Below is what I did to achieve the goal:

1. Create a password protected zip file that contains the config file (.xml or .ini).
2. rename the zip file from xxxxxx.zip to xxxxxx.bin
3. In powershell script, use ICSharpCode.SharpZipLib.dll to unzip renamed zip file
4. compile powershell script to exe so users cannot view the script to figure out the zip file password.
5. read the content of the extracted config file
6. delete extracted config file

To compile the powershell script, I can use one of these tools:

• Make-PS1ExeWrapper
• PS2EXE

Below is a sample Powershell script (Zip-Test.PS1) I have written to read a xml file inside a renamed zip file:

param ([string]$FilePath)
$ziplib = Join-Path $FilePath "ICSharpCode.SharpZipLib.dll"
[System.Reflection.Assembly]::LoadFrom("$ziplib") | Out-Null
$ZipName = "Health-Check.bin"
$XmlName = "Health-Check.xml"
$xmlPath = Join-Path $FilePath $XmlName
$ZipPath = Join-Path $FilePath $ZipName
$objZip = New-Object ICSharpCode.SharpZipLib.Zip.FastZip
$objZip.Password = "password"
$objzip.ExtractZip($ZipPath, $FilePath, $XmlName)
if ((Test-Path $xmlPath))
{
$xml = (get-content $xmlPath)
Remove-Item $xmlPath -Force
}
$xml.configuration

The script extracts and reads the health-check.xml file and deletes health-check.xml straightaway, it happens so fast, it won’t be possible for end users to access the file. Below is the output from above sample code (content of my XML file):

One thing to keep in mind: in most of my scripts, I use

$thisScript = Split-Path $myInvocation.MyCommand.Path -Leaf
$scriptRoot = Split-Path (Resolve-Path $myInvocation.MyCommand.Path)

To determine the script name and location. $MyInvocation does not work anymore after I converted the Powershell script to EXE. Therefore, from my above example, I’m actually passing the directory location into the script as a parameter.

So I did some testing to make sure my scripts disconnects from the RMS SDK service. I opened perfmon on RMS watching the “Client Connections” counter under OpsMgr SDK Service:

and want to make sure the performance counter drops when the script is supposed to disconnect from SCOM management group. In my script, I use both the SCOM PowerShell Snap-in and the SCOM SDK, below is what the code looks like:

SCOM PowerShell Snap-in:

Connect to management group:

$RMS = "<RMS Server Name>"

Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
New-PSDrive -Name:Monitoring -PSProvider:OperationsManagerMonitoring -Root:\
Set-Location "OperationsManagerMonitoring::"
new-managementGroupConnection -ConnectionString:$RMS | Out-Null
Set-Location $RMS

Disconnect from management group:

$CurrentMG = get-managementGroupConnection
if ($CurrentMG -ne $null)
{
$CurrentMG | Remove-ManagementGroupConnection | Out-Null
}

SCOM SDK:

Firstly, Load Assembly:

[System.Reflection.Assembly]::LoadFrom("$sdkDir\Microsoft.EnterpriseManagement.OperationsManager.Common.dll") | Out-Null
[System.Reflection.Assembly]::LoadFrom("$sdkDir\Microsoft.EnterpriseManagement.OperationsManager.dll") | Out-Null

Connect to management group:

$UserName = "<user name>"

$UserDomain = "<user domain>"

$password = "<password>"

$securePassword = ConvertTo-SecureString $password –AsPlainText -Force

$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($RootMS)
$MGConnSetting.UserName = $UserName
$MGConnSetting.Domain = $UserDomain
$MGConnSetting.Password = $SecurePassword
$ManagementGroup = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)

Disconnect from management group:

I couldn’t find a “disconnect” method for the Microsoft.EnterpriseManagement.ManagementGroup object. So I tried to simply remove the variable:

Remove-Variable ManagementGroup

I couldn’t unload the SDK DLLs as I read it’s a limitation in .NET, the only way to unload a loaded DLL is to close the app.

Test Results:

Regardless which way I use to connect to SCOM (PowerShell Snap-in or SDK), the perf counter does not drop when I tried to disconnect using methods above. In fact, I could only get the counter drop when I close the Powershell console (or exit my GUI app which is just a pure Powershell script).

As shown above, notice that as soon as I exit PowerShell, the counter has dropped by 1.

Therefore, I thought I had 2 options to work around this issue.

1. Getting the script to launch another powershell.exe instance when trying to connect to SCOM every time but by doing so, I can’t really pass data / variable back to my script.

2. Use PowerShell Remoting to create a PS Session on local computer, run whatever needs to run against SCOM and remove the PS Session when it’s done. By doing so, I can still pass variables back to my script.

So I’ve decided to go with PowerShell Remoting. I’ve used “Enable-PSremoting –force” cmdlet to enable PS Remoting with all default settings.

I’ll use a simple get-agent cmdlet via PS Remoting as example, I’ve written something like this:

$RMS = "<RMS Server Name>"
$AgentName = "<Agent Computer Name>"
$NewSession = new-pssession
$agent = invoke-command  -session $NewSession -ScriptBlock {
param($RMS,$AgentName)

Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
New-PSDrive -Name:Monitoring -PSProvider:OperationsManagerMonitoring -Root:\
Set-Location "OperationsManagerMonitoring::"
new-managementGroupConnection -ConnectionString:$RMS | Out-Null
Set-Location $RMS
$Agent = Get-Agent | Where-Object {$_.PrincipalName -imatch $AgentName}
$Agent
} -ArgumentList $RMS, $AgentName
Remove-PSSession $NewSession

I ran above code using an account that is a domain admin in my test environment and it’s also a SCOM administrator in my management group. But somehow I get this error:

The user does not have sufficient permission to perform the operation.

After some research, I realised that I have to use the CredSSP (Credential Security Support Provider) authentication to pass my credential from the local Powershell session to the PS Remoting session (in this case, also on my local machine). So I modified my script to use Credssp when creating the new PS Session:

$me = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name

$NewSession = new-pssession -ComputerName $env:COMPUTERNAME -Authentication Credssp -Credential (Get-Credential $me)

It turned out, after the modification, the code still would not work:

I then found that I will also have to configure the remote session to pass my credential to the remote server again – in this case, the SDK service in SCOM RMS (second hop). so my credential will be passed from Local PowerShell session –> PS remote session on the local computer –> SCOM RMS SDK Service.

In addition to “Enable-PSRemoting –force”, I had perform the following to make it work:

1. Enable WinRM CredSSP to allow the second hop:

Via PowerShell:

• Set-Item WSMAN:\localhost\client\auth\credssp –value $true
• Set-Item WSMAN:\localhost\service\auth\credssp –value $true

Or Via Group Policy:

• Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow CredSSP authentication – Set to “Enabled”
• Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow CredSSP authentication – Set to “Enabled”

2. Configure Credentials Delagations

in Group Policy (either domain GPO or local policy), under

Computer Configuration\Administrative Templtes\System\Credential Delegation\Allow Delegating Fresh Credentials
- Set to Enabled

- Add “WSMAN/<local computer name>” to the server list

Now, after I updated the group policy (gpupdate /force), the code should just work. As shown below, I have retrieved the agent information using SCOM Powershell Snap-in via a PS remote session.

And now if I take a look at the OpsMgr SDK Service “Client Connections” perf counter:

My script has connected to the SDK service for few seconds then disconnected!

Conclusion:

My code ended up like this:

$me = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name

$RMS =  "<RMS Server Name>"
$AgentName = "<Agent Computer Name>"
$NewSession = new-pssession -ComputerName $env:COMPUTERNAME -Authentication Credssp -Credential (Get-Credential $me)
$agent = invoke-command  -session $NewSession -ScriptBlock {
param($RMS,$AgentName)

Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
New-PSDrive -Name:Monitoring -PSProvider:OperationsManagerMonitoring -Root:\
Set-Location "OperationsManagerMonitoring::"
new-managementGroupConnection -ConnectionString:$RMS | Out-Null
Set-Location $RMS
$Agent = Get-Agent | Where-Object {$_.PrincipalName -imatch $AgentName}
$Agent
} -ArgumentList $RMS, $AgentName
Remove-PSSession $NewSession

I could not use “localhost” as computer name when creating new PS session (and adding “WSMAN/localhost” in “Allow Delegating Fresh Credentials policy”. It doesn’t work.

More Reading:

On OpsMgr SDK service client connections counter:

http://blogs.technet.com/b/kevinholman/archive/2008/10/27/how-many-consoles-are-connected-to-my-rms.aspx

http://thoughtsonopsmgr.blogspot.com.au/2010/12/how-to-get-alert-when-too-many-scom.html

On CredSSP , PS Remoting and SCOM PowerShell Cmdlets:

http://blogs.msdn.com/b/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx

http://blogs.technet.com/b/stefan_stranger/archive/2010/11/02/using-powershell-remoting-to-connect-to-opsmgr-root-management-server-and-use-the-opsmgr-cmdlets.aspx

Additionally, I ran into this free ebook about a week ago, Even though I’m still reading it, it’s a pretty good book: Secrets of PowerShell Remoting.

