Author Archives: Warren Kahn

SCOM vs. Azure Monitor

Recently I was invited to speak at Silect MP University about SCOM vs Azure Monitor, the session is available for viewing below.

Join me as I discuss the pros and cons of both tool as well as how to leverage them both individually and together for a variety of scenarios.

SCOM 2019: Update Rollup 3 released!

The much anticipated UR3 for SCOM 2019 is out as usual available through windows update or via the packages here

This is a solid update with many useful fixes and includes the security hotfix released last month for previous versions of SCOM 2019

Improvements and issues that are fixed

Operations Console fixes and changes

  • SCOM UI scaling issues for high resolution displays have been fixed to work seamlessly.
  • Some IPv4 resources were being discovered as IPv6 in a cluster where both resources co-existed. This logic has been fixed to ensure IPv4 resources are no longer discovered as IPv6.
  • The UR2 setup stalling issue at the “Removing backup files” stage has been fixed. The task wait time threshold has been set to 30 mins. It is also recommended to have Service Broker always enabled for smooth functioning of Operations Manager.
  • The assumption of having provider element to be the first reference in the connection string has been removed in the OleDB module.
  • Fixed the combo box related text issue regarding the domain of a new RunAs account getting incorrectly changed.This issue was arising when creating a new RunAs Account in the SCOM console for an account that belongs to an untrusted domain, the fix ensures that the domain of the newly created RunAs Account should remain the one initially specified during the account creation.
  • Fixed the “invalid class” error that was occurring when adding a subscriber with user details having more than 1024 attributes.
  • Daily aggregation of reports now takes date and time into consideration to ensure time-period calculation is accurate.
  • Fixed the monitoring agent related issue around formatted strings, these are now read from the provider dlls to show a localized string.
  • Fix has been provided for when the monitor erroneously turns critical due to the URL module incorrectly parsing the charset header value.

Web Console fixes and changes

  • The security issue regarding reverse tab nabbing has been fixed in the operations manager web console.
  • Fixed the filter issue that occurred when state view was created in “My Workspace” in the web console.
  • Global search option for Metrics section of Performance Widget in the Web Console has been fixed.

Other Fixes:

  • Updating Management Groups with a shared Data Warehouse to UR2 sometimes lead to issues with reports deployment. This is now fixed by restricting Installation of sealed MP with same version in the Data Warehouse.
  • Migrate SSL Admin certificates to Microsoft PKI – Pinning Thread for Agents
  • Fixed the issue that was occurring when the UR2 SQL patch is executed again on a previously patched database.
  • The deadlock issues arising when SCOM agents are put into maintenance mode using SCOM API with parallelism have been resolved by adding indexes and updating the SQL queries.
  • Performance improvement of the DB function fn_ManagedEntityLifetimeDependency.
  • Updated the scoping logic used in some State View queries and Console Cache Refresh queries for performance improvement.
  • Added “Recompile” flag for sprocs “p_SelectForTypeCache” and “p_SelectForNewTypeCache” for SCOM perf improvement.

Unix/Linux/Network monitoring fixes and changes:

  • The issue with SSH call failure leading to memory corruption has been fixed .
  • Fixed a thread race condition that was leading to Linux script based monitoring fails due to child process that failed to start.
  • Fixed an infinite loop condition, which was leading to the 100% CPU related issue.
  • The issue of the MonitoringHost.exe process crashing on the Management Servers that run the Unix/Linux workflows has been fixed.
  • Fixed the memory leak inside of the WsMan modules when UseMIAPI is enabled with workflows that have SplitItems set to TRUE for the EnumerateAsWA WriteAction.

Azure Monitor: Workbooks Auto Refresh!

Present Red Ribbon Gift Wrapping Box, PNG, 809x868px, Present, Box, Gift  Wrapping, Material Property, Packaging And
A present

The workbooks community must be well behaved because we’re getting presents all year round.

Just released is the ability to set a workbook to auto refresh, simply select the option from the tool bar at the top of the workbook page and choose a refresh interval.

I for one am loving all of the awesome features coming from the workbooks team and looking forward to what’s coming next!

Azure Monitor: Print your workbooks!

Just released you can now print your workbooks to PDF through new functionality in the Azure portal.

The ellipse button next to the pin for each workbook now reveals the Print content option

this opens the standard print menu that we all know and selecting the Save as PDF option will allow us to print our workbook

I’m a big fan of this and upcoming features!

Protect your Azure subscription IDs when presenting

I came across a great browser extension a while ago called Azure Mask. I’ve been following the development of it closely because for a while it didn’t work with Edge. That issue is now fixed so lets have a look.

Azure mask does exactly what it says on the tin, it will mask your Azure subscription IDs and make them appear blurred out, this is a great tool for anyone presenting or screen sharing in Azure.

Looking at the below you can see exactly that

There’s even a hand toggle to easily turn the mask on and off

Azure Mask is available for Chrome (so it works on Edge) and Firefox and is available here from GitHub big kudos to developer Brian Clark

SCOM 2016: UR10 released!

Update rollup 10 for SCOM is out you can get it here.

This is a reasonably solid update with a few fixes for some long outstanding issues.

