Automating OpsMgr Part 11: Configuring Group Health Rollup

Written by Tao Yang

OpsMgrExntededIntroduction

This is the 11th instalment of the Automating OpsMgr series. Previously on this series:

Since I have already covered how to create, update and delete OpsMgr groups using the OpsMgrExtended module, the last thing I want to cover on this topic is how to configure health rollup for the groups.

The runbook I’m demonstrating today was based on the PowerShell script in the OpsMgr Group Health Rollup Configuration Task MP which I published yesterday. As I explained in the previous post, because instance groups do not inherit any dependency monitors for their base class, when OpsMgr admins creating groups in the console (which can only be instance groups), they are shown as “Not monitored”:

SNAGHTMLaf5f001

By creating an agent task to create health rollup dependency monitors (in the OpsMgr Group Health Rollup Configuration Task MP), I have provided a more user friendly way for OpsMgr users to configure health rollup for groups, but this task won’t help us when we are designing an automation solution. Therefore, I have written a SMA runbook based on the script I developed for the MP.

Runbook: Configure-GroupHealthRollup

This runbook requires the following input parameters:

  • GroupName: Required parameter. Name of the group (note, this is not the display name you see in the OpsMgr console)
  • Algorithm: Required parameter. The algorithm to use for determining health state. Possible values: ‘BestOf’,’WorstOf’,’Percentage’.
  • Percentage: The worst state of the specified percentage of members in good health state. This parameter is only required when the specified algorithm is ‘Percentage’. Optional parameter, default value is 60 if not specified.
  • MemberUnavailable: The health state when the member is unavailable. Possible Values: ‘Uninitialized’, ‘Success ‘,’Warning’, ‘Error’. Optional parameter. If not specified, the default value is “Error”.
  • MemberInMaintenance: The health state when the member is in maintenance mode. Possible Values: ‘Uninitialized’, ‘Success ‘, ‘Warning’, ‘Error’. Optional Parameter. If not specified, members in maintenance mode will be ignored.
  • ManagementPackName: The Management Pack name of which the monitors going to be saved. This is only going to be used when the group is defined in a sealed MP.’
  • IncreaseMPVersion: Boolean optional parameter. Specify if the management pack version should be increased by 0.0.0.1.

Before executing the runbook:

image

Executing the runbook:

image

After runbook execution:

image

Dependency monitor health rollup policy:

image

Conclusion

In this post, I have demonstrated how to configure OpsMgr group health rollup by creating dependency monitors using a SMA runbook. As I mentioned in part 4, I was going to dedicate few post for a creating and managing groups mini series. This post would be the last post for this managing groups mini series. To summarise, on managing groups, I have covered the following aspects:

  • Creating new empty groups (Part 4)
  • Adding Computers to computer groups (Part 5)
  • Adding monitoring objects to instance groups (Part 6)
  • Incorporated the runbooks from part 5 and 6 into the new version of the OpsMgrExtended module (part 7)
  • Updating group discoveries (Part 9)
  • Deleting Groups (Part 10)
  • Configure Group Health Rollup (Part 11, this post)

Starting from next post, I will start talking about how to create monitors, rules, etc. So it should only get more interesting from now on.

This is all I’m going to share for today. Until next post, happy automating OpsMgr!

OpsMgr Group Health Rollup Configuration Task Management Pack

Written by Tao Yang

Introduction

In OpsMgr, groups are frequently used when designing service level monitoring and dashboards. The group members’ health rollup behaviours can be configured by creating various dependency monitors targeting against the group.

When creating groups, only instance groups can be created within the OpsMgr console. Unlike computer groups, instance groups do not inherit any dependent monitors from their base class. Therefore when an instance group is created in the OpsMgr console, by default, the health state of the group is “Not monitored” (Uninitialized):

SNAGHTML6ecbad9

In order to configure group members to rollup health state to the group object (so the group can be used in dashboards), one or more dependency monitors must be created manually after the group has been created. This manual process can be time consuming.

Squared Up has recognised this issue, and many of their customers have also asked for a way to simplify the process of configuring health roll-up for the groups (so the groups can be used in Squared Up dashboards).

