TCP Port monitoring in SCOM without using template.


Hello everyone,

As you may or may not know, creating TCP monitors in SCOM through use of the template is a fairly time intensive task, especially if you have to create a ton of TCP monitors. Furthermore, templates are fine for smaller scale Operations Manager environments but tend to create a lot of unneccessary groups, overrides, views etc.

So naturally I was looking for a more elegant solution as I did not want to go through creating 100’s TCP monitors. My first thought was to google if anything exists already, and to my surprise, I did not find any immediate solutions.
What I did find however was the following post. (Credits to Gowdhaman Karthikeyan)

This post explains how you can use a powershell discovery with a comma seperated file or ‘CSV’ to add the proper TCP Port instances in SCOM.
This has some significant advantages over using the template (as  outlined in the blog post):

  • You can let other teams add TCP monitors themselves, with minimum SCOM knowledge or access.
  • It is more scalable, as it does not create any unnecessary groups, overrides, views compared to the template.
  • It is a lot faster, as you dont have to go through the template for each TCP monitor you want to create.
  • The information is centrally stored in the CSV.

The blogpost covers the class/discovery creation of these TCP port instances, but does not cover the monitoring part. As I did not have time to wait for part 2, I decided to use his management pack to add monitoring to it as well.

To enable monitoring I went through the following steps:

  • Created a Visual Studio solution and migrated the classes/discovery in my new management pack.
  • Create a ‘dummy’ TCP port monitor from the template wizard and save it in a new management pack.
  • Export this management pack, and manipulating the datasources to change the hardcoded stuff to the properties of our custom class.

This is what the initial datasource for the monitor looks like generated by the template:

<ModuleTypes>
<DataSourceModuleType ID=”TCPPortCheck_078ada71de03493d927d74746d848bd6.TCPPortCheckDataSource” Accessibility=”Public” Batching=”false”>
<Configuration />
<ModuleImplementation Isolation=”Any”>
<Composite>
<MemberModules>
<DataSource ID=”Scheduler” TypeID=”System!System.Scheduler”>
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit=”Seconds”>120</Interval>
</SimpleReccuringSchedule>
<ExcludeDates />
</Scheduler>
</DataSource>
<ProbeAction ID=”Probe” TypeID=”MicrosoftSystemCenterSyntheticTransactionsLibrary!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckProbe”>
<ServerName>server1.customer.org</ServerName>
<Port>80</Port>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID=”Probe”>
<Node ID=”Scheduler” />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>MicrosoftSystemCenterSyntheticTransactionsLibrary!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckData</OutputType>
</DataSourceModuleType>

The bold part is the hardcoded part we have to replace. However, we do not have added any data yet from our target class to the data source, which we will have to add as well. The datasource eventually looks like this:

<DataSourceModuleType ID=”TCPPortMonitor.TCPPortCheck.DataSource” Accessibility=”Public” Batching=”false”>
<Configuration>
<xsd:element name=”ServerName” type=”xsd:string” />
<xsd:element name=”Port” type=”xsd:int” />
<xsd:element name=”NoOfRetries” type=”xsd:int” />
<xsd:element name=”TimeWindowInSeconds” type=”xsd:int” />
</Configuration>
<ModuleImplementation Isolation=”Any”>
<Composite>
<MemberModules>
<DataSource ID=”Scheduler” TypeID=”System!System.Scheduler”>
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit=”Seconds”>$Config/TimeWindowInSeconds$</Interval>
</SimpleReccuringSchedule>
<ExcludeDates />
</Scheduler>
</DataSource>
<ProbeAction ID=”Probe” TypeID=”Synth!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckProbe”>
<ServerName>$Config/ServerName$</ServerName>
<Port>$Config/Port$</Port>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID=”Probe”>
<Node ID=”Scheduler” />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>Synth!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckData</OutputType>
</DataSourceModuleType>
</ModuleTypes>

The monitor types will have to be changed as well, as the properties of the class are not passed through in the template version of the monitor.
So it went from this:

<UnitMonitorType ID=”TCPPortCheck_078ada71de03493d927d74746d848bd6.TimeOut” Accessibility=”Public”>
<MonitorTypeStates>
<MonitorTypeState ID=”TimeOutFailure” NoDetection=”false” />
<MonitorTypeState ID=”NoTimeOutFailure” NoDetection=”false” />
</MonitorTypeStates>
<Configuration />
<MonitorImplementation>
<MemberModules>
<DataSource ID=”DS1″ TypeID=”TCPPortCheck_078ada71de03493d927d74746d848bd6.TCPPortCheckDataSource” />
<ConditionDetection ID=”CDTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<ConditionDetection ID=”CDNoTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
</MemberModules>
<RegularDetections>
<RegularDetection MonitorTypeStateID=”TimeOutFailure”>
<Node ID=”CDTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID=”NoTimeOutFailure”>
<Node ID=”CDNoTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
</RegularDetections>
</MonitorImplementation>
</UnitMonitorType>

