Monday, April 24, 2017

Updated MP: ConfigMgr (SCCM) MP, For Hybrid Scenario’s

Recently Microsoft updated their ConfigMgr (SCCM) MP to version 5.00.8239.1009. With this update this MP is capable to monitor hybrid scenarios.

As stated by Microsoft: ‘…This update will extend the capabilities to monitor availability, performance, and health of the Microsoft Intune connector site system role for companies who integrate Configuration Manager and Microsoft Intune in a hybrid environment…’

MP can be downloaded from here.

Wednesday, April 19, 2017

Webinar ‘Is The System Center Stack Dead Or Not?’

On the 17th of May 2017 I’ll present a session for the Windows Management User Group Netherlands with the title: Is the System Center stack dead or not?

Session abstract:

‘…With Microsoft’s Cloud & Mobile First strategy, our world has changed drastically. Not a single Microsoft product is left untouched. The same goes for System Center stack.

Many of the components of this stack date from the pre-cloud era whereas other SC components were invented in order to enable/support the Private Cloud strategy, which on itself is already abandoned or at least outdated by now.

So where does it leave System Center? Is it dead? Or about to die? Is SC still worth the investment or is it time to abandon ship and head for the cloud?

And when so, what are the cloud based alternatives? Are they better/cheaper/easier to use? Is it possible to migrate on-premise workloads from the SC components to the cloud?

Whenever you ask yourself one or more of the above questions, join the webinar in order to get some decent answers. No marketing mumbo-jumbo but the ‘real deal’, experiences from the field. No cloud washing nor bashing!…’

Since it’s a webinar and I’ll present it in English, it’s easy to join. Want to know more? Go here.

Monday, April 10, 2017

MP Authoring – Quick & Dirty – 04 – Testing The Example MP


Advice to the reader
This posting is part of a series of articles. In order to get a full grasp of it, I strongly advise you to start at the beginning of it. 

Other postings in the same series:
00 – Introduction
01 – Overview
02 – Authoring the Template MP XML Code
03 - Example Using The Template MP XML Code
05 – Q&A


In this posting I’ll show you how to import the previous made custom MP (SAP.Logon.Server.xml) into SCOM and how to activate it by enabling the Discovery through an Override targeted against the Group (SAP Logon Server Group) contained in the same MP.

Again I’ve made several sections in order to keep it readable. There is much to tell, so let’s start!

Using the custom made MP
As stated in the previous posting, the custom MP is going to monitor a non-existing SAP Logon Server. Just as an example in order to show how easily a custom MP is created based on the template MP XML code, in conjunction with Notepad++ and MP Author.

01: Importing the MP and enabling the Discovery through an Override
Now you’re going to import the MP and enable the Discovery through an Override by using the Group present in the same MP.

Before you start:
TEST YOURSELF BEFORE YOU WRECK YOURSELF.

Meaning:
TEST the MP in a SCOM TEST environment, before putting it into production!!! I don’t accept any responsibility for broken SCOM environments!!!

  1. Import the MP in your SCOM test environment. Importing the MP can also be done by MP Author or the regular way, by using the SCOM Console;

  2. After the MP is imported: In the SCOM Console (log on with SCOM Admin permissions!): Go to Authoring > Groups and search for Groups with SAP in the name. Select the SAP Logon Server Group and open it;
    image_thumb35

  3. Remove the Dynamic Member rule by using the Create/Edit Rules button.image_thumb37

  4. Go to the tab Explicit Members and hit the Add/Remove Objects button. In the Search for: field select Windows Server Operating System (since the Discovery is targeted against that Class!) > Search > select the related Windows Servers where SAP Logon Server is installed. In this example I select DC01 > Add.
    image_thumb[1]
    In the Selected objects field the DC01 is now shown > OK > OK. The modifications to the Group will be saved now.

    <Advice>
    Please know that selecting the object(s) of the correct Class (Windows Server Operating System) is crucial here. Reason being that the Discovery is targeted against that very same Class. Adding object(s) of any other Class won’t work because the Discovery won’t land there. For example, adding DC01 object from the Windows Computer Class won’t make the Discovery work, nor adding the DC01 object of the Windows Server Computer Class.
    So please select the DC01 object of the Windows Server Operating System Class.
    <\End of Advice>


  5. In the SCOM Console in the menu bar go to Tools > Objects > click on Object Discoveries. Search for SAP and select the SAP Logon Server Discovery. In the Object Discovery Details screen, hit the View Knowledge link. Now the properties of the SAP Logon Server Discovery will be shown.

