Quick Tip ! Monitor Orchestrator

January 16, 2018

Hello,

Happy new year and best wishes to all for 2018 ! Unfortunately today on “verloren maandag” real life kicks in.

So I wanted to share how to monitor running runbooks on orchestrator using scom. Now we are not going to use the web interface as it could be that this specific component is down but the runbook server is still fully operational.

So instead we will be using a sql query to check if all runbooks not containing “component” in their path are effectively running.

The script consists of the following parts :

Part 1 : retrieving all the folder ID’s where Component is not present in the pathname

with RunbookPath as

(

select ‘Policies\’ + cast(name as varchar(max)) as [path], uniqueid from ISD_HOB_Orchestrator.dbo.folders b

where b.ParentID=‘00000000-0000-0000-0000-000000000000’ and disabled = 0 and deleted= 0

union all

select cast(c.[path] + ‘\’ + cast(b.name as varchar(max)) as varchar(max)), b.uniqueid from ISD_HOB_Orchestrator.dbo.folders b

inner join

RunbookPath c on b.ParentID = c.UniqueID

where b.Disabled = 0 and b.Deleted = 0

)

select [Path],uniqueid from RunbookPath WHERE [path] not like ‘%component%’

  • This will return all the uniqueID’s from the folders that do not have Component in their path

    Result

    Part 2 : Get all the policy names where the parent ID equals one of the uniqueID’s from the previous result

    with RunbookPath as

    (

    select ‘Policies\’ + cast(name as varchar(max)) as [path], uniqueid from ISD_HOB_Orchestrator.dbo.folders b

    where b.ParentID=‘00000000-0000-0000-0000-000000000000’ and disabled = 0 and deleted= 0

    union all

    select cast(c.[path] + ‘\’ + cast(b.name as varchar(max)) as varchar(max)), b.uniqueid from ISD_HOB_Orchestrator.dbo.folders b

    inner join

    RunbookPath c on b.ParentID = c.UniqueID

    where b.Disabled = 0 and b.Deleted = 0

    )

    SELECT NAME,[path] from [ISD_HOB_Orchestrator].[dbo].[POLICIES] pol


    JOIN ( select [Path],uniqueid from RunbookPath WHERE [path] not like ‘%component%’ ) as pat on pol.ParentID = pat.UniqueID

  • This will return all the runbooks names that are not in a path that has component in it

     

  • Result

    Part 3 : Limit this result to the runbooks that do not have a running instance

    with RunbookPath as

    (

    select ‘Policies\’ + cast(name as varchar(max)) as [path], uniqueid from ISD_HOB_Orchestrator.dbo.folders b

    where b.ParentID=‘00000000-0000-0000-0000-000000000000’ and disabled = 0 and deleted= 0

    union all

    select cast(c.[path] + ‘\’ + cast(b.name as varchar(max)) as varchar(max)), b.uniqueid from ISD_HOB_Orchestrator.dbo.folders b

    inner join

    RunbookPath c on b.ParentID = c.UniqueID

    where b.Disabled = 0 and b.Deleted = 0

    )

    SELECT NAME,[path] from [ISD_HOB_Orchestrator].[dbo].[POLICIES] pol


    JOIN ( select [Path],uniqueid from RunbookPath WHERE [path] not like ‘%component%’ ) as pat on pol.ParentID = pat.UniqueID WHERE not exists (
    SELECT * FROM ISD_HOB_Orchestrator.dbo.POLICYINSTANCES ins WHERE pol.uniqueID = ins.policyID and ins.TimeEnded IS NULL ) ORDER BY name

  • This will return all the runbook names that do not have component in their path and do not have any running instances

     

    Enjoy

    Gino D

Advertisements

SCOM – File Count Management Pack

December 21, 2017

Hi,

I come at a lot of customers to implement or support SCOM. Sometimes the same questions or troubles come up.

One of that questions is: “Is it possible to monitor the count of files (with a specific extension) in a share?”

The answer to this question is yes and no. There is a possibility to count files on Windows Servers that have an agent installed using this management pack: http://www.systemcentercentral.com/pack-catalog/file-system-management-pack-2/ but for shares located on non-Windows Servers, let’s say on a SAN for example I haven’t found a solution available.

Therefore I created my own management pack to monitor the file count, independent of the location of the file share (Windows Server or not).

In this post I describe how the management pack works. With the management pack you can count files with a specific extension (or no extension if everything should be counted) in a share (optionally also subfolders included).

