Author Archives: Warren Kahn

SCOM 2019: Updated Azure Management Pack v1.8.0.1

A new version of the Azure management pack has been released you can get it it here

What’s new

  • Enabled Resource Group filtering for subscription
  • Modified Alert description for all Alert types
  • Enabled multi-resource metric alerts support

What’s Fixed:

  • Fixed health state issue to be in sync with Azure portal
  • Fixed ‘unknown’ state issue for metric alert

Note: Upgrade is supported from v1.6.0.7 and v1.7.0.0. Existing template will be honored.

SCOM: News from Ignite

This year at Ignite SCOM had it’s own dedicated session which is great to see. Here is a summary of the new upcoming features in UR1.

Version Agnostic Management Packs
Storage Spaces Direct (S2D) MP
RHEL 8 Support
One click patching experience
Support for gMSA
Relability and Performance Improvemennts for Linux Agent
Common Management Pack for Linux
Resource Group monitoring in Azure MP
Azure MP Web Console Dashboards

The ones I’m most looking forward to are of course the support for gMSA, with security being so critical in today’s IT real-estate this features adds an additional layer of peace of mind to your SCOM monitoring.

The one click patching experience is also a nice quality of life improvement, I had the privilege to see this in action and I like the direction this is going.

More agnostic management packs are also on the way which will simplify administration of products the same way we’ve seen them improve the SQL monitoring experience.

What do you think of this update? Leave a comment or if you have an idea head over to the SCOM Uservoice https://systemcenterom.uservoice.com/forums/293064-general-operations-manager-feedback and let the product group know.

How to: Parameters with Azure Monitor Workbooks and a quick start template

Adding parameters to a workbook allows you to change values in your queries such as workspace without having to manually edit the query. This makes workbooks much easier to use and widens the potential audience.

Lets look at how to add parameters, some common ones and a little cheat sheet I use to quickly start a new workbook.

Adding Parameters

Parameters can be added into a KQL query by including the parameter name in braces, for example if I have a parameter for Time I can reference it in my KQL query as {Time}

There are currently four different supported parameters:

Text – An editable text box
Drop Down – Choose from a defined set of values
Time Range Picker – Choose from a predefined set of time range values
Resource Picker – Choose from resources selected for the workbook

Example Parameters for our Quick Start Template

Time

Adding a time parameter is relatively straight forward as it is a pre-defined parameter type, click add parameter and give it a name, select Time range picker from the type field and select the times ranges you want to be available. Then click Save

Subscription

Adding a subscription parameter is very useful as it allows your workbook to be able to query across subscriptions easily. After giving the parameter a name, choose Subscription picker from the type. Tick Allow multiple selection and also include the All option below then
you can select from Default Subscriptions and All Subscriptions. Then click save.

Workspace

Workspace is useful for the same reasons Subscription is, this will allow a workbook to easily query across multiple workspaces from a single location.

This one is a little more complex to configure as it you’ll need to reference the workspaces through a KQL query, there are several ways to do this and i’ll share the one I am currently using.

As before name your parameter, this time choose Resource picker, allow multiple selection and All as options and then select Get data from Query, set your source to Azure Resource Graph and Subscription, the query I use is below:

where type =~ ‘microsoft.operationalinsights/workspaces’
| order by name asc
| summarize Selected = makelist(id, 10), All = makelist(id, 1000)
| mvexpand All limit 100
| project value = tostring(All), label = tostring(All), selected = iff(Selected contains All, true, false)

Servers

Not all Workbooks will require Servers but I use it often enough that I include in my Quick Start Template. This time choose Drop down, as before allow Multiple selection and All. We are going to populate our list from a query and a simple way to get a list of Servers is:

Heartbeat
| distinct Computer

Once you have saved this workbook with your populated parameters it is now a simple matter to reuse this every time we want to create a new workbook with parameters. All you need to do is edit this one and Save As to start a fresh workbook with pre-done parameters.

Json Template

Below is the template to create your own easy quick start workbook, just create a blank one and paste the json code into the Advanced Editor in the Gallery Template section and click apply.