Squared Up has engaged me and asked me to develop an agent task to configure group health rollup and make it available to the broader OpsMgr community.

The “OpsMgr group health Rollup Configuration Task Management Pack” provides an agent task to create dependency monitors for the selected groups using OpsMgr SDK.

image

Management Pack Overview

In order for the OpsMgr operators to easily navigate to the groups, this management pack provides a state view for all groups (System.Group class):

image

Although a set of required parameters are pre-configured for the agent task, the operators can also modify these parameters using overrides.

The following parameters can be customized via overrides:

image

  • Health Rollup Policy Possible values: ‘BestOf’, ‘WorstOf’,’Percentage’.
  • Worst state of the percentage in healthy state Integer between 1 and 100. Only used when Algorithm is set to ‘Percentage’.
  • Member Unavailable Rollup As Possible Values: ‘Uninitialized’, ‘Success ‘, ‘Warning’ and ‘Error’
  • Member in Maintenance Mode Rollup As ‘Uninitialized’, ‘Success’, ‘Warning’ and ‘Error’
  • Management Pack Name The Management Pack name of which the monitors going to be saved. Only used when the group is defined in a sealed MP.’
  • Increase Management Pack version by 0.0.0.1 Specify if the management pack version should be increased by 0.0.0.1.

NOTE: Please DO NOT select multiple instance groups at once.

After the task is executed against a group, 4 dependency monitors are created:

  • Availability Dependency Monitor
  • Configuration Dependency Monitor
  • Performance Dependency Monitor
  • Security Dependency Monitor

SNAGHTML7326e1c

image

image

Security Consideration

Natively in OpsMgr, only user accounts assigned either authors role or administrators role have access to create monitors. However, users with lower privileges (such as operators and advanced operators) can potentially execute this task and create dependency monitors.

Please keep this in mind when deploying this management pack. You may need to scope user roles accordingly to only allow appropriate users have access to this task.

Credit

Thanks Squared Up for making this management pack free to the community.

Download

This management pack can be downloaded from the link below:

Automating OpsMgr Part 10: Deleting Groups

Written by Tao Yang

OpsMgrExntededIntroduction

This is the 10th instalment of the Automating OpsMgr series. Previously on this series:

As I have previously demonstrated how to create and update OpsMgr groups using the OpsMgrExtended module, it’s now the time cover how to delete groups in OpsMgr.

Deleting groups that are defined in unsealed management packs can be easily accomplished using the Remove-OMGroup function from the OpsMgrExtended module. This function deletes the group class definition and discoveries from the unsealed MP. However, since it’s very common for OpsMgr administrators to also create dependency monitors for groups (for group members health rollup), you cannot simply use Remove-OMGroup function to delete groups when there are also monitors targeting this group. Therefore, I have written  a sample runbook to delete the group as well as monitors targeting the group (if there are any).

Runbook Delete-OpsMgrGroup

In order to use this runbook, you will need to update Line 9, with the name of your SMA connection object.

SNAGHTML1591389

This runbook takes 2 parameters:

image

GroupName: the name of the group you are deleting. Please note you can only delete groups defined in unsealed MPs.

IncreaseMPVersion: Boolean variable, specify if the unsealed MP version should be increased by 0.0.0.1

Runbook Result:

image

Verbose Messages (deleting dependency monitors):

SNAGHTML14fa1a1

 

Conclusion

This post is rather short comparing to some of the previous ones in this series. I have few ideas for the next post, but haven’t decided which one am I going to write first. Anyways, until next time, happy automating!

Automating OpsMgr Part 9: Updating Group Discoveries

Written by Tao Yang

OpsMgrExntededIntroduction

This is the 9th instalment of the Automating OpsMgr series. Previously on this series:

OK, now I’ve got all the darts lined up (as per part 7 and 8), I can talk about how to update group discovery configurations.

Often when you create groups, the groups are configured to have dynamic memberships. for example, as I previously blogged Creating OpsMgr Instance Groups for All Computers Running an Application and Their Health Service Watchers.

In this post, I will demonstrate once you’ve created an empty group (as shown in Part 4), how can you use OpsMgrExtended module to modify the group discovery data source, so the group will dynamically include all objects that meet the criteria (Membership rules).

