Monthly Archives: February 2016

SCOM: Monitoring a Fortigate Firewall

A while ago I had a request from one of my clients to monitor their new Fortigate Firewalls, as there is no existing management pack for this it required a bit of custom work.

First on the firewall you’ll also need to configure SNMP, as well as what trap notifications will be sent.

snmptraps

Then discover the Fortigate using the standard network monitoring discovery.

This is the address for the Fortigate MIB file contents which you will need in order to map OIDs for the next part.

In SCOM create an SNMP Trap alerting Rule targeting the Node Class.

snmpalerting1snmpalerting2

For now leave the OID properties filter empty
snmpalerting3

This rule will be used to identify any OIDs in the future that may be missing from your specific alerting rules.

Now using the MIB list provided earlier each alert ticked in the Fortigate configuration needs to be mapped to the relevant OID and a specific alerting rule created for it, for example 1.3.6.1.4.1.12356.101.4.4.2.1.2 is the OID for HIgh Processor Usage. So in order to generate an alert for High CPU on the Fortigate you will need a rule with this specific OID in the filter 1.3.6.1.4.1.12356.101.4.4.2.1.2.

Repeat for each OID that you need to monitor and use the catch all to identify anything you may have missed.

SCOM: Management Pack for Windows 10 Operating System v10.0.0.0

A management pack for windows 10 OS has been release, v10.0.0.0 is available here and is supported by System Center Operations Manager 2012 or higher.

Two types of client monitoring are available in this management pack:

·    Aggregate client monitoring for gathering health information on the selected representative clients, and aggregating information for reports that display the trends

·    Monitoring of mission-critical business clients

It is also important to note that agentless monitoring is not supported

SCOM: Report subscription list could not be loaded. Client found response content type of ”, but expected ‘text/xml’.

Just the thing you want to see on a Monday morning, clicking on the Reports node and seeing the following error:

Message: Report subscription list could not be loaded.

System.InvalidOperationException: Client found response content type of ”, but expected ‘text/xml’.
The request failed with an empty response.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Reporting.ReportingService.ReportingService2005.ListSubscriptions(String Report, String Owner)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Reporting.ManagementGroupReporting.GetSubscriptions(String owner)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Reporting.Views.ReportSubscriptionsView.ReportSubscriptionsView.LoadSubscriptionsJob(Object sender, ConsoleJobEventArgs args)

An investigation determined that the reporting services action account needed to be re-registered to the ASP.NET IIS framework using the following command.

aspnet_regiis -ga <Domain\reporting services action account>

XPost: Event 18054 errors in the SQL application log

Here is a great post by Kevin Holman addressing an issue you would come across if you have had to move your SCOM databases or recover them to a new SQL server.

Sample error:

Log Name:      Application
Source:        MSSQL$I01
Date:          10/23/2010 5:40:14 PM
Event ID:      18054
Task Category: Server
Level:         Error
Keywords:      Classic
User:          OPSMGR\msaa
Computer:      SQLDB1.opsmgr.net
Description:
Error 777980007, severity 16, state 1 was raised, but no message with that error number was found in sys.messages. If error is larger than 50000, make sure the user-defined message is added using sp_addmessage.

In essence this happens, as explain, due to the sysmessages being created in the master database on installation. These messages will then be missing after a database move or new sql server recovery.

Kevin has also provided a script to re-add these messages for you here – CAUTION for SCOM 2012 R2 only

Management Pack Recap – January 2016 Wave

Better late then never. This is a summary of the wave of Management Packs that were released in January 2016. Information and download location in the links provided:

Windows 8 and 8.1 Client Operating System v6.0.7251.0 MP  – here
Windows Server Technical Preview – here
Microsoft Dynamics NAV 2015 v1.0 – here
NiCE  DB2 MP v4.03here
Windows Server Operating System v6.0.7303.0 – here

If you know of any other Management Packs that have been released recently that I may have missed leave me a note in the comments and I’ll add them

SCOM: Checking for a word on a webpage

Monitoring if a website is available is simple enough with the SCOM 2012 Web application availability wizard but what if you want to check if a specific word appears on that page?

In order to add this additional criteria to your web application monitor first open your web app and click on Change Configuration:
webappconfig

Then in the section titled alerts tick the box for Content Match, then choose if the word or phase you are looking for must be present or missing and type the word or phrase into the criteria box. In this example an alert will be generated if my page does not contain the word Demo.

webappconfig2

And there you have it a web application which will alert you if a word appears on a monitored web page.