{
“version”: “Notebook/1.0”,
“items”: [
{
“type”: 9,
“content”: {
“version”: “KqlParameterItem/1.0”,
“query”: “”,
“crossComponentResources”: [
“{Subscription}”
],
“parameters”: [
{
“id”: “ff24505c-2099-43a4-a8a3-3456bed78eb5”,
“version”: “KqlParameterItem/1.0”,
“name”: “TimeRange”,
“type”: 4,
“isRequired”: true,
“value”: {
“durationMs”: 604800000
},
“typeSettings”: {
“selectableValues”: [
{
“durationMs”: 3600000
},
{
“durationMs”: 14400000
},
{
“durationMs”: 43200000
},
{
“durationMs”: 86400000
},
{
“durationMs”: 172800000
},
{
“durationMs”: 259200000
},
{
“durationMs”: 604800000
},
{
“durationMs”: 1209600000
},
{
“durationMs”: 2419200000
},
{
“durationMs”: 2592000000
},
{
“durationMs”: 5184000000
},
{
“durationMs”: 7776000000
}
]
}
},
{
“id”: “bfe50469-7469-4c4d-a33e-0edbb43546c4”,
“version”: “KqlParameterItem/1.0”,
“name”: “Subscription”,
“type”: 6,
“isRequired”: true,
“multiSelect”: true,
“quote”: “‘”,
“delimiter”: “,”,
“value”: [
“value::all”
],
“typeSettings”: {
“additionalResourceOptions”: [
“value::all”
],
“includeAll”: true
}
},
{
“id”: “fb861784-4609-49f2-9f58-427fcc547677”,
“version”: “KqlParameterItem/1.0”,
“name”: “Workspace”,
“type”: 5,
“isRequired”: true,
“multiSelect”: true,
“quote”: “‘”,
“delimiter”: “,”,
“query”: “where type =~ ‘microsoft.operationalinsights/workspaces’\r\n| order by name asc\r\n| summarize Selected = makelist(id, 10), All = makelist(id, 1000)\r\n| mvexpand All limit 10000\r\n| project value = tostring(All), label = tostring(All), selected = iff(Selected contains All, true, false)”,
“crossComponentResources”: [
“{Subscription}”
],
“value”: [
“value::all”
],
“typeSettings”: {
“resourceTypeFilter”: {
“microsoft.operationalinsights/workspaces”: true
},
“additionalResourceOptions”: [
“value::all”
]
},
“timeContext”: {
“durationMs”: 0
},
“timeContextFromParameter”: “TimeRange”,
“queryType”: 1,
“resourceType”: “microsoft.resourcegraph/resources”
},
{
“id”: “b2627475-cef7-4e91-97b9-b70bf00164e6”,
“version”: “KqlParameterItem/1.0”,
“name”: “Servers”,
“type”: 2,
“multiSelect”: true,
“quote”: “‘”,
“delimiter”: “,”,
“query”: “Heartbeat\r\n| distinct Computer”,
“crossComponentResources”: [
“{Workspace}”
],
“value”: [
“value::all”
],
“typeSettings”: {
“additionalResourceOptions”: [
“value::all”
]
},
“timeContext”: {
“durationMs”: 0
},
“timeContextFromParameter”: “TimeRange”,
“queryType”: 0,
“resourceType”: “microsoft.operationalinsights/workspaces”
}
],
“style”: “pills”,
“queryType”: 1,
“resourceType”: “microsoft.resourcegraph/resources”
},
“name”: “parameters – 1”
}
],
“styleSettings”: {},
“$schema”: “https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json”
}

SCOM 2016: UR 8 is now available!

Update Rollup 8 for SCOM 2016 is now available, as usual you can get it through windows update or via the download catalogue here

Improvements and fixes


  • Fixed: In a scenario where SCOM monitors 100s of virtual machines hosted on a single Hyper-v server; every hour the healthservice.exe of each Virtual machine write into the VM page file simultaneously. Due to this concurrent paging, every hour disk I/O increases and database becomes unresponsive. HealthService.exe now have Memory Trimming enabled by default on an hourly schedule. A registry key is provided to disable the memory trimming and control the duration.

          Registry key is: “HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Setup\MemoryTrimming”

         Enable – 0 (Trimming is disabled); 1 (trimming is enabled)

         DelayInSeconds – Time period agent waits to start trimming (default is 120s)

         PeriodInSeconds – Recurring period at which the working set should be  trimmed (default is 3600s)