  6. Go to the tab Override > hit the Override button and select For a Group…:
    image_thumb[3]

  7. Search for SAP and select in the Matching objects field the SAP Logon Server Group:
    image_thumb[5]
    > OK

  8. Set an Override for Parameter Name Enabled by setting the Override Value to True. Since the Group is already contained in an Unsealed MP (SAP Logon Server), you can’t choose another Unsealed MP.
    image
    > OK. The Override will be saved now, thus enabling the Discovery for the SAP Logon Server Class for the Group SAP Logon Server Group, containing Windows Server Operating System object DC01.

    In the next section you’re going to see whether all your hard work paid off!

02: Testing the MP
Now it’s finally time to see the results of your hard work!

  1. Within a 5 to 10 minutes you’ll see that DC01 is discovered as an object of the SAP Logon Server Class:
    image

  2. It also has a State because of the Monitor you previously made, shown here in the Health Explorer of the SAP Logon Server object DC01:
    image
    Let’s stop the SAP Logon Service (Spooler service actually Smile) on DC01 in order to see what happens.
    image
    Spooler service on DC01 is stopped…

  3. Yes, it works!
    image

    And:
    SNAGHTML1c1e5c5

    An Alert is also shown:
    image

    Let’s start the Spooler service again in order to see what happens (Monitor should go back to a healthy state and the Alert should be closed automatically):
    image

    And yes, the Alert is closed automatically:
    image

    SNAGHTML1c80a09

    And:
    image

    And:
    image

  4. The Rules you made earlier work as well:
    image

    And:
    image

    And:
    image

03 – Recap
As you can see, with the template MP XML code it’s a low effort to cook up a new MP in order to monitor custom workloads running on one or more Windows Servers.

I’ve taught may IT Pro’s this approach. Many of them are capable of authoring a custom MP based on the template MP XML code within an hour! Meaning within 60 minutes they have the monitoring up and running in SCOM!

The most crucial part here is to collect the information, like WHAT needs to be monitored and HOW? In 99% of the cases it’s pretty straight forward, thus viable for the ‘Quick & Dirty Approach’ this series is all about.

Next posting in this series
By using a Q&A I’ll share additional information about how to extend the usage of the ‘Quick & Direct Approach’, thus aiding you even more in your quest to get SCOM monitoring on par with the requirements of your organization.

See you all next time!

Friday, April 7, 2017

RANT: Ignite & Other Microsoft Events

A few weeks ago I attended the free Microsoft Tech Summit event in Amsterdam. It lasted two days in which I learned a great deal, most of it outside the sessions. Also it made me think about how the Microsoft event cycle is organized now and what’s lacking BIG time.

At the end of the day, these are just my thoughts/ideas. So there is no need to feel/think the same. Yet I am wondering whether I am the only one out there or perhaps there are people thinking the same about it.

So feel free to comment Smile.

The past – The pre-Ignite Era
Before Ignite there were the Tech-Ed events, organized in the US, Europe, Asia and Australia. Besides that there were more product/service related events as well, like MMS, events for partners and Exchange/Lync events.

Those events were quite accessible and contained good content, aimed at their respective audiences. Also because most of those events were organized in different regions (Tech-Ed events that is), those events were fairly easy to go to. No need to travel to the US, only when one wanted to go to MMS or the Exchange/Skype event for instance.

In most cases it was pretty easy to write a business case for it, thus being allowed to visit a Microsoft event.

Sadly, Microsoft decided to change things and Ignite was born…

The current situation: Ignite was born, and many other good events were killed
With the birth of Ignite, many good events like Tech-Ed, MMS, Exchange/Skype were killed. Because Ignite would bring it all together. A bigger and much more happier place, at least that’s what Microsoft aimed for (I guess).

So instead of events targeted at certain audiences, one big monster event was created targeted at everyone and everything. And instead of covering many different regions, Ignite is hosted in the US and Australia only.

Both locations are quite out of reach for many organizations residing outside the US and Australia. Resulting in Ignite selling out while not covering the request for information as covered for by events like Tech-Ed/MMS and others. More over, many people who normally attended the more regional events, were (and still are!) left out.

Meaning, Microsoft is missing out on tons of valuable feedback. But at the end of the day Ignite is a bigger event compared to VMware World and events organized by other competitors, and IMHO that’s what counts for Microsoft?

