SCOM 2012 – PowerShell Grid Widget & Web Console Pitfall

In the past posts I have blogged about the new dashboard widgets primarily about PowerShell Grid & Web Widget. As in every technology there are cases were you stumble on some errors. This happens to me while playing with the PowerShell Grid Widget.

The following code should list all processes which have a CPU value and display them in the PowerShell Grid Widget. Displaying few processes is not a fancy thing and it worked in the SCOM console itself but as soon I opened the SCOM web console I faced an ugly error.

The script looks like this…

image

In my opinion a nice simple script, which should run without any problem in the widget. Well, in the SCOM console it works without any issue…

image

But how does it look in the web console? Well, not as pretty…

image

The error doesn’t tell you right away what the problem is. After some try and error I decided to “read” the error message and I got the feeling that there could be a problem with the data types so I declared all properties as strings…

image

The result was a bit better 🙂 at least no ugly error anymore, but still not what we would expect and are seeing in the normal SCOM console. In the web console widget only the IIS worker process appeared with it’s properties…

image

There must be another issue and I assumed it must be a permission problem. Because the OperationsManager application pool is executing these scripts I changed the ApplicationPoolIdentity to an administrator account…

before the change…

image

after setting the administrator account…

image

…it shows up in the IIS console…

image

The administrator account has administrator permission on the server itself  (SCOM & web console are on the same system) and therefore no restrictions. After restarting the IIS service and login into SCOM web console the script executed successfully…

image

Conclusion: Be aware of the fact that the PowerShell widgets are executed in a different context when running in the web console or SCOM console. If you run the PowerShell widgets in the “fat” SCOM console the scripts are executed under your Windows account which is starting the console. If you run it in your web console the scripts are executed using the OperationsManager application pool and the script will run in context of the ApplicationPoolIdentiy account which is a built-in restricted account. In addition check the data types you are using in your scripts there might be an issue. For more insights on these topics check TechNet Wiki.

I hope this saves you some headache!

3 Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s