In the SCOM server we  might  start Getting 31552 ->Exception 'SqlException': Timeout expired very frequently and  We will also see that the SQL server hosting the database role of the SCOM server going high on utilization of resources  and remaining for a long time.

Event Type:        Error

Event Source:    Health Service Modules

Event Category:                Data Warehouse

Event ID:              31552

Date:                     7/20/2009

Time:                     1:33:04 AM

User:                     N/A

Computer:          <RMS SERVER NAME>

Description:

Failed to store data in the Data Warehouse.

Exception 'SqlException': Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.

One or more workflows were affected by this. 

Workflow name: Microsoft.SystemCenter.DataWarehouse.StandardDataSetMaintenance

Instance name: Client Monitoring data set

Instance ID: {ED9228A4-9CAD-5782-CA20-7067D119EAFA}

Management group: <Management GROUPNAME>

For more information, see Help and Support Center at <http://go.microsoft.com/fwlink/events.asp>.

This can happen if the alert are not processed and is on the staging table. In order to overcome this issue we can do the following.

IMP Note: As there are database changes make sure that you have a valid database backup before you go ahead and perform these actions.

Run the following quries

select count(*) from Alert.AlertStage

select count (*) from Event.eventstage

select count (*) from Perf.PerformanceStage

select count (*) from state.statestage

The count on these tables will have count increasing and decresing. IF you find that any particular table is having huge count in lakhs like the one I had for the alert stage table. Follow the following.

In my case I had around 16 lakh + rows in alert stage table which will never get processed. So what I did is backup of the table and cleared the backlogs. For the same used the following

SELECT count(*) from ALert.AlertStage

SELECT * INTO ALert.AlertStage_backup FROM ALert.AlertStage

SELECT count(*) from ALert.AlertStage_backup

TRUNCATE TABLE ALert.AlertStage

SELECT count(*) from ALert.AlertStage

Then to make sure that the alert data is processing we ran the query

exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248'.This GUID was available for the alert data when we ran the query select * from StandardDataset

Query Result.

============

6AF799BD-2CCC-41CF-97FD-058E2CBF9248          Alert      0              0              1              AlertProcessStaging        01:00     240                2009-07-20 11:17:19.690

6F9FBA1B-EAE3-4071-AFA9-2101A81AA463         Event    0              0              1              EventProcessStaging      01:00     240                2009-07-20 11:17:16.033

06268CB1-F9C4-4195-AA67-7BB2EFD5224D          State     0              48           1              StateProcessStaging       01:00     240                2009-07-20 11:16:29.797

7EAE1679-17F5-4BA6-B685-9867A88C00E1            CM         0              28           1              AemProcessStaging        00:00     240                2009-07-20 11:17:25.017

C7E7D06C-6D00-46F2-819D-CB7D206EC361          Perf       0              48           1              PerformanceProcessStaging       01:00     240                2009-07-20 11:17:25.203

If we have any error when we run  exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248'. Then need to troubleshoot on that error which the results in the query windows displays. Else we can try running the count query (SELECT count(*) from ALert.AlertStage) and make sure that the data is coming in and going out as well.

While running the exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248', check if we are getting errors . If we have are getting error
“Sql execution failed. Error 8115, Level 16, State 1, Procedure -, Line 1, Message: Arithmetic overflow error converting IDENTITY to data type int.”
Then follow these steps of backing up the alert staging table

Modify  the IDENTITY values for the Alert_GUID table by the running the following query, since it was well beyond 800 million
For correcting this

Select max(AlertRowId) from Alert_GUID

This will give you a value . Please note this value.

DBCC CHECKIDENT(‘Alert.Alert_GUID’,RESEED,<maximum value of the result in the previous query + 1>)

Again try to run the stored procedure and ensure its success.

Once the same is done you can see that the CPU utilization will also come down as well as the frequency of 31552 errors.Now if you want to put back this data you can do it bit by bit using the following quires.

WHILE (SELECT COUNT(*) FROM ALert.AlertStage_backup) > 0

BEGIN

INSERT TOP(1000) INTO ALert.AlertStage

([AlertGuid],[AlertProblemGuid],[ManagedEntityRowId]

,[AlertName],[AlertDescription],[Severity],[Priority]

,[Category],[WorkflowRowId],[MonitorAlertInd],[DateTime]

,[RaisedDateTime],[SiteName],[RepeatCount] ,[AlertStringGuid]

,[ParameterHash],[DBCreatedDateTime],[DWCreatedDateTime],[DWLastModifiedDateTime])

SELECT

[AlertGuid],[AlertProblemGuid],[ManagedEntityRowId]

,[AlertName],[AlertDescription],[Severity],[Priority]

,[Category],[WorkflowRowId],[MonitorAlertInd],[DateTime]

,[RaisedDateTime],[SiteName],[RepeatCount] ,[AlertStringGuid]

,[ParameterHash],[DBCreatedDateTime],[DWCreatedDateTime],[DWLastModifiedDateTime]

FROM ALert.AlertStage_backup

DELETE TOP(1000) FROM ALert.AlertStage_backup

This will take a huge time depending on the number of rows.Once processed please drop table FROM ALert.AlertStage_backup.

What this will do it will put 1000 alerts at a time to the backup table to the staging table to process. And the completion of this will take time depending on the number of backlogs.

If alert data is not so important for you can drop this table ALert.AlertStage_backup.

The same can be checked for other (event, performance) staging tables as well.

Problem

=======

While trying to generate the report when you click on search button for findings objects \ groups you get the following error.