As another side effect, it turned out to become even harder to present at Ignite being a non-Microsoft employer, while in the past most of the best sessions were given by non-Microsoft employers. Also many sessions are following the Microsoft regime resulting in too much marketing mumbo jumbo.

No, I’ve never been to Ignite myself. But I’ve watched my share of recorded Ignite 2016/2015 sessions. And content wise, the overall quality has dropped significantly compared to the pre-Ignite era. Not only because of the Microsoft regime but also because EVERYTHING has to be crammed into one week covering ALL levels of expertise and all products/services. And there is only a fixed number of rooms per day available. Resulting in the dropping out of smaller sessions with highly specialized content aimed at a smaller number of IT specialists…

Trying to bridge the cap and failing…
None the less, many professionals started complaining about missing out on many things. As such events like Microsoft Tech Summit were born/rebranded/revived. Basically being nothing but a repeat of the previous Ignite, on a much smaller scale that is of course.

Back to how I experienced Microsoft Tech Summit
And yes, many sessions of Microsoft Tech Summit referred to Ignite 2016 shamelessly. Whether the title of the slide deck (using the code of Ignite) or the demo environments, bearing names like Ignite2016 and so on… Also other sessions were ‘enriched’ with commercials about Windows 10, the latest Surface computers and so on. As a result the level of the session dropped from an already low 200 to even less 100…

All this resulted in a failed event. The first day I simply walked out of the keynote (a total fail) and some sessions because they were total crap. A waste of my time. So instead I connected with old customers, friends and former colleagues. Which was also nice but no the main reason for attending that summit.

The first day there was only ONE really good session and another coming close to it. The second day there were only two good sessions, the rest being a shameless repeat with added commercials. During the event I spoke many peers, and to my relief they felt/experienced the same. So it’s not just me being picky!

Time for revamping Ignite
Sure, Ignite is the BIGGEST Microsoft event ever organized. And yes, every time it’s sold out! So when living in the Microsoft bubble in Redmond it’s easy to say Ignite is a success and I am full of sh#$!t SmileSmileSmile

But try to look at it from another perspective. Even though Ignite is sold out, it doesn’t mean the overall quality is on par with the pre-Ignite era. Also it doesn’t mean it covers all the need for information by all IT people, whether IT decision makers, developers, managers, pro’s and so on.

Could it be it’s sold out because it’s the ONLY event, sharing new information, no matter the lower level of quality of the sessions? Could it be that even more people AREN’T attending because Ignite is sold out so quick and/or they aren’t allowed to attend because it’s too far, thus too expensive?

Still there are regions with no Ignite, like Asia and Europe. So why not organize Ignite like events in Asia and Europe as well, bringing down the scale but improving the overall quality of the sessions by allowing more content specific sessions and allowing more non-Microsoft employers to present?

At the end of the day many people and organizations in IT are willing to pay for attending an Ignite like event. The main deal however is that the location of the event should be more local to the organization and the content of the sessions should be more on par with their demand.

When having more Ignite like events outside the US and Australia, it would be easier to allow for more sessions aimed at a smaller audiences with their own specific request for information. This would be a huge improvement to the overall quality of Ignite.

As a side effect, it would create more traction, thus bringing more people attending Ignite. When combined all these Ignite events would bring more people together than the current two Ignite events in the US and Australia.

Will this ever happen?
Sure! When we believe in it and keep on ASKING for it. Make yourself heard. Speak up! Let Microsoft HQ know what you think about the current situation. In the past they could organize multiple Tech-Ed events around the globe. So why not use that experience in order to organize multiple Ignite events around the globe?

At the end of the day, Azure is hosted not only in the US and Australia but also in many other regions. Ignite events should adhere to that situation Smile.

MP Authoring – Quick & Dirty – 03 – Example Using The Template MP XML Code


Advice to the reader
This posting is part of a series of articles. In order to get a full grasp of it, I strongly advise you to start at the beginning of it. 

Other postings in the same series:
00 – Introduction
01 – Overview
02 - Authoring The Template MP XML Code
04 - Testing The Example MP
05 – Q&A


In this posting I’ll show by example how easy to use the previous made template MP XML code is, when a custom MP is required in order to monitor specific workloads.

