Markus Baeker has posted a connector to link SCOM and Nagios. Normally the blog is in German but this post is in English as there is now an English instruction manual and you can define English status messages.
http://www.mbaeker.de/2009/07/scom2nagios-1-2/
It is released under the terms of the GNU General Public License.
There is a thread on the OpsMgr forum about the pros and cons of having the MPs directly imported in from the web catalogue in R2. Marnix Wolf has a good post about it that summarises the issue. One of the key ones being that it bypasses the manual which is needed in most cases to know how to configure the MP – RTFM. It is useful for me to download known MPs when I create a new installation but for a production environment change control is essential.
One of the other things that happens if you do not test it is that you could get flooded with alerts as I found out recently when importing the DFS MP at a customer site. Luckily I was not the one that received the 600 e-mails from the alerts created. In a new installation the agents are pushed out a few at a time and an MP is added and then tuned. So it is easier for new installation plus it is not in production yet so no-one is looking at the console and subscriptions have not been setup for e-mail alerts. If you have a system where all the agents are already out and it is in production then you need to be careful before importing a new MP. Here are some suggestions that I have developed or picked up from others that should be used to ensure a new MP does not create a flood of alerts.
Method 1 – Don’t Import
Just because you can import an MP does not mean that you should. If you are not interested in monitoring a particular area then why import the MP? I always say to customers that the only alerts that you should see in the console are actionable alerts otherwise the console gets cluttered as people rarely keep it tidy and the Ops guys start to discount the console as they see too many alerts which don’t mean anything to them.
Method 2 – Use Silect
Silect have been making MP Studio for years. It allows you to test an MP without actually deploying to tell you about what alerts would have been created. It does other stuff as well like tracking changes but the problem is that it does cost money which puts some customers off. But if you have invested in Operations Manager rather than one of the other expensive monitoring frameworks then you should have some spare money to buy this.
Method 3 – Create an override MP in test
This method assumes that you have a test environment. Even a single OpsMgr server in a virtual environment would do. With many versions of virtualisation being free (Virtual PC, Virtual Server, Hyper-V Server, VMWare Server, VMware ESXi and Citrix XenServer amongst others) and a 180 evaluation copy of OpsMgr being available most organisations should be able to set up a single server test.
OpsMgr allows you to multi home up to 4 management groups. When the agent is first deployed to a server it does the actual install. When you “install” the 2nd, 3rd and 4th agent it does not install another agent but creates new registry keys and keeps the rules from one management group separate from another. This means that you can push the agent out from your test server to servers that have the application of the MP you are testing and you can find out what alerts are created without those alerts (and potential subscription e-mails) going into the production console.
Now you can create an override MP for those alerts and when you import the MP into production you import your override MP in at the same time so that the MP is already tuned for production. You can then remove the agents from the test management groups until you need to do another test. This may not be feasible for some environments with strong change control as even deploying those reg keys as a 2nd agent is seen as a change that needs to go through the process.
Method 4 – Disable discoveries
Most MPs start discovery as soon as they are imported and so rules and monitors go to the agents and start running and creating alerts. New MPs like the Exchange 2007 MP for R2 are different. It only has a lightweight discovery that discovers the components. If you want these components actually managed then you have to switch them on which means that you can control the alerts coming out. I hope all future MPS use this method.
You can import the MP in and quickly try and do an override to disable discoveries but you may not be fast enough. Use a test environment like above and then import the MP into that. Create an override MP and disable discoveries. Created a group in this MP and switch on discoveries for this group. Now import the MP and override MP into production. You can now add agents one at a time into the group so that only a subset of servers are running the MP. This should help control the number of alerts that you see. As a new “agent” is not put on production servers then this is one less change control to do.
Tools
A couple of tools that you can use to help with this are Silect MP Studio Lite. This is a free cot down version that allows you to examine an MP file so you can see what discoveries, rules and monitors are in the MP. Boris Yanushpolsky from the Product Group created MP Viewer. The latest is version 1.7. This allows you to point to an XML or MP (without having to convert it to XML first) file and open it up to view the contents in a structured manner. Stefan Stranger keeps a good list of OpsMgr tools.
Summary
Examine the MP and decide whether or not you actually want to import it.
Read the MP Guide before importing the MP. You will find out what needs to be configured.
Use a tool to examine an MP before importing it. You will get an idea of the number of rules and monitors as well as discoveries in the MP.
Use one of the methods to above to reduce potential alerts before importing the MP. If you have the money Silect is a good way to go but otherwise method 3 is best as you are actually doing the tuning without impacting production.
Remember tuning is an ongoing activity and not a one off. You should have a process for it.
The DFS MP is a converted MOM 2005 MP and as can be seen by its version number(6.0.5000.0) it is quite old. It has not been updated since being converted. There was an update but that was only to the document. The October 2008 updated release of this management pack includes the following change:
References to support of Microsoft Windows 2000 Server have been removed from the guide included in the download.