Application: System Center Operations Manager 2007

Application Version: 6.0.6278.0

Severity: Error

Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

This error comes on the console screen as well as on the SQL server event viewer Event ID: 18456.

The SQL error log will show

2009-07-21 16:11:46.34 Logon       Error: 18456, Severity: 14, State: 11.

2009-07-21 16:11:46.34 Logon       Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: <RMS SERVER IP ADDRESS>]

Resolution

========

When checked and found that the SDK and Config are running with the local system account. We changed it to domain account as the Database server was in a different server and as per the link http://technet.microsoft.com/en-us/library/bb432146.aspx  it is better to use domain account.

NOTE: If the root management server and the Operations Manager database are on different computers, the SDK and Config Service account will need to be changed to a domain account. For better security, we recommend that you use an account different from the one used for the Management Server Action Account. To change these accounts, see the topic How to Change the SDK and Config Service Accounts in Operations Manager 2007 in this guide and a Knowledge Base article at http://go.microsoft.com/fwlink/?LinkId=112435

We followed the following KB to change it to the domain account http://support.microsoft.com/kb/936220 and after that everything started working fine.

Few possible resolution to overcome the CPU utilization by scom agents.

1) Make sure that the Script scan is not enabled by default in the antivirus you are using. If it is enabled disable the same and check

2)Make sure that the \Program Files\System Center Operations Manager 2007\Health Service State is excluded from the real time scan and from schedule in case you are seeing the CPU spike at the time of schedule scan.

3)Make sure that you have the latest antivirus residing in your machine

4)Make sure that the Windows Script 5.7 is there in your system

2003

http://www.microsoft.com/downloads/details.aspx?FamilyID=f00cb8c0-32e9-411d-a896-f2cd5ef21eb4&DisplayLang=en

Xp

http://www.microsoft.com/downloads/details.aspx?FamilyID=47809025-d896-482e-a0d6-524e7e844d81&DisplayLang=en

2000

http://www.microsoft.com/downloads/details.aspx?FamilyID=c03d3e49-b40e-4ca1-a0c7-cc135ec4d2be&DisplayLang=en

5)Also you can check for the noisy alerts\script if any and disable those. You can make use of this blogs for the same

http://blogs.technet.com/jeevanbisht/archive/2008/12/09/OpsMgr-2007-How-to-identify-what-script-is-running-on-the-agents-_2F00_-frequency-_2F00_-parameters.aspx

http://blogs.technet.com/kevinholman/archive/2007/10/18/useful-operations-manager-2007-sql-queries.aspx

As a response to a alert we can run a script, what I tried here was how can I run and when I run how can I use the parameters of the alert if I need to do something and for that I just exported the data and wrote it to a file named alert .txt.

This screenshot of how to set the alert when creating an alert.

Screenshot and script

=================

Though Parameters to the script shoes only the target ID you can even insert the data of the alert as well.

Script

====

'====================

'testscript.vbs

'Description: This script writes the text passed as argument and in our case it is alert parameters

'This information can be used to do many things.

'====================

On Error Resume Next

Const ForWriting = 2

Const ForReading = 1

Const ForAppending = 8

Const TristateFalse = 0

Set fso = CreateObject("Scripting.FileSystemObject")

Set GObjArgs = WScript.Arguments

GStrCmd = GObjArgs(0)

Call crypt(GStrCmd)

Sub crypt(msg)

n = Len(msg)

set objArgs = WScript.Arguments

for each strArg in objArgs

                msg = msg & strArg & “  “

next

    output = msg

Set GObjLocalF = fso.OpenTextFile("c:\test\Test.txt",ForWriting,True)

GObjLocalF.WriteLine output

GObjLocalF.Close

End Sub

 ============================

What I tried here was to just understand how the parameters can be brought in to the script so that we can do wonders using VBSCRIPT for recoveries of the alerts and make \ automate SCOM more. Hope this information will be useful.

 Hope this will be helpful

Operation Manger Database

How Operations manager grooming works and how to check

The grooming settings are stored inthe databasein the PartitionandGroomingSettings table. Each table uses a different stored procedure to groom. You can run the following command which can give you the jobs and the groomingruntime  to check when it was last run.

select  ObjectName,GroomingSproc, DaysToKeep,GroomingRunTime from dbo.PartitionAndGroomingSettings

You can run the following query select*from dbo.InternalJobHistory

Which can let you know when the groom job has been executed and on failure the Status Code = 0 and for success Status Code = 1. The comments can also give use the clue why the same failed.

Operation Manger Database DW

How Operations manager DW grooming works and how to check

In the data warehouse the dataset maintenance task for each dataset (Event ,alert, performance, state). This is run every minute as a part of this the stage data is processed and then you can see that the groom job will be triggered.  To find the GUID you can run the following command. select*from StandardDataset once you get the GUID how the processing is done is the stored proc StandardDatasetMaintenance. (exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248'. This GUID was available for the alert data when we ran the query select * from StandardDataset).

Now how to check if grooming is working or not. First run the query to check the retention dates.

select ds.datasetDefaultName AS'Dataset Name', sda.AggregationTypeId AS'Agg Type 0=raw, 20=Hourly, 30=Daily', sda.MaxDataAgeDays AS'Retention Time in Days'

from dataset ds, StandardDatasetAggregation sda

WHERE ds.datasetid = sda.datasetid ORDERby ds.datasetDefaultName

Now to check how much data for each data is there you can use this query

SELECTDATEDIFF(d,MIN(DWCreatedDateTime),GETDATE())AS [Current] FROM Alert.vAlert

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMEvent.vEvent

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROM Perf.vPerfRaw

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROM Perf.vPerfHourly

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROM Perf.vPerfDaily

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMState.vStateRaw

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMState.vStateHourly

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMState.vStateDaily

Once you are able to find that a particular dataset has number data that what you have configured. You need to troubleshoot like this.