Non existing workload to be monitored, just for the sake of it…
For this example I’ve cooked up this non existing server: SAP Logon Server. It runs one Windows service (the Spooler service) which is rebranded into the SAP Logon Service for the sake of this example. Also it logs certain events which are crucial and must be monitored as well:

  • EventID 1201 of the OperationsManager eventlog, rebranded into SAP Logon Server Tokens Unloaded;
  • EventID 1210 of the OperationsManager eventlog, rebranded into SAP Logon Server Bad Response Received.

The server which will become the SAP Logon Server is the DC in my test lab, DC01.

I know, it’s all none existent (accept for the DC), but like stated before it’s an example.

Items to reckon with when authoring a custom MP
There are some issues to reckon with whenever you create a custom MP:

  1. You’ll need a proper name for the MP, adhering to the monitored workloads. In this case the name of the MP will become SAP Logon Server. Choose the name wisely because it’s going to have an impact on everything you’re going to do;

  2. When this MP is authored, imported into SCOM and the Discovery for the SAP Logon Server Class is set so the proper server(s) will be detected, we also REQUIRE a State. In SCOM states are ONLY set by Monitors. So we REQUIRE at LEAST one Monitor. Stateless Objects are a no go in SCOM, especially for your custom made MPs;

  3. As a rule of thumb: Use Monitors for services to be monitored, and Rules for triggering Alerts based on events logged in the Windows event logs. I know, with Rules there is a change of a potential alert storm, but that can be addressed easily with MP Author. And yes, I’ll tell you how.

Let’s author the MP to monitor the SAP Logon Server
There is much to tell, so let’s start. Again I’ve made multiple sections of all the steps to be taken because I want to get the message across in a decent manner.

Also I will share some additional tricks. Every trick is easy to identify since they’re all in blue text, start with the prefix <Trick> and end with the suffix <\End of Trick>.

01 – Copying the template MP XML code and modifying the names
For this you’ll need Notepad++ or the XML editor of your choice.

  1. Copy the template MP XML code file (custom.application.xml). A new file will be made in the same folder, titled Custom.Application - Copy.xml. Rename this file to SAP.Logon.Server.xml, please mind the DOTS (.):
    image

  2. Open this file in Notepad++ and do a Search & Replace (<CTRL H>)on these 3 entries:
    Search for: Custom.Application. Replace with SAP.Logon.Server, mind the DOTS (.):
    image

    image

    Search for: Custom Application. Replace with SAP Logon Server, mind the SPACES ( );
    image
    Search for: CustomApplication. Replace with SAPLogonServer, mind the LACKING spaces;
    image

  3. Just to be sure all Custom Application entries are rebranded to SAP Logon Server, do a count (<CTRL H>) on the entry custom. There shouldn’t be any left. If there are, start over from Step 01.
    image

  4. Save the modified XML and close Notepad++. As a result, the template MP XML code is now rebranded from Custom Application to SAP Logon Server. With MP Author you’ll add the Rules and Monitor as previously discussed.

02 – Adding the Monitor to the SAP Logon Server MP with MP Author
With MP Author you’ll build the required MP in order to monitor the SAP Logon Server specific workloads. Again, I won’t describe EVERY single step to be taken in MP Author, but highlight the most important ones.

  1. Open MP Author and open the previously saved XML file SAP.Logon.Server.xml. It might take some time for MP Author to load and open the file, but just be patient Smile;

  2. First you’re going to author the Monitor. Go to Monitors > New > Create New Service Monitor > select the option Manually enter service name without connecting to a computer (Advanced users only) > Next;

  3. In the Select service to monitor screen, select as Target SAP Logon Server Class (now you see that Section 01 paid off Smile) and enter the name of the service you want to monitor. In this example Spooler:
    image
    > Next
    <Trick>
    In order to get the right name of the Service you want to monitor with SCOM: Always use the Service Name as depicted in the service properties screen. As you can see, the Service Name for the Print Spooler service is Spooler, so you use that name in MP Author as well:
    image
    <\End of Trick>

  4. Enter the proper information, like this:
    - Name: SAP.Logon.Service.Monitor (please mind the DOTs (.))
    - Display Name: SAP Logon Service Monitor (please mind the SPACES)
    - Description: Monitors whether the SAP Logon Service is running
    image
    > Next

  5. When the service isn’t running I suppose it’s a Critical situation. So ascertain the Health State reflects that by setting it to Critical when the service isn’t running anymore:
    image
    > Next

  6. In this screen you’ve to change many things:
    - Select Generate alerts for this monitor
    - The Alert will be generated when the state is changed to Error
    - Select Automatically resolved the alert when the monitor returns to a healthy state
    - Leave the Alert Name to the default selection. It won’t be shown in the SCOM Console Smile
    - Alert Display Name: SAP Logon Service isn't running!
    - Priority: High and Severity: Error
    - Description: SAP Logon Service  failure on $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$.
    Please see the alert context for details.

    image
    > Next > Finish > Save the changes. Stay in MP Author please.