Support statement
The DFS Management Pack monitors the Distributed File Systems service on computers that are running Windows Server 2003. The DFS Management Pack does not monitor computers that are running Windows 2000.
I installed this at a customer site as they had DFS and wanted to monitor their DFS shares. This created almost 600 alerts. A bit overwhelming. This is a case where a test server would have been useful.
On one of the KB Research post it said that this problem could be caused by having the wrong version of the Windows Support Tools installed. The MP uses dfsutil.exe to do the monitoring and so needs the Windows Support Tools installed. The customer did indeed have older versions of the tools with SP2 servers but having updated the tools it did not help but was done as a matter of course as they should be in synch.
The DFS Management Pack rules must be configured with the installation folder of the Dfsutil.exe utility. It is recommended that you install the utility in the same folder on all your computers. This was checked and it was in the same directory and the default as used by the MP so that was fine.
As some (very few) DFS links showed up green this was investigated and it looked like a rights issue, After testing this was confirmed. As the MP is old it does not have a Run As account so the customer is having to go through all the DFS shares to ensure that the agent local system account can access the shares so that they can be monitored correctly. It would be nice to get an update for this MP.
As well as the MP guide there are 2 good posts from J.C. Hornbeck
No Health State for DFS Link Targets
DFS Management Pack Generates Bogus DFS Link Monitor Alerts
Which describes the problem.
This can occur when the DFS servers use Local System for the Default Action Account. Computer accounts do not have permission for file shares unless the share and NTFS security ACLs include the Authenticated Users principal. Therefore, if the DFS Link Monitor runs using Local System credentials, the monitor will detect the shares as being unavailable. The solution offered here is to create run as account and assign to all DFS servers. It does mean that all the rules except ones assigned to various run as accounts will run with this new run as account. This is something that the customer did not want to do but is an option.
Additional Information
With Windows 2003 R2 it is possible to use DFS Replication Services but the only MP I can find for that is a MOM 2005 one dated Oct 2006.
It can get very confusing with FRS, DFS, DFS Replication and DFS Namespaces as it depends on which version of the server OS you are using.
Overview of DFS
DFS Technology Center
http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/default.mspx
Build 7600 has RTMed. I have been using the beta/RC and it is a lot smoother than Vista. Probably more important to OpsMgr readers is that Windows 2008 R2 has also RTMed. This is the first OS from Microsoft that is 64 bit only. It can support 256 logical processors. That is a lot of CPU power. Probably the big news is Live Migration for Hyper-V. Microsoft gets closer to making Hyper-V a fit for enterprise production to offer real competition for VMWare ESX.
Availability seems a bit convoluted as outlined here but 4Sysops sums it up better.
Summary
MSDN and Technet subscribers: August 6 in English, October - remaining languages
Software Assurance (SA) customers: August 7, remaining languages a couple of weeks later via the Volume License Service Center (VLSC).
Microsoft Partner Network (MPN) Portal: August 16
Microsoft Action Pack Subscribers: August 23rd
Volume License customers without SA: September 1
Consumers: October 22
6th August! That is just 15 days away. Better get reading and planning.
If you wanted to know more about PowerShell then there is a free PDF you can download from http://powershell.com/cs/blogs/ebook/. It is called “Mastering PowerShell” and it is 567 pages long. It is written by Dr. Tobias Weltner.
It is useful to know PowerShell for OpsMgr as there are areas where it is very easy to do a one liner in PowerShell that is impossible in the console. However you may want to read this article about whether you should learn scripting. http://4sysops.com/archives/a-different-network-why-administrators-should-avoid-scripting/
My view is that I do not want to learn to be a scripting guru but having a stock of PowerShell scripts that I have gleaned from blog posts over the years is very useful. Once I have a line or script that I find useful I put it in a text file so that I can use it at multiple customer sites. Of course in order to use these correctly and modify them you do need to know a bit about PowerShell. This is a case where a little knowledge is a useful thing.
My DVD finally arrived today so I can catch up with all the sessions that I missed. The MMS was 27th April to 1st May so it has taken 11 weeks. Soon to be time for the next MMS!
I have blogged about Ziemek’s free disk space report before. I have run this at a customer site and they were very impressed with the report. The MP, XML and SQL query are all available at Ziemek’s blog.
There are a number of things though that you need to be aware of.
As I mentioned previously if you use System Center Data Protection Manager it creates very long names for the disk drives and that skews the report so that it does not print out well or export to PDF without creating multiple pages. I have found exporting it to Excel first works well.
I tried it on a system with 395 servers and it would time out. Rerunning would often do the trick and get the report. There is a timeout value of 9999 in the XML. I am not sure if that can be increased. The obvious solution would be to use groups to then do the reports in smaller chunks.