We found when the BITS bandwidth throttling settings are configured for a SCCM primary site. SCCM clients get the policy and write the settings into Windows local policy:

SCCM Computer Client Agent BITS Settings:

BITS Settings from SCCM Client’s Windows local policy (Local Policy –>Computer Configuration –>Administrative Templates –>Network –>Background Intelligent Transfer Service (BITS) –>Limit the maximum network bandwidth for BITS background transfers):

As you can see, the SCCM site setting is identical to SCCM client’s local policy. SCCM 2007 Unleashed has explained the client BITS settings. You can read about it on Google Books HERE.

The book did not state and explain the SCCM client actually WRITES the SCCM site’s BITS policy into SCCM client’s Windows local group policy object (GPO). So I did below tests IN ORDER in my home SCCM 2007 R3 AND SCCM 2012 RTM test environments to work out the behaviours of SCCM client and compare SCCM Client’s BITS setting against the above mentioned setting in local policy:

1. SCCM Client BITS setting left as default in SCCM (Not configured).

• SCCM 2007 Client Computers: BITS policy in local GPO is set to DISABLED!
• SCCM 2012 Client Computers: Same as SCCM 2007 client computers

2. Enable BITS in SCCM Computer Client Agent setting (In 2007, apply to both clients and BDPs, in 2012, just enable it since there is no BDPs in 2012 anymore.), and define some throttling settings. Then trigger machine policy retrieval on SCCM client computers.

• SCCM 2007 Client Computers: BITS policy in local GPO is ENABLED in throttling settings are set to as same as SCCM policy.
• SCCM 2012 Client Computers: Same as SCCM 2007 client computers

3. Change BITS throttling settings in SCCM. Then trigger machine policy retrieval on SCCM client computers

• SCCM 2007 Client Computers: BITS policy in local GPO updated accordingly.
• SCCM 2012 Client Computers: Same as SCCM 2007 client computers

4. Change BITS throttling settings in SCCM client’s Windows local policy. Then trigger machine policy retrieval on SCCM client computers.

• SCCM 2007 Client Computers: local policy remained the same after machine policy retrieval.
• SCCM 2012 Client Computers: Same as SCCM 2007 client computers

5. Change BITS throttling settings in SCCM again. Then trigger machine policy retrieval on SCCM client computers.

• SCCM 2007 Client Computers: local policy was updated again according to SCCM client’s BITS policy.
• SCCM 2012 Client Computers: Same as SCCM 2007 client computers

Conclusions:

Based on the tests I have performed. I have come to below conclusions:

1. When the SCCM client’s BITS policy is not configured, the  BITS throttling settings OS local policy is set to DISABLED, so effectively no BITS throttling is allowed for ALL the apps that uses BITS on the SCCM client computer. (i.e. in our case, VMM agent)
2. Upon SCCM policy change, SCCM client changes local policy with updated settings once it has retrieved the updated policy via SCCM client’s machine policy retrieval (by default runs every 60 minutes).
3. The SCCM client’s BITS settings are NOT enforced in local policy. i.e. when local policy is manually updated to be different than SCCM client’s policy, SCCM client does not enforce and update local policy. SCCM clients ONLY write to local policy when the SCCM BITS policy is CHANGED on the primary site.
4. SCCM 2007 clients and SCCM 2012 clients exhibit same behaviour.

So, please look out if you have other apps that uses BITS and the bandwidth is throttled. SCCM client would update the local policy without you knowing it.

Alternatively, using a domain GPO to set BITS throttling settings seems like a good idea. By doing so, you can target different SCCM clients more granularly (targeting different OUs, using WMI filters and AD groups to set GPO scopes) whereas in SCCM 2007, this setting is unique across all clients in the primary site. Additionally, domain GPO will override local policy so local policy can be ignored.

Scenario 1:

The support team need to count number of Application event log entries of events with a specific event ID. A daily report is required to list the number for each computer.

Scenario 2:

An application produces a log file each day. The support team need to count the number of a specific phrase appeared in previous day’s log file. A daily report is required to list the count number for each computer.

The solution I produced for both scenarios are very similar. so I thought I’d blog this one.

Solution from High level View:

1. Create a rule in the SCOM management pack to run once a day.
2. Write a script within a rule in the SCOM management pack to count the log
3. map the count number to performance data and save it in the SCOM operational and data warehouse DB.
4. design a report for raw performance data in SQL SRS report builder
5. save the report into the management pack
6. schedule the report to run and to be emailed out once a day, AFTER the rule has run for the day.

In this blog post, I’m not going to go through the steps of creating the custom data source module and the performance collection rule. They are pretty straightforward and the sample management pack can be downloaded HERE.

I will however go through the steps to create the custom report for the data collected by this rule. I’m creating the report rather than using the built-in performance reports from the “Microsoft Generic Report Library” because none of the built-in performance reports support a table format. I don’t want any fancy charts with the report. All I want is a simple list of the raw perf counter values.

Now, let’s briefly go through the data source module and the performance collection rule.

Data Source Module: contains 2 members: System.Scheduler and Microsoft.Windows.PowerShellPropertyBagTriggerOnlyProbe:

The Microsoft.PowershellPropertyBagTriggerOnlyProbe contains a powershell script that counts event log entries and pass the count into a PropertyBag:

#===========================================================================================
# AUTHOR:  Tao Yang
# DATE:    30/01/2012
# Version: 1.0
# COMMENT: Count for a particular event in event log and pass the count to property bag
#===========================================================================================
Param ([int]$TimeFrameInHours, [string]$LogName, [int]$EventID, [string]$EventSource)

$StartTime = (Get-Date).AddHours(-$TimeFrameInHours)
$iEventCount = 0
Try {
$Events = Get-EventLog -LogName $LogName -After $StartTime -Source $EventSource | Where-Object {$_.EventID -eq $EventID}
Foreach ($Event in $Events)
{
If ($Event -ne $null) {$iEventCount++}
}
} Catch {
$iEventCount = 0
}
$ComputerName = (Get-WmiObject Win32_ComputerSystem).Caption
$oAPI = New-Object -ComObject "MOM.ScriptAPI"
$OAPI.LogScriptEvent("Event-Count.PS1",9999,0,"Start EventID $EventID Perf Collection Rule. Collecting $EventID events since $starttime...")
$oBag = $oAPI.CreatePropertyBag()
$oBag.AddValue('ComputerName', $ComputerName)
$oBag.AddValue('EventCount', $iEventCount)
$oBag.AddValue('TimeFrameInHours', $TimeFrameInHours)
$oBag.AddValue('LogName', $LogName)
$oBag.AddValue('EventID', $EventID)
$oBag.AddValue('EventSource', $EventSource)
$oBag

Performance Collection Rule: This rule contains:

Data Source: the data source module created previously

Condition Detection: map the event log count in PropertyBag to performance counter

Actions: Write performance data to Operational and DW databases.

Report:

Pre-requisites:

• Install the Performance Report Model in SCOM reporting SSRS. Here’s a detailed instruction (even though it was written for SCOM 2007 SP1, it’s also applies to SCOM 2007 R2): http://www.systemcentercentral.com/BlogDetails/tabid/143/IndexID/20269/Default.aspx
• Please Note that in above article, it uses Event model as example. The report I’m going to create uses Performance model. so please make sure Performance.smdl is uploaded into SCOM Reporting SSRS and configured to use the “Data Warehouse Main” data source.
• Import the half finished management pack (with the data source module and the perf collection rule) into a SCOM management group (preferably your development environment).
• Create an override or simply change the schedule of the rule to run ASAP so the perf data is collected. this is very useful when testing the report later on.

Steps of creating the report:

01.Browse to the SCOM Reporting SSRS reports http://<servername>/reports URL

02. Launch Report Builder and click “Run” if security warning pops up

03. In Report Builder, choose the following options in “Getting Started” pane to create a new report:

04. Enter the report title:

05. Drag “Performance Data Raw into the report

06. Under Performance Data Raw / Object, Drag the “Name” field to the report

07. Rename the title of each row in the report table:

08. Right click the number under “Event Count”, select “Format…”, and change “Decimal places” to 0

09. Click the Filter button to create filters:

10. Under Performance Data Raw \ Performance Rule Instance \ Performance Rule, drag the “Rule System Name” Field to the right and choose the rule I created in the management pack from the list. (Note: the rule name appears on the list because the management pack is already imported into SCOM and this rule has already collected some performance data.)

