Tuesday, December 11, 2007

Operations Manager Service Pack 1 Contents

Ops Manager 2007 SP1 is at RC code and can be downloaded from the connect.microsoft.com website. Here is a grasp of what it is all about...

Bug Fixes

Check out this site for a full listing of the fixes that SP1 does... http://www.systemcenterforum.org/features-in-sp1-rc-for-operations-manager-2007-series-wrap-up/

New Features
The new features that are in Operations Manager 2007 SP1 are:

  • Improved performance and reliability when working with alerts, overrides, and searches.
  • In all Alert views, performance has been increased through better fetching and yields alert row selection that is three times quicker. Actions and reports are fetched in the background, which further improves performance. Alert knowledge that is displayed in the Alert Details pane can be shown or hidden according to the user's preference.
  • Operations Manager 2007 advanced search has been improved by enabling the ability to search across monitors and rules by their overrides.
  • Support for the discovery and monitoring of both SNMP v1 and SNMP v2 network devices. Users can select which SNMP Community Version to search for in the Discovery Wizard.
  • Support for exporting Operations Manager 2007 diagrams to Microsoft Visio VDX file format. Note that the Visio button is located on the toolbar when in a diagram view. Diagram layouts can now be saved and will be remembered when the diagram view is selected again.
  • Support for copying and pasting (CTRL+C and CTRL+V) from the Alert details pane.

Setup and Recovery
The following are improvements in setup and recovery:

  • To make backup and recovery easier, setup in Operations Manager 2007 SP1 starts the Secure Storage Backup Wizard at the end of setup, by default, to back up the RMS encryption keys. This is the same command-line tool used in the original version of Operations Manager 2007, but with an easier-to-use wizard interface. The wizard is actually started by using the command-line version of the tool when no parameters are passed to the tool or it is started from Windows Explorer. The Secure Storage Backup tool is located on the installation media in the Support Tools directory. The Secure Storage Backup Wizard can be started according to the user's preference.
  • To make the recovery of a clustered RMS easier, Operations Manager 2007 SP1 enables the repromotion of the RMS cluster to the RMS role after it is fixed. This addresses the situation where a clustered RMS has failed and another management server in the management group has been promoted into the RMS role.

User Interface and Experience
The following are improvements in user interface and experience:

  • To make the creation of new management packs easier, Operations Manager 2007 SP1 introduces the ability to copy views from any existing management pack to an unsealed management pack. This is done in the Monitoring view. For example, if you have created a management pack for SQL Server overrides and want to use one of the SQL Server management pack views in the SQL Server overrides management pack, you would simply select the desired view, right-click to copy it, and then paste it into the target management pack folder.
  • In all Alert views in the Monitoring space and in the Web console, Operations Manager 2007 SP1 ensures that the Repeat Count value is incremented correctly.
  • After you have created an override for any management pack object, you can look at the summary of overrides for the object type in the Overrides Summary box. Operations Manager 2007 SP1 ensures that the description of the override target is complete. For example, if you create an override for Logical Disk Free Space for the C:\ of Server1, the summary will display 'server1/c:'

Core Product
The following are improvements in the core Operations Manager 2007 product:

  • SP1 ensures that when agents are uninstalled from a computer in the Administration space\Device Management container\Agent Managed node of the Operations Console, that they are also removed from the computer views in the Monitoring space.
  • Scripts can now be used for diagnostic tasks.
  • View names, data and, display strings in the Operations Console that have been collected from computers running different language versions of Microsoft Windows operating systems are displayed correctly.

The following are improvements to reporting:

  • When you are in a report, you can now choose to publish the report by selecting Publish from the File menu. This will allow you to publish reports to multiple locations, such as Microsoft Windows SharePoint Services Web sites.

