Monthly Archives: May 2014

Updated OpsMgr 2012 Alert Update Connector Management Pack

Written by Tao Yang

I recently implemented OpsMgr 2012 Alert Update Connector in the new OpsMgr 2012 environments that I’m building. I have previously blogged my way of generating AUC’s configuration XML.

Now in my environment, AUC is playing a critical role in the alert logging process, it needs to be highly available. nothing will get logged to the ticketing system if AUC is not running. The unsealed management pack that came with AUC monitors each individual instance of Alert Update Connector service. It generates a critical alert when the service is not running while the start mode is configured to Automatic. However, in my opinion, this does not reflect the real health condition of AUC. Since we can install Alert Update Connector service on multiple computers, the connector should be considered as healthy when there is one instance (and one instance only) of the Alert Update Connector service running.

Therefore, I have updated the management pack. I have made the following changes to the original MP:

01. Bug fix in the VBScript used in Alert Update Connector Discovery

I have installed the Alert Update Connector service on all the management servers. I also have few Orchestrator runbook servers being monitored agentlessly because they are running runbooks which require OpsMgr 2007 R2 integration pack and console, so I can’t installed OpsMgr 2012 R2 agents on them. After imported the original management pack, I noticed Alert Update Connector services have also been discovered on these Orchestrator runbook servers.

The bug is highlighted below:


The discovery is configured to be remotable, but when performing the WMI query for the service, it is always querying the local computer where the discovery script is running. This is why the Alert Update Connector service has been incorrectly discovered on agentless monitored computers. This is an easy fix. since the target computer name has already been passed to the script, in line 91, “strComputer” needs be changed to “TargetComputer”.

02. Updated the frequency for Alert Update Connector Discovery

In the original MP, this discovery runs once per hour. I have updated it every 12 hours.

03. Additional Monitor: Alert Connector Services Overall Status Monitor


This monitor is targeting the Alert Update Connector class (which is managed by All Management Servers Resource Pool), and checks number of running instances of Alert Update Connector service. it generates a critical alert when the running instance does not equal to 1.


This monitor also has 2 recovery tasks


When there are no running instances, the recovery task “Start One Instance of Alert Update Connector Service” will try to start 1 instance of this service. When the number of running instances is greater than 1, the recovery task “Stop and Disable additional running instances” will stop and disable all but 1 running instances.

The script execution results can be viewed in Health Explorer:



Since the connector class is managed by AMSRP, the monitor workflow will run on a management server. If you only have the Alert Update Connector services installed on management servers, and the management server’s default action account should have local admin rights on the management servers, no additional configuration is required. however, if you have Alert update connector service installed on other servers where the default management servers action account does not have local admin rights, you may need to configure the Run-As profile defined in this MP:


03. Additional Groups

I’ve created 2 additional groups:

  • Alert Update Connector Services Computer group
  • Alert Update Connector Services Instance Group



04. Additional Override: Disabled Alert Generation for the “Connector Service Status” monitor.



I’m just trying to reduce the noise. Since the newly created overall status monitor will be generating alerts as well, I don’t think we need another one.

05. Removed the console task “Show Connector UI”

This task hardcoded the ConnectorConfiguration.exe to C:\AlertUpdateConnectorUI, and I’m not using this GUI tool in my environment (refer to my previous post). Therefore I have removed it from the MP.

I have changed the MP version to I have also converted the original MP to a VSAE project. In the project, I have chopped the MP components into many fragments.


You can download both sealed and unsealed version of this MP, as well as the VSAE project (to make your life easier if you want to update it to suit your needs). However, I won’t include the key I used in for this MP. if you decided to update and seal it again, please use another key.


Lookout for the IE Version in the OpsMgr PowerShell Web Browser Widget

Written by Tao Yang

Last night, while I was working on my newly created Google Map Dashboard in OpsMgr, I kept getting script errors from the PowerShell Web Browser widget used for Google Maps:


After some research online, some people suggests this is because the latest Google Maps only supports IE version 8 and later.

I was getting this error on Windows 8.1 (With Update) and Windows Server 2012 R2 (With Update). the IE version is 11:


Long story short, in the end, I found the issue from couple of blog posts.