11. Click on Performance Data Raw and drag “Date Time” field to the right

12. Click on “equals” next to “Date Time” and change it to “After”:

13. Choose “(n) days ago”

14. Change “(n)” to “2”

15. Click OK to exit the Filter Data window

16. Now, it’s time to test run the report. To do so, use the Run Report button on the top. Here’s the result from my test environment (Note: the date time is in UTC, NOT local time):

17. If you want to make the report prettier (i.e. changing the font colour to pink ) or adjust the column width, or adding a company logo, you can click on “Design Report” button and modify the report.

18. Once you are happy with the report, save it to a RDL (report definition) file:

19. Open up the half finished management pack (unsealed) in Authoring Console, go to Reporting workspace and create a new report:

20. Give the report an ID:

21. In the “General” tab, give the report a name and target it to “Microsoft.Windows.Computer” class

22. Go to “Definition” tab, click “Load content from file” and select the RDL file you’ve just created.

23. Once the RDL file is loaded, remove the first line, which is the XML header <?xml version=”1.0″ encoding=”utf-8″?>

24. Once the first line is removed, go to “Options” tab

25. Make sure “Visible” is set to “true” and “Accessibility” is set to “public”

26. click apply and OK to exit the window

27. Now that the report is successfully created and tested, if you have changed the schedule of the perf collection rule (either edited the rule directly or created an override), it’s time to change the schedule back.

28. Now, if you want to keep the management pack unsealed, just export the updated management pack with the report into SCOM management group from authoring console. If you want to seal it, do so, and delete the previous unsealed version from the management group first, then import the sealed version into the management group.

I always increase the version number so I can lookup Event ID 1201 in SCOM agent’s Operations Manager log and make sure the updated version of the MP is received:

29. After couple of minutes, if everything goes well, you should be able to see the report in both Operations Console Reporting workspace and also in SCOM Reporting SSRS site:

Note: In SSRS, you should also see a .mp file in the same folder. I’ve experienced issues where the report does not get updated with the updated MP, which was caused by incorrect .mp file in SSRS directory. Please refer to my previous post for details.

30. Schedule the report in SCOM reporting (so it can be emailed out according to a schedule) if you want to. make sure the report schedule is AFTER the rule schedule time (i.e. if the rule runs daily at 0:00am, the report schedule should be something like daily at 0:30am) otherwise newly collected data is not included in the report.

That concludes the steps to create the report. Few other things I’d also like to mention:

1. In my case, for the second scenario I mentioned in the beginning (reading log files), the whole process and idea is the same. The only thing different is the script in the Data Source module.
2. I could have moved the condition detection module (System.Performance.DataGenericMapper) from the rule to the data source module. I didn’t do it because then I can use the same data source module for other purposes later. For example, if later on, the support team comes to me and ask me to generate alerts once the count reaches a threshold, I can simply create a separate rule (or a custom monitor type and a monitor), using the same data source. If the input parameters of the data source is the same as the existing performance collection rule, the data source should only run once for multiple workflows because of the Cookdown feature.
3. If the SCOM agent computer is in maintenance mode when the perf collection rule is scheduled to run, no perf data will be collected and the computer will be missing from the report.
4. In my example, I’m using a PowerShell script. So PowerShell and it’s execution policy needs to be installed / enabled on the SCOM agent computers. if this doesn’t meet your requirement, just modify the module to use a VBscript instead. I’ve blogged previously on how to create trigger only probe action modules for VBScript.

Again, the sample MP and the Report Definition RDL file can be downloaded HERE.

I thought it was a no brainer as I’ve done it before, all I had to do was to load another language pack in “Regional and Language” in Control Panel. However, I was wrong. apparently this function is available in Windows 7 Ultimate and Enterprise editions.

I didn’t really want to use Windows Anytime Upgrade to upgrade it to Ultimate just so I can change the language. Lucky I found this post: http://mark.ossdl.de/2009/08/change-mui-language-pack-in-windows-7-home-and-professional/

So below is what I’ve done:

1. Download Windows 7 Service Pack 1 language pack (Because the laptop comes with Windows 7 SP1, I had RTM version of the language pack but it didn’t work.) – I downloaded the entire ISO from my TechNet subscription, but there are many blog posts around with the direct link to Windows Update for each individual language (such as this one: http://www.technize.net/windows-7-sp1-language-packs-direct-download-links-kb2483139/)
2. Extracted the downloaded ISO (from TechNet subscription) to C:\Apps\langpacks
3. in Command prompt:
1. dism /online /add-package /packagepath:C:\Apps\langpacks\zh-cn\lp.cab
2. bcdedit /set {current} locale zh-cn
3. bcdboot %WinDir% /l zh-cn
4. Backed up and deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\UILanguages\en-US
5. Reboot

Note: if there were any windows updates that were pending to be installed, the install may fail after the language was changed. I had to run wuauclt /detectnow so Windows Update agent detects the updates for different language.

Speaking of my own experience, out of all the tools provided by the toolkit, trace32.exe is the one I used the most.

Now with SCCM 2012, trace32.exe has been replaced by a new tool called cmtrace.exe.

Unlike trace32.exe, cmtrace.exe is actually built-in in SCCM, there is no need to download separate toolkits for it. cmtrace.32 can be found on the SCCM site server, under “<SCCM Install Dir>\tools\” folder. Same as it’s predecessor trace32.exe, cmtrace.exe can be copied / redistributed to other locations / computers alone and use as a log parser.

I have also found that trace32.exe actually does not correct parse SCCM 2012 logs. For example, I’m using both trace32.exe and cmtrace.exe to open execmgr.log from a SCCM 2012 client:

trace32.exe:

cmtrace.exe:

So, if you are working with SCCM 2012, make sure you use cmtrace.exe rather than the good old trace32.exe. And maybe like me, copy cmtrace32.exe to your local machine and use it from there rather than using it on the server.

The Central Admin site and the child primary site installation all went pretty smoothly. But I had some issues when installing the secondary site.

When installing Secondary Site from it’s parent primary, There are two options available for the database:

1. Install and Configure a local copy of SQL Server Express on the secondary site computer
2. Use an existing SQL Server instance.

I wanted to install SQL Express myself so I can control where it’s installed to and locations for data, log and backup files. – This is pretty common and most of SQL DBAs would configure to install SQL on a volume other than C:\ and place data / logs / backups on dedicated and separate disks. By using SCCM to install SQL express for you, you don’t get to choose any of this, which can be pretty annoying.

According to Supported Configurations for Configuration Manager, secondary sites supports SQL Server Express 2008 R2 with SP1 and Cumulative Update 4. So I downloaded SQL Server 2008 R2 Express With SP1 with Tools (SQLEXPRWT_x64_ENU.exe) and SQL 2008 R2 Service Pack 1 Cumulative Update 4 and installed them in order on my secondary site site server.

Below is what I have customised during the SQL express install:

• I configured the location for SQL, SQL instance, data files, log files and backup files the way I wanted it.
• I selected the SQL instance to use the collation “SQL_Latin1_General_CP1_CI_AS” because it is the only collation that SCCM supports.
• I kept the default secondary site SQL instance name “CONFIGMGRSEC” (this name is what’s used if you choose SCCM to install SQL Express for you).
• I have given a pre-configured AD group called “ConfigMgr2012 Servers” which contains all SCCM 2012 site servers sysadmin rights in SQL Express.

After the install, I applied CU4 and all went pretty smoothly.

Now, I tried to push Secondary Site install from the primary site. Under SQL Server setting step, I selected “Use an existing SQL Server instance” option and enter the secondary site server’s FQDN under “SQL server fully qualified domain name” and “CONFIGMGRSEC” under “SQL server instance name, if applicable”. After finishing the wizard, the secondary site install failed during prerequisite checks. I got few errors in regards to the SQL collation is not set to SQL_Latin1_General_CP1_CI-AS:

This is very strange because all my SQL instances in this hierarchy are set to this collation, and because of this, the setup did not even get kicked off.

Additionally, I also found the following:

• On the primary site server, in the ConfigMgrSetup.log under System root, I get the following errors:
• CSql Error: Cannot find type data, cannot get a connection.
• *** [08001][17][Microsoft][ODBC SQL Server Driver][DBNETLIB]SQL Server does not exist or access denied.
• I could use the SQL management studio from Secondary site server to connect to the SQL express instance, but I couldn’t use the SQL management studio from a remote machine to connect to it:

After spending some time troubleshooting, I got it going. Below is what I have done on the SQL Express instance:

1. I’ve assign “ConfigMgr2012 Servers” group (which I created myself and it contains the primary site server’s computer account) “dbcreator” role on top of sysadmin role it already had.