The first thing you should do if you suspect the grooming jobs are not running properly is check the event logs on the RMS.
If you don't see any errors, you can increase the logging debuglevel for the grooming jobs by running the following query:

Update StandardDataSet

Set DebugLevel = 3

Where DebugLevel != 3

Note: The available levels for grooming are 0,1,2,3 with each level increasing the verbosity of information logged. The default value is 0 for all datasets. Once debuglevel is increased to 3 all grooming and aggregation jobs for the specified dataset will be logged to the DebugMessage table. And for the same you can run this

select*from DebugMessage

The last column in this table, OperationDurationms is the duration it took for the grooming job to complete. Look for any really high duration, it could mean the grooming job is timing out. Please check if there are continuous NULL values as that also means timeouts.

Many a times the failure can arise when the standarddatabase maintenance dataset is not running correctly. This can happen when lot of data is there on staging tables and you can use this link for more details http://blogs.technet.com/b/sudheesn/archive/2009/07/28/getting-31552-exception-sqlexception-timeout-expired-very-frequently-in-scom-server.aspx

Operation Manger Audit collection Database

How Operations manager Audit collection grooming works and how to check

Every 198 seconds, a “Checkpoint” is initiated on the database. At this point, we also check if any partitions in a status of “2” are older than Number of Partitions * 86400 (both configurable). If they are, dbdeletepartition.sql is initiated against the partition GUID.

To check this you can run command SELECT*FROM dtconfig.

The "Partition Close Time" field in the dtpartition table to determine if a partition is elegable for grooming. selectmin(Partitionclosetime)from dtPartitionAnd this should be not graeter than 17 days if you had set 15 days data period.

 ==============================================================================================

Sudheesh Narayanaswamy | Support Engineer | Microsoft

Audit Collector in Operations Manager 2007 is one of the most frequently used. When I was supporting the SCOM and ACS, the challenge many of customers informed me was that applying filter query using adtadmin tool. This is more important to make sure that unnecessary data is not inserted to the ACS database and that the ACS database is within the manageable size limits.

You can get more details from this link on the Adtadmin tool.

http://technet.microsoft.com/en-us/library/bb309436.aspx

This tool designed by me is a GUI tool which uses adtadmin tool behind but will make the user level experience better. This will work with the following condition.

·         This tool is supposed to run only on ACS collector system

·         This is not for complex quires.

·         This tool can be run with a user having administrator rights

·         With System with UAC enabled you need to use Run as Administrator to the tool.

I have tested this with Windows Server 2003 and Windows Server 2008 but keep in mind that this is not an official Microsoft tool and just something that I created for my own personal use.  As such, Microsoft makes no warranties or guarantee's regarding the applicability of this utility, nor does Microsoft support the use of this tool in any way. This is just one of those 'use at your own risk' type of things that hopefully you'll find helpful

If you have any question please let me know.

Hope this will be Helpful

Sudheesh N

Sudheesh.Narayanaswamy@microsoft.com

In the SCOM server we  might  start Getting 31552 ->Exception 'SqlException': Timeout expired very frequently and  We will also see that the SQL server hosting the database role of the SCOM server going high on utilization of resources  and remaining for a long time.

Event Type:        Error

Event Source:    Health Service Modules

Event Category:                Data Warehouse

Event ID:              31552

Date:                     7/20/2009

Time:                     1:33:04 AM

User:                     N/A

Computer:          <RMS SERVER NAME>

Description:

Failed to store data in the Data Warehouse.

Exception 'SqlException': Timeout expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.

One or more workflows were affected by this. 

Workflow name: Microsoft.SystemCenter.DataWarehouse.StandardDataSetMaintenance

Instance name: Client Monitoring data set

Instance ID: {ED9228A4-9CAD-5782-CA20-7067D119EAFA}

Management group: <Management GROUPNAME>

For more information, see Help and Support Center at <http://go.microsoft.com/fwlink/events.asp>.

This can happen if the alert are not processed and is on the staging table. In order to overcome this issue we can do the following.

IMP Note: As there are database changes make sure that you have a valid database backup before you go ahead and perform these actions.

Run the following quries

select count(*) from Alert.AlertStage

select count (*) from Event.eventstage

select count (*) from Perf.PerformanceStage

select count (*) from state.statestage

The count on these tables will have count increasing and decresing. IF you find that any particular table is having huge count in lakhs like the one I had for the alert stage table. Follow the following.

In my case I had around 16 lakh + rows in alert stage table which will never get processed. So what I did is backup of the table and cleared the backlogs. For the same used the following

SELECT count(*) from ALert.AlertStage

SELECT * INTO ALert.AlertStage_backup FROM ALert.AlertStage

SELECT count(*) from ALert.AlertStage_backup

TRUNCATE TABLE ALert.AlertStage

SELECT count(*) from ALert.AlertStage

Then to make sure that the alert data is processing we ran the query

exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248'.This GUID was available for the alert data when we ran the query select * from StandardDataset

Query Result.

