Monthly Archives: January 2016

How Do I: Access SCOM Properties Programmatically

For some background. The question that led to this post was in regard to being able to access properties that SCOM was discovering in order to detect config drift in some networking hardware. Normally when I get a question like this my first answer is don’t use SCOM for this–use OMS, SCCM, or some other tool designed specifically for this purpose. With that said, they had a specific use case that made sense, and SCOM was already collecting all the properties they cared about as part of a 3rd party Management Pack so the primary goal became giving the customer a better picture of where this data gets stored and the easiest way to access it.

First way of getting at discovered property data is via the OperastionsManager Database (The usual caveats about directly querying the OpsDB not being recommended or supported apply.)

There are tables called Dbo.MT which contain the various properties associated with a certain class of object.

prop01

If I look at something like SQL 2014 Databases I find the following: (There are more properties, but they get truncated off screen)

Select * from dbo.MT_Microsoft$SQLServer$2014$Database

prop02

To make this a little more meaningful we need to pick which tables we are interested in and join FullName from BaseManagedEntityID so we can understand which systems these databases are associated with. For this I wrote the following query:

SELECT

BME.FullName,

MT.DatabaseName_3AD1AB73_FD77_E630_3CDE_2CA224473213 As ‘DB Name’,

MT.DisplayName,

MT.DatabaseAutogrow_E32D36C4_7E11_62BE_D5B4_B77C841DCCA1 As ‘DB Autogrow’,

MT.RecoveryModel_772240AD_E512_377C_8986_E4F8369BDC21 As ‘DB RecoveryModel’,

MT.LogAutogrow_75D233F6_0569_DB26_0207_8894057F498C As ‘LogAutogrow’,

MT.Collation_4BC5C384_34F3_4C3F_A398_2298DBA85BCD As ‘Collation’,

MT.BaseManagedEntityId

FROM dbo.MT_Microsoft$SQLServer$2014$Database MT

JOIN dbo.BaseManagedEntity BME On BME.BaseManagedEntityID  = MT.BaseManagedEntityId

Which gives this output:

prop03

You could also get at similar data through the SDK via PowerShell (This would technically be the officially supported technique, though sometimes not as flexible as SQL). To do this you would use something like:

Import-Module OperationsManager

$WindowsServerClass= Get-SCOMClass -Name Microsoft.SQLServer.2014.Database

$ServerObjects = Get-SCOMClassInstance -Class $WindowsServerClass | Select Fullname, *.DatabaseName,*.RecoveryModel,*.DatabaseAutogrow,*.LogAutogrow,*.Collation

$ServerObjects

This will give you results that look as follows: (I just arbitrarily picked a few properties, there are more available that you can look at with either I get-member or | Select *

prop04

From there we can make things a little more readable with the following:

Import-Module OperationsManager

$WindowsServerClass= Get-SCOMClass -Name Microsoft.SQLServer.2014.Database

$ServerObjects = Get-SCOMClassInstance -Class $WindowsServerClass

$ServerObjectsB = $ServerObjects | Select *.DatabaseName, *.RecoveryModel, *.DatabaseAutogrow, *.LogAutogrow, *.Updateability, *.UserAccess, *.Collation, *.Owner, *.ResourcePool | FT

prop05

From there we started playing around with ways to quickly identify differences:

prop06

This is still a work in progress, but I figured I would share in case this can be of use to anyone.

Tagged ,

How do I: Send SMS Text Message Notifications for Heartbeat Failures

Continuing in my series of interesting questions from last year and my answers here is one on Sending SMS Notifications for Heartbeat Failures for a subset of mission critical servers. The added wrinkle to this question was they also needed to be certain (due to the security requirements of their environment) that no information regarding servername, IP address, or other info of that nature which might be part of a typical alert description make it into the text alerts.

Text Alert on Heartbeat failures without Confidential information/Server names

SCOM Heartbeat Failure Chain of events:

01SMS

Above Diagram pilfered with attribution from TechNet.

First you need to setup a new E-Mail Notification Channel

Select Administration

02SMS

Channels:

03SMS

New

04SMS

Select E-Mail (SMTP)

05SMS

Enter a Channel Name:

06SMS

Enter a SMTP Server and a Return address (You will likely need an exception that will allow the SMTP server to send messages outside your domain)

07SMS

Modify the Subject and Message as follows:

E-mail subject:

Alert: $Data[Default=’Not Present’]/Context/DataItem/AlertName$ Resolution state: $Data[Default=’Not Present’]/Context/DataItem/ResolutionStateName$

E-mail Message:

Alert: $Data[Default=’Not Present’]/Context/DataItem/AlertName$

Last modified by: $Data[Default=’Not Present’]/Context/DataItem/LastModifiedBy$

Last modified time: $Data[Default=’Not Present’]/Context/DataItem/LastModifiedLocal$

(Ultimately you could add additional text here as well, the key is that we are pulling out the variables from the Channel that would normally populate the server name when there is a heartbeat failure)

08SMS

Click Finish

09SMS

Create a new Subscription

10SMS

Created by specific rules or monitors — Health Service Heartbeat Failure

With a specific resolution state–New

11SMS

Add subscribers (If you want it to send text messages you can create new unique subscriber and have an address that consists of the appropriate cell number + service provider combination:

Sprint

cellnumber@messaging.sprintpcs.com 

Verizon

cellnumber@vtext.com

T-Mobile

cellnumber@tmomail.net

AT&T

cellnumber@txt.att.net

For my example I am just using an internal account in my environment.

12SMS

Select your newly created notification channel. You may want to delay notifications by 15 minutes.  That way if the server is down for less than 15 minutes you won’t get a text message at 3 AM.

13SMS

Click Finish

14SMS

Now if a server goes offline the console will still generate an alert as before with the server name:

15SMS

But the e-mail or text message will be generic without any confidential information:

16SMS

For alerts other than heartbeat you might have to check and craft a slightly modified channel to insure no info you don’t want texted is sent out.

A quick example to illustrate this:

Ultimately $Data/Context/DataItem/AlertName$ will map to a different value for each type of alert. So for the alert below:

17SMS

That variable maps to:

18SMS

So Alert Name by itself will not map to anything proprietary like IP Address/domain/computername etc unless you have created a custom alert which contains any of this info in the Alert Name field. Though with that said it may still map to info about specific technologies. So one might be able to use the Alert Name to determine what types of applications you are running which could in some cases be a security concern. To get a sense of the type of values that typically show up in your environment the quick and easy method is to just look at your Monitoring Pane – Active Alerts  Name column:

19SMS

So for my environment you could learn from this info what apps I am running (SharePoint, SQL, ACS), in the case of the Page Life Expectancy you are able to find out the version of SQL etc. If this kind of info isn’t a security concern for your business you could just pass the Alert Name field from any alerts that meet a certain Severity/Priority Criteria. If this type of info is a concern then you need to determine which alerts are ok to pass alert name like Health Service Heartbeat failure and which need to be withheld and then filter your notification subscription criteria accordingly.

If you want a slighter better view of this info you could use PowerShell:

Import-Module OperationsManager

Get-SCOMAlert 

20SMS

Get-SCOMAlert | Select Name

This will give you possible values that could populate that variable. (Keep in mind this will only pull back values that are currently in the OpsDB so this will be all alerts in that DB based on your grooming/retention settings.)

 

Tagged , , ,