In my lab, when PowerShell Web Browser widgets opens a page, it enumerates IE 7. To prove this, I created a dashboard with just 1 Cell and created a PowerShell Web Browser widget with the script below:


$dataObject = $ScriptContext.CreateInstance("xsd://Microsoft.SystemCenter.Visualization.Component.Library!Microsoft.SystemCenter.Visualization.Component.Library.WebBrowser.Schema/Request")
$dataObject["BaseUrl"]="<a href=";">"</a>


it simply launches the site

Surprisingly, it shows I’m using IE 7:


To fix the issue, I had to add a registry key value to enforce OpsMgr 2012 console to use IE 11 (as documented in MSDN:

Reg Key Path:


DWORD value to add:


Value data:

decimal 11000



After the registry modification, simply close and re-open the OpsMgr operational console, open the dashboard, the problem was resolved and shows I’m using IE 11:


I’m guessing this could be a common issue when using the PowerShell Web Browser widget to open a site that does not support earlier versions of IE. If this is the case, this registry modification will need to be implemented to all computers running OpsMgr 2012 consoles and wanting to use the dashboard.

OpsMgr Dashboard Fun: Google Maps

Written by Tao Yang

I am really excited about the 2 new PowerShell dashboard widget released in OpsMgr 2012 R2 UR2. PowerShell has always been my favourite scripting language, something I have been using on a daily basis since 2008. In my opinion, the opportunities are endless when having the ability to execute PowerShell scripts within an OpsMgr dashboard. I will start posting my ideas in this blog.


For those who don’t know me, I work for an Australian retailer which has 3 brands (supermarkets, service stations and liquor stores) with totally over 2000 stores across the country. Pretty much every Windows device in the stores are being managed by System Center. Because of the nature of the environment we are in, in the past, there were ideas tossing around in the office that people really like to have some kind of map dashboard for OpsMgr, and we have trailed / tested different solutions. Although there are 3rd party solutions out there, yesterday, I have spent couple of hours and created a dashboard like this:


This dashboard contains:

  • Top Left: State widget for a customized class called “TYANG Remote Computer”, which is based on Windows Computer class.
  • Bottom Left: Contextual PowerShell Grid widget displays health state of all related objects for “TYANG Remote Computers”
  • Right: Contextual PowerShell Web Browser widget that pin-points the computer location on Google Maps.

In Action:

I’ll now go through the steps I took to make this dashboard work. the management packs I used in the demo can also be downloaded from the link at the end of this post.


Step 01. Create a management pack to define and discover the custom Windows Computer class.

I Named this management pack “Demo.Remote.Computers”. I basically created a customized Windows Computer class with 4 additional properties:

  • Street
  • City (aka Suburb as what we call in Australia)
  • State
  • Country


I then created a registry key and stored these property values in the key:


After creating the registry key on few machines, I then created a filtered registry discovery workflow in the MP. It targets Windows Computer class and it is looking for this key. It also maps the 4 reg key values I created to the class properties.

Lastly, before I sealed the MP, I also created a folder and a state view for this custom class. The Accessibility of the folder is set to “Public” – so later on I can place the dashboard under this folder from a separate MP.


Step 02. Create the dashboard

Now that the class is defined and discovered, I can move on to the dashboard. To create the dashboard, firstly, I created a brand new MP from the Operations console, and called it “Demo Remote Computer Dashboard” with the ID “Demo.Remote.Computer.Dashboard”. When the unsealed MP is created in the operations console, a folder is automatically created with the MP. I will place the dashboard under this folder (for now):


I gave the dashboard a name and chose an appropriate dashboard layout :


I added a state widget for the top left pane


Gave it a name: “Remote Computers”


Choose the class I have defined in Step 1


I want to display all instances, so I did not select anything in the Criteria step:


I defined what I property that I want to display, and how to sort the instances:


Then click Next and Create to create the widget.


Next, I’ll create a PowerShell Grid contextual widget in the bottom right section to display the health of each related components.

Choose “PowerShell Grid Widget”


Name: “Components”


Add the script below to the script section:


foreach ($globalSelectedItem in $globalSelectedItems)
$globalSelectedItemInstance = Get-SCOMClassInstance -Id $globalSelectedItem["Id"]
foreach ($relatedItem in $globalSelectedItemInstance.GetRelatedMonitoringObjects())
$ClassName = $relatedItem.GetMonitoringclasses()[0].DisplayName
$dataObject = $ScriptContext.CreateFromObject($relatedItem, "Id=Id,State=HealthState,DisplayName=DisplayName,FullName=FullName", $null)
$dataObject["ParentRelatedObject"] = $globalSelectedItemInstance.DisplayName

Click Next and Create to create the widget.


Lastly, I’ll create a PoweShell Web Browser contextual widget for the map on the right section.