2. I realised by default, after I installed SQL express, TCP/IP protocol is disabled. So I went to SQL Server Configuration Manager, under SQL Server Network Connection —> Protocols for CONFIGMGRSEC—>TCP/IP, enabled it. I also had to configure the ports for this connection:

I removed 0 from “TCP Dynamic Ports” for each IP and added static port 1433 under “TCP Port”

After you enabled TCP/IP and changed the port, you will be prompted that you have to restart SQL server service for the change to take effect, so I restarted the SQL service.

After these steps, the prerequisite checks were passed and the Secondary site installation finished successfully.

In summary below are the steps I took to pre-configure a SQL Express instance for SCCM 2012 secondary site:

1. Install SQL Express 2008 R2 with SP1 with Tools
2. Configure SQL express install directory as per my standard (not on C:\ drive)
3. Configure SQL Express instance name as “CONFIGMGRSEC” as it is default to SCCM secondary site and there’s no reason to change it.
4. Select “SQL_Latin1_General_CP1_CI_AS” as SQL server collation.
5. Configure data/logs/backups directory
6. add primary site server’s computer account (or a group containing primary site server’s computer account) as administrator during install
7. Apply SQL Server 2008 R2 Service Pack 1 Cumulative Update 4 after SQL Express install
8. Set a limit for amount of memory SQL express can use.
9. Reboot secondary site server (just to be safe)
10. give the parent primary site server’s computer account dbcreator access in SQL Express instance.
11. Enable TCP/IP for the SQL express instance.
12. Configure TCP/IP connection port settings.
13. Restart SQL service.
14. Initiate Secondary Site install from Primary site (via SCCM console). – Unlike SCCM 2007, secondary site install can no longer be performed by running SCCM setup from secondary site servers.
15. During setup wizard, choose “Use an existing SQL Server instance”, enter secondary site server’s FQDN and SQL instance name (“CONFIGMGRSEC”). leave site database name and SQL broker port as default.
16. monitor install status using the SCCM console:

You can also check:

• C:\ConfigMgrSetup.log on Primary Site server (contains details for Secondary Site install’s prerequisite checks).
• C:\ConfigMgrSetup.log on Secondary Site server (contains details for the actual setup).

Now, instead of having SQL Express installed and configured by SCCM, I have more control of it so I can align the configuration with my organisation’s standard (if it’s in a real production environment ).

In this case, I have my SQL data file located under F:\SQL_Data\Microsoft SQL Server\MSSQL10_50.CONFIGMGRSEC\MSSQL\DATA:

And log files under G:\SQL_Logs\Microsoft SQL Server\MSSQL10_50.CONFIGMGRSEC\MSSQL\Data:

Generally, once a new MP is imported into a management group, within few minutes, the reports within the MP should be deployed to SRS. This was the case when I updated the very same MP in Development environment, but in Production, I waited few hours and nothing has happened.

After few hours, I finally fix the issue.

For any reports that have been deployed as part of a MP, there should be a .mp file in the SRS folder, like this one:

In the production environment, the .mp file name from my management pack folder in SRS is different than the one in development environment. I checked other management packs in both Prod and Dev and they all have the same .mp file name.

To fix the issue: I deleted the .mp file from SRS, restarted the SRS service. Within one minute, the updated report got deployed to SCOM SQL Reporting Service and the .mp file got recreated as well.

Over the last few days, it seems my blog has been hacked. some suspicious malware codes have been injected into the WordPress PHP pages.

I have just reinstalled WordPress, changed all the passwords and ran another scan. it came out clean. I have manually checked infected pages, the suspicious codes have bee removed.

If you are using Google Chrome and saw the warning page when trying to access my blog:

I have requested Google to review my site again. Hopefully I’ll get my site removed from the blacklist within few days.

Over the time, I have seen some issues and challenges for SCCM administrators to effectively and proactively managing SCCM clients.  I have personally seen and experienced some challenging issues. For example:

• Silent clients due to the SMS agent host service not running.
• SCCM Clients are reporting to the incorrect site due to the combination of overlapping boundaries and auto site assignment.
• SCCM Clients missing new functionalities due to Missing SCCM hotfixes (i.e. Power Management in SCCM 2007 R3)
• Advertisement executions failures
• SCCM clients unable to connect to Management Points
• BDP configurations inconsistent (A SCCM client is listed as a BDP on the site server but it is not actually configured as BDP)
• Newly installed software are not promptly updated in SCCM site database as the hardware inventory only runs weekly by default.

During last year’s Christmas period, some of my employers production servers were assigned to an incorrect SCCM site and as a result, some applications were pushed out to these servers during a change freeze period. We only founded it out after the fact and realised some of these servers were reporting to the wrong SCCM sites for months!

This has triggered me to implement a solution so we can proactively monitor the configurations and activities of SCCM 2007 clients so we are alerted before anything bad happens!

I started writing a SCOM management pack for SCCM 2007 clients. It took me few weeks to cover all the issues that my team is facing. Over the last couple of weekends, I have spent a lot of time to re-write / re-brand it and document it so I can actually post this management pack in my blog.

This management pack provides some proactive monitoring and automations for all of above mentioned issues /challenges. Does this sound interesting to you? If so, please continue reading. The documentation and the management pack download link is at the bottom of this article.

So here are some details of the management pack.

Introduction

System Center Configuration Manager (SCCM) 2007 Client Management Packs 2.0.0.0 provides basic monitoring of SCCM 2007 clients.

This set of management packs is intended fill the gap of the official Microsoft System Center Configuration Manager 2007 management pack and focus monitoring the SCCM clients in SCCM infrastructures. These managements pack also provides ability to implement customised monitors to monitor the configurations and baselines of SCCM clients in your organisation’s SCCM infrastructures according to your organisation’s standard. i.e.

· Monitors SCCM site assignment, make sure SCCM clients are assigned to the correct primary site in a multi-sites environment.

· Monitors SCCM client versions to make sure all required SCCM client hotfixes are applied.

· Monitors and make sure any SCCM clients that should be configured as Branch Distribution Points (BDP) are actually configured as BDP.

· Make sure SCCM Client cache size is configured according to your company’s standard.

There are 2 separate sealed management packs (.MP) in this set:

· TYANG System Center Configuration Manager 2007 Library

• Custom Data Source, Probe Action and Write Action modules
• Custom monitor types
• SCOM console actions for SCCM clients
• SCCM client object discovery

· TYANG System Center Configuration Manager 2007 Monitoring

• Pre-Configured monitors and rules
• Folders and Views

Management Pack Overview

The System Center Configuration Manager 2007 Client Management Packs not only provides various out-of-box preconfigured monitors / rules, but also provides some custom modules / workflows which allow you to build your own monitors to suit your System Center Configuration Manager 2007 environments. These management packs extends what Microsoft System Center Minotoring Pack For Configuration Manager 2007 SP2 v6.0.6000.3 has to offer for SCCM client monitoring. This includes:

Pre-Configured Monitors and Rules:

· Recreated the SMS Agent Host service monitor and included diagnostic and recovery task to automatically restart the service when it has stopped.

· Checks the availability of Management Point of which the SCCM client connects to via HTTP response. The SCCM Management Point HTTP Response Monitor runs hourly to check the HTTP response of the active MP for the SCCM client and generates alerts if HTTP error responses received over 2 consecutive times.

· Checks the version of SCCM clients and generates alert if the version number is lower than 4.00.6487.2157 (KB977384, prerequisite for SCCM 2007 R3)

· Checks SCCM Clients Advertisement Execution history every 30 minutes. If there were any advertisements have been executed over the last 30 minutes, trigger Hardware Inventory so any newly installed applications will be inventoried and stored in SCCM site database. Additionally, if any failed advertisement executions are found, a Critical alert is generated.

Custom Modules and Monitor Types:

1. SCCM Client Property Value Check 2-State Monitor Type. This monitor type can be used to build monitors to monitor SCCM client properties. (i.e. Monitor any SCCM clients that are not assigned to the correct site or Cache Size is not configured according to your organisation’s standard, etc..)

This monitor type Supports the following Properties:

• SiteCode (SCCM Client Site Code)
• Version (SCCM Client version)
• GUID (SCCM client GUID)
• ManagementPoint (MP that SCCM client is connected to)
• ProxyMP (Proxy MP that SCCM client is connected to)
• InternetMP (Internet MP that SCCM client is connected to)
• LogsLocation (path to SCCM client log files)
• CacheLocation (path to SCCM client cache)
• CacheSize (The maximum size of SCCM client cache folder in MB)
• HTTPPort (The HTTP Port for SCCM Client)
• EnableAutoAssignment (if auto site assignment is enabled (true or false)
• AllowLocalAdminOverride (if the SCCM client allows local admin override (true or false))
• IsBDP (If the client is a branch distribution point (true or false))

This monitor type Supports the following Comparison Operators:

• eq (Equal to)
• ne (Not equal to)
• gt (Greater-than)
• lt (Less-than)
• ge (Greater-than or equal to)
• le (Less-than or equal to)
• IsNull (Is Null value)
• NotNull (Not Null value)

2. Write Action module to initiate SCCM client actions

3. Write Action module to repair SCCM client

4. Other Probe Action modules and Data Source modules that were used by pre-configured monitors and rules.

More Comprehensive Object Discoveries

This SCCM client object discovery in this management pack discovers pretty much every SCCM client properties that are visible in the industry well-known utility SCCM Client Center.

