Configuration Management Pack Troubleshooting

SCOM 2012 – Find Workflow From Windows Event

Posted on Author stefanroth Comments(3)

When you are deploying SCOM agents to many servers from a test or prod environment, it could happen that a server administrator steps up to you and tells you that he has many strange event log entries which are probably from SCOM. Like in this example here…

clip_image001

As we can easily identify there must be a a rule or monitor from a NiCE MP and in addition we got the information from the administrator that it is happen on server01. With this knowledge you can start your research. Go to Monitoring / Operations Manager / Agent Details / Agents By Version …

image

There is a task which is not very known by many people called Show Running Rules and Monitors for this Health Service…

2

After running this task you get an output like this…

image

If you expand this you will find many entries, in my case I was pretty sure it was a manually / GUI created rule / monitor therefore I was checking the sections for these entries like *UIGeneratedRule or *UIGeneratedMonitor

image

This looks promising so let’s figure out what the exact rule name is…

image

Then lets search for the company.special.nice.rule in Authoring / Management Pack Objects / Rules

image

If we check the properties of the rule we find some references to the Windows event entry description…

image

Well this is not groundbreaking stuff but I think it helps identify workflows and solve issues related to workflows.

stefanroth
http://www.stefanroth.net

Related Articles
Authoring Azure Operational Insights Configuration Development OMS

OMS – Custom Solution “SCOM Effective Configuration”

Posted on Author stefanroth

I had been very busy lately so this blog has been quite for few days, but now I would like to provide a custom OMS solution. My goal was to build a solution which shows you the effective configuration of a monitor or rule, based on a group of objects in SCOM. I created two […]
Azure Azure Operational Insights Configuration OMS Serverless

Azure Logic App – Send Data From Application Insights To Azure Log Analytics

Posted on Author stefanroth

If you followed the Ignite 2017 announcements and Microsoft’s latest trends you figured out that serverless applications are getting more and more boost in Microsoft’s cloud strategy. Logic Apps is one of these new awesome iPaaS (integration Platform as a Service) services, which let’s you reduce complexity, coding and also headache :). Microsoft summarizes the […]
Configuration Troubleshooting Upgrade Xplat

SCOM 2012 SP1 – Upgrading Linux Agent From SCOM 2007 R2

Posted on Author stefanroth

This week I was working for an international customer. The customer had a SCOM 2007 R2 CU5 infrastructure installed on Windows 2008 R2 SP1 servers with ~800 Windows agents and ~250 Unix based agents which they were going to migrate to SCOM 2012 SP1 UR2 installed on Windows Server 2012 in a side-by-side scenario. Because […]

3 Replies to “SCOM 2012 – Find Workflow From Windows Event

  1. Thanks very much for another very useful post Stefan 🙂
    Just one small point for future posts perhaps, the resolution of the screen shots is very low to cannot see the text in some of them like the opsmgr command shell for example.

    Reply
  2. Pingback: SCOM link - IT Consult
  3. Pingback: link scom 2012 troubleshooting, how-to, management pack, patch, cmdlet, planning, deployment, installation | IT Consult

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.