Web Console
The following are improvements in the Operations Manager 2007 Web console:

  • The Operations Manager Web console provides access to performance data. Users can then select specific counters to graph. In Operations Manager 2007 SP1, it is now possible to construct a filter for the desired performance counters to ease searching and navigation. This ability is available when a performance view is selected and displays in the Performance legend pane. The search options available are All items, Items in the Chart, Items not in the Chart, and Items by text search.
  • The Web console has been further improved so that the Favorite Reports container is now available in My Workspace.

Audit Collection Services (ACS)
The following are improvements for ACS:

  • New discoveries and views have been added. These features detect and indicate which agents and servers are ACS-forwarding enabled.
  • There are more monitors and alert generating rules to track the health state of the ACS collectors. For example, Operations Manager 2007 SP1 includes the ability to watch the DB Queue % full level against default thresholds, such as the back-off threshold or disconnect threshold.
  • The ACS forwarder feature is now supported on the Management and Gateway Server roles. The ACS Forwarder is disabled by default. When enabled, it will allow the inclusion of security auditing data for these server roles.
  • When using ACS, one of the most common tasks is to enable forwarding on ACS agents. In Operations Manager 2007 SP1, an Operations Manager Command Shell script can be used to enable forwarding for entire computer groups, thereby greatly easing the deployment and administration of ACS.

Agentless Exception Monitoring (AEM)

AEM now provides an improved appearance and functionality of AEM reports.

Sunday, November 18, 2007

Monitoring servers in DMZ or Untrusted domains or Workgroups

In a recent POC, I encountered a scenario where the customer did not allow u to join the Ops Manager server into the domain. This was the challenge put forth as we would have issues with mutual authentication.

Due to limitation of resources as well, we could not set up a Gateway Server.

After much hair loss, we performed the following solution.

The Concept
Create a certificate services environment to achive mutual authentication between the trusted and untrusted domain then install agents to get it monitored.

The Grind
We installed and setup Certificate Services on the Windows 2000 Active Directory Domain Controller (yes. the customer was using this so we had to simulate their environment). We then requested the server certificate and client certificate.

After which we used the MOMCertImport Tool to import the server certificate into the Management Server and the Client certificate into the monitored servers.

We then proceeded to install the Agents. DONE! Hooray!... wait... why isn't anything showing up on the Management Server?

After much more hair loss and loss of brain cells, we finally figured it out. What was missing was the Root Certificate.

So the following are the correct steps:

  1. Use MOMCertImport tool to import the Root Certificate and Server Certificate into the MS
  2. Use MOMCertImport tool to import the Root Certificate and Client Certificate into the Monitored server in the untrusted domain
  3. Install the Agent

Pooof!!! Monitored server appears in the Pending view.

Hope this helps you guys out there who are posed with the situation of monitoring in untrusted domains.

Friday, November 9, 2007

OM 2007 Cleanup

I found this utility quite useful. Even though going through Add/Remove Programs can achieve the removal of OpsMgr, this tool does a better and CLEAN method of it. I encourage everyone to download and use it


Tuesday, October 16, 2007

Exchange 2007 MP is here!

The Exchange MP is here... The Exchange MP is here... hi ho the dearieyah.. the Exchange MP is here...


Monday, October 1, 2007

Command Shell is proving to be a fairly simple language to learn and it can do wonders for the administration of Operations Manager 2007. There is a video which I found useful with regards to this...

Check it out.

Operations Manager 2007 Tool Kit

Just discovered some cool tools for Operations Manager 2007!!! such as AD Integration script, Vista Gadget, OpsMgr Cleanup Tool, Action Account Tool, Effective Configuration Viewer, OpsMgr Inventory, AEM Validation and AEM MP. Get it from http://technet.microsoft.com/en-us/opsmgr/bb625978.aspx#eie

Tuesday, August 14, 2007

I managed to get this recently, which shows odd the Roadmap for upcoming Management Pack release for Operations Manager 2007

Tuesday, July 10, 2007

Official Ops Manager Guides Available

Here's a link to some awesome official guides from TechNet


Saturday, May 12, 2007

System Center Capacity Planner

For a complete design and planning of SCOM, check out the new System Center Capacity Planner (SCCP) which has been released in BETA! Go to https://connect.microsoft.com/programdetails.aspx?ProgramDetailsID=1265

Ops Manager license CHEAPER THAN EVER!!