Improvements and issues that are fixed


  • Management Pack Import is now compatible for SCOM 2007 –> SCOM 2016 Upgrade version when upgraded directly or Indirectly.
  • The exception which blocked further progress when the user attempted to configure web application availability monitoring has been fixed.
  • The security issue regarding reverse tabnabbing has been fixed in the operations manager web console.
  • Fixed the Cross-site Scripting (XSS) related security issue in the operations manager web console.
  • The cmdlet Export-SCOMEffectiveMonitoringConfiguration has been fixed to give a correct summary of the applicable monitors, rules and overrides on an object.
  • Quarterly report end date will be shown correctly for the first quarter when the “From” field is selected as “First day of previous quarter” and “To” field is selected as “Last day of previous quarter”.
  • Reports have been fixed to not show objects which have been deleted before the selected start time.
  • VB scripts for partition and grooming, calculate operations manager free space and detecting duplicate agent will now run without failure even if SNAC or MSOLEDBSQL are not installed.
  • The issue regarding the TLS 1.2 compatibility in the OleDB module has been fixed. It is no longer mandatory for the provider element to be the first reference in the connection string.
  • Fix has been provided for when the monitor erroneously turned critical due to the URL module incorrectly parsing the charset header value.
  • The  .NET API  issue regarding scheduling reports via the schedule management wizard has now been fixed.  
  • Performance improvement: Added “Recompile” hint to the stored procedures “p_SelectForTypeCache” and “p_SelectForNewTypeCache” that run frequently on SCOM DB.

What Windows Event Logs am I collecting in Azure Monitor Logs?

With Event Log collection in Azure Monitor Logs (Log Analytics), if the log name is too long you can’t see the full name in the UI and it can be tricky to check what the log is.

Especially if you don’t have data yet.

Here’s a quick script using Get-AzOperationalInsightsDataSource that will display the event logs you are collecting.

$RG = "Resource Group Name"
$WS = "Workspace Name"

$Log = Get-AzOperationalInsightsDataSource -Kind WindowsEvent -ResourceGroupName $RG -WorkspaceName $WS

$Log.Properties.EventLogName

SCOM 2019: New version of the SQL Management Pack v7.0.24.0

The latest version of the SQL version agnostic mp is out you can get it here

What’s New

  • Added a new “Securables Configuration Status” monitor targeted to SQL Server databases
  • Updated the “Product Version Compliance” monitor with the most recent versions of public updates for SQL Server
  • Updated the “Securables Configuration Status” monitor targeted to the DB Engine when a SQL Server instance participates in Availability Groups
  • Removed the “Securables Configuration Status” monitor targeted to the Availability Replica as non-useful
  • Updated the “SQL Server Database Engines” discovery; the “Netbios Computer Name” property is now uppercased.
  • Added reports from version-specific management packs for SQL Server
  • Updated monitor “Job Duration” to add current job run’s duration to its alert description
  • Updated Web Console version of SQL MP Dashboards to support SCOM 2019 UR1
  • Updated alert description of monitor “Securables Configuration Status”
  • Added “CheckStartupType” property to SSIS Health Status monitor
  • Revised columns of SQL Agent and SQL Agent Jobs state views
  • Updated display strings

Issues Fixed

  • Fixed error “Unsupported path format” in workflows targeting Filegroups
  • Fixed discovery error on non-readable availability replicas
  • Fixed wrong Run As profile in SSIS Seed Discovery
  • Fixed issue that caused rule “Disable Discovery of Selected DB Engines” to fail
  • Fixed discovery issue for databases in recovering state
  • Fixed issue in monitor “Securables Configuration Status” when it went critical on Shared-Memory-only SQL Servers
  • Fixed the Alerting Rules data source to avoid an alert storm after exiting maintenance mode
  • Fixed the SQL Log Reader data source to support changing of the SQL Authentication method
  • Fixed the Performance Reader data source to support changing of the SQL Authentication method

Azure Monitor Agent (AMA) goes preview

The new Azure Monitor Agent, is available for preview in the Azure Portal, lets have a look at how to configure data collection for this new experience.

If the Azure Monitor blade there are a couple of changes, we’re interested in the new option called Data Collection Rules this is how we’ll tell out new agent what data to collect.

Clicking new we can see there’s a few tabs to configure, under Basics, we need to name our rule, choose a subscription and resource group.

Next we need to choose the Virtual Machines we can to add to the rule, this will also deploy the agent to the VM if necessary. Note that due to the agent being in preview that it is not available in all regions currently.

Below the selected machines are all set and ready to go.

Finally we need to configure what this rule is collecting, you can choose logs or metrics and you can be more granular then before when it comes to log collection with a custom filter.

You can also have log and metrics collections in the same rule.

Once everything is configured simply click create, the agent will be deployed if necessary and the collection will start.

Easy as pie, enjoy the new monitoring experience!

SCOM 2019: Scheduled reports fail to run – The job failed. Unable to determine if the owner has access

I encountered a minor issue today which luckily proved simple to solve. Hopefully this proves useful to others.

The Issue:

In a brand new SCOM 2019 deployment the scheduled reports weren’t sending. After investigation I found the below error in the Application log on the SSRS server:

SQL Server Scheduled Job ’62A9826E-082B-4ACD-9270-6BC13FC260BE’ (0x832F33183531EF4483665BBBFCCEBD9A) – Status: Failed – Invoked on: 2020-08-05 11:00:00 – Message: The job failed. Unable to determine if the owner (DOMAIN\USER) of job 62A9826E-082B-4ACD-9270-6BC13FC260BE has server access (reason: Could not obtain information about Windows NT group/user ‘DOMAIN\USER’, error code 0x5. [SQLSTATE 42000] (Error 15404)).

The Solution

The SSRS Instance, in this case SQL 2016 SP2, was deployed using system accounts for the SQL Server and SQL agent services. Simply changing these to use a domain account with access to the SQL instance resolved the issue and reports started sending shortly after.

See the source image