Choose PowerShell Web Browser Widget


Name it “Map”


Copy the script below to the script section:


$dataObject = $ScriptContext.CreateInstance("xsd://Microsoft.SystemCenter.Visualization.Component.Library!Microsoft.SystemCenter.Visualization.Component.Library.WebBrowser.Schema/Request")
$parameterCollection = $ScriptContext.CreateCollection("xsd://Microsoft.SystemCenter.Visualization.Component.Library!Microsoft.SystemCenter.Visualization.Component.Library.WebBrowser.Schema/UrlParameter[]")
foreach ($globalSelectedItem in $globalSelectedItems)
$globalSelectedItemInstance = Get-SCOMClassInstance -Id $globalSelectedItem["Id"]
$StreetProperty = $globalSelectedItemInstance.GetMonitoringProperties() | Where-Object {$ -match "Street"}
$CityProperty = $globalSelectedItemInstance.GetMonitoringProperties() | Where-Object {$ -match "City"}
$StateProperty = $globalSelectedItemInstance.GetMonitoringProperties() | Where-Object {$ -match "State"}
$CountryProperty = $globalSelectedItemInstance.GetMonitoringProperties() | Where-Object {$ -match "Country"}
$Street = $globalSelectedItemInstance.GetMonitoringPropertyValue($StreetProperty)
$City = $globalSelectedItemInstance.GetMonitoringPropertyValue($CityProperty)
$State = $globalSelectedItemInstance.GetMonitoringPropertyValue($StateProperty)
$Country = $globalSelectedItemInstance.GetMonitoringPropertyValue($CountryProperty)
$parameter = $ScriptContext.CreateInstance("xsd://Microsoft.SystemCenter.Visualization.Component.Library!Microsoft.SystemCenter.Visualization.Component.Library.WebBrowser.Schema/UrlParameter")
$parameter["Name"] = "q"
$parameter["Value"] = "$street $City $state $Country"
$dataObject["Parameters"]= $parameterCollection

Click Next and Create to create the widget.

The dashboard should be fully functional by now.


You can stop now, or continue on to the next step to use the GTM tool to generalize the dashboard MP – if you want to use this dashboard in other management groups.

Step 03: Generalizing the Dashboard MP

Firstly, export the dashboard MP, but do not delete it from the management group after export.

Run the GTMTool.exe against the exported MP. When asked if I want to create a task pane dashboard, answer “Y” and enter the name of the MP I created in step 01 (“Demo.Remote.Computers”).


Although it’s not required, but I also opened the MP generated by the GTMTool.exe, replaced all the “UIGenerated” strings with something meaningful.





Lastly, delete the old dashboard MP in OpsMgr, and import the updated one. The dashboard can now be found under the folder from the MP created in step 01.


Issues I experienced

01. Google Maps VS. Bing Maps

Someone may want to ask, why did I choose Google Maps rather than Microsoft’s Bing Maps. Well, I’m not sure about other countries, but couple of years ago when I was testing a well known OpsMgr map dashboard, which uses Bing Map (you probably know which one I’m talking about), I found the mapping data for Australia is very inaccurate.

For example, when I searched my local supermarket using address, Google Maps had no problem pin-pointing it in the map, but Bing maps could not find it:

Google Maps:


Bing Maps:


You can argue that I live in a Melbourne’s outer suburb, it is approx. 50km away from CBD and I can see horses and cows on a daily basis. Bing can be accurate for metropolitan areas or famous tourist attractions.

i.e. the supermarket located in Bondi Junction, NSW, near the famous Bondi Beach:

Google Maps finds it:


Bing Maps also finds it:


But for me employer, who operates all over Australia including areas very remote, it’s clearly an issue – unless we use map co-ordinates instead of addresses.

02. Google Maps Script Error:

While I was configuring Google Map widget, I also had an issue that I always get a script execution error from IE:


After spending some time googling this error, I learned Google does not work well with certain versions of IE. This leads to an issue that could be a common issue with the PowerShell Web Browser Widget. I managed to identify and fix the error, I’ll cover the issue and the fix in a separate post, because I believe this error can happen for other web sites.

03. Google Maps left pane

I tried to find a way to disable it, but in many online forums, people said there is no way to disable it unless use it in an iframe with the parameter “out=embed” in the URL.


I’m not a web developer, but I’m guessing if I develop a web page on a web server to host such an iframe, I should be able to remove it? it’s just a thought, I haven’t looked into it.

Anyways, after playing with it for a while, I don’t really mind clicking the arrow to minimise the left pane every time, having the left pane there can be handy sometimes as I can also use the “Get Directions” function as I demonstrated in the video.


Overall, I spent more time trying to get Google Maps working in the widget than time creating the management pack and dashboard. The management packs can be downloaded HERE.

Please keep in mind the MP that defines and discovers your classes must be sealed so other MPs can reference it. I’ve included both sealed and unsealed version of this MP, if you want to test it out in your environment, please make sure you used the sealed version (

I did not seal the dashboard MP so it is easier for you to see what’s under the hood.