============

6AF799BD-2CCC-41CF-97FD-058E2CBF9248          Alert      0              0              1              AlertProcessStaging        01:00     240                2009-07-20 11:17:19.690

6F9FBA1B-EAE3-4071-AFA9-2101A81AA463         Event    0              0              1              EventProcessStaging      01:00     240                2009-07-20 11:17:16.033

06268CB1-F9C4-4195-AA67-7BB2EFD5224D          State     0              48           1              StateProcessStaging       01:00     240                2009-07-20 11:16:29.797

7EAE1679-17F5-4BA6-B685-9867A88C00E1            CM         0              28           1              AemProcessStaging        00:00     240                2009-07-20 11:17:25.017

C7E7D06C-6D00-46F2-819D-CB7D206EC361          Perf       0              48           1              PerformanceProcessStaging       01:00     240                2009-07-20 11:17:25.203

If we have any error when we run  exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248'. Then need to troubleshoot on that error which the results in the query windows displays. Else we can try running the count query (SELECT count(*) from ALert.AlertStage) and make sure that the data is coming in and going out as well.

While running the exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248', check if we are getting errors . If we have are getting error
“Sql execution failed. Error 8115, Level 16, State 1, Procedure -, Line 1, Message: Arithmetic overflow error converting IDENTITY to data type int.”
Then follow these steps of backing up the alert staging table

Modify  the IDENTITY values for the Alert_GUID table by the running the following query, since it was well beyond 800 million
For correcting this

Select max(AlertRowId) from Alert_GUID

This will give you a value . Please note this value.

DBCC CHECKIDENT(‘Alert.Alert_GUID’,RESEED,<maximum value of the result in the previous query + 1>)

Again try to run the stored procedure and ensure its success.

Once the same is done you can see that the CPU utilization will also come down as well as the frequency of 31552 errors.Now if you want to put back this data you can do it bit by bit using the following quires.

WHILE (SELECT COUNT(*) FROM ALert.AlertStage_backup) > 0

BEGIN

INSERT TOP(1000) INTO ALert.AlertStage

([AlertGuid],[AlertProblemGuid],[ManagedEntityRowId]

,[AlertName],[AlertDescription],[Severity],[Priority]

,[Category],[WorkflowRowId],[MonitorAlertInd],[DateTime]

,[RaisedDateTime],[SiteName],[RepeatCount] ,[AlertStringGuid]

,[ParameterHash],[DBCreatedDateTime],[DWCreatedDateTime],[DWLastModifiedDateTime])

SELECT

[AlertGuid],[AlertProblemGuid],[ManagedEntityRowId]

,[AlertName],[AlertDescription],[Severity],[Priority]

,[Category],[WorkflowRowId],[MonitorAlertInd],[DateTime]

,[RaisedDateTime],[SiteName],[RepeatCount] ,[AlertStringGuid]

,[ParameterHash],[DBCreatedDateTime],[DWCreatedDateTime],[DWLastModifiedDateTime]

FROM ALert.AlertStage_backup

DELETE TOP(1000) FROM ALert.AlertStage_backup

This will take a huge time depending on the number of rows.Once processed please drop table FROM ALert.AlertStage_backup.

What this will do it will put 1000 alerts at a time to the backup table to the staging table to process. And the completion of this will take time depending on the number of backlogs.

If alert data is not so important for you can drop this table ALert.AlertStage_backup.

The same can be checked for other (event, performance) staging tables as well.

Problem

=======

While trying to generate the report when you click on search button for findings objects \ groups you get the following error.

Application: System Center Operations Manager 2007

Application Version: 6.0.6278.0

Severity: Error

Message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

This error comes on the console screen as well as on the SQL server event viewer Event ID: 18456.

The SQL error log will show

2009-07-21 16:11:46.34 Logon       Error: 18456, Severity: 14, State: 11.

2009-07-21 16:11:46.34 Logon       Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: <RMS SERVER IP ADDRESS>]

Resolution

========

When checked and found that the SDK and Config are running with the local system account. We changed it to domain account as the Database server was in a different server and as per the link http://technet.microsoft.com/en-us/library/bb432146.aspx  it is better to use domain account.

NOTE: If the root management server and the Operations Manager database are on different computers, the SDK and Config Service account will need to be changed to a domain account. For better security, we recommend that you use an account different from the one used for the Management Server Action Account. To change these accounts, see the topic How to Change the SDK and Config Service Accounts in Operations Manager 2007 in this guide and a Knowledge Base article at http://go.microsoft.com/fwlink/?LinkId=112435

We followed the following KB to change it to the domain account http://support.microsoft.com/kb/936220 and after that everything started working fine.

Few possible resolution to overcome the CPU utilization by scom agents.

1) Make sure that the Script scan is not enabled by default in the antivirus you are using. If it is enabled disable the same and check

2)Make sure that the \Program Files\System Center Operations Manager 2007\Health Service State is excluded from the real time scan and from schedule in case you are seeing the CPU spike at the time of schedule scan.

3)Make sure that you have the latest antivirus residing in your machine

4)Make sure that the Windows Script 5.7 is there in your system

2003

http://www.microsoft.com/downloads/details.aspx?FamilyID=f00cb8c0-32e9-411d-a896-f2cd5ef21eb4&DisplayLang=en

Xp

http://www.microsoft.com/downloads/details.aspx?FamilyID=47809025-d896-482e-a0d6-524e7e844d81&DisplayLang=en

2000

http://www.microsoft.com/downloads/details.aspx?FamilyID=c03d3e49-b40e-4ca1-a0c7-cc135ec4d2be&DisplayLang=en

5)Also you can check for the noisy alerts\script if any and disable those. You can make use of this blogs for the same

http://blogs.technet.com/jeevanbisht/archive/2008/12/09/OpsMgr-2007-How-to-identify-what-script-is-running-on-the-agents-_2F00_-frequency-_2F00_-parameters.aspx

http://blogs.technet.com/kevinholman/archive/2007/10/18/useful-operations-manager-2007-sql-queries.aspx

As a response to a alert we can run a script, what I tried here was how can I run and when I run how can I use the parameters of the alert if I need to do something and for that I just exported the data and wrote it to a file named alert .txt.