    Now you’ve added the Monitor! Great! In the next section you’ll add the two Rules in order to monitor for the Event IDs 1201 and 1210 in the Operations Manager event log.

Section 03: Adding the Rules to the SAP Logon Server MP with MP Author
Time to add the two Rules!

  1. In MP Author: Go to Rules > New > Create New Windows Event/Alert Rule > select the option Manually enter event log name without connecting to a computer (Advanced users only) > Next;

  2. In the Specify event rule data screen, enter the proper information, like this:
    - Event Log: Operations Manager
    - Event ID: 1201
    - Event Source: HealthService
    - Deselect the option to Collect Data
    image
    > Next

    <Trick>
    Sometimes it can be a challenge to find the right names of the event log and event source. With this trick however, you’ll be 100% sure that SCOM is using the correct information. As such the Rules will work right away without requiring deep troubleshooting.

    Open the event you want SCOM to monitor and go to the Detail tab. There are two entries you require:
    - Provider Name, which adheres to the Event Source,
    - Channel, which adheres to the Event Log name in MP Author.
    SNAGHTMLfd8dd54c
    <\End of Trick>

  3. In the next screen the proper Class (MP Author refers to it as Target), SAP.Logon.Server.Class, should be selected by default. When not, correct it:
    image
    > Next

  4. MP Author is a great tool but has some disadvantages like creating impossible names. This is on purpose since the names with the dots have to be unique. Otherwise the MP will be flawed. None the less, it’s Best Practice to makes those names smarter and still keep them unique. In this case I’ve modified the entries to this:
    - Name: SAP.Logon.Server.EventID.1201.Rule (please mind the DOTs (.))
    - Display Name: SAP Logon Server Tokens Unloaded (please mind the SPACES)
    - Description: Alerts when the SAP Logon Server has unloaded tokens
    image
    > Next

  5. In the Specify alert for event rule screen you can tweak many things. Choices will be based on the requirement of your organization. As such, the settings I choose here are only an example, nothing more.
    - Alert Name: Used in the MP only, not shown in the Console. When it’s reasonable, leave it;
    - Alert Display Name: Used in the Console, so make it smart. In this case: SAP Logon Server has unloaded tokens.
    - Priority: High, Severity: Error;
    - Description: You can leave the default which will dump the event description in the Alert. In this case however I’ve chosen a default text without any parameters. The buttons on the right of the screen (Data, Target, Host and Group) can be used to add parameters to the description, making the Alert much more worthwhile to read. It’s up to you, simply experiment!
    image
    <Trick>
    When using Rules, there is always a change of an Alert Storm, meaning way too many Alerts come in for a single situation. Which is really bad. However, Alert suppression enables you to prevent that from happening. So when authoring Rules, based on events, always check how many events are created in a single time slot, like 10 minutes, an hour, half a day and a whole day.

    Based on that information you can add Alert suppression to the Rule you’re authoring, thus preventing potential Alert Storms. However, Alert suppression can also be unwanted when people want a single Alert every time the event takes place.

    None the less, hundreds of Alerts about the same issue within a day is way too much. So better to apply Alert Suppression and using the Repeat Count column in the Alert View in the SCOM Console. When using Alert Suppression, the Alert itself is stopped when it’s already triggered. Instead the Repeat Count counter is raised by a single instance.

    That way you’ve the best of both worlds: Not an Alert Storm and yet a perfect way to show how many times the situation triggering the Alert, took place. Just remember, the Repeat Count counter starts at zero (0) meaning the Alert took place 1 time Smile.

