SQL 2003 SP1 and database mirroring
  • Improved support for X64
  • Improved support for monitoring of database space
  • Improvied product knowledge

You can download it here

Windows Media Player 11 beta 2

You can now download Windows Media Player 11 beta 2 here
You can find a FAQ here

Monitor logfile

Do you have some strange application with a logfile? It is suitable to monitor that logfile with MOM. Below there is a short walkthrough how to do that. To get this to work you will need a new provider and a new rule.

1.
Create a new provider.
You create provides in Administrator Console, Management Packs, Provides.
Right-click Provides and choose “Create Provide”, fill in information as below
Source of the provider: Application Log
Type: Application Log
Settings: Generic single-log file
Directory: for example C:\LOG
Format: Generic
File Pattern: for example system.log or log*
Click Finish when done

2.
Create a new computer group, name it to some something suitable for example MyApp. Add all computers you want to monitor.

3.
Create a new rule group. Associate the new computer group with your new rule group.

4.
In you new rule group, right-click Event Rules and choose “Alert on or response to event…”
fill in information as below at Advanced on the Event Rule Properties – Criteria tab.
Provider Name: Choose the provider you created before
Field: Parameter 4
Condition: matches wildcard
Value: For example *warning* if we want an alert when that word is in the logfile.
                Click Add to list
                Click Close
Event Rule Properties – Criteria, click next
Event Rule Properties – Schedule, click next
Event Rule Properties – Alert, check “Generate alert, then click next
Event Rule Properties – Alert Suppression, click next
Event Rule Properties – Responses, click next
Event Rule Properties – Knowledge Base, click next
Event Rule Properties – General, input a name and click finished

That should do it!

Note that it can take some minutes before new rules is active. Also note that MOM will start “read” a line when the application has started on a new line. So when the application has start write to line 2 MOM will read line 1.

I have upload screenshots with all settings, you can find them under screenshots.

Remove management pack

I got a question a couple of days ago from my friend Christoffer Andersson:
“Is it possible to remove a management pack from SCOM 2007”?

Operations Manager 2007 also includes the ability to delete a management pack.
Deleting a management pack will remove all management pack objects and discovered data from the database.

source: Operations Manager 2007 Help

Virtual Appliances

A “virtual appliance” is a pre-installed and pre-conf application or IS running on a standard server or desktop computer in a virtual environment. There is a couple of hundreds   

There is a couple of hundreds virtual appliances ready for download at vmware.com. For example anti-spam servers, mailservers, proxy, firewalls and IDS servers. 

You will find Virtual Appliance here. 

You can download Vmware server for free here