There is also the ability to add a specific age zo the given scenario is possible: Count if there are more then 20 files in a share (subfolders included) that are older then 10 minutes.

First of all we need a seed discovery which is targeted to a registry key located on a SCOM agent monitored Windows Server.

The value in the registry is located under SOFTWARE\Filecount. The value is “CSV” and it should contain the path to a CSV file. The server will be discovered as a “File Count Watcher Node”

Next stop is the csv file itself, for every share to be monitored it should contain a line with a specific syntax shown in the screenshot below

Different parameters are added:

  • ID
    • Must be unique per share
  • Share
    • UNC path of the share
  • Extension
    • The extension of the files that needs to be counted, leave empty to count all files in the share
  • Count
    • How many files must be present for a critical state
  • Time
    • This is the time in minutes of the maximum file age of file count
  • Recurse
    • 0 = No need to count files in subfolders
    • 1 = Count also files in subfolders

When the info is filled in, SCOM will discover every line as a “File Count Share”. The properties are used to configure the monitoring.

A monitor is also defined based on the properties filled in the csv file, but it’s basically a powershell script with necessary parameters.

The core of the script is this command:

$count  = Get-ChildItem -Recurse $strShare\$strExtension | where{$_.LastWriteTime -le (Get-Date).AddMinutes($strAge)}|Measure-Object |%{$_.Count}

The file count is also gathered as a performance counter so it can be included in reporting or in a Squared Up dashboard for example.

The management pack is also configured to use a specific Run As account. This account needs rights on the shares: at least Read-only Share rights and Read-Only NTFS rights.

I’ve been able to help some customers already by using this management pack.

The first customer where I set this up is a big hospital in Belgium where they use this management pack to monitor shares which are used to store (and process) images and movies made during surgery.

The content should be processed from the network share and transferred somewhere else but sometimes the processing hangs and the share is getting full without anyone knowing. Since they have the management pack in place this hasn’t happened anymore.

If you have interest in the management pack, I’ve made it available via GitHub: https://github.com/bpinoy/ManagementPacks/tree/master/File%20Count%20MP

Best regards,

Bert

 

 

 


SCOM – Powershell Recovery Action – Stopped Windows Service

August 31, 2017

Hi,

Today I was at a customer who had a really specific question regarding monitoring of Windows Services with Operations Manager (SCOM).

We had already set up some basic recovery actions which restart the service automatically after it was stopped.

For some other services the customer wanted to add extra functionality: The recovery action should retry starting the service a maximum of 3 times, if the service wasn’t started after 3 tries the customer wanted to receive an email telling them the recovery action failed. Out-of-the-box SCOM is unable to do stuff like that, therefore I used Powershell to accomplish this.

Sidenote: To be able to use Powershell as a recovery action you can use the free management pack provided by the community & SquaredUp, it can be downloaded from this website: https://squaredup.com/free-powershell-management-pack/. This management pack adds Powershell everywhere it is missing in Operations Manager, this is one of the default management packs I always install at customers.

 

To be fully functional different components are needed:

  • A monitor that checks the status of the service
    • This monitor can be created from the Authoring pane of the SCOM console using the Windows Service template

3

  • A recovery action for the monitor created previously
    • The recovery action can be created from health explorer1
  • A rule that picks up the event created by the recovery action Powershell script
    • This is an Alert Generating Rule (NT Event Log), the configuration is linked to the type and location of the event logged during the script2
  • A subscription on the rule to send the email.

The powershell script:

# Fill in the service name here

$ServiceName = “LPD Service”

$ServiceStarted = $False

$i =0;

#Create Eventlog source, erroraction Ignore is neededbecause once the source is created an error is thrown because the source already exists

New-Eventlog -LogName Application -Source “Powershell – Restart Service” -ErrorAction Ignore

Do{

# In second or third run, wait a minute before trying
to start the service

if ($i -gt 0){Start-Sleep -s 60}

#Try to start the service

Start-Service $ServiceName

$Service Get-Service -Name $ServiceName

     if($Service.Status -eq “Running”)

    {

    $ServiceStarted = $true

     }

    $i++

    if (($i -eq 3) -and ($ServiceStarted $false))

    {

    $eventmessage = $Servicename failed to restart after $i attempts, exiting script”

    #Log error event in eventviewer

    Write-Eventlog -LogName Application -Source “Powershell – Restart Service” -EntryType Error -Eventid 101 -Message $eventmessage

    exit

    }

 }

Until ($ServiceStarted = $true)

 $eventmessage = $ServiceName restarted after $i attempt(s)”

Write-Eventlog -LogName Application -Source “Powershell – Restart Service” -EntryType Information -Eventid100 -Message $eventmessage

 If you have any difficulties doing this, don’t hesitate to drop a comment below.

