Hi Everyone,

Can a subject matter expert (SME) review my steps below and advise where the issue is as my PS script seems to run on all Servers rather than the 4 that I have targeted.

Thanks!

I have imported Community.PowerShellMonitoring-1.1.1-20170720.074505-2.mpb into OM1801

I want to monitor the health state (“Error”) or (“Ok”) of our HPE TRIM/RM/CM Mail Notification Processors.

If the Mail Notification Processor starts queuing mail it is a major issue for our business units (a “Stop the Press” event) and requires an Alert in the OM console and E-Mail via a OM Subscription.

STEPS

Open the Authoring PANE, and Look for “Windows Computer” which will be my target for my two state Availability Unit Monitor
Right click on “Availability”, create a monitor, unit monitor
Select Scripting/PowerShell Based/PowerShell Script Two State Monitor (Community)
Choose my destination MP (Company.Windows Server)

In the General properties, I enter the name, description
Monitor target is “Windows Computer”

I untick the “monitor is enabled” as I don’t want to push my powershell script out to ALL Servers. Once the monitor is created I will override the monitor and select the group I have created with the 4 x Windows Member Server Computers that are running the HPE Mail Notification Processor and enable by changing default from false to true.

In the configure a schedule wizard, I set the script every 60 minutes

In the “Enter script Information” screen, I enter my filename and PS script and set the timeout to 2 minutes. The PS script should return “Error” or “Ok” state to $PropertyBag:

$ScomAPI = New-Object -comObject “MOM.ScriptAPI”
$PropertyBag = $ScomAPI.CreatePropertyBag()

$query = Get-EventLog -log Application -After (Get-Date).AddHours(-1) | where-object {$_.Message -like “Mail Notification”}
if ($query) {
$PropertyBag.AddValue(“State”,”Error”)
}
else
{
#$PropertyBag.AddValue(“State”,”Ok”)

}

Send output to SCOM

$PropertyBag

In the “Filter one or more events” wizard for my two state unit monitor:

Parameter name Property(@Name=’State’) Operator Equals Error

Click Next

Parameter name Property(@Name=’State’) Operator Equals Ok

Click Next

Map Monitor to Conditions health state wizard

Monitor Condition, Operational State, Health State
Healthy, Healthy, Healthy
Unhealthy, Unhealthy, Critical

Click Next

Alert Settings wizard screen

TICK “Generate Alerts for this monitor”
Generate an alert when:
The monitor is in a critical health state
Enter Alert Properties, Alert Name/Description

Create a Group called “HPE Mail Notification Processor Hosts” and add the four servers that run the Mail Notification Processor.

Question: Should these objects be Microsoft.Windows.Computer.host.FQDN OR Microsoft.System.Center.Installed.OMProducts:host.FQDN.Microsoft Monitoring Agent?

Right click the monitor / Override the Monitor / For a Group / and select the group I created
Change Override / Enabled False to True / Click Apply

I then add a subscription / subscription criteria notify on all alerts for the monitor “HPE Mail Notification Processor Monitor”

Enter my AD user name, SMTP Channel, click finish and test.

The group should contain the windows computer since you are targeting windows computers

Hi

If the Mail Notification Processor stops processing will you still get the email?

The first thing is that you need a new alert before you’ll get an email so there is no point in testing whether you receive the email until you know that the monitor is generating an alert.

As this is a monitor; you will only get an alert if the monitor changes state. So if it is already unhealthy you’ll need to reset health state and wait for it to unhealthy again.

Are you getting alerts?

NOTE - you have commented out the healthy property bag

#$PropertyBag.AddValue(“State”,”Ok”)

Cheers

Graham

If you think it is still running on other computers e.g. the WSUS server then possibilities are:

• Someone else has deployed similar monitoring to other computers. Perhaps via an NT event log rule. Verify that the alert has come from the same monitor.
• Is there an issue with the agent on the WSUS server? I'd flush the agent cache and make sure the agent downloads new configuration succesfully.

One of the downsides to using the templates is that as Jannep states; you can't really target properly. You end up with a windows computer object in health explorer with lots of monitors against it in a state of not monitored. It also makes it more challenging to find out where the script is actually running as you can't see the target and scope in Discovered Inventory (or create a state view for that class). You always need to look at the group membership.

You also have the challenge that you don’t have any real source code or version control. Someone can go into the script and accidentally make a change while they review it. And with everything in an unsealed management pack you have limitations on how you can use elements within the management pack.

But I appreciate at the same time that learning SCOM authoring is a steep learning curve and that management tend to want everything yesterday which makes finding time for learning challenging. If you want a walk through let me know and I’ll try and put something together.

With regards to the PowerShell. I generally try not to pass healthy \ unhealthy out of the script. Instead pass a value and then evaluate that later as well as exposing it as an override. That way you can make a change to thresholds via an override rather than having to go back and change the source code.

Cheers

Graham

Hi jannep and Graham,

I take your points. However, prior to creating my two state monitor and as my reference, I used the squaredup “custom file space monitor using powershell” release webinar:

https://squaredup.com/content/management-packs/free-powershell-management-pack/

The example targeted the Windows Computer class just like I have. It also overrides to a group.

So the question is how do I create my target classes prior to using the Powerscript Monitor (Community) ???

E.G. Use MPAuthor to create a class, discover and monitor a service as per the URL below which permits version control.

https://blogs.technet.microsoft.com/kevinholman/2014/11/12/using-mpauthor-to-create-a-class-discover-and-monitor-a-service/

Steve

Hi!

Use this guide to create a discovery.

https://www.youtube.com/watch?v=7ATQVN4iYZU

I would do as he does in the video a registry discovery and target it to windows computer.

Then when you create the powershell script you target the new class that the discovery creates.

Hi Jannep,

That was the way I proceeded; MP Author created my HPE TRIM-RM-CM registry discovery class then my powershell script used the HPE TRIM-RM-CM registry discovery class as the target to execute the code against.

Steve

Thanks Jannep and Graham for your replies.

If the TRIM/CM/RM Mail Notification Processor stops (e.g. is in a queued state) staff don’t receive new action or procedures emails from TRIM/Records Manager/Content Manager.

Alerts are being created in the OM1801 Console Active Alerts pane - I have successfully tested the monitor by temporarily changing the powershell code to:

-After (Get-Date).AddDays(-20)

This allows the script to detect earlier errors then create an Active Alert in OM1801. I then receive an email via the subscription.

I performed an override on the monitor so it is targeted to the four Windows Servers that have the Mail Notification Processor running.

But I note the script seems to be running on more than those four as it picked up “Mail Notification” in the Event Log on one of our WSUS Servers.

I have removed the # comment, thanks Graham.

Steve

The script will be deployed to all windows computer since you have targeted windows computers. But it should then verify if the script is enabled before it runs it. The recommended way should be to target a class.

That should work as you wanted.