Guess what, it’s true. SCOM 2007 is now much cheaper than before. Moreover, OpsMgr is priced per device compared to many others which are priced by number of processors.


SCOM 2007


Difference (%)

Server with 10 Enterprise OML



USD1266 (-20.76%)

Standard OML



USD40.8 (-20.84%)

Enterprise OML



USD111.8 (-20.79%)

Client OML



An Operations Management License (OML) is required for each device managed by OpsMgr 2007, except for those functioning only as network infrastructure devices (OSI layer 3 or below). A device can be a single server, single personal computer, workstation, terminal, handheld computer, pager, telephone, personal digital assistant, or other electronic device.

MOM 2005 Pricing : http://www.microsoft.com/mom/howtobuy/default.mspx

SCOM 2007 Pricing : http://www.microsoft.com/systemcenter/opsmgr/howtobuy/default.mspx#EIE

Ian Blyth’s Blog also talks about it.


Ops Manager 2007 Sizing Guide

Its Here!!! The Sizing Guide!! Woohooo!!! Here is some help found at https://connect.microsoft.com/SystemCenter/content/content.aspx?ContentID=5230

MP Wizard?

Everything and more that you can do with the MOM 2005 MP Wizard is now a core part of the standard OpsMgr 2007 product. So while it is true the MP Authoring Console will be released soon, it is really for advanced MP authoring.

The kind of MPs the MP Wizard produces are really very simple and are fully supported in OpsMgr 2007. There are some instructional videos on it at http://www.microsoft.com/technet/opsmgr/2007/evaluate/webcasts.mspx

Cluster MP not clustered

In a recent POC, we were trying to configure Ops Mgr RC2 to monitor an Exchange Cluster. We imported the Exchange MP and Cluster MP. However, Ops Mgr 07 was not picking up the back-end Cluster. When RTM was released, the Cluster MP was no where to be found.

We proceeded to ask PSS regarding the matter and found out that there were some issues with the Cluster MP and that was the reason it was not available in RTM. So for those of you that are doing demos or POCs... hope this little info helps.

In a recent POC, we were trying to configure Ops Mgr RC2 to monitor an Exchange Cluster. We imported the Exchange MP and Cluster MP. However, Ops Mgr 07 was not picking up the back-end Cluster. When RTM was released, the Cluster MP was no where to be found.

We proceeded to ask PSS regarding the matter and found out that there were some issues with the Cluster MP and that was the reason it was not available in RTM. So for those of you that are doing demos or POCs... hope this little info helps.

Friday, March 23, 2007

Rules vs. Monitors

Back in the days of MOM2005, all monitoring was done under a terminology called 'Rules'. We would create a rule to track events and alerts

In Ops Manager 2007, a new component of Management Packs is introduced... 'Monitors'!..

So this is how I understand it...

Used to assess various conditions that can occur on monitored objects

  • performance counter
  • the existence of an event
  • the occurrence of data in a log file
  • the status of a Windows Service
  • the occurrence of a SNMP trap

The result of this assessment determines the health state of a target and the alerts that are generated


Used to collect data, such as events, generated by managed objects.
Can be used instead of monitors to generate alerts when data collected from managed objects DOES NOT indicate the health state of the managed objects.

A useful experience

I delivered a workshop on Operations Manager 2007 this week and it was fantastic! The amount of learning and discoveries was way beyong expectations. Here were some of the questions asked during the workshop and the answers:

1. When is MOM2005's End of life?
[ANS] Mainstream Support will end Jan 2010 and Extended Support will end Jan 2015

2. Do you need a OML to monitor an SNMP Printer?
[ANS] Yes. At the moment, you DO NOT need an OML only for devices operating at OSI Layer 3 and below (i.e., routers, switches, hubs)

3. Does Audit Collection Service need a seperate license?
[ANS] No. ACS licensing is part of the OML license

4. Can Audit Collection Service Database be installed on the same server as the ACS Server?
[ANS] Yes. but it is not recommended. The amount data that ACS collects is huge!