Because this is not something you’d use as a standalone solution, I will not provide sample runbooks, but instead, just walk through the PowerShell code.

Example Walkthrough

In this demonstration, I have firstly created a blank management pack, and then use the runbook demonstrated in Part 4, and created an empty instance group. At this stage, the management pack looks like this:

SNAGHTML236ed3d

My goal is to update this group to include all objects of the Hyper-V host class that is defined in the VMM 2012 discovery MP (“Microsoft.SystemCenter.VirtualMachineManager.2012.Discovery”). The configuration for the group discovery data source module would need to be something like this:

image

As I explained in the previous post (Part 8), because the Hyper-V Host class is defined in the VMM MP, in order to build our discovery data source, the unsealed MP of which the group discovery is defined must reference the VMM discovery MP. As you can see from the management pack XML screenshot, the VMM discovery MP is not currently referenced there. As I’ve also shown in the new group discovery data source configuration that I’m about to put in, the VMM discovery MP need to be referenced as alias “MSV2D” (as highlighted). of course you can pick another alias name, but the group discovery data source config must align with whatever alias you’ve chosen.

So, in order to achieve my goal, I must firstly create a MP reference for the VMM discovery MP, then I will be able to update the group discovery data source.

Here’s the PowerShell script:

Please note, I’m specifying the management server name instead of the SMA connection object in this example, if you are using it in SMA or Azure Automation, you can also switch -SDK to -SDKConnection and pass a connection object to the functions.

The script is very self explanatory, with 2 catches:

  • the group discovery DS configuration is defined in a multi-line string variable, you MUST use single quotation marks (@ and @) for this variable, because the dollar sign ($) is a reserved character in PowerShell, if you use double quotes, you must also place an escape character (“`”) in front of every dollar sign, with can be very time consuming.
  • You must use the version 1.1 of the OpsMgrExtended module (published in part 7 earlier today). The Update-OMGroupDiscovery function is a new addition in version 1.1, and New-OMManagementPackReference had a small bug that was also fixed in version 1.1.

Since I’ve added -Verbose switch when calling both functions, I can also see some verbose output:

image

And now, if I check the group I’ve just updated, the MP reference is added:

image

and the original empty discovery rule was replaced with what I specified in the script:

image

Now when I check the group membership in the console, I can see all the Hyper-V hosts in my lab:

image

Conclusion

In this post, I have demonstrated how to use OpsMgrExnteded module to update a group discovery data source configuration. Although I’ve only provided 1 example, for an instance group, the process for updating computer groups are pretty much the same. In next post, I will demonstrate how to delete a group using the OpsMgrExtended module.

Automating OpsMgr Part 8: Adding Management Pack References

Written by Tao Yang

OpsMgrExntededIntroduction

This is the 8th instalment of the Automating OpsMgr series. Previously on this series:

In part 4-6, I have demonstrated how to create and add static members to both instance groups and computer groups. In Part 7, I have released the updated OpsMgrExtended module (version 1.1), and demonstrated simplified runbooks for adding static members to groups. In this post, I will demonstrate how to add a management pack reference to an unsealed MP. In the next module, I will demonstrate how to update a group discovery (how groups are populated). But in order for me to demonstrate how to update group discoveries, I will need to cover adding MP references first.

What is Management Pack Reference

Management packs often use elements defined in other management packs. i.e. a discovery MP would need to refer to the library MP of which the class being discovered is defined; a monitor refers to the monitor type defined in another MP; or an override you created in an unsealed MP need to refer to the MP of which the workflow that you are creating the override for is defined, etc.

Because OpsMgr needs to ensure the referencing management pack does not change in a way that may impact all other management packs that are referencing this pack, only sealed management packs (or Management Pack bundles in OpsMgr 2012) can be referenced in other management packs because sealed MPs must comply with a set of rules when being upgraded. Unsealed management packs can reference other sealed management packs, but they cannot be referenced in other MPs.

image

As shown above, in OpsMgr console, by opening the property page of a management pack, you can easily find out which management packs is this particular MP is referencing (the top section), and what other management packs are referencing this MP (the bottom section).

