Thursday, January 18, 2018

SCOM PowerShell Script Monitors

I was recently asked if there’s a way to raise a SCOM alert when a scheduled task is not in “Running” state. From the community MPs, I reckoned it is only giving an alert when the tasks return a “Failed” state. I might be wrong, but if there’s one out there, appreciate if someone can enlighten me on this.

Have tried using vbscript via WMI calls but it worth taking note that, while it makes a query from “Win32_ScheduledJob” class, tasks created in the Windows Task Scheduler will not be listed.

We ended up exploring PowerShell and managed to write a simple script for this, but setting up the monitor was not as straight forward as it seemed.

Out of the box, SCOM provides the functionality to create VBScript based monitors, but if you are to create a similar monitor with PowerShell, first impression is that the monitor seemed working as expected (giving you a green tick), but as you test further, you will notice that the health state does not get updated, even when it qualifies for an unhealthy condition.

Looking at the OperationsManager event logs, you should see event 21405, saying the process failed to create System.PropertyBagData…, and interestingly, SCOM was trying to execute your PowerShell script using cscript.exe

Command executed:    "C:\Windows\system32\cscript.exe" /nologo "<your ps script>.ps1", as you can see below

To fix this, you either create a new custom MP to include the PowerShell script monitor (either Silect , VSAE) OR import a PowerShell script community based MP. I chose the latter since it is only a simple monitor and didn’t want to spend more time into it.

Once imported, you should be able to create a script based monitor, only this time, instead of VBScript, it will be in PowerShell.

Hope this helps :)

Monday, October 31, 2016

SCOM Dynamic Groups and Regex

Came across the need to create SCOM groups that consist of both Development and Production servers. While it is easier to have them explicitly populated into the correspondent groups but that would required exhaustive administrative effort from the SCOM admins to always validate the membership of the groups from time to time.

Most of you may know that not every organization has a standard naming convention for their servers like XXX-XXX , and the question now is what will be the regex expression for servers that either ends with d or p indicating whether this is a development or production servers ?

Well it might sound complicated (or at least to me) where how many characters or numbers that we need to consider, since the server names do no have a fixed length.

After some trials and errors, turned out to be quite a simple fix. The following expression will fit in

(?i:p$) –> means case insensitive and ending with a p (or P). Feel free to change the expression to suit your needs.

Thursday, November 26, 2015

SCCM 2012 R2 Clients failed downloading content

Was required to manage clients in untrusted domain in a recent SCCM deployment and one of pilot machine (Windows 7) was not able to have the published app successfully installed, while the other got installed successfully.

Checking on the DataTransferService.log, it includes log saying “DAV request. HTTP code 401, status 'Unauthorized'

Checked and verified that the network access account for SCCM has been configured and there’s no firewall restriction between the client and SCCM server.

Googled around and found out that KB2522623 might be able to fix the problem, and it really did once the patch was applied.

Monday, July 13, 2015

Automated Profile Migration with SCCM–Orchestrator

Had a chance to be involved in a project whereby a client had requested to implement user state and profile migration via SCCM / USMT.

This basically requires configuring the State Migration Point in the SCCM site server and creating computer association, determining from which machine (Source) the user’s profile and data files are being migrated over to (Target)

Then, there will be 2 separate Task Sequences to capture and restore user’s profile and files via USMT scanstate and loadstate executions. As the rule of thumb, the Task Sequence to restore user’s data should only be run after the data capture has successfully executed.

I decided to take a step further by further automating the entire process via System Center 2012 R2 Orchestrator.

It consists of several runbooks, ranging from

  • Performing readiness check, making sure both machines are ready for user’s profile and data transfer

  • Performing user’s profile and data migration by
    • creating the computer association
    • pushing the task sequences to both source and target machines and verify its execution
  • Replicating all the SCCM direct membership collections from the source to destination, ensuring additional software / applications are successfully pushed to the target machine


which are all called from a main runbook


Wednesday, March 18, 2015

SCOM 2012 R2 UR 5

With the recently launched of the SCOM 2012 R2 UR5, one of the issue it addressed was the “Specific Case is not valid” error when you remove the agent in a server that has SQL server installed, without removing it from the SQL runas account distribution. Please refer to the previous posting here. This should save us the hassle of having to manually update the SCOM databases, without fearing that it might affect the supportability from Microsoft.

As for how to apply the patch, this is one of my favorite blog for SCOM resources 

Information about the patch can be found here, as well as the link to download

Monday, February 9, 2015

SCOM Run As Account - Specific Cast Is Not Valid

Got the following error when i tried to add new servers into my SQL MP RunaAs account distribution


Once you click “Close”, you won’t get to see any other computers which this run as account has been distributed previously.


Well, the cause of this is actually due to agents are manually removed from the “Agent Managed” within the SCOM console, but without cleaning up the distribution of the RunAs Account.

In order to resolve this, i had deleted the specific entry from the OperationsManager database based on the solution found in 

Once done, the server which this account is distributed is visible again


p/s: updating the data directly in SCOM databases might impact the supportability from Microsoft. So do it at your own risk

Thursday, January 8, 2015

Windows Data Deduplication – Garbage Collection

Running on a limited SSD storage in machine, the first thing after it was setup is to create 2 logical disk partitions (OS and Data) and to enable data deduplication on the data drive (well, you might know now that we are not able enable data deduplication for OS partition)

Windows 8.1 does not come with a data dedup feature but i supposed there should be lot’s of links in the net that can guide you to enable data deduplication in windows 8.1

Once configured, you should be able to reap the rewards of huge disk space saving especially if you the machine is hosting some test VMs. But after a while, you might find that the disk space does not decrease over time, even after you manually run the “start-dedupJob” cmdlets.


One of the reason is that, there’s a garbage collection job, scheduled at 2.45 am every Saturday and if the machine is not turned on all the time, the job might not even been executed.

One of the way is to manually run the dedup job again using the “GarbageCollection” parameter

Start-DedupJob -Volume <volume> -Type GarbageCollection

and this should get rid of the unwanted file chunks.