This screenshot of how to set the alert when creating an alert.

Screenshot and script

=================

Though Parameters to the script shoes only the target ID you can even insert the data of the alert as well.

Script

====

'====================

'testscript.vbs

'Description: This script writes the text passed as argument and in our case it is alert parameters

'This information can be used to do many things.

'====================

On Error Resume Next

Const ForWriting = 2

Const ForReading = 1

Const ForAppending = 8

Const TristateFalse = 0

Set fso = CreateObject("Scripting.FileSystemObject")

Set GObjArgs = WScript.Arguments

GStrCmd = GObjArgs(0)

Call crypt(GStrCmd)

Sub crypt(msg)

n = Len(msg)

set objArgs = WScript.Arguments

for each strArg in objArgs

                msg = msg & strArg & “  “

next

    output = msg

Set GObjLocalF = fso.OpenTextFile("c:\test\Test.txt",ForWriting,True)

GObjLocalF.WriteLine output

GObjLocalF.Close

End Sub

 ============================

What I tried here was to just understand how the parameters can be brought in to the script so that we can do wonders using VBSCRIPT for recoveries of the alerts and make \ automate SCOM more. Hope this information will be useful.

 Hope this will be helpful

Operation Manger Database

How Operations manager grooming works and how to check

The grooming settings are stored inthe databasein the PartitionandGroomingSettings table. Each table uses a different stored procedure to groom. You can run the following command which can give you the jobs and the groomingruntime  to check when it was last run.

select  ObjectName,GroomingSproc, DaysToKeep,GroomingRunTime from dbo.PartitionAndGroomingSettings

You can run the following query select*from dbo.InternalJobHistory

Which can let you know when the groom job has been executed and on failure the Status Code = 0 and for success Status Code = 1. The comments can also give use the clue why the same failed.

Operation Manger Database DW

How Operations manager DW grooming works and how to check

In the data warehouse the dataset maintenance task for each dataset (Event ,alert, performance, state). This is run every minute as a part of this the stage data is processed and then you can see that the groom job will be triggered.  To find the GUID you can run the following command. select*from StandardDataset once you get the GUID how the processing is done is the stored proc StandardDatasetMaintenance. (exec StandardDatasetMaintenance @DatasetId=' 6AF799BD-2CCC-41CF-97FD-058E2CBF9248'. This GUID was available for the alert data when we ran the query select * from StandardDataset).

Now how to check if grooming is working or not. First run the query to check the retention dates.

select ds.datasetDefaultName AS'Dataset Name', sda.AggregationTypeId AS'Agg Type 0=raw, 20=Hourly, 30=Daily', sda.MaxDataAgeDays AS'Retention Time in Days'

from dataset ds, StandardDatasetAggregation sda

WHERE ds.datasetid = sda.datasetid ORDERby ds.datasetDefaultName

Now to check how much data for each data is there you can use this query

SELECTDATEDIFF(d,MIN(DWCreatedDateTime),GETDATE())AS [Current] FROM Alert.vAlert

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMEvent.vEvent

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROM Perf.vPerfRaw

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROM Perf.vPerfHourly

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROM Perf.vPerfDaily

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMState.vStateRaw

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMState.vStateHourly

SELECTDATEDIFF(d,MIN(DateTime),GETDATE())AS [Current] FROMState.vStateDaily

Once you are able to find that a particular dataset has number data that what you have configured. You need to troubleshoot like this.

The first thing you should do if you suspect the grooming jobs are not running properly is check the event logs on the RMS.
If you don't see any errors, you can increase the logging debuglevel for the grooming jobs by running the following query:

Update StandardDataSet

Set DebugLevel = 3

Where DebugLevel != 3

Note: The available levels for grooming are 0,1,2,3 with each level increasing the verbosity of information logged. The default value is 0 for all datasets. Once debuglevel is increased to 3 all grooming and aggregation jobs for the specified dataset will be logged to the DebugMessage table. And for the same you can run this

select*from DebugMessage

The last column in this table, OperationDurationms is the duration it took for the grooming job to complete. Look for any really high duration, it could mean the grooming job is timing out. Please check if there are continuous NULL values as that also means timeouts.

Many a times the failure can arise when the standarddatabase maintenance dataset is not running correctly. This can happen when lot of data is there on staging tables and you can use this link for more details http://blogs.technet.com/b/sudheesn/archive/2009/07/28/getting-31552-exception-sqlexception-timeout-expired-very-frequently-in-scom-server.aspx

Operation Manger Audit collection Database

How Operations manager Audit collection grooming works and how to check

Every 198 seconds, a “Checkpoint” is initiated on the database. At this point, we also check if any partitions in a status of “2” are older than Number of Partitions * 86400 (both configurable). If they are, dbdeletepartition.sql is initiated against the partition GUID.

To check this you can run command SELECT*FROM dtconfig.

The "Partition Close Time" field in the dtpartition table to determine if a partition is elegable for grooming. selectmin(Partitionclosetime)from dtPartitionAnd this should be not graeter than 17 days if you had set 15 days data period.