    Simply hit the Alert Suppression button and ‘play’ with the various options available. The available options for alert suppression do explain themselves.
    <\End of Trick>


    In this posting I don’t use Alert Suppression, so I skip it. > Next

  6. Interesting! By default any monitoring workload in SCOM runs 24/7. Sure you can change that but that’s quite a challenge. With MP Author however, it’s very easy to accomplish! Awesome! For this posting however, I don’t use any schedule so the Rule runs 24/7.
    image
    Again, it’s up to the requirements of your organization what to choose. When not using the default (24/7), make sure to DOCUMENT it and COMMUNICATE it with the organization. Otherwise your next job could be flipping burgers…

    > Next > Finish > Save the MP.

  7. Now you’re going to author the Rule to monitor for Event ID 1210 in the Operations Manager event log, using Steps 01 to 06 of Section 03.

    Use this information when authoring the Rule:
    - Log Name: Operations Manager
    - Event ID: 1210
    - Event Source: HealthService

    - Name: SAP.Logon.Server.EventID.1210.Rule
    - Display Name: SAP Logon Server Bad Response Received
    - Description: Alerts when the SAP Logon Server has received bad responses

    - Alert Display Name: SAP Logon Server has received bad responses
    - Description: The SAP Logon Server has received bad responses! Check the Admin Console for more details.

  8. At the end of the Wizard you’ll be shown this summary screen of your settings and input:
    image

Save the MP and close MP Author. Now the MP has the two Rules and the Monitor. Nice! Time to test it!

You can download the authored SAP Logon Server MP from here. Download it, open it in MP Author and check it out. Please know however that the Wizards in MP Author are a one-way street. Meaning when creating anything (like a Rule, Monitor, Class (Target), Discovery and so on) there is a Wizard. But once created, that Wizard isn’t available anymore.

None the less, you can compare the code with your own code. Enjoy!

The next posting in this series
In the next posting of this series I’ll describe how to use the MP you just made by importing it, enabling the Discovery through an Override aimed at the Group contained in the same MP. See you all next time!

Wednesday, April 5, 2017

MP Authoring – Quick & Dirty – 02 – Authoring The Template MP XML Code


Advice to the reader
This posting is part of a series of articles. In order to get a full grasp of it, I strongly advise you to start at the beginning of it. 

Other postings in the same series:
00 – Introduction
01 – Overview
03 - Example Using The Template MP XML Code
04 - Testing The Example MP
05 – Q&A


In this posting I’ll write about how to author your own template MP XML code by using MP Author, available for free. For the ease of it all I presume you’ve already downloaded and installed this tool. Also I will not describe every detail but try to highlight the most important parts of it. As it turned out when ready, this posting has become quite big and detailed…

And last but not least, I also presume you’ve downloaded a tool like Notepad++ since the XML code generated by MP Author has to be scrubbed because MP Author adds these nagging flags of itself to the XML code which I totally dislike…

There is much to tell, so let’s start.

Creating the template MP XML code with MP Author
Since creating the template MP XML code consists out of many steps, I’ve broken it into five sections.

01 - Creating the MP Manifest and basic XML structure

  1. Start MP Author and create a new MP. MP Creation Wizard will start now. Use this input for the Manifest section:
    - Unique identifiable name: Custom.Application (mind the DOT!!!)
    - Friendly name: Custom Application (mind the space!!!)
    - Description: Remove the MP Author crap and replace it with This MP monitors Custom Application.
    Now you’ve got something like this:
    image

  2. In the section Template Selection, select the first option Empty Management Pack. IMHO the other templates add way too much noise, resulting in anything but clean XML code.
    image

  3. Follow the wizard to the end. Save the MP. Based on your previous choices and input MP Author will create the basic XML code for the Custom Application MP. When ready you’ll be shown a screen like this one:
    image
    There is still much to do, since you’re going to add a Class with a Discovery (the Reverse Discovery as previously discussed), a Group (also a ‘dirty’ trick is going to be used here, much about that later on), a Folder and two Views (Alert and State)). In the next section you’re going to create the Class and Reverse Discovery.

02 - Creating the Class and Reverse Discovery

  1. In MP Author go to Targets > New > Create New Registry Target. The Management Pack Registry Target Wizard starts now. By default it selects the server/computer where MP Author runs to read registry data from. This is fine for this MP so leave this selection as it is.