  • Fixed: Historical data do not appear, if input reporting end time is before group creation time. With this fix, historic data for a group (if data is available for objects in the group) would be displayed irrespective of group creation time.
  • Fixed: Maintenance mode state changes which are recorded in MaintenanceModeStage table requires grooming when table grows. If the table is large, grooming takes longer and the operation times out with SQLTimeOut exception.
  • Fixed: If a group is renamed in a Management pack, then console shows the new value but Powershell command Get-SCOMGroup returns the old name of group. Database Updates functionality was inconsistent for SCOM group renaming through MP and SCOM Console.
  • Fixed: CPU Spike issues because of workflows running on all agents at the same time is addressed through script optimization and removing the sync time.
  • Fixed: If the registry key under “Computer\HKey_Local_Machine\Software\Microsoft\Microsoft Operations Manager\3.0\Setup\UseMIApi” is set and a Unix/Linux Script task without a parameter is executed then this task fails. 
  • Improvement: Sometimes SQL stored procedure “p_SelectForNewTypeCache” takes long time to complete, and SDK service fails to start. This is fixed and above SQL stored procedure will complete faster now.

How to: Availability Workbook for Azure Monitor

Azure Monitor workbooks are very powerful and a great addition to the Monitor toolset you can learn more about them in my article here. Today we’ll be using Workbooks to create an availability report for our servers.

First we need our query, below is a fairly stock example of how to use the Heartbeat table to get the number of hours a server has been online and compare that to a set number of hours, in this case the past 7 days (168 hours) and work that out as a percentage.

let starttime=startofday(now()-7d);
let endtime=now();
Heartbeat
| where TimeGenerated >= starttime and TimeGenerated <= endtime
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, starttime), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_available_hours=countif(available_per_hour==true) by Computer
| extend total_number_of_buckets=round((endtime-starttime)/1h)
| extend availability_rate=total_available_hours*100/total_number_of_buckets

As you can see running this query against your Log Analytics workspace will return exactly that, The Computer name, the total number of hours or “buckets”, the number of available hours and the percentage or Availability rate.

Once we have a working query it’s time to create our workbook, this can be done under the Azure Monitor blade of the Azure console, simple click on Workbooks which is still in preview and then click new.

Click add query and configure your workspace as shown below, then click Run Query

So far so good, now we want to be able to select the time range for our availability report. to do this click add Parameters at the bottom of the editor. Conveniently there is a pre-built parameter called Time range picker so we’ll use that. Make sure you tick required to make this mandatory for the Workbook.

Save your new parameter and then click the up arrow to move this section to the top of the page.

Now our query needs a slight adjustment to be able to use the time picker, below you can see I’ve created variables for the time ranges and substituted them into my query in the relevant locations.

let timeRangeStart = {TimeRange:start};
let timeRangeEnd = {TimeRange:end};
Heartbeat
| where TimeGenerated >= timeRangeStart and TimeGenerated <= timeRangeEnd
| summarize heartbeat_per_hour=count() by bin_at(TimeGenerated, 1h, timeRangeStart), Computer
| extend available_per_hour=iff(heartbeat_per_hour>0, true, false)
| summarize total_available_hours=countif(available_per_hour==true) by Computer
| extend total_number_of_buckets=round((timeRangeEnd-timeRangeStart)/1h)
| extend availability_rate=total_available_hours*100/total_number_of_buckets

Lastly we want to add a bit of colour to the report, a nice way to do this is to click on the Column Settings button, select availability rate and configure it to display as a bar. Making the colour palette Red to Green also means that the higher the number the more green the bar becomes allowing servers with poor availability to stand out.

Click save and there you have it a Server Availability Workbook for Azure Monitor. Save this workbook and you can access it from the workbook gallery and also pin it to an existing Azure Dashboard.

Management Pack Recap – July & August 2019 Wave

This is a summary of the wave of Management Packs that were released in July & August 2019. Information and download location in the links provided:

SQL SSRS & SSAS 7.0.17.0here

HP Storage v9.4here

If you know of any other Management Packs that have been released recently that I may have missed leave me a note in the comments and I’ll add them

SCOM: Updated Management packs for HP Storage

HP has released updated MPs to go with the new version of HP Oneview

It’s a solid update with useful new features such as integration with the new HTML 5 console.

What’s new in HPE OneView for Microsoft System Center 9.4?