Management Pack for the SCOM 2012 Maintenance Mode Scheduler

Written by Tao Yang

I’ve been working on a SCOM management pack during my spare time over the last couple of weeks. This management pack provides some basic monitoring for the SCOM 2012 Maintenance Mode Scheduler Version 2 developed by Tim McFadden (

The purpose of this MP solution is to help this web-based maintenance mode scheduler integrate better within SCOM. The solution contains 2 management pack files. The following items are included:

Class definitions and discoveries for the SCOM 2012 Maintenance Mode Scheduler.

The monitoring MP defines 2 classes. a Microsoft.Windows.ComputerRole based class called “SCOM 2012 Maintenance Mode Scheduler”, which has many properties defined representing various application settings.


There is also an unhosted class called “SCOM 2012 Maintenance Mode Scheduler Event Collector”. This class runs an event collection rule which collects the new schedule jobs creation events even when the Maintenance Mode Scheduler computer is in maintenance mode.

Automatically delete any finished maintenance mode schedules

A rule runs once a day and executes a script to scan through all Windows Scheduled Tasks created by the maintenance mode scheduler and deletes any tasks that does not have a Next Run Time (i.e. tasks that only runs once and it has already be executed). For auditing purposes, when deleting each old (finished) task, an event is also written to both SCOM operational and Data Warehouse databases.

The purpose of this rule is to eliminate the needs for manual clean-up of old scheduled tasks created by the maintenance mode scheduler.

Event Collection rule for new schedule job creation events (Event ID 711)

When the Maintenance Mode Scheduler is configure to write auditing events to Windows event log, a event collection rule can be utilized to collect these events and store them in SCOM databases.

image image

Monitor the credential of SCOM Data Access Account configured in the maintenance mode scheduler.

A monitor that checks if the credential of the SCOM Data Access Account configured in SCOM 2012 Maintenance Mode Scheduler is still valid. This is to ensure SCOM operators get notified if the Data Access account password has been changed, or the account has been locked out, disabled or deleted.

Monitor if the SCOM Data Access Account has local administrator privilege on the computer hosting the maintenance mode scheduler.

A monitor that checks if the SCOM Data Access Account configured in SCOM 2012 Maintenance Mode Scheduler has local administrator privilege on the computer hosting the scheduler. Windows local administrator access is required to create Windows Scheduled task.

Console task to launch the SCOM 2012 Maintenance Mode Scheduler web site using the default web browser.


New scheduler jobs event report


Maintenance Mode Scheduler dashboard (Provided by the SCOM 2012 Maintenance Mode Scheduler Dashboard management pack).


This dashboard contains:

  • Maintenance Mode Scheduler state widget
  • PowerShell Grid widget that lists new schedule jobs events
  • PowerShell Web Browser widget that displays the Maintenance Mode Scheduler web page.

Maintenance Mode Scheduler State view


New Jobs Event View


Deleted Jobs Event view



I’d like to thank Tim McFadden for producing such a good maintenance mode tool for SCOM 2012, and also the valuable feedbacks and suggestions provided for this management pack.


For me, while I was writing this MP, I’ve accomplished few of my “firsts”:

  • First time writing scripts for IIS (as this is a web based application).
  • First time writing reports in VSAE (I have to say for me, it is much easier than using old Authoring console)
  • First time using the new PowerShell widgets from the SCOM 2012 R2 UR2 updates (well, they’ve only just come out).

So I was really enjoying it, although it took a lot longer than what I expected (due to the IIS scripting challenges I had).

I hope this management pack would help the community to better adopt and integrate the SCOM 2012 Maintenance Mode Scheduler into their SCOM 2012 environments.

The Management packs and documentation can be downloaded HERE. Please make sure you read the documentation before importing the MPs. there are few pre-requisites for the MPs.

Lastly, as always, please feel free to contact me if you have issues / questions / suggestions.

Microsoft Surface Has Been Discovered as Virtual Machine in OpsMgr

Written by Tao Yang

I have my Surface Pro 2 being monitored by the OpsMgr management group in my lab. Today I noticed it has been discovered as a virtual machine in OpsMgr:


The discovery for this property uses a WMI query:

Select Name FROM Win32_BaseBoard WHERE Manufacturer = “Microsoft Corporation”


And I queried Win32_BaseBoard class on my surface:


If you also have Surface monitored by OpsMgr and there are groups being populated based on the “Virtual Machine” property of Windows Computer class, you may want to modify the group populator expression.