SNAGHTML11b42e4

When reading the management pack XML (as shown above), you’ll notice the references are defined in the beginning of the MP. When defining a MP reference, the following information must be supplied:

  • Alias – This alias must be unique within the MP itself, and it is used by other elements within this MP, followed by an exclamation mark(“!”)

SNAGHTML11f5dbc

  • ID – The internal name of the referencing MP
  • Version – The minimum required version of the referencing MP.
  • PublicKeyToken – the public key token of the key used to sealed this referencing MP.

Note: when you are writing management pack A and created a reference for management pack B with version 2.0.0.0, and the version of MP B loaded in your management group is version 2.0.0.1, then you will have no problem when loading A into your management group. However, if MP B in your management group is on version 1.0.0.0, you will not be able to load MP A without having to update B to at least 2.0.0.0 first before you are able to importing management pack A.

Creating Management Pack Reference Using OpsMgr SDK

When using OpsMgr SDK to create MP references, since you are creating the reference in an unsealed MP that is already loaded in your management group, the referencing management pack must also be present in the management group. And since the referencing MP should have already been loaded in the management group, the only 2 pieces of information you need to specify is the name of the MP, and the alias that you wish to use (but has to be unique, meaning not already been used). The SDK would lookup the version number and the public key token from the referencing MP, and use them when creating the reference.

The OpsMgrExtended module offers a function called New-OMManagementPackReference that can be used to easily create MP references in unsealed management packs. I have written a very simple runbook utilising this function.

Runbook: Add-MPReference

This runbook takes 3 input parameters:

  • ManagementPackName: the name of the unsealed MP where the reference is going to saved to
  • ReferenceMPAlias: The alias of the referencing MP
  • ReferenceMPName: The name of the referencing MP (must be a sealed MP).

image

image

After the execution, the reference is created in the unsealed MP:

image

Conclusion

In this post, I’ve demonstrated how to create a MP reference in an unsealed management pack. In the next post, I will demonstrate how to update a group discovery configuration (for dynamic group memberships).

Automating OpsMgr Part 7: Updated OpsMgrExtended Module

Written by Tao Yang

OpsMgrExntededIntroduction

This is the 7th instalment of the Automating OpsMgr series. Previously on this series:

I dedicated part 4-6 on creating and managing groups using the OpsMgrExtended module. I was going to continue on this topic and demonstrate how to update group discovery in part 7 (this post), but unfortunately there is a change of plan. While I was preparing for the group discovery update runbook, I noticed I had to firstly cover how to add reference MPs before I can talk about updating group discoveries. I then realised there was a small bug in the New-OMManagementPackReference. Therefore, I have decided to update the OpsMgrExtended module first, before continuing the topics of managing groups.

What’s New?

In this release (version 1.1), I have made the following updates:

  • Bug fix: New-OMTCPPortMonitoring fails when not using the the SMA connection object.
  • Bug fix: New-OMManagementPackReference returned incorrect result when the alias is already used
  • Additional Function / Activity: New-OMComputerGroupExplicitMember
  • Additional Function / Activity: New-OMInstanceGroupExplicitMember
  • Additional Function / Activity: Update-OMGroupDiscovery

In Part 5 and 6, I demonstrated 2 runbooks to add explicit members to computer groups and instance groups. As I mentioned in those posts, I would make those 2 runbooks as native functions within the module, hence the new functions New-OMComputerGroupExplicitMember and OMInstanceGroupExplicitMember. So instead of using the long and complicated runbooks from Part 5 and 6, with this updated version, you can now use very simple runbooks as shown below:

Runbook: Add-ComputerToComputerGroup

Runbook: Add-ObjectToInstanceGroup

How to Download Updated version?

I have updated the original link, so you can download this updated version at TY Consulting’s web site: http://www.tyconsulting.com.au/portfolio/opsmgrextended-powershell-and-sma-module/

Conclusion

With the updated module in place, I will continue my discussion on managing groups. In the next part of this series, I will demonstrate how to add a management pack reference to an unsealed management pack.

Updating Connection Fields in SMA and Azure Automation Modules

Written by Tao Yang

Recently when I was working with Stanislav Zhelyazkov on the OMSSearch module, Stan discovered an issue where the module connection type does not get updated when you import an updated version of the module in Azure Automation if the fields have been modified in the module. I have also seen this issue with SMA, so it is not only specific to Azure Automation.

