Upcoming Webinar to Discuss and Detail the On-Prem Security Monitoring for Microsoft Sentinel Solution

Last month, I announced an on-premises solution for gathering and filtering events and alerts prior to sending them to Microsoft Sentinel. As you can imagine the solution is a game-changer for providing immediate cost savings for sending data to the cloud. Since that announcement, the solution, the On-Prem Security Monitoring for Sentinel, has taken on … Continue reading Upcoming Webinar to Discuss and Detail the On-Prem Security Monitoring for Microsoft Sentinel Solution →

VSAE – Create a Management Pack for discovery

One of my clients wanted me to give him the right way to create Management Packs with VASE using Visual Studio. The client used to create a Management Pack containing a class and discovery as well as a few monitors and rules, then, the client imports his Management Pack and starts modifying it with the … Continue reading VSAE – Create a Management Pack for discovery →

SCOM Alert Update Connector Pro The easy way to ticket alerts.

There is a cool tool by scom2k7 Team. After an easy setup process, and a MP import, you will get an easy to use interface where you can create personalized alerts for each team/ Supports SCOM 2012R2 and up. The installation is pretty straight forward and can be done on any of your Management Servers. … Continue reading SCOM Alert Update Connector Pro The easy way to ticket alerts. →

Infrastructure – System Center Operations Manager – SQL Query for SCOM Maintenance mode schedules

SCOM maintenance schedules list views only display names and comments. In order to view affected objects you are required to open the schedules to see the server list. This SQL query will display semicolon delimited list of the affects objects for each schedule. Below is a SQL query you can utilize to see all SCOM … Continue reading Infrastructure – System Center Operations Manager – SQL Query for SCOM Maintenance mode schedules →

SSRS – There are misconfigured data sources

Background Occasionally we may receive the following alert: SSRS 2012: There are misconfigured data sources Gentleman, Start your hacking So let’s rip open the MP and see what’s going on. After going recursively bottom to top I finally understood that this is the DataSource being referenced in the monitor/probe: <ProbeActionModuleType ID="Microsoft.SQLServer.2012.ReportingServices.ProbeAction.TSQLCountersReportingServiceCustom" Accessibility="Internal" Batching="false" PassThrough="false"> And … Continue reading SSRS – There are misconfigured data sources →

Installing SCOM 2019 fails with “Error: :PopulateUserRoles: failed”

Background I recently came across a scenario where installing SCOM 2019 fails shortly after the Operational database configuration step, specifically during the Populating User Roles sequence. The installation account used is a member of the sysadmin SQL role and SQL server is configured to run with native security, so this behavior was not expected. Investigating … Continue reading Installing SCOM 2019 fails with “Error: :PopulateUserRoles: failed” →

SCOM DB Fragmentation Issue

Sometimes SCOM environments slowness is occurring because of SQL fragmented indexes. Fragmentation happens when the logical order of pages in an index does not match the physical order in the data file. Because fragmentation can affect the performance of some queries, you need to monitor the fragmentation level of your indexes and, if required, perform … Continue reading SCOM DB Fragmentation Issue →

How to associate an account to SCOM unit monitor

In this blogpost, I’ll run through an example of how to associate a Run as Account to script monitor. In SCOM, the way to delegate permissions is by setting a profile and an account that is linked to that profile, we will create the profile in the Management Pack and then attach the profile to … Continue reading How to associate an account to SCOM unit monitor →

Time zone issues when copying SCOM alerts

Background When trying to copy-paste (ctrl+c, ctrl+v) alerts from the SCOM console to an Excel worksheet or just a text file, we noticed that the Created field values where different from the ones displayed in the console. There was a two-hour difference. As it turns out, the server was configured in a GMT+2 time zone, … Continue reading Time zone issues when copying SCOM alerts →

Unable to start SCOM ACS collector service – Event ID 4661

Problem Description and Symptoms: The Operations Manager Audit Collections Service is not starting with the following error and event Id: Event ID 4661 Error : AdtServer encountered the following problem during startup: Task: Load Certificate Failure: Certificate for SSL based authentication could not be loaded Error: 0x80092004 Error Message: Cannot find object or property. … Continue reading Unable to start SCOM ACS collector service – Event ID 4661 →