  2. In the section Discovery and you must define the registry key used for the Discovery for the Class you’re about to create. So hit the Browse button under the Discovery – required header:
    image
    The registry of the system where MP Author runs is opened. Please follow the next steps exactly because otherwise the Add button in the Select Registry Keys screen won’t light up…

  3. On the LEFT part of the Select Registry Keys screen, you’ll see the HKLM registry hive. Select this key: HKLM\SOFTWARE\Microsoft\Windows. Ascertain that Windows is selected in the left part of the screen, like this:
    image
    Please note that the Add button is still greyed out. Now in the middle pane of the screen, select the sub key CurrentVersion, like this:
    image
    Now the Add button is activated, so click it.
    The selected registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion will be shown now in the section Selected Registry Keys:
    image
    Click OK > Next.

  4. Now you’re in the Identify Target section of the Management Pack Registry Target Wizard. The names you’re about to enter here are crucial since they’ll be used as a template. So follow these steps exactly as well.
    - Name: Custom.Application.Class (mind the DOT!!!)
    - Display name: Custom Application Class (mind the spaces!!!)
    - Description: Remove the text and replace it with This Class represents ‘Custom Application’
    image
    > Next

  5. In the next step you’ve to select a Base Class, AKA the Class on which the new Class you’re authoring, refers to. Meaning, without the presence of the Base Class, the new Class you’re authoring won’t exist. As such it’s best to select Microsoft.Windows.LocalApplication as Base Class.
    image
    > Next

  6. Now you’re about to create the Discovery for the Class you previously defined. Because it’s a REVERSE Discovery DON’T FORGET to DISABLE it!!! This is simply done by deselecting the Enabled option. The names you’re about to enter here are crucial since they’ll be used as a template. So follow these steps exactly as well.
    - Name: Custom.Application.Discovery (mind the DOTS!!!)
    - Display name: Custom Application Discovery (mind the spaces!!!)
    - Description: Remove the text and replace it with Discovers the ‘Custom Application’ Class.
    image
    > Next

  7. Now you have to select the Target where the previously defined Discovery will run. Now you select here Microsoft.Windows.Server.OperatingSystem:
    image
    > Next

  8. Now you need to define the expression for the Discovery. Leave the default selection to Check for existence of registry values. Change the pre-defined Attribute Name to CustomApplication (mind the LACKING space!!!)
    image
    > Next

  9. Accept the default Schedule for the Discovery to run (once per day) > Next
    image
    A summary of your previous choices and input will be shown > Finish. Save the MP. MP Author will run some checks now in order to see everything is adhering to the MP XML schema and when okay, will create the code and show you the MP Author screen again. In the next section you’re going to double check that the Discovery is disabled, create a Folder and two Views (Alert and State).

03 - Creating the Folder and Views & double check the disabled Discovery
First of all check whether the Discovery is REALLY disabled. In MP Author go to Discoveries, select the only Discovery present and check in the right panel whether Enabled (under the header State) is set to False. When not, modify it by clicking on the arrow button on the right of Enabled and select false. Save the MP so the changes are set.

  1. Go to Folder > New > Create New Folder > accept the default selection in the introduction section of the Management Pack Folder Wizard screen (Microsoft.SystemCenter.Monitoring.ViewFolder.Root) > Next.

  2. The names you’re about to enter here are crucial since they’ll be used as a template. So follow these steps exactly as well.
    - Name: Custom.Application.ViewFolder.Root (mind the DOTS!!!)
    - Display name: Custom Application (mind the spaces!!!)
    - Description: Remove the text and replace it with This is the root folder for ‘Custom Application’
    image
    > Next > Finish.

  3. Go to Views > New > Create New Alert View. As the folder for the new View, you must select Custom.Application.ViewFolder.Root (the Folder you previously made):
    image
    > Next

  4. In the screen Specify alert view data you must select the target you previously made, or better the Class (Custom.Application.Class). I presume you don’t want to see old (Closed) Alerts, so choose as for Resolution State Unresolved:
    image
    > Next

  5. In the screen Identify state view section Identify, enter the names as required. Again: The names you’re about to enter here are crucial since they’ll be used as a template. So follow these steps exactly as well.
    - Name: Custom.Application.AlertView (mind the DOTS!!!)
    - Display name: Alerts
    - Description: Remove the text and replace it with Alert View for ‘Custom Application’
    image
    > Next > Finish.