 ==============================================================================================

Sudheesh Narayanaswamy | Support Engineer | Microsoft

Audit Collector in Operations Manager 2007 is one of the most frequently used. When I was supporting the SCOM and ACS, the challenge many of customers informed me was that applying filter query using adtadmin tool. This is more important to make sure that unnecessary data is not inserted to the ACS database and that the ACS database is within the manageable size limits.

You can get more details from this link on the Adtadmin tool.

http://technet.microsoft.com/en-us/library/bb309436.aspx

This tool designed by me is a GUI tool which uses adtadmin tool behind but will make the user level experience better. This will work with the following condition.

·         This tool is supposed to run only on ACS collector system

·         This is not for complex quires.

·         This tool can be run with a user having administrator rights

·         With System with UAC enabled you need to use Run as Administrator to the tool.

I have tested this with Windows Server 2003 and Windows Server 2008 but keep in mind that this is not an official Microsoft tool and just something that I created for my own personal use.  As such, Microsoft makes no warranties or guarantee's regarding the applicability of this utility, nor does Microsoft support the use of this tool in any way. This is just one of those 'use at your own risk' type of things that hopefully you'll find helpful

If you have any question please let me know.

Hope this will be Helpful

Sudheesh N

Sudheesh.Narayanaswamy@microsoft.com

From SCCM 2012 we have the alert and notification feature. Till Sp1 the mail notification was restricted to endpoint protection but from Sp1 we have this for all the component which can create alert. Since it is least used feature at times while troubleshooting we have lack of articles which help us to understand the flow.

In this article what we are trying to see is how can we configure and test the alert and notification feature.

When you configure the Email notification you have a option to test if we can send a mail,

Please understand that the mail will be send from the top of the hierarchy. The logs which logs the information is NotiCtrl.log

The mail is send by the top most sever in the Hierarchy. (ie The central administration site or Primary when we have a primary standalone server)

Whenever an alert is generated and we have a subscription associated to this then the SMS_ALERT_NOTIFICATION component will trigger a mail as per the subscription.

How to configure the alert and configure subscription is there in this link

https://technet.microsoft.com/en-in/library/hh427334.aspx

Now when you click on Test SMTP server this is what is happening

NotiCtrl.log

[NotiCtrl]: NOTIFY job manager ( 1, 0, C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\3.TST ).    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:32 PM    3836 (0x0EFC)
Testing SMTP connection, server name: cmsecondary1.Contoso.com, port: 25    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:32 PM    3836 (0x0EFC)
Impersonation is about to start …    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:32 PM    3836 (0x0EFC)
Impersonation succeed, current user identity is: contoso\administrator    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:32 PM    3836 (0x0EFC)
Impersonation is reverted.    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:33 PM    3836 (0x0EFC)
Test SMTP connection succeeded. Server name: cmsecondary1.Contoso.com, port: 25, authentication type: Other    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:33 PM    3836 (0x0EFC)
[NotiCtrl]: EVENT raised ( 1, 0, C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\3.TST ).    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:34 PM    3836 (0x0EFC)
[NotiCtrl]: 1 instruction file processed.    SMS_ALERT_NOTIFICATION    3/3/2015 1:09:34 PM    3836 (0x0EFC)

This is done using the WMI methods under the provider class SMS_Subscription. (GetTestSmtpConnectionResult Method and TestSmtpConnection Method)

• https://msdn.microsoft.com/en-us/library/hh949798.aspx
• https://msdn.microsoft.com/en-us/library/hh949066.aspx
• https://msdn.microsoft.com/en-us/library/hh949800.aspx

Once this is done we are sure that the server can send Emails.

On the database you can see the result on the test

select * from [dbo].[AlertEmailTestConnection]

Now assuming that we have a subscription lets see what happens when an alert is created.

Alert ID for the alert I tried was 1.

Once we have a update in the Alert the smsdbmon will drop the trigger file

smsdbmon .log

RCV: UPDATE on Alert for SMS_Alert_ins_upd_SMSProv [1  ][18336]    SMS_DATABASE_NOTIFICATION_MONITOR    3/3/2015 1:35:59 PM    328 (0x0148)
RCV: UPDATE on AlertForTrigger for SMS_Alert_upd_SMSProv_AlertForTrigger [1  ][18337]    SMS_DATABASE_NOTIFICATION_MONITOR    3/3/2015 1:35:59 PM    328 (0x0148)
RCV: UPDATE on AlertForTrigger for AlertForTrigger_ALE [1  ][18338]    SMS_DATABASE_NOTIFICATION_MONITOR    3/3/2015 1:35:59 PM    328 (0x0148)
SND: Dropped C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\1.ALE  [18338]    SMS_DATABASE_NOTIFICATION_MONITOR    3/3/2015 1:36:00 PM    328 (0x0148)
SQL>>>delete from TableChangeNotifications where RecordID in (18336,18337,18338)    SMS_DATABASE_NOTIFICATION_MONITOR    3/3/2015 1:36:00 PM    328 (0x0148)