5 Can Ops Manger 2007 be used to monitor Linux servers?
[ANS] Yes with the use of third party providers such as eXc Software, Engyro, Quest, Jalasoft, etc... Essentially how it works is, these providers will communicate with the nonWindows environment and feed information back to Ops Manager. For example, products like eXc software supports a wide range of connectors from OS to network device, printers, UPSes, storage, etc...

There was more... but i need to digest them first and find the answers. Will update on this sooooonn..

Sunday, March 18, 2007

Ops Mgr 2007 RC2 Installation Order

Dealing with BETA code is always a challenge. Here was my final installation order which reported no errors:

  1. Install Windows server 2003 SP1
  2. Upgrade to Windows server 2003 R2
  3. Install SQL 2005
  4. Install KB918222 (http://support.microsoft.com/default.aspx/kb/918222/en-us)
  5. SQL 2005 SP2 (yes... KB918222 is supposed to be in SP2 but somehow if you install SP2 directly, the pre-req checker will report that it is missing)
  6. Install dotNet Framework 3.0
  7. Install Windows Powershell (If you are planning to experiment on Command Shell)
  8. Run SetupOM.exe from the SCOM Source directory to install OPSMGR 07
Once done, open up the Consolidated Operator Console and use Discovery Wizard to discover servers and clients on the network.

Then, import management packs from the Management Pack folder on the SCOM course files.

A couple of days ago, Microsoft released Windows Server 2003 Service Pack 2. I have not tested installation of this and how it would affect Ops Mgr. Will post an update after trying it out

Sunday, March 11, 2007

Understanding "Heartbeats"

MOM 2005 agents routinely report their presence to their assigned management server by sending a heartbeat. Understanding agent heartbeating is helpful as adjustment to the default values may be beneficial in some environments. Let's go through how this works.
Heartbeating is divided into two parts - the agent and the management server. The agent heartbeat settings are adjusted through global settings on the management server(s) as shown in fugure 1 of the attachment..

The one configurable setting for agents is the 'heartbeat interval'. By default, the agent is configured to send a heartbeat via UDP port 1270 every 10 seconds. You will note that this screen also shows the management server 'heartbeat scan interval' - this value defines how often the management server will look for a heartbeat from a particular agent. More on that in a moment but for now just note that the heartbeat scan interval needs to be longer, by default three times longer, than the heartbeat interval.

On the management server side we have several more configuration options as shown in figure 2 of the attachment.

The first block of settings is to configure 'Heartbeat Scan'. There are two options here. The first option, 'Interval to Scan for Agent Heartbeats', defines how often the management server will look to see if it has received a heartbeat from an agent. The default setting is 30 seconds. As you will recall, the agent will, by default, send in a heartbeat every 10 seconds. With the default settings, then, the agent will have up to 3 opportunities to send up a heartbeat before the management server looks to see if one has been received. Since heartbeats are send UDP it's possible one may not arrive. Using these settings MOM accounts for that fact and avoid flagging a problem simply because of a potential and transient communications failure.

Also in the first block is the setting 'Scan agentless computers every specified number of times Management Server performs agent scan'. The default setting is 3. This setting is specific to machines that are agentless monitored - not a common scenario - and by default indicates that the management server should scan agentless machines every 90 seconds (3 times 30 seconds as defined for agent managed machines).

The second block of settings is to configure 'Heartbeat Ping' behavoir. During hearbeat checking, as we will see in a minute, each time the management server looks for a heartbeat and fails to find one MOM will initiate a ping to determine if the agent machine is actually online. Just because a machines fails to send a heartbeat doesn't mean that the machine is down - MOM heartbeat checking looks for machines that are offline vs. those that simply haven't sent a heartbeat by doing ping checks.