If you find this post useful, please consider buying me a virtual beer with a bitcoin donation: 3QhpQ5z5hbPXXRS8x6R5RagWVrRQ5mDEZ1

 

Best regards,

Bert


Hardware Inventory after SCCM OSD Task Sequence

August 4, 2017

Hi,

I like using a lot of custom collections based on data from Hardware Inventory: Operating System Version, Hardware Manufacturer, Hardware Model, etc.

However to make sure the properties are available the Hardware Inventory needs to run at least once, using this information you will be able to start the hardware inventory right after the OSD task sequence completes. We will be using the Task Sequence Variable SMSTSPostAction:

Somewhere in the task sequence add “Set Task Sequence Variable” step. Give it an appropriate name and fill in the information as seen in the screenshot below:

If you want to copy/paste, here’s the value: %windir%\System32\wbem\WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000001}” /NOINTERACTIVE

When the task sequence completes, this action will occur.

When processing was succesfull you should see something like this in the dataldr.log (on the Configuration Manager site server)

Also locally on the computer where the task sequence was run, information can be found in the smsts.log and in the Inventoryprovider.log. Both logs located under C:\windows\ccm\logs

Hope this helps!

 

Best regards,

Bert

 

 

 


HP Elite X3

January 23, 2017

Hello,

Christmas and New year is a great time, we all recieve gifts and make lots of promises for the new year that has arrived. So I recieved a Elite X 3 for testing and promised myself to really focus on nwow in 2017. This means limit travel as much as possible,replace face to face meetings with technology if the situation allows it and follow a schedule that “works” meaning professional activites will be performed outside of business hours if required . Time to unwrap …

The box is shiny, the material looks solid, nice. The hardware of the X3 is really impressive, fast, has 64 GB of storage, 4GB of RAM, 8MP hello enabled camera, fingerprint reader and dual sim. It uses USB 3.0 type C connector for the docking.

clip_image002

The docking has Displayport, USB, RJ45 connection and kensignton lock.

clip_image004

The setup of the continuum is pretty much like a normal Windows 10 setup.

I’ve setup the device using my work account gino.dhoker@realdolmen.com and after verification with the Microsoft Authentication app the device was correctly registered. Then I’ve added my personal hotmail account.

From time to time you’ll get the message that some apps are not supported yet… So it will open on the smaller phone screen instead of on the external monitor.

The goal is to verify if I can really work with just this device the elite X3 , I’ll test for one week but I’ll hold my Revolve 810 as a backup ! I am really curious to know if the continuum can step up to this. Keep in mind that you cannot run legacy Windows Aapplications on the Continuum platform.

For starters I must say that the phone itself is pretty big compared to my regular Nokia and if you want to do some work on the road you’ll need the additional Laptop dock : https://www.microsoftstore.com/store/msusa/en_US/pdp/HP-Elite-x3-Lap-Dock/productID.5069318900

Okay here we go …

Bummer one … The citrix app is not working in continuum mode … This means that the vdi connection is showed in the screen of the mobile device making it completely useless. HP Workspace has got a service that can solve that issue http://www8.hp.com/us/en/business-services/computing-services/workspace.html

clip_image006

For the rdp connections there is a “Microsoft Remote Desktop Preview” App available in the store that looks ok, as a replacement for the desktop variant “remote desktop connection manager”.

clip_image008

Office : you can only use the mobile version of office for now.

clip_image010

Biometric security : really impressive !

I must say that the Windows Hello and the iris camera work very well. As soon as you activate the feature it works like a charm.

clip_image012

Go through the setup and as soon as you lock the screen you’ll notice the friendly looking for you icon. If you move in front of the camera you’ll be recognised and the device will unlock automatically.

 

clip_image016clip_image018

Same for the fingrprint reader … Go through the wizard for setting up

clip_image020

Touch the sensor with at least one finger and from different angles.

clip_image022

And that’s it … You can now unlock the device using your fingerprint.

So I must say a good start for 2017 !

Enjoy .