To this:

<UnitMonitorType ID=”TCPPortMonitor.TimeOut.MonitorType” Accessibility=”Public”>
<MonitorTypeStates>
<MonitorTypeState ID=”TimeOutFailure” NoDetection=”false” />
<MonitorTypeState ID=”NoTimeOutFailure” NoDetection=”false” />
</MonitorTypeStates>
<Configuration>
<xsd:element name=”ServerName” type=”xsd:string” />
<xsd:element name=”Port” type=”xsd:int” />
<xsd:element name=”NoOfRetries” type=”xsd:int” />
<xsd:element name=”TimeWindowInSeconds” type=”xsd:int” />
</Configuration>
<MonitorImplementation>
<MemberModules>
<DataSource ID=”DS1″ TypeID=”TCPPortMonitor.TCPPortCheck.DataSource”>
<ServerName>$Config/ServerName$</ServerName>
<Port>$Config/Port$</Port>
<NoOfRetries>$Config/NoOfRetries$</NoOfRetries>
<TimeWindowInSeconds>$Config/TimeWindowInSeconds$</TimeWindowInSeconds>
</DataSource>
<ConditionDetection ID=”CDTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<ConditionDetection ID=”CDNoTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
</MemberModules>
<RegularDetections>
<RegularDetection MonitorTypeStateID=”TimeOutFailure”>
<Node ID=”CDTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID=”NoTimeOutFailure”>
<Node ID=”CDNoTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
</RegularDetections>
</MonitorImplementation>
</UnitMonitorType>

By changing the monitor types and datasource part of the code, the hardest part is basically done. All we have to do is create 4 monitors and use the proper monitor types. These are the monitors that are included in the management pack:

  • TCP Unreachable Monitor
  • TCP Timeout Monitor
  • DNS Resolution Monitor
  • Connection Refused Monitors.

I have not added any performance collection yet, but will probably add this in a later stage.

Before of after importing the management pack, make sure you still have to follow these steps:

  • A share on which you will place the CSV file. It should be reachable from the management servers and the default management server action account should have access to the share. The discovery runs on an a default interval of  4 hours. The CSV file should look like this (make sure to use a ‘comma’ as your delimiter!):
  • Change the sharename of the discovery by overriding the filepath property in the discovery (TCP Monitoring Class Discovery).
    aa
  • Create views based on the TCP Monitoring Class, as I always use Squared Up instead of the standard scom console, I decided not to include any views in the MP. Here are some screenshots of what it looks like:
    8
    10
    9

Note: this MP only works with 2012 R2, but you can change the references to an older version and it should work as well.

As always, I would recommend to test the management pack before using it. Feel free to comment should you run into any issues. The management pack can be downloaded here

Regards,

Jasper

Advertisements

7 Responses to TCP Port monitoring in SCOM without using template.

  1. Eric says:

    Jasper,

    First, thank you for this MP when it worked it was great but the other day it just stopped working. I checked the event logs and I’m not sure I see anything. I have reloaded the MP and looked at the CSV. I’m not readily seeing anything to point to why it removed the instances and won’t add any additional. Any suggestions?

    • jaspervd86 says:

      Hey Eric,

      I have used it in different environments without any issues. The only thing I can think of is a fault in the CSV somewhere. Have you tried to create backing up the existing CSV and creating a new one?

  2. Eric says:

    I have tried recreating the CSV and redownloading the MP. I have done a Remove-SCOMDisabledClassInstance multiple times. I’m not sure what more to do and I’m afraid to apply this to the production server. Perhaps, it’ll work flawlessly on the prod server and I mucked something up on the test. I’m not 100% there. Is there anything more you can give me (or vise versa) to help troubleshoot this issue. Again, Thank you for your time and for this awesome MP!

    • jaspervd86 says:

      Hey Eric,

      I think I may have found the problem, the IntervalSeconds column is obsolete, because it is basically the same as TimeWindowInSeconds. You can remove that column and try again.

      Here’s a sample output of a CSV file I have defined without any issues:
      ServerName,PortNumber,WatcherNode,NoOfRetries,TimeWindowInSeconds
      pomav203,5723,pomav403,3,120
      pomav,5723,pomav203,3,120
      pomav205,80,pomav405,3,120
      pomav405,80,pomav205,3,120

      Also, I updated the management pack to include a performance collection of connection time (in seconds) and added the product knowledge as well.
      The link has been updated in the blogpost, I have tested this MP in different environments without any issues.

      Let me know if it works out for you.

      Jasper

  3. Chris says:

    I imported the MP but don’t know where to configure the share. Are there any screenshots of that, or can you explain it Jasper?

    • jaspervd86 says:

      Hey Chris,

      Sure thing. In the operations console, go to Authoring -> Discoveries. Look for TCP Monitoring Class Discovery, you can create an override on that discovery to change the path of the CSV. I believe its called filepath. Make sure your management servers have permissions to access the file.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s