Below is a comparison of the properties that SCCM Client Center can check VS. SCCM Client properties been discovered by this management pack VS. what are been discovered from Microsoft’s official management pack:

SCCM Client Center 2.0.4.0:

System Center Configuration Manager 2007 Client Management Pack v2.0.0.0:

Microsoft Official Configuration Manager 2007 SP2 Management Pack v6.0.6000.3:

SCOM Agent Actions for SCCM Clients

A number of SCCM Client actions have been built into this management pack. The following SCCM client actions can be initiated via SCOM Operations Console and Web Console:

· Discovery Data Collection

· File Collection

· Hardware Inventory

· Machine Policy Retrieval Evaluation

· Software Inventory

· Software Metering Usage Report

· Software Updates Agent Assignment Evaluation Cycle

· Software Updates Scan

· SCCM Client Repair

More information

The detailed guide for this MP can be downloaded HERE.

Management Pack Downloads:

From below link, you can download a zip file which contains:

1. Sealed version of TYANG System Center Configuration Manager 2007 Library  management pack(.mp)
2. Sealed version of TYANG System Center Configuration Manager 2007 Monitoring management pack(.mp)
3. Unsealed version of TYANG System Center Configuration Manager 2007 Monitoring management pack(.xml)

The reason I’m offering the unsealed version of TYANG System Center Configuration Manager 2007 Monitoring management pack is that if you wish to create additional monitors / rules using the workflows in the library MP, you can just build them into the unsealed MP without creating a separate MP (and saves you time to unseal it).

Management Pack Download HERE.

As always, if you have any issues / questions / concerns or suggestions, email me! I’ll try to get back to you as soon as I can (even though recently I’ve been pretty busy at work and in my personal life. And that’s why it took me so long to write a blog article for this management pack!)

So basically, DPM has this built-in function called “Auto Discovery” which queries the domain controller of its’ own home domain and stores every single domain member servers in its database. This job runs once a day, you can choose the time window of this job, but you can’t really disable it.

One of my colleagues has posted this issue in DPM TechNet forum: http://social.technet.microsoft.com/Forums/en-US/dpmsetup/thread/df3dc4ae-200a-4778-8a91-1d7e68d564f2/ and I also logged a premier support call with Microsoft. We got 2 very different solutions from TechNet forum and the Microsoft support engineer in China. After evaluating both solutions, I have decided to go with the solution from the TechNet forum since it’s more robust, but make some modifications.

I have made 3 modifications from the original SQL scripts from TechNet forum:

1. The solution from TechNet forum involves creating a custom SQL agent job called ‘Cancel DPM Auto Discovery’ that runs once a day, prior to the DPM Auto Discovery job. I noticed if you manually change the Auto Discovery start time from DPM console, a new SQL agent job for Auto Discovery is created. So I can’t really guarantee that the original schedule for ‘Cancel DPM Auto Discovery’ job is still valid. Therefore, I changed the schedule from daily to hourly, and runs at the 55th minutes of each hour(i.e. 12:55am, 1:55am, 2:55am, etc.). Because the Auto Discovery job can only run at the full hour (1:00am, 2:00am, 3:00am), by changing the schedule, I can make sure no matter what time the Auto Discovery is scheduled to run, the SQL agent job that I have created will always disable it 5 minutes prior to it.
2. As I mentioned in the forum thread, I had to change the SQL job category to something other than DPM otherwise DPM will delete my job.
3. Since we have over 2000 DPM servers in the environment, manually running the SQL script on each DPM server is impossible. Therefore I created a PowerShell script to run the SQL scripts and use SCCM to push it out. During testing, I found the SQL script works if I manually run it from SQL management studio, but when running in PowerShell using either System.Data.SqlClient.SqlConnection object or COM ADO object, the script complained about not able to find @owner_sid at the step of creating the job. I fixed it by changing the job owner from “MICROSOFT$DPM$Acct” to “sa”.

Below is the SQL Script and the PowerShell script after my modifications.

SQL Script

PowerShell Script

Note: Both SQL script and Powershell script assume the DPM database is configured as default (which is located locally on the DPM server and the SQL instance name is left as default of ‘MSDPM2010’). If your DPM server is located elsewhere, please modify the SQL script and the SQL connection string in the Powershell script accordingly.

I thought this can be easily achieved by creating few simple reports inside SCCM. If you are running SCCM 2007 R3 and have Reporting Service Point configured, you can publish these reports to SQL Reporting Services and create some schedules to email out daily.

So I quickly wrote 3 reports:

1. Site Status Overview Report – A high level overview of site status

2. Site System Status Report – Provides same information as what shows under Site System Status in SCCM console.

3. Site Component Status Since 12:00AM Report – Provides same information as what shows under Component Status in SCCM console (assuming the Threshold period setting under Component Status Summarizer setting is left as default of ‘Since 12:00:00 AM’)

Below are the SQL queries for each report:

Site Status Overview Report

Select
SiteStatus.SiteCode, SiteInfo.SiteName, SiteStatus.Updated 'Time Stamp',
Case SiteStatus.Status
When 0 Then 'OK'
When 1 Then 'Warning'
When 2 Then 'Critical'
Else ' '
End AS 'Site Status',
Case SiteInfo.Status
When 1 Then 'Active'
When 2 Then 'Pending'
When 3 Then 'Failed'
When 4 Then 'Deleted'
When 5 Then 'Upgrade'
Else ' '
END AS 'Site State'
From V_SummarizerSiteStatus SiteStatus Join v_Site SiteInfo on SiteStatus.SiteCode = SiteInfo.SiteCode
Order By SiteCode

Site System Status Report

SELECT distinct
Case v_SiteSystemSummarizer.Status
When 0 Then 'OK'
When 1 Then 'Warning'
When 2 Then 'Critical'
Else ' '
End As 'Status',
SiteCode 'Site Code',
SUBSTRING(SiteSystem, CHARINDEX('\\', SiteSystem) + 2, CHARINDEX('"]', SiteSystem) - CHARINDEX('\\', SiteSystem) - 3 ) AS 'Site System',
REPLACE(Role, 'SMS', 'ConfigMgr') 'Role',
SUBSTRING(SiteObject, CHARINDEX('Display=', SiteObject) + 8, CHARINDEX('"]', SiteObject) - CHARINDEX('Display=',SiteObject) - 9) AS 'Storage Object',
Case ObjectType
When 0 Then 'Directory'
When 1 Then 'SQL Database'
When 2 Then 'SQL Transaction Log'
Else ' '
END AS 'Object Type',
CAST(BytesTotal/1024 AS VARCHAR(49)) + 'MB' 'Total',
CAST(BytesFree/1024 AS VARCHAR(49)) + 'MB' 'Free',
CASE PercentFree
When -1 Then 'Unknown'
When -2 Then 'Automatically grow'
ELSE CAST(PercentFree AS VARCHAR(49)) + '%'
END AS '%Free'
FROM v_SiteSystemSummarizer
Order By 'Storage Object'

Site Component Status Since 12:00AM Report:

SELECT distinct
Case v_ComponentSummarizer.Status
When 0 Then 'OK'
When 1 Then 'Warning'
When 2 Then 'Critical'
Else ' '
End As 'Status',
SiteCode 'Site Code',
MachineName 'Site System',
ComponentName 'Component',
Case v_componentSummarizer.State
When 0 Then 'Stopped'
When 1 Then 'Started'
When 2 Then 'Paused'
When 3 Then 'Installing'
When 4 Then 'Re-Installing'
When 5 Then 'De-Installing'
Else ' '
END AS 'Thread State',
Errors 'Errors',
Warnings 'Warnings',
Infos 'Information',
Case v_componentSummarizer.Type
When 0 Then 'Autostarting'
When 1 Then 'Scheduled'
When 2 Then 'Manual'
ELSE ' '
END AS 'Startup Type',
CASE AvailabilityState
When 0 Then 'Online'
When 3 Then 'Offline'
ELSE ' '
END AS 'Availability State',
NextScheduledTime 'Next Scheduled',
LastStarted 'Last Started',
LastContacted 'Last Status Message',
LastHeartbeat 'Last Heartbeat',
HeartbeatInterval 'Heartbeat Interval',
ComponentType 'Type'
from v_ComponentSummarizer
Where TallyInterval = '0001128000100008'
Order By ComponentName

Report Sample Screenshots:

Site Status Overview Report

Site System Status Report

Site Components Status Since 12:00AM Report:

I’ve exported these reports into a .mof file, which can be downloaded HERE.