Stan has also raised this issue in the User Voice: http://feedback.azure.com/forums/246290-azure-automation/suggestions/8791036-connection-fields-for-modules-are-not-updated

As you can see from the feedback from Joe Levy and Beth Cooper, it is a known issue with SMA and Azure Automation. Joe has also provided a workaround for Azure Automation (deleting the connection type using REST API).

I have seen this issue many times in the past with SMA, and when I started writing this post, I realised I actually blogged about this issue almost a year ago. – I didn’t remember blogging it at all, maybe it a sign that I’m getting old Smile.

Anyways, I’ve updated the SQL script from my previous post, wrapped the deletion commands in a transaction as per Beth’s advice:

As I explained in the previous post, you will need to update the @ModuleName and @ConnectionName variables accordingly.

Lastly, I’d like to state that it is very common to update the connection type JSON file during your module development phase. During this phase, you would probably use this script a lot on your development environment. But please do not try and use this in production environment. It is developed by myself with no involvement from Microsoft, and Microsoft would never support directly editing the database.

Conclusion

If you are having this issue with On-Prem SMA, in your non-prod environment, you can try to use this SQL script to remove the connection type AFTER the old module has been deleted.

If you are having this issue in Azure Automation, please use the REST API as Joe mentioned in the User Voice: https://msdn.microsoft.com/en-us/library/azure/mt163852.aspx

MVP Calling for Help From the Community

Written by Tao Yang

041615_1218_whatisnewan2

SCOMBobOK, I don’t blog about my personal life on this blog at all, and I don’t think I have ever blogged anything that’s not technical or my career related on this blog. Well, this is going to be the first non-technical post on this blog.

If you follow my blog for System Center and OpsMgr related content, you must have also heard the name Bob Cornelissen(Blog, Twitter) before. Bob is a fellow System Center Cloud and Datacenter (SCCDM) MVP from the Netherland. Bob is also one of the authors for the Mastering System Center 2012 Operations Manager book.

Bob is a person that I really respect not only because of his technical expertise and contribution to the community, but also what he is doing out side of his professional career. Being a MVP myself, I know what is sharing knowledge’s and helping communities is all about. It is in our DNA and just a part of what we do. But it is rare to see someone extend his/her kind heart to outside of the technical community, in Bob’s case, to another species – dogs!

041615_1218_whatisnewan4041615_1218_whatisnewan5

Bob and his wife runs a charity dog sanctuary in Thailand. This charity sanctuary is called Leks House of Tails (http://lekshouseoftails.azurewebsites.net/). Bob once told me they have started taking homeless dogs from the streets of Thailand, and started looking after them. When Bob told me if they didn’t take those dogs in, they would have ended up been killed and sold in the market, I know it is true because of my Asian background and I know dog meat is very popular in Asian countries! I grew up in China and only moved to Australia after graduating from high school. I still remember when I was a little boy (around 6-7, or even younger), I once saw few men captured a homeless dog on the street, tied the dog on a tree, and use a big wooden bat beaten the dog to death in the broad daylight! I witness the whole thing as my grandfather stood next to me with 10-20 pedestrians on the street. It’s not something you can easily forget, the image, the sound the dog made, still staying in my head. When I got older, i learnt it is a way to tenderise the meat – by beating the dog to death! So, without Bob and his wife’s help, I don’t even want to think about the destiny of these lovely dogs.

As a previous dog owner, My wife and I once had 2 dogs at the same time. I know how much money and effort is needed in order to take care of our dogs. Imaging what is like for Bob and his wife, looking after 50-60 dogs??  It’s definitely not easy – dogs need food, a roof over their heads, blankets, place to sleep, medicine, carers, etc.

I know Bob wouldn’t publicly asking for help from the community, so I will do it for him:

Those dogs really need our support. We would be greatly appreciate if you could help Leks House of Tails financially: http://lekshouseoftails.azurewebsites.net/?page_id=222

Other than donation, I think there are also other ways that you could help Bob and his dog sanctuary, i.e. placing System Center related adverts on Bob’s blog, etc.