The 'Number of Ping attempts' setting defines how many pings will be done to determine if the target machine responds. The 'Time between pings' setting defines how long to wait between each ping attempt. The 'Ping time out" defines how long to wait without hearing a response before the ping attempt is considered a failure. The "Number of scans before generating service unavailablility' defines how many scan attempts will be done prior to flagging the MOM agent service as unavailable.

Lets pull all of this together to discuss how this mechanism works. Assume all settings are default and a MOM agent is heartbeating every 10 seconds and suddently stops - due to a system problem, server reboot, etc. The MOM management server is somewhere in it's 30 second detection period when this happens. Assuming MOM has received a valid heartbeat within the current 30 second window the management server will wait for another 30 second period and then check again for a heartbeat. This time no heartbeat will be seen. In response to that, the management server will initiate a series of pings. Assuming the ping attempt fails MOM will immediately generate an event/alert indicating the ping failed and the target machine may be down. In the instance of a machine actually being down the notification happens as close to real time as possible. Assuming the ping attempt succeeds, MOM will wait another 30 second window to see if a heartbeat arrives - assuming no heartbeat arrives at the end of the second 30 second window MOM will again initiate the ping test to verify the system is online. Assuming that succeeds MOM will wait a third 30 second window and if there is still no heartbeat will initiate a third series of pings Assuming that comes back OK, MOM will generate an event/alert indicating it failed to hear from an agent with current heartbeats but did verify the agent machine was online. Remember, the 3 scan attempts is driven by the setting on the management server and is configurable.

Based on the above description you may see an event/alert combination after approx. 30 seconds when MOM realizes a machines is totally offline or, if the machine is acually OK but the MOM agent is the one having problems, there will be a delay of appox. 2 minutes before receiving the heartbeat failure event/alert.
These default settings can be adjusted to fit the needs of each operating environment - but it is crucial to understand how all of these settings interact to predict the end behavior of MOM. If, for example, the default number of scans was adjusted from 3 to 10, MOM would delay notification on missing heartbeats for approx. 6-7 minutes. This time period may be even more drastically affected by adjusting combinations of settings.

One further comment on this. MOM heartbeat data is stored in the database but this information is NOT what is used to determine the last heartbeat received from an agent. Instead, each management server maintains an in memory list of each of it's managed agents and their last heartbeat time. This is what is used for heartbeat checking.

I may blog more on this in future sumbissions as there is even more 'behind the scenes' details as to how this works both in terms of the mechanics and the rules that detect these potential failures.

- exerp from Steve Rachui's Manageability blog (http://blogs.msdn.com/steverac/archive/2006/02/11/530292.aspx)

Saturday, February 24, 2007

MOM 2005 Installation Steps

After many brain busting trials and re-installations. This was the installation order that I found was the smoothest and did not produce any errors:

  1. Install Windows server 2003 SP1
  2. Upgrade to Windows server 2003 R2
  3. Install SQL Server 2000
  4. Install SQL Server 2000 SP4
  5. Somehow the installation of SP2 does not update the registry to reflect this change. So if you run MOM 2005 setup now, the Pre-requisite checker is going to report that you 'do not meet the minimum requirement of SQL Server SP3'. So, Change the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\CurrentVersion] registry key to "8.00.2039" or download and run this Registry script
  6. Install Visual Studio .Net 2003 (this is for creation and editing of your MOM reports)
  7. Install SQL Reporting Services (MOM Reporting rides on this)
  8. Install MOM 2005 or MOM2005 SP1 slipstreamed
  9. Install MOM2005 SP1 (if you did not install the slipstreamed version)
  10. Install MOM Reporting Services
  11. Update with SQL Reporting Services SP2
You're ready to rock and monitor!! next, launch the Administrator Console and install the Agents and Import the desired Management Packs.