I’m not sure if SMS 2003 works differently when deleting package distribution via SMS Provider as I don’t have a SMS 2003 environment around that I can test. But, this script may not work in a multi-tiered SCCM environment (multiple primary sites below a central site). This script only tries to remove package distributions from the site where the user entered.

Use my test environment at home as an example to explain the issue with this script in SCCM 2007:

I have a central site (Site Code: CEN, Site Server: ConfigMgr00), a primary site (Site Code: TAO, Site Server: ConfigMgr01) and a secondary site (Site Code: S01, Site Server; ConfigMgr02) reporting to the primary site TAO.

I created a package called “Configure Windows Firewall Service” on my central site CEN. The Package ID is CEN00013:

This package has been assigned to 2 distribution points:

ConfigMgr01

MGMT02\Packages$

Notice that there is a pad lock symbol next to ConfigMgr01. If you right click \\MGMT02\Packages$, there is a “Delete” option:

When right click CONFIGMGR01, “Delete” option is not available:

This is because even though the package was created on the central site CEN, but this package was assigned to the DP CONFIGMGR01 on the child primary site TAO.

If I get to the package on Child Primary site TAO, there is no pad lock on CONFIGMGR01 and the “Delete” option is available:

If I use the same way as DPClean.vbs (only in PowerShell this time):

I Firstly locate the package distribution from the central site CEN’s SMSProvider, then use delete() method to remove it, I get a “Generic failure” error.

Notice that the properties of the package distribution object, the SourceSite value is “TAO”. it means the package was assigned to the specific DP from site “TAO”.

Now, if I repeat above PowerShell commands on site “TAO”:

No errors returned as it was successfully deleted.

Now, on the SCCM console:

On TAO:

On CEN:

The DP was deleted on both sites.

In conclusion, no matter which method is used (either via GUI or via SMS provider), the package can only be removed from a DP on the site where it was distributed.

I am also facing the issues around how the SCCM environment is operated at work. we have around over 1000 branch DPs across multiple primary sites. These branch DPs often get decommissioned or rebuilt (not by people who manage SCCM). the people who decommission these Branch DPs do not have knowledge on how SCCM environment is setup. I would not expect them to correctly enter the SCCM site server name when running the script.

Therefore I’ve re-written the script in PowerShell. The only parameter this script requires is the name of the distribution point (can be a normal DP, a DP that’s a Server Share or a Branch DP).

Pre-requisites:

• The SCCM site information are published in AD
• Remote registry service is enabled on both management point and the site server.
• The account that runs the script needs to have admin access to the management point and site server.
• The account that runs the script has access to SMS provider’s WMI namespace root\sms\site_<site code>.

How the script works:

1. Search AD for active/accessible SCCM sites
2. Connect to the management point and site server of each site published in AD and get details of each SCCM site.
3. Connect to the SMS provider of each discovered primary site and search for the distribution point.
4. If the distribution point is found, connect the SMS provider of the primary site where the DP belongs to and get a list of all packages that are assigned to this DP. The list of packages assigned to the DP is displayed on the PowerShell console. If nothing is found, the script ends.
5. For each package distribution that belongs to DP’s home primary site, delete it using the delete() method.
6. For each package distribution that belongs to other primary sites, search for the site info of that particular site from the list that obtained from step 2, and get the SMS provider server name. Then connect to the SMS provider of the source site and delete the package distribution using delete() method.
7. details of any successful and failed deletions are displayed on the PowerShell console.
8. Wait for 15 seconds, repeat step 3 to double check, see if there are still any packages been assigned to the DP.
9. If there are still packages assigned to the DP, display a message on the PowerShell console with instruction and a SQL query to run against the SCCM site database to remove them from the database (*Note: deleting straight off the database is not supported by Microsoft.)

An Issue with the script:

While I was testing the script, I did find an issue (not sure if the issue is with the logics of the script or, with SCCM itself).

I ran the script to delete all packages off a DP located on my secondary site S01. at that time, there were 3 “Install_Pending” packages against this DP. there were assigned to this DP from the central site CEN. The script ran successfully, deleted all packages on this DP from each package distribution’s source site, including these 3 “Install_Pending” packages (from CEN). However, when double check again, these 3 packages still exist in S01’s primary site TAO’s database. So, the deletions have not been replicated from central site CEN to child primary TAO.

This is why I configured the script to display instructions on how to remove them from site database (unsupported way).

The script can be downloaded here: Clean-DP.PS1

*Note: This script DOES NOT remove the actual packages from the hard disks of distribution points. The script does not actually connect to the DP at all. it can run AFTER the DP is decommissioned.

Please do not hesitate to contact me if you have any issues or questions about this script.

Function Get-MPFromAD ($SiteCode)
{
	$domains = Get-AllDomains
	Foreach ($domain in $domains)
	{
		Try {
			$ADSysMgmtContainer = [ADSI]("LDAP://CN=System Management,CN=System," + "$($Domain.Properties.ncname[0])")
			$AdSearcher = [adsisearcher]"(&(Name=SMS-MP-$SiteCode-*)(objectClass=mSSMSManagementPoint))"
			$AdSearcher.SearchRoot = $ADSysMgmtContainer
			$ADManagementPoint = $AdSearcher.FindONE()
			$MP = $ADManagementPoint.Properties.mssmsmpname[0]
		} Catch {}
	}

	Return $MP
}

Note: This function uses another function called Get-AllDomains, which I’ve blogged before here: http://blog.tyang.org/2011/08/05/powershell-function-get-alldomains-in-a-forest/ So make sure you include BOTH functions in your script.

Syntax: .\Get-NetworkStartEndAddress.ps1 “IP address” “Subnet Mask”

Download here: Get-NetworkStartEndAddress.ps1

Report Name: SCCM Site Boundaries

SQL Query:

SELECT distinct
v_BoundaryInfo.DisplayName AS [Boundary Name],
Case v_BoundaryInfo.BoundaryType
When 0 then 'IP Subnet'
When 1 then 'AD Site'
When 2 then 'IPV6 Prefix'
When 3 then 'IP Range'
End As 'Type',
v_BoundaryInfo.Value AS [Value],
v_BoundaryInfo.SiteCode AS [Site Code]
From v_BoundaryInfo WHERE DisplayName LIKE @BoundaryName

Prompts:

Name: BoundaryName

Prompt Text: Boundary Name

Prompt SQL Statement:

begin
if (@__filterwildcard = '')
Select DisplayName from v_BoundaryInfo order by DisplayName
else
Select DisplayName from v_BoundaryInfo where DisplayName LIKE @__filterwildcard order by DisplayName
end

Version 3.4 was finished a while back but I never got time to publish it in this blog. I only emailed 3.4 to few people who contacted me from my blog. Now that I’ve updated it again to 3.5, I thought I’ll just publish version 3.5.

What’s Changed Since 3.3?

1. Added site system name under ‘site systems with issues’ section
2. Detect site components that are missing heartbeats.
3. Changed function Validate-DNSRecord to use Win32_ComputerSystem.caption rather than DNSHostname to retrieve computer name as DNSHostName is not available on computers before Windows 2008.

Update Instruction

A new item has been added to the configuration XML (Health-Check.xml):
   <MaxMissingHeartBeatTolerance>
<Hours>24</Hours>
</MaxMissingHeartBeatTolerance>

As the name suggest, the script raises any site systems as problematic if it has not sent heartbeat for over the X number of hours that you configured in XML (in my example, it’s 24 hours).

You may keep the old XML that you have already configured for your environment as long as you add the following lines in the Health-Check.XML:

You can download version 3.5 HERE.

In all the environments that I implemented this script in command notification channel, there were always some random alerts not been processed.

Few months ago, I was working on another PowerShell script to be used in command notification channel to update a custom field when alerts are created. While I was testing it, I found it has exactly the same problem, the subscription randomly skips alerts and left them not processed.

In the end, I found the cause of the problem: the command line parameters are not configured properly! The details can be found in Steve Rachui’s blog article here: Updating custom alert fields using subscriptions and powershell. Steve explained in the article:

There are several quotation marks in the command line so I’ve listed the text again below in case you want to copy/paste in your environment. Note the highlights above – these are single quotes that go around alert ID as it’s passed to the script. Make sure you include these because if you don’t the alert ID won’t be handled correctly in all cases and the script will not run consistently.