Lastly, our good Friend and fellow CDM MVP Cameron Fuller has also blogged about Leks House of Tails few month ago, you can read Cameron’s article here: http://blogs.catapultsystems.com/cfuller/archive/2015/04/16/what-is-new-and-coming-soon-to-the-microsoft-monitoring-world-and-helping-a-good-cause-opinsights-scom-opsmgr-sysctr/

Geo-Location Squared Up Bing Map Dashboard

Written by Tao Yang

bing-maps

Before I started working for Squared Up, the very first project we talked about was producing Bing Maps dashboard in Squared Up.

I started working on this project after I finished the OpsMgr Data Warehouse Health Check script. And I’m please to announce we have just published the Bing Maps Dashboard solution on Squared Up’s website: http://squaredup.com/geo-location-of-scom-objects-within-squared-up-map-dashboards/

These are some of the sample dashboards I produced in my lab:

Example #1: World Map (Multi-Objects):

Map1

Example #2: Australia Map (Multi-Objects):

Map2

Example #3: Melbourne Aerial Map (Multi-Objects):

Map3

Example #4: Single Object Street Map (of my local pub):

Map4

Do you want to know more about this solution? Please head over the Squared Up’s site and read the full post HERE.

Lastly, like I mentioned in the post, if you have any specific requirements, we are more than happy to work with you, so please feel free to contact us.

Automating OpsMgr Part 6: Adding Monitoring Objects to Instance Groups

Written by Tao Yang

OpsMgrExntededIntroduction

This is the 6th instalment of the Automating OpsMgr series. Previously on this series:

In part 4, I have demonstrated how to create empty instance groups and computer groups using the OpsMgrExtended module and in part 5, I’ve demonstrated how to add a Windows Computer object to a Computer Group as an explicit member. In this post, I will share a runbook that adds a monitoring object to an Instance Group. As I mentioned in Part 4, I will dedicated few posts on creating and managing OpsMgr groups, this post would be the 3rd post on this topic.

Runbook Add-ObjectToInstanceGroup

In order for you to use this runbook, you will need to modify line 9 with the name of the SMA connection you’ve created in your environment.

SNAGHTML325a4b96

This runbook requires 2 input parameters:

  • GroupName: The internal name of the group. I did not use the display name because it is not unique.
  • Monitoring Object ID: The ID of the monitoring object that you wish to add to the instance group.

image

Note:

Since the monitoring object ID is not visible in the Operations Console, I have previously posted an article and demonstrated several ways to find this Id for monitoring objects: Various Ways to Find the ID of a Monitoring Object in OpsMgr. If you are also using Squared Up dashboard, you can also use Squared Up to lookup and export the Monitoring Object ID as demonstrated in this YouTube video.

In the screenshot above, I’ve entered the Monitoring Object of a Hyper-V Host which is defined in the VMM 2012 management pack:

image

I have added a lot of comments and verbose messages in this runbook, therefore I don’t feel I need to explain how it works. If you’d like to know what it does step-by-step, please read the code.

After the runbook execution is completed, the monitoring object is added to the group:

image

SNAGHTML326cba18

Runbook Execution result:

image

Verbose messages:

image

Adding an Existing Member to the Group:

I have coded the runbook to also check if the monitoring object that you want to add is already a member of the group (by looking up related objects of the group instance). If it is the case, the runbook will write a warning message and exit without adding it.

i.e.

image

ce2dd108-0129-4fc0-842b-347311cb9107:[localhost]:The Monitoring Object ‘Microsoft.SystemCenter.VirtualMachineManager.201 2.HyperVHost:HYPERV03.corp.tyang.org;2541ebea-50ae-4d4b-8755-5b77a50cd32b’ (ID:’fabfe649-921c-cf17-d198-0fba29cee9ff’) is already a member of the instance group Group.Creation.Demo.Demo.Instance.Group. No need to add it again. Aborting.

Conclusion

This is a rather complicated runbook and most of the code runs within InlineScript. To make everyone’s life easier, I will add this as a function in the OpsMgrExtended module upon next release. In the next post, I will demonstrate how to update a group by updating the group discovery.