Gino D


SCCM – Deploy Unknown Computers with Assettag as computername

January 5, 2017

Hi,

In a recent Windows 10 deployment project (with SCCM) a customer of mine wanted to use the Serialnumber as the computername within Active Directory. The customer is using Unknown Computers so they don’t the need to import them first. Also there was the need to identify if a computer was a desktop or laptop, this was needed to make sure the computer was joined in the right OU depending of that type and to make sure Bitlocker was only applied to laptop computers.  To provide this functionality I’ve created a vbs script:

Part 1: Set Computername variable

Set objOSD = CreateObject(“Microsoft.SMS.TSEnvironment”)

Set SWBemlocator = CreateObject(“WbemScripting.SWbemLocator”)
Set objWMIService = SWBemlocator.ConnectServer(strComputer,”root\CIMV2″,UserName,Password)
Set colItems = objWMIService.ExecQuery(“Select * from Win32_SystemEnclosure”,,48)

For Each objItem in colItems
strOSDComputername = objItem.SerialNumber
Next

objOSD(“OSDComputerName”) = strOSDComputerName

The variable OSDComputerName is a default task sequence variable. Therefore no further actions need to be taken in the task sequence to make sure it is used to name the computer.

Part 2: Set Chassis variable

Set colChassis = objWMIService.ExecQuery(“Select * from Win32_SystemEnclosure”,,48)
For Each objChassis in colChassis
    For  Each strChassisType in objChassis.ChassisTypes
        Select Case strChassisType

            Case 3
                  StrType = “Desktop”
            Case 4
                   StrType = “Desktop”
            Case 6
                   StrType = “Desktop”
            Case 7
                  StrType = “Desktop”
            Case 8
                StrType = “Laptop”
            Case 9
                 StrType = “Laptop”
            Case 10
                  StrType = “Laptop”
            Case 11
                  StrType = “Laptop”
            Case 12
                   StrType = “Laptop”
            Case 14
                  StrType = “Laptop”
            Case 15
                  StrType = “Laptop”
            Case Else
    StrType = “unknown”
            End Select
    Next
Next

objOSD(“Chassis”) = StrType

The variable “Chassis” can now be used like any other task sequence variable to make sure certain steps only run for a laptop or desktop.

Save the above codesnippets into a vbs file and create an SCCM package containing the script.

Afterwards add a “Run Command Line” step to the task sequence, provide the package details and the following command line: cscript.exe “…vbs”

That should do the trick.

Obviously this is one solution among others, there are many other ways to accomplish the same but this seemed the easiest to me.

A little remark: When reinstalling a computer with Bitlocker enabled, make sure the Run Command Line step is located after the partition disk step, otherwise the script will fail as WMI cannot be accessed from WinPE. I’ve experienced this the hard way.

Hope this helps!

 

Best regards,

Bert

 

 

 

 

 

 

 


Endurance test Revolve 810

October 19, 2016

 

Hello,

Looking back I was very enthusiastic when I first recieved my HP Elitebook Revolve 810 ( 1st generation ).

This was way back in 2013 and a number ( read a lot ) of similar devices have been rolling into the market since then.

But let’s have a look at how the revolve looks now after over 3 years of intense use. And I mean intense as the device travels with me each day to a customer site and back.

The exterior :

clip_image002

-> Some edges show some chipped pieces but no “real” damage

clip_image004

-> Some minor scratches on the front due to “heavy” usage

clip_image006

-> It is still a catchy, elegant and stable device

So overall the device holds out ok.

The interior :

-> Well even according to today’s standards the device still performs ok, Windows 10 was a big improvement in terms of battery usage and even day to day operations like office perform faster compared to Windows 8.

-> I mainly use it in laptop mode, occasionally I read some items in tablet mode.

-> I use the mobile broadband connection quite a lot, the wireless projection to devices from time to time.

-> I don’t really use a stylus, somehow I prefer typing in onenote over writing with a pen.

The rest :

-> I boot using UEFI, secure boot and the device is encrypted by bitlocker.

-> For now it is Azure ad connected and I log on using my company credentials although that’s not really device related.

-> 2 available USB ports are a minimum but at certain sites I use external display, usb docking keyboard and mouse.

-> I update HP drivers and firmware regularly using HP utilities

The issues :

-> Well there were some issues with the fan. Now this is a “known” issue with this model so the fan was replaced and together with the latest chipset this has improved the spinning noise of the cooling a lot.

http://h30434.www3.hp.com/t5/Notebook-Hardware-and-Upgrade-Questions/HP-Revolve-810-Noisy-Fan/td-p/5063770

What I would like to see added :

-> Some kind of biometric authentication ( fingerprint or Windows hello capable camera )

-> more energy efficient processor or more battery power , no matter how much battery you have you always run out at a bad time 🙂

Enjoy

Gino D