Full path of the command file: c:\windows\system32\windowspowershell\v1.0\powershell.exe
Command line parameters: -Command “& ‘”C:\alertupdater.ps1″‘” ‘$Data/Context/DataItem/AlertId$’
Startup folder for the command line: c:\windows\system32\windowspowershell\v1.0\

So to fix my problem with my Ehanced SCOM Alert Nofication Script, the command line parameter should be:

-Command “& ‘”D:\Scripts\SCOMEnhancedEmailNotification.ps1″‘” -alertID ‘$Data/Context/DataItem/AlertId$’ -Recipients @(‘Tao Yang;Tao.Yang@xxxx.com’,John Smith;John.Smith@xxxx.com‘)

I’ve updated the original Enhanced SCOM Alerts Notification EMails blog article to reflect this change.

Setting up monitors for these processes is easy. However, I went a step further and created a generic write action module to be used as recovery task that restarts the process interactively on the console session.

There is one pre-requisite for the recovery task: I had to use PsExec to launch the process on console session. PsExec can be downloaded here: http://technet.microsoft.com/en-us/sysinternals/bb897553. PsExec needs to be copied locally to the computers that are being monitored.

I’ll now use use an example to go through how I setup the monitor, write action module and recovery task for notepad.exe

01. First of all, I created a class and its discovery to target my test machine “Client01”

02. Added “Microsoft.SystemCenter.ProcessMonitoring.Library” as a reference in my MP.

03. Created a process monitor for notepad.exe

• Monitor Type: Process Instance Count Monitor Type (from “Microsoft.SystemCenter.ProcessMonitoring.Library”)
• Monitor Configuration:

• Note: While I was setting up the monitor, I realised the process name is case sensitive. Also, Frequency is in seconds
• 
• This is pretty much the same as using the Process Monitoring template from from the SCOM operations console (under Authoring Pane) – Except I used my own class rather than targeting to a group. Below is from the process monitoring wizard:
• 

04. Now once I import the MP into my SCOM management group, I can verify it is working (from health explorer):

05. Because the way this monitor works, it is only healthy when the process count is in between MinInstanceCount and MaxInstanceCount (both set to 1 in this case). So the monitor’s health turns to Errorif there are say 2 instance of notepad running. Therefore I need to run a diagnostic task to determine how many instances are actually running because I only want to run the recovery task when the instance count is less than 1. I created a diagnostic task to run when the monitor’s health is in Error state. This diagnostic has only 1 action module: “Microsoft.Windows.ScriptPropertyBagProbe”:

• Module configuration:

• ScriptName	CheckProcessDiagnostic.vbs
  Arguments	notepad.exe
  ScriptBody	refer to the vbscript below
  TimeoutSeconds	60

• Here’s the script:

'==========================================
' AUTHOR:            Tao Yang
' Script Name:        CheckProcessDiagnostic.vbs
' DATE:                27/01/2012
' Version:            1.0
' COMMENT:            - Script to check process state.
'                    - Used for OpsMgr Management Pack diagnostic tasks.
'==========================================
ProcessName = WScript.Arguments.Item(0)
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
WMIQuery = "Select * From Win32_process WHERE name = '" + ProcessName + "'"
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colProcesses = objWMIService.ExecQuery (WMIQuery)
Call oBag.AddValue("ProcessName",ProcessName)
If colProcesses.count < 1 Then
Call oBag.AddValue("Result","Positive")
Else
Call oBag.AddValue("Result","Negative")
End If
oAPI.Return(oBag)

• This script returns a property bag variable“Result”. The value of “Result” is “Positive” if there is less than 1 instance of notepad.exe running. otherwise, the value is “Negative”. I will use the the value of “Result” to determine whether to run the recovery task or not by using a condition detection module in recovery task later.

06. Create a Write Actions module for the recovery task. I’m creating a separate module for this so I can use it in recovery tasks of multiple monitors.

• 
• Member Module: “Microsoft.Windows.PowerShellWriteAction”
• 
• Module Configuration:
• 
• While editing this module, Add below secion between </ScriptBody> and </Configuration>:

<Parameters>
<Parameter>
<Name>PsExecPath</Name>
<Value>$Config/PsExecPath$</Value>
</Parameter>
<Parameter>
<Name>PathToExe</Name>
<Value>$Config/PathToExe$</Value>
</Parameter>
<Parameter>
<Name>Context</Name>
<Value>$Config/Context$</Value>
</Parameter>
<Parameter>
<Name>Arguments</Name>
<Value>$Config/Arguments$</Value>
</Parameter>
</Parameters>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

Place the PowerShell script below between <ScriptBody></ScriptBody> section:

#=================================================
# AUTHOR:  Tao Yang
# DATE:    16/01/2012
# Version: 1.0
# COMMENT: Start a exe on console session under LocalSystem Context
#=================================================

param([string]$PsExecPath, [string]$PathToExe, [string]$Context, [string]$Arguments)
# $Context should have only 2 possible values: "System" or "User". "User" needs Auto Admin Logon Enabled
Function Get-ConsoleSessionInfo
{
$results = Query Session
$ConsoleSession = $results | select-string "console\s+(\w+)\s+(\d+)\s+(\w+)"
if ($ConsoleSession)
{
$UserName = $ConsoleSession.Matches[0].groups[1].value
$SessionID = $ConsoleSession.Matches[0].groups[2].value
$State = $ConsoleSession.Matches[0].groups[3].value
$objConsoleSession = New-Object psobject
Add-Member -InputObject $objConsoleSession -Name "UserName" -Value $UserName -MemberType NoteProperty
Add-Member -InputObject $objConsoleSession -Name "SessionID" -Value $SessionID -MemberType NoteProperty
Add-Member -InputObject $objConsoleSession -Name "State" -Value $State -MemberType NoteProperty
} else { $objConsoleSession = $null }
Return $objConsoleSession
}

$Mode = $null
#Determine UserID
If ($Context -ieq "User")
{
$strUserName = $null
$DefaultPassword = $null
#detect if auto admin is enabled, if so, retrieve username and password from registry
$WinlogonRegKey = get-itemproperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"
If ($WinlogonRegKey.AutoAdminLogon = "1")
{
$DefaultUserName = $WinlogonRegKey.DefaultUserName
$DefaultDomainName = $WinlogonRegKey.DefaultDomainName
$DefaultPassword = $WinlogonRegKey.DefaultPassword
$strUserName = "$DefaultDomainName`\$DefaultUserName"
}

If ($strUserName -and $DefaultPassword)
{
$Mode = "User"
} else {
Write-Error "Owner variable set to `"User`" but Auto Admin Logon is not configured!"
}
} elseif ($Context -ieq "System") {
$Mode = "System"
} else {
Write-Error "Incorrect Owner variable. it can only be `"User`" or `"System`""
}

#$thisScript = Split-Path $myInvocation.MyCommand.Path -Leaf
#$scriptRoot = Split-Path(Resolve-Path $myInvocation.MyCommand.Path)
#$PsExecPath = Join-Path $scriptRoot "PsExec.exe"
If (!(Test-Path $PsExecPath))
{
Write-Error "Unable to locate PsExec.exe in $scriptRoot. Please make sure it is located in this directory!"
} else {
#Get Console Session ID
$ConsoleSessionID = (Get-ConsoleSessionInfo).SessionID
if ($ConsoleSessionID)
{
If ($Mode -eq "User")
{
$strCmd = "$PsExecPath -accepteula -i $ConsoleSessionID -d -u $strUsername -p $DefaultPassword $PathToExe $arguments"
Write-Host "Executing $strCmd`..."
Invoke-Expression $strCmd
} elseif ($Mode -eq "System") {
$strCmd = "$PsExecPath -accepteula -i $ConsoleSessionID -d -s $PathToExe $arguments"
#run app under LOCALSYSTEM context
Write-Host "Executing $strCmd`..."
Invoke-Expression $strCmd
}
} else {
Write-Error "No one is currently logged on to the console session at the moment."
}
}

Note:this PowerShell script uses command “query session” to detect the session ID of the console session.