NotiCtrl.log

[NotiCtrl]: NOTIFY job manager ( 1, 0, C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\1.ALE ).    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:11 PM    3836 (0x0EFC)
Added new job, alert ID: 1, locale ID: 1033    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:11 PM    3836 (0x0EFC)
[NotiCtrl]: EVENT raised ( 1, 0, C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\1.ALE ).    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:11 PM    3836 (0x0EFC)
[NotiCtrl]: 1 instruction file processed.    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:11 PM    3836 (0x0EFC)
[NotiCtrl]:    Alert Notification Manager has received a new job request    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:11 PM    3836 (0x0EFC)
[NotiCtrl]: WAIT 3 event(s) for 5 minute(s) and 0 second(s).    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:11 PM    3836 (0x0EFC)
Use custom subject template for alert type 24    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:12 PM    1860 (0x0744)
Use custom body template for alert type 24    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:12 PM    1860 (0x0744)
Impersonation is about to start …    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:12 PM    1860 (0x0744)
Impersonation succeed, current user identity is: contoso\administrator    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:12 PM    1860 (0x0744)
Impersonation is reverted.    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:30 PM    1860 (0x0744)
Successfully sending email to: administrator@contoso.com for Alert: 1    SMS_ALERT_NOTIFICATION    3/3/2015 1:26:30 PM    1860 (0x0744)

if you don't have subscription the NotiCtrl.log would look like this

[NotiCtrl]: NOTIFY job manager ( 1, 0, C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\1.ALE ).    SMS_ALERT_NOTIFICATION    3/3/2015 1:47:32 PM    3836 (0x0EFC)
[NotiCtrl]: EVENT raised ( 1, 0, C:\Program Files\Microsoft Configuration Manager\inboxes\notictrl.box\1.ALE ).    SMS_ALERT_NOTIFICATION    3/3/2015 1:47:32 PM    3836 (0x0EFC)
[NotiCtrl]: 1 instruction file processed.    SMS_ALERT_NOTIFICATION    3/3/2015 1:47:32 PM    3836 (0x0EFC)
[NotiCtrl]: WAIT 3 event(s) for 5 minute(s) and 0 second(s).    SMS_ALERT_NOTIFICATION    3/3/2015 1:47:32 PM    3836 (0x0EFC)

This table will tell you the information of the alerts subscription send.

select * from [dbo].[AlertEmailNotification]

Hope this information will be useful in troubleshooting alerts and subscriptions in Configuration Manager 2012

Sudheesh N

This posting /Script  is provided "AS IS" with no warranties and confers no rights

This script will help to read the list of update ID from a file and then approve them for a specific group

#Change server name and port number and $True if it is on SSL
[String]$updateServer1 = "CMCAS"
[Boolean]$useSecureConnection = $False
[Int32]$portNumber =8530

#Group to which you need to approve
$groupname = "CMCAS-CG"
#File where update if for the updates to be installed are saved
$path = "C:\temp\Updateid.csv"

# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

# Connect to WSUS Server
$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)
write-host "Connected sucessfully To WSUS server >>>…." -foregroundcolor "yellow"
Import-csv -path $path -Header updateid | foreach `
{
     $approveupdate =$approveupdate =$_.updateID
     $isavup= 'False'
     $u = $updateServer.GetUpdates()
     foreach ($u1 in $u )
    {
         $a=New-Object Microsoft.UpdateServices.Administration.UpdateRevisionId
         $a=$u1.id

        #checking if the update ID in question is to be approved if yes approve else loop through
            if ($a.UpdateId -eq $approveupdate)

            { 
                 $isavup= 'True'
                 $group = $updateServer.GetComputerTargetGroups() | where {$_.Name -eq $groupname}
                 $isapp=$u1.GetUpdateApprovals($group)
                 #Checking if already approved and if not approve it
                 if ($isapp.action -eq 'Install')
                 {
                 write-host "Update ID: " $a.UpdateId "For Group :" $groupname  "already approved" -foregroundcolor "yellow"
                 }
                 else
                 {                
                  write-host "Approving update " $a.UpdateId "For Group :" $groupname   -foregroundcolor "yellow"
                  $group = $updateServer.GetComputerTargetGroups() | where {$_.Name -eq $groupname}
                  $u1.Approve(“Install”,$group) | out-null
                  }
            }
    }
    if ($isavup -eq 'False')
    {
    write-host "Update ID" $approveupdate "Not in WSUS Database"   -foregroundcolor "yellow"
    }
}

#This will help to catch the exception if any and display

trap
{
write-host "Error Occurred"
write-host "Exception Message: "
write-host $_.Exception.Message
write-host $_.Exception.StackTrace
exit
}
# EOF

Sample File for input update ID

Output will be like this

Sudheesh N

This posting /Script  is provided "AS IS" with no warranties and confers no rights

UpdateApproval.zip

Details on how to configure UDA to work automatically id in this link

How to configure the site to automatically create user device affinities

Configuration Manager reads data about user logons from the Windows Event log. To be able to automatically create user device affinities, you must enable the following two settings from the local security policy on client computers to store logon events in the Windows Event log.

• Audit account logon events
• Audit logon events

Make sure that these events are logged in the security event logs.

https://technet.microsoft.com/en-in/library/cc787176(v=ws.10).aspx

https://technet.microsoft.com/en-in/library/cc787567(v=ws.10).aspx

To allow sufficient data for user device affinity, also set the policy Maximum security log size to a reasonable value such as 5-20 MB.

If we don’t have events in security events (log on events )the feature will not work

Once you have the UDA settings set in the client settings the same flows to the client as policy.