Packaging OpsMgr 2012 R2 Agent WITH Update Rollup in ConfigMgr 2012

Written by Tao Yang


About 6 months ago, I wrote a 2-part blog series on deploying OpsMgr 2012 R2 agents using ConfigMgr  (Part 1, Part 2). Since then, Update Rollup 1 and Update Rollup 2 has been released. Because UR1 did not include agent updates, I didn’t have to patch any agents. The most recent release of Update Rollup 2 does include agent updates, I’ll have to get the agents patched.

For me, and the project that I’m working on, this is a perfect timing, UR2 was release right before we production transitioning our newly built OpsMgr 2012 R2 management groups and we are just about to start piloting, so I have quickly patched all OpsMgr 2012 R2 management groups with UR2 and from agents point of view, UR2 would now become part of our baseline (for now).

I have determined that the best way for me to incorporate UR2 agent updates to the current agent application in ConfigMgr is to somehow “Slipstream” the update into the agent install. This is due to the size, nature of the environments, and the release management and patch management policies that I can’t comment on.

When I said “Slipstream”, OpsMgr 2012 agents UR updates can’t really be slipstreamed into the agent install msi. So what I have done is to create an application in ConfigMgr that will install the agent AS WELL AS the update.

I’ll now go through the steps I took to setup the ConfigMgr application object.


Note: The steps I took are largely the same as the Part 2 of the original post. I will only go through the changes I have made based on the original package rather than documenting it again from scratch.

01. I firstly duplicated the ConfigMgr source content of the original agent application to another folder.

02. Placed the agent UR2 updates in the AMD64 and i386 folders:





03. Place the newly created “CM12_OM12AgentInstall.vbs” on the root folder:


Note: Please ignore the other 3 scripts in the above screenshot, they were from the 2007 package I created in the original blog post Part 1. They are not required here.

02. created an identical application as described in Part 2 of the original post. -Of course, the application name is changed to something like:


03. Modify the deployment type for the 64 bit machines:

Remove “\AMD64” from the end of the content location field.


Change the installation program from the “msiexec /i ….” to Cscript /nologo CM12_OM12AgentInstall.vbs “64-bit”


04. Modify the 32 bit deployment type the same way as the 64 bit one:

Remove “\i386” from the end of the content location field and change the installation program to Cscript /nologo CM12_OM12AgentInstall.vbs “32-bit”

05. Distribute it to appropriate DP and test it!


The script used for the installation basically installs the MOMAgent.MSI and then UR2 agent update. It can be modified for installing other previous and future agent UR updates by changing the file names on line 59 and 64


When the application is deployed to a ConfigMgr client, the script creates few log files under C:\Temp:


Same as my original post Part 2, the application package does not configure agents to report to any management groups. This is because in my environment, there are multiple management groups, so I am using ConfigMgr Compliance Settings (aka DCM) to configure the agents. this is also documented in the Part 2 of the original post. If you’d like use the same application package to configure the agent, you can simply modify the CM12_OM12AgentInstall.vbs to also combine with the OM12AgentConfig.vbs that I’ve created in Part 1 of the original post. or create a separate application package and specify the dependency between these packages.

System Center 2012 R2 Icons

Written by Tao Yang

A while ago I extracted the icons from each System Center 2012 R2 products so I can use them in various Visio diagrams, PowerPoint presentations and Word documents. Yesterday I dug it out to use one of the icons. I thought other people may want to use them too. So here’s the zip file containing these icons (in both ico and png format):


System Center 2012 R2 Icons

Note: I found an online ico to png converter, so each icon has been converted to different sizes of png files to something like this:


System.Management.Automation.IncompleteParseException for a PowerShell script from my Management Pack

Written by Tao Yang

I’m currently working on a management pack that I’m hoping to be released to public very soon. In one of the workflows in the MP, I got an error logged in the Operations Manager event log on the target agent:

The PowerShell script failed with below exception

System.Management.Automation.IncompleteParseException: Missing closing ‘}’ in statement block.
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at Microsoft.EnterpriseManagement.Common.PowerShell.RunspaceController.RunScript[T](String scriptName, String scriptBody, Dictionary`2 parameters, Object[] constructorArgs, IScriptDebug iScriptDebug, Boolean bSerializeOutput)


Needless to say, the script runs just fine manually on the agent, so it is bug free. Took me a while to day to figure out what the issue is.

The script ended like this:


The last line is commented out, I’d uncomment it when test run it in powerShell prompt on an agent. When the MP is built in VSAE, it looked like this:


It’s on the same line as the CDATA close tag. After I started a new line at the end of the script, the MP started working:



From now on, I’ll remember to end the PowerShell script with an empty line. Interestingly, another VBScript in the MP doesn’t have this issue…