  6. Go to Views > New > Create New State View. As the folder for the new View, you must select Custom.Application.ViewFolder.Root (the Folder you previously made):
    image
    > Next

  7. In the screen Specify state view data you must select the target you previously made, or better the Class (Custom.Application.Class). I presume you  want to see all States, so select all of them:
    image
    > Next

  8. In the screen Identify state view section Identify, enter the names as required. Again: The names you’re about to enter here are crucial since they’ll be used as a template. So follow these steps exactly as well.
    - Name: Custom.Application.StateView (mind the DOTS!!!)
    - Display name: State
    - Description: Remove the text and replace it with State View for ‘Custom Application’
    image
    > Next > Finish. Save the MP. So now the Folder and two Views are created. In the next section you’ll create the Group.

04 – Create the Group
In this section you’ll create the Group. Because MP Author wants to help you as much as (im)possible, it doesn’t allow empty Groups to be created, or better Groups without any formula. Therefore you’ll use a ‘workaround’ here by creating a Group which is populated by a formula which results in an empty Group anyway when imported in SCOM.

This Group is going to be used later on in SCOM. All Windows Servers hosting the custom application to be monitored, are added to this Group. Then the Discovery (disabled by default) is enabled through an Override, targeted against the same Group.

  1. Go to Targets > New > Create New Group. The Group Target Wizard is started now. Again: The names you’re about to enter here are crucial since they’ll be used as a template. So follow these steps exactly as well.
    - Name: Custom.Application.Group (mind the DOTS!!!)
    - Display name: Custom Application Group (mind the spaces!!!)
    - Description: Remove the text and replace it with This Group contains all Windows Servers running ‘Custom Application’
    image
    > Next

  2. In the Membership Rules section of the screen, select Windows Computer > Add > Insert > select as Property DNS Name, as Operator Equals, as Value QWERTY.QW resulting in this:
    image
    > OK. Now you’ve got this:
    image
    > Next > Finish.

  3. MP Author has a nagging habit of creating a folder for every Group created. You don’t want/need that. So go to Folders, select the Folder with Name Custom.Application.Group.Folder and select Delete. Confirm it when asked for. Save the MP. Now the template XML MP code is almost ready. As stated before, MP Author adds ‘flags’ about itself to the XML code. I don’t like that so I use Notepad++ to remove those flags/noise. In the next step I’ll tell you how to that.

05 – Scrubbing the XML code
Save the MP so you’re 100% sure the XML code on disk contains all modifications. Go to the folder where the XML code is stored, also shown in MP Author when selecting the MP in the left pane AND in the tab of the MP itself:
image

  1. Close MP Author.

  2. Create a new subfolder in the folder containing the MP XML code, titled Scrubbed. Copy the XML into that folder (so there is always a way back when things go wrong) and open the copy in the Scrubbed folder in Notepad++ (or any other text editor of your choice).

  3. Search for Silect. In my case I found 8(!) entries. Remove ALL Comments, but be careful here, COMMENTS ONLY! Nothing more, since many times after the comment other crucial MP XML code is also placed there. So remove the COMMENT only and keep the rest!

  4. Save the modified XML code. Start MP Author and open the modified XML code. Go to New > Run Best Practices Analyzer in order to see whether the template MP XML code adheres to the MP authoring Best Practices. Please know that Verify will fail since the XML code contains type definitions, which normally should be found in sealed MPs, not unsealed MPs. But the MP should be just fine when you followed everything to the smallest step.

  5. When you want to be 100% sure, just import the template MP into your SCOM test/lab environment. This MP contains only one Class, a DISABLED Discovery, a Group, a Folder and two Views (Alert & State), so theoretically it should do no harm. But always be careful. None the less, it’s VITAL to check the validity of the XML code, since it will serve as a basis for many custom MPs to come. So import it and check for the Class, Discoveries (one for the Class, the other for the Group), Folder with the Views (Alert & State) and the Group which is empty because it looks for a non-existing server (QWERTY.QW). Some screenshots from my test lab:

    Folder and two Views (Alert & State):
    image

    The Class:
    image

    The Discoveries (two, one for the Class, another for the Group (which is also a Class)):
    image

    And yes, the Discovery for the Class is disabled by default:
    image

    And the Group:
    image
    When all is present you can remove this MP and store the XML code to save place since it will be used a template for many custom MPs in the near future.

Recap
So now you’ve authored the template MP XML all by yourself! Wh00t!

In the next posting of this series I’ll show you how to use this template in order to create your own custom MPs yourself! See you all next time!

For the completeness of it all, the scrubbed template MP XML code can be downloaded from here.


Update 5th of April 2017: I got some very valuable feedback on this posting. As such I’ve partially rewritten this posting, and updated the downloadable template MP XML code.