When the client goes through a log off or log on events  you would see  the following in the useraffinity.log

UserAffinity.log

=============

>>>>>>Starting processing user logoff event<<<<<<        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

User logoff task with user 'S-1-5-21-221200290-1771598541-1852605787-500'        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

Current time '1425542823' as user logoff time        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

Active logon event for user 'S-1-5-21-221200290-1771598541-1852605787-500' was found in WMI 'CCM_UserLogonEvents.LogonTime="1424772550",UserSID="S-1-5-21-221200290-1771598541-1852605787-500"'. Set its LogoffTime to 1425542823.        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

>>>>>>Finished processing user logoff event<<<<<<        UserAffinity        3/5/2015 1:37:03 PM        3304 (0x0CE8)

>>>>>>Starting processing user logon event<<<<<<        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

User logon task with user 'S-1-5-21-221200290-1771598541-1852605787-500' and session ID '1'        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

Get user logon time '1425542833' (CurrentTime: 1425542838)        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

Created user logon instance 'CCM_UserLogonEvents.UserSID='S-1-5-21-221200290-1771598541-1852605787-500',LogonTime=1425542833' in WMI.        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

>>>>>>Finished processing user logon event<<<<<<        UserAffinity        3/5/2015 1:37:18 PM        3304 (0x0CE8)

UserAffinityProvider.log

===================

The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf'        UserAffinityProvider        3/5/2015 1:37:03 PM        508 (0x01FC)

GetAllInstances – 8 instance(s) of 'CCM_UserLogonEvents' found        UserAffinityProvider        3/5/2015 1:37:03 PM        508 (0x01FC)

GetAllInstances – 8 instance(s) of 'CCM_UserLogonEvents' found        UserAffinityProvider        3/5/2015 1:37:18 PM        508 (0x01FC)

Later when the affinity agent will run the affinity usage Task . This happens once in a day  or if we restart the ccmexec service

UserAffinity.log

==============

3/5/2015 7:40:43 AM        UserAffinity        3304 (0x0CE8)        >>>>>>Starting processing user affinity usage task<<<<<<

3/5/2015 7:40:43 AM        UserAffinity        3304 (0x0CE8)        Auto affinity threshold settings Days = '1', User minutes threshold = '360', Auto approve affinity = '1'.

3/5/2015 7:40:43 AM        UserAffinity        3304 (0x0CE8)        Clean up agents user logon events…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Retrieving user minutes map…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Loading approved and pending user affinities…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Checking if any pending affinity is approved…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        User 'contoso\administrator' in pending affinity is not approved yet

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Checking usage minutes per user against current minutes threshold…

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        User 'contoso\administrator' has 1440 usage minutes

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Setting auto affinity for user 'contoso\administrator'.

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        Found same state message existing. (was sent before) Skip sending same state message for user 'contoso\administrator'..

3/5/2015 7:40:44 AM        UserAffinity        3304 (0x0CE8)        >>>>>>Finished processing user affinity usage task<<<<<<

UserAffinityProvider.log

====================

3/5/2015 7:40:43 AM        UserAffinityProvider        3972 (0x0F84)        The state message store path is: 'C:\Windows\CCM\UserAffinityStore.sdf'

3/5/2015 7:40:44 AM        UserAffinityProvider        3972 (0x0F84)        GetAllInstances – 13 instance(s) of 'CCM_UserLogonEvents' found

3/5/2015 7:40:44 AM        UserAffinityProvider        3216 (0x0C90)        GetAllInstances – 13 instance(s) of 'CCM_UserLogonEvents' found

Once done it will create a state message which will send to the serve which will update the information ion the database

State message with TopicType 1600 and TopicId contoso/administrator_Auto and State 1 has been updated        StateMessage        3/5/2015 1:45:12 PM        4068 (0x0FE4)

State 1 means SET affinity

Sate 2 means REMOVE affinity

Now this state message flows as usual state message and insert in to the database

Hope this would be helpful.

Sudheesh N

This posting /Script  is provided "AS IS" with no warranties and confers no rights

At time troubleshooting on cases we had to decline updates which are superseded  from the WSUS and hence help to make sure that the no of updates the update agent scan is reduced.

=========================================================

#Change server name and port number and $True if it is on SSL

[String]$updateServer1 = "CMCAS"

[Boolean]$useSecureConnection = $False

[Int32]$portNumber =8530

# Load .NET assembly

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")

$count = 0

# Connect to WSUS Server

$updateServer = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer1,$useSecureConnection,$portNumber)

write-host "<<<Connected sucessfully >>>" -foregroundcolor "yellow"

$updatescope = New-Object Microsoft.UpdateServices.Administration.UpdateScope

$u=$updateServer.GetUpdates($updatescope )

foreach ($u1 in $u )

{

if ($u1.IsSuperseded -eq 'True')

{

write-host Decline Update : $u1.Title

$u1.Decline()

$count=$count + 1

}

}

write-host Total Declined Updates: $count

trap

{

write-host "Error Occurred"

write-host "Exception Message: "

write-host $_.Exception.Message

write-host $_.Exception.StackTrace

exit

}

# EOF

==========================================================

This posting /Script  is provided "AS IS" with no warranties and confers no rights

At times we get request on that we need to refresh the package or we need to distribute the package for a specific set of DP.
This scripts helps in distributing any kind of content (Application, legacy package, SUM package, driver package etc ) on the .
It uses two input files ($path1 = "c:\temp\server.csv"   ,$path2 = "c:\temp\Package.csv")
The first one you can enter the server names and in the second the package names .
Script
=======
Function Refresh-SpecificDP($ar) {
    $dpFound = $false
    $packageID=$ar[0]
    $siteCode=$ar[1]
    $dpName= $ar[2]
    If ($packageID.Length -ne 8)
    {
        Throw "Invalid package"
    }
    $distPoints = Get-WmiObject -Namespace "root\SMS\Site_$($siteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$packageID'"
    ForEach ($dp In $distPoints)
    {
        If