The new version is available for download the HPE OneView Partner integration page and the HPE Storage Integration with Microsoft System Center page. It includes the following improvements:

  • HPE OneView for Microsoft System Center v.9.4 the latest HPE Storage array software. For more information, see Integration Matrix
  • HPE Storage Management Pack for System Center v.5.0 supports monitoring of HPE 3PAR StoreServ Storage systems with IPv4 and IPV6 connectivity
  • HPE OneView SCVMM Integration Kit v.5.0 supports HPE 3PAR StoreServ Storage systems with IPv4 and IPV6 connectivity
  • Support for HPE OneView 5.0
  • The System Center Operations Manager 2016 web console integration is now fully HTML5 compliant. The dependency on legacy frameworks has been removed to enable a predictable, consistent user experience for the web console users

SCOM: Updated SSRS and SSAS management pack v7.0.17.0

Updates to SQL Server Reporting Services and Analysis Services Management Packs have been released you can get them at the below links:

SSRS
SQL Server 2008 Reporting Services (Native Mode)
SQL Server 2012 Reporting Services (Native Mode)
SQL Server 2014 Reporting Services (Native Mode)
SQL Server 2016 Reporting Services (Native Mode)
SSAS
SQL Server 2008 Analysis Services
SQL Server 2012 Analysis Services
SQL Server 2014 Analysis Services
SQL Server 2016 Analysis Services


Fixes and changes for SSRS

  • SSRS 2016: Updated monitoring of Memory Consumption and CPU Usage in order to collect performance data for all subprocesses in addition to the main SSRS service process.
  • SSRS 2016: Updated monitors “Report manager accessible” and “Web service accessible” to consider specifics in how appropriate SSRS 2016 web services work
  • Added support for cases when connection string to SSRS Database is set up the way different from “MachineName\InstanceName” (e.g., <IPAddress,Port>) and SSRS Database is in Availability Group or hosted either by named instance or SQL Cluster instance
  • Improved descriptions of events thrown by management pack to make it easier to figure out error reason
  • Improved error handling and error descriptions for cases when workflows can’t get responses from WMI
  • Improved error handling in workflows that watch for memory consumption
  • Fixed Start/Stop tasks
  • Fixed issue that caused some workflows to throw error events when SQL Server instance hosting SSRS Databases happened to stop operating or refuse connections
  • Fixed issue which caused Reporting Service instance to get undiscovered when WMI didn’t respond to calls
  • Updated display strings

Fixes and changes for SSAS

  • Added performance collections for MDX Query performance counters
  • Added retry logic to some workflows in order to reduce “Category does not exist” errors thrown when WMI fail to respond
  • Improved error handling in workflows that watch for memory consumption
  • Improved descriptions of events thrown by management pack to make it easier to figure out error reason
  • Fixed Start/Stop tasks
  • Fixed issue when “SQLServerInstalled” property was set to “False” if SQL Server DB Engine was of higher version than SSAS instance
  • Updated Dashboards configuration to show tiles for new MDX performance collections
  • Updated display strings

Azure Bastion – Securely access your Azure VMs

As part of my Azure feature series lets take a look at Bastion (now in preview)

What is it?

Securing access to public facing cloud based VMs is a potentially risky and costly concern for businesses. Using services like JiT (Just in Time Access) to reduce the attack surface requires that your Security Center Service Plan has been upgraded to Standard as the service is not available on the Basic Service Plan.

Say hello to Azure Bastion

Now with Bastion you can remove the attack surface completely by allowing connections via port 443 for Windows and SSH for Linux integrated into the Azure Portal, thereby removing the risk of port scanning and removing the need for public facing IP addresses for your VMs.

Below are some of the key features currently available at this time:

Top-level Azure Bastion architecture

How to activate the Public Preview

The service is currently in preview, which means you need to activate it with the below steps:

  1. Make sure you are connected to the Azure Preview portal here
  2. Open Azure Shell and run the below three commands:
    (If you have the Az PowerShell module remember to change AzureRM to Az)
    • Register-AzureRmProviderFeature -FeatureName AllowBastionHost -ProviderNamespace Microsoft.Network
    • Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
    • Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network

Getting started

From the homepage of the Azure Preview Portal click + Create a resource and search for Bastion (Preview), then click create.

Choose your subscription and resource group, it is important to note that you have to create a subnet called AzureBastionSubnet. This value lets Azure know which subnet to deploy the Bastion resources to. It is recommend to use at least a /27 or larger subnet. Create the AzureBastionSubnet without any Network Security Groups, route tables, or delegations. Once done create the Bastion.

Once your Bastion is deployed, from the Azure Portal navigate to the VM you want to connect to and click connect, you will see a new option called BASTION next to the familiar RDP and SSH options. Enter the credentials and click Connect.

And there you have it, your VM is securely accessible through the Azure Portal without needing a public facing IP address.

Conclusion

Bastion is a fantastic and a much needed service which allows secure access to your cloud Windows and Linux VMs without any exposure of public IPs ultimately allowing the removal of the VM attack surface in your Azure environment.