Note: When you save the configuration of this module, please ignore this error:

Add the following item under Configuration Schema tab:

Note: Make sure “TimeoutSeconds” type is set to “Integer” and others are set to “String”

I also defined “TimeoutSeconds” as an overridable paramter:

Finally, set the Accessibility to Public (so it can be used in other management pack once this management pack is sealed”):

07. Create a recovery task to run after Diagnostic Task that I created from the step 5.

• This recovery task has 2 modules: a condition detection module (System.ExpressionFilter) and an Actions module (From the Write Actions module I created from Step 6)

• Condition Detection Module (System.ExpressionFilter):
• 
• Click Edit and add below:

<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”String”>Diagnostic/DataItem/Property[@Name='Result']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=”String”>Positive</Value>
</ValueExpression>
</SimpleExpression>
</Expression>

Actions Module (Module Type from the write action module created in Step 6)

Note: Regarding to the Context variable, I designed the script to launch PsExec to execute the executable either under LOCALSYSTEM (  with –s  operator in PsExec) or under the user that’s configured for Auto Admin Logon (with –u <username> and –p <password> operators in PsExec). Because when Auto Admin Logon is enabled, the default username and password is stored in the registry key (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon). If “Context” is set to “User”, the script reads the username and password from registry and pass them into PsExec. So, if Auto Admin Logon is not configured, the script won’t work if “Context” is set to “User”

Note: In this example, the recovery task simply launch notepad.exe on the console session. I can also tell notepad to open a txt file if I add the path of the txt file to “Arguments”.

Note: This recovery task will error out if no one has logged on to the console session of the target computer.

Now, everything is setup, time to put it to test.

From screen capture below, I can see the monitor’s health became Error at 10:44pm 27/01/2012. After the Diagnostic task determined there is no notepad.exe running, the recovery task kicks in, at 10:45pm, it launched notepad.exe on console session (session ID 2). The PID of notepad.exe is 4000.

Now, when I go to the target computer, notepad is launched on the console session and I can easily get the details of notepad.exe process:

You can see from above screen capture, notepad.exe was started at the same time when the recovery task ran, the session ID is 2, Owner is the account configured for Auto Admin Logon and process ID is same as the output from PsExec. Therefore, this instance of notepad.exe is the one started by the recovery task!

I’ve attached the 2 scripts used in Diagnostic and recovery tasks below. as well as my sample unsealed MP.

Download From Here

Please feel free to contact me if you have any questions or suggestions.

Process performance collections rules are straightforward to setup, as long as there is ONLY ONE instance of the particular process running on the computers that your rule is targeting. Also, each rule can only collect ONE performance counter.

The problem with that is, if I need to collect performance counters for a particular service, i.e. Server Service (lanmanserver) or a particular SQL server instance (when there are multiple SQL instances running on the same server) , I will not be able to do so using the default performance collection module “System.Performance.OptimizedDataProvider” because server service runs under the generic service host svchost.exe. Typically, there are many instances of svchost.exe running for various services:

According to above screen capture, there are 10 instances of svchost.exe running on my computer. And when selecting performance counter in SCOM consoles, there are 10 instances of svchost:

It’s the same if I simply run perfmon on the computer: there are 10 instances of svchost:

There’s actually a blog article on TechNet explaining this issue with perfmon: Perfmon: Identifying processes by PID instead of instance

So, there is a workaround for perfmon, but it doesn’t really help me with my performance collection rule in SCOM.

To overcome this issue, I had to create some customized modules to collect the counters that I’m interested in via WMI. I’ll now explain what I’ve done to achieve the goal.

1. I firstly created a probe action module to run a vbscript to collect ALL the counters I’m interested in via WMI. In the script:

1. takes the service name and computer name from the input parameter, get the PID for the service from win32_service class (note, I had to pass computer name to the script so it can connect to remote computer’s WMI namespace, this is required for agentless monitoring)
2. retrieve the values of the performance counters from Win32_PerfFormattedData_PerfProc_Process class using query “Select * from Win32_PerfFormattedData_PerfProc_Process Where IDProcess = ProcessID” (ProcessID was retrieved from step 1)
3. For each performance counter, create a property bag and add the property bag to MOM.ScriptAPI object
4. Return all property bags.

2. Create a Data Source module which contains 3 modules and the modules are executed on the following order:

1. System.SimpleScheduler (runs according to a schedule)
2. Probe module created from step 1 (retrieve performance counters and return then via property bag)
3. System.Performance.DataGenericMapper (Map the property bag values to performance data)

Now that I’ve created all the required modules, I can then create a SINGLE rule to collect all different counters that I defined in the probe action module. To do so:

1. In Authoring console, create a Custom Rule:

2. Give the rule a name and choose the target:

3. Add the data source module I previously created and configure the variables (service name is the actual service name, NOT service display name):

Note: The Computername variable from above example is “$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$”, this is correct because I’m targeting the rule to Windows Computer. You will have to change it if you are targeting other classes. The best way is to use the prompt and choose the host’s principal name. Below is an example if I target the rule to Windows Operating System:

4. Add 2 Actions module (don’t need to configure them):

1. Microsoft.SystemCenter.CollectionPerformanceData (WriteToDB)
2. Microsoft.SystemCenter.DataWarehouse.PublishPerformanceData (WriteToDW)

Note: The 2nd action module WriteToDW is from Microsoft.SystemCenter.DataWarehouse.Library. you will have to add this library as a reference of your management pack.

Now, the rule is created, you can create a performance view for the rule and make sure it is collecting data:

Below is the VBScript I’ve used in probe action module:

'=========================================================================
' AUTHOR:             Tao Yang
' Script Name:        ProcessPerfMonData.vbs
' DATE:               23/01/2012
' Version:            1.0
' COMMENT:            Script to collect perfmon data for specific service
'=========================================================================
Option Explicit
SetLocale("en-us")
Dim ServiceName, objWMIService,colService, objService, ComputerName
Dim ProcessID, ProcessName, colProcess, objProcess, colPerfData, objPerfData
Dim ElapsedTime, PercentProcessorTime, PercentUserTime, ThreadCount, PageFaultsPersec, IOReadBytesPersec, IOWriteBytesPersec
Dim oAPI, oBag, oInst
ServiceName = WScript.Arguments.Item(0)
ComputerName = Wscript.Arguments.Item(1)
Set oAPI = CreateObject("MOM.ScriptAPI")

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & ComputerName &"\root\cimv2")
Set colService = objWMIService.ExecQuery("Select * from Win32_Service Where Name = '" + ServiceName + "'")

For Each objService in colService
ProcessID = objService.ProcessID
Next

If ProcessID <> 0 THEN
Set colProcess = objWMIService.ExecQuery("Select * from Win32_Process Where ProcessID = " & ProcessID)
For Each objProcess in colProcess
ProcessName = objProcess.Name
Next
Set colPerfData = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_PerfProc_Process Where IDProcess = " & ProcessID)
For Each objPerfData in colPerfData
ElapsedTime = objPerfData.ElapsedTime
PercentProcessorTime = objPerfData.PercentProcessorTime
PercentUserTime = objPerfData.PercentUserTime
ThreadCount = objPerfData.ThreadCount
PageFaultsPersec = objPerfData.PageFaultsPersec
IOReadBytesPersec = objPerfData.IOReadBytesPersec
IOWriteBytesPersec = objPerfData.IOWriteBytesPersec
Next
'Elapsed Time
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "Elapsed Time"
oBag.AddValue "Value", ElapsedTime
oAPI.AddItem(oBag)

'Percent Processor Time
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "% Processor Time"
oBag.AddValue "Value", PercentProcessorTime
oAPI.AddItem(oBag)

'Percent User Time
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "% User Time"
oBag.AddValue "Value", PercentUserTime
oAPI.AddItem(oBag)

'Thread Count
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "Thread Count"
oBag.AddValue "Value", ThreadCount
oAPI.AddItem(oBag)

'Page Faults/Sec
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "Page Faults/sec"
oBag.AddValue "Value", PageFaultsPersec
oAPI.AddItem(oBag)

'IO Read Bytes/sec
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "IO Read Bytes/sec"
oBag.AddValue "Value", IOReadBytesPersec
oAPI.AddItem(oBag)

'IO Write Bytes/sec
Set oBag = oAPI.CreatePropertyBag()
oBag.AddValue "Object", "Process"
oBag.AddValue "Instance", ServiceName
oBag.AddValue "Counter", "IO Write Bytes/sec"
oBag.AddValue "Value", IOWriteBytesPersec
oAPI.AddItem(oBag)
ELSE
'Return an empty property bag
Set oBag = oAPI.CreatePropertyBag()
oAPI.AddItem(oBag)
END IF
oAPI.ReturnItems

As you can see, I’m collecting the following 7 counters in the script:

1. Elapsed Time
2. % Processor Time
3. % User Time
4. Thread Count
5. Page Faults/sec
6. IO Read Bytes/sec
7. IO Write Bytes/sec

You will need to modify the script if you are collecting different counters. for details of the counters you can collect, please refer to Win32_PerfFormattedData_PerfProc_Process class documentation here at MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/aa394277(v=vs.85).aspx

I’ve attached the script and the sample unsealed management pack at the bottom of this article. You can modify or recreate your own based on the samples. don’t forget to seal the management pack if you want to use the modules in other MPs.

VBScript: ProcessPerfMonData.txt

Unsealed MP: TYANG.Custom.Performance.Monitoring.xml