Upcoming Webinar to Discuss and Detail the On-Prem Security Monitoring for Microsoft Sentinel Solution

Last month, I announced an on-premises solution for gathering and filtering events and alerts prior to sending them to Microsoft Sentinel. As you can imagine the solution is a game-changer for providing immediate cost savings for sending data to the cloud. Since that announcement, the solution, the On-Prem Security Monitoring for Sentinel, has taken on … Continue reading Upcoming Webinar to Discuss and Detail the On-Prem Security Monitoring for Microsoft Sentinel Solution →

VSAE – Create a Management Pack for discovery

One of my clients wanted me to give him the right way to create Management Packs with VASE using Visual Studio. The client used to create a Management Pack containing a class and discovery as well as a few monitors and rules, then, the client imports his Management Pack and starts modifying it with the … Continue reading VSAE – Create a Management Pack for discovery →

SCOM Alert Update Connector Pro The easy way to ticket alerts.

There is a cool tool by scom2k7 Team. After an easy setup process, and a MP import, you will get an easy to use interface where you can create personalized alerts for each team/ Supports SCOM 2012R2 and up. The installation is pretty straight forward and can be done on any of your Management Servers. … Continue reading SCOM Alert Update Connector Pro The easy way to ticket alerts. →

SCOM: MSSQLServer Event ID 28005

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, but also dabbles with all things Systems Center. Recently, while implementing SCOM 2019 in a customer's environment, I ran into an issue when trying to install agents; the discovery wizard would never complete the 'discovery' process. After making … Continue reading SCOM: MSSQLServer Event ID 28005 →

SSRS – There are misconfigured data sources

Background Occasionally we may receive the following alert: SSRS 2012: There are misconfigured data sources Gentleman, Start your hacking So let’s rip open the MP and see what’s going on. After going recursively bottom to top I finally understood that this is the DataSource being referenced in the monitor/probe: <ProbeActionModuleType ID="Microsoft.SQLServer.2012.ReportingServices.ProbeAction.TSQLCountersReportingServiceCustom" Accessibility="Internal" Batching="false" PassThrough="false"> And … Continue reading SSRS – There are misconfigured data sources →

Installing SCOM 2019 fails with “Error: :PopulateUserRoles: failed”

Background I recently came across a scenario where installing SCOM 2019 fails shortly after the Operational database configuration step, specifically during the Populating User Roles sequence. The installation account used is a member of the sysadmin SQL role and SQL server is configured to run with native security, so this behavior was not expected. Investigating … Continue reading Installing SCOM 2019 fails with “Error: :PopulateUserRoles: failed” →

SCOM DB Fragmentation Issue

Sometimes SCOM environments slowness is occurring because of SQL fragmented indexes. Fragmentation happens when the logical order of pages in an index does not match the physical order in the data file. Because fragmentation can affect the performance of some queries, you need to monitor the fragmentation level of your indexes and, if required, perform … Continue reading SCOM DB Fragmentation Issue →

How to create a new SCOM class and subclass

SCOM Admin needs to know the basic structure of Management packs and knowledge about classes and objects, what are the differences between the classes, and what is the projection of choosing a class. Management packs provided by the products companies like Microsoft for Active Directory Exchange, and so forth, do the work for us, by … Continue reading How to create a new SCOM class and subclass →

How to associate an account to SCOM unit monitor

In this blogpost, I’ll run through an example of how to associate a Run as Account to script monitor. In SCOM, the way to delegate permissions is by setting a profile and an account that is linked to that profile, we will create the profile in the Management Pack and then attach the profile to … Continue reading How to associate an account to SCOM unit monitor →

Time zone issues when copying SCOM alerts

Background When trying to copy-paste (ctrl+c, ctrl+v) alerts from the SCOM console to an Excel worksheet or just a text file, we noticed that the Created field values where different from the ones displayed in the console. There was a two-hour difference. As it turns out, the server was configured in a GMT+2 time zone, … Continue reading Time zone issues when copying SCOM alerts →