And that leads to the third issue. When you use the drop down list it does not show all groups but just a selection. I asked Ziemek about that and he has actually coded it in as he did not want all the computer groups to drop down in his environment. What it does is look for computer groups that do not contain : but do contain Computers. So if you create custom groups that has the word computers in it but without : they will be picked up.
If you look at the XML file you can see the query.
- <Query>
<DataSourceName>DataWarehouseMain</DataSourceName>
<CommandText>SELECT FullName, DisplayName FROM OperationsManagerDW.dbo.vManagedEntity with (nolock) where Path is null and FullName not like ‘%:%’ and DisplayName like ‘%Computers%’</CommandText>
<rd:UseGenericDesigner>true</rd:UseGenericDesigner>
</Query>
So you could always change that line in the XML if you want more groups of if you create custom groups with your organisations name it then you can swap that for computers so that only those groups show up in the drop down list. Note that this query shows up twice so I presume you need to change both.
Even with these caveats it is still a great report. And one that should have been in 2007 from the start.
Ian
One of the nice things about Operations Manager even from the early versions is the ability to run the prerequisite checker so you know what is required before you start the install. I recommend using this before starting to do any installs. It saves time later.
From the Quick Start Guide
When all components are selected, the Prerequisite Viewer checks for the presence of Windows Server 2003 SP1, SQL Server 2005 SP1 or higher, SQL Server Reporting Services SP1, MDAC version 2.80.1022.0 or higher, .NET Framework version 2.0, .NET Framework 3.0 components, WS-MAN v1.1, and Windows Power Shell. It then checks to ensure that the WWW service is running and set to automatic startup mode.
The checker does not mention the SQL version required but as the notes above say, it needs to be at least SQL 2005 SP1 which is the same as OpsMgr 2007 SP1.
This checker can check for all components or you can just check the components that will be installed on the server that you are checking.
All components
Database
![clip_image002[4]](http://ianblythmanagement.files.wordpress.com/2009/07/clip_image0024.jpg "clip_image002[4]")
Server
New requirement for Cross Platform Extentions – WS-management 1.1. This is only a warning (so it will not stop the install) as it is only required if you are pushing out agents to UNIX or Linux servers.
Console
Console with PowerShell
Web Console
This is a new requirement for the web console – ASP.NET AJAX 1.0. As this is a failure the install will not be allowed.
Note that after it is installed the requirement is no longer shown.
Reporting
Data Warehouse
To get the missing bits
· WS-MAN v1.1, available at: http://go.microsoft.com/fwlink/?LinkID=133219
· .NET Framework 2.0, available at: http://go.microsoft.com/fwlink/?LinkID=64221
· .NET Framework 3.0 components, available at: http://go.microsoft.com/fwlink/?LinkID=71270
· Windows PowerShell, available at: http://go.microsoft.com/fwlink/?LinkID=71311
Links to Optional Prerequisites
The Operations Manager 2007 R2 Prerequisite checker does not confirm the presence of the following items and you must install them manually if you want that functionality
· For creating and editing product or company knowledge in management packs you must install Microsoft Office Word 2003 (or 2007) with the .NET Programmability feature and Microsoft Visual Studio 2005 Tools for the Microsoft Office System, available at: http://go.microsoft.com/fwlink/?LinkID=53267
· If you will install agents manually, you must install MSXML 6.0, available at http://go.microsoft.com/fwlink/?LinkID=76343. MSXML 6.0 requires Windows Installer 3.1, available at: http://go.microsoft.com/fwlink/?LinkID=77051. MSXML 6.0 is automatically installed with the agent when the agents are pushed out.
MP Authoring Console
Although this does not have a prerequisite checker it still does a check and if it fails you can check the log.
![clip_image002[6]](http://ianblythmanagement.files.wordpress.com/2009/07/clip_image0026.jpg "clip_image002[6]")
Note that the .Net requirements are higher than for the other components.
Hope this helps in your planning and installations.
Ian
One of the nice things about attending the MMS is that you get a DVD with all the sessions on it so that you can watch the ones that you missed. Makes it a lot easier when there are multiple sessions that you want to see. Just a pain that it takes so long. Just received this e-mail.
Dear MMS 2009 Attendee,
This e-mail serves as confirmation that your MMS 2009 DVD set has been shipped and you should be receiving it within 1-2 weeks (International locations may take longer). The DVD set has been sent via the U.S. Postal Service to the address included with your registration information.
Just a few more weeks now. Luckily I downloaded a number of the videos from the MMS site when I was there and could watch those. Actually if you are an attendee you can still logon on to the site and download the presentations and videos. But it is nicer to have the DVD.
It reminds me that one of the OpsMgr sessions that they should have ran was how to deal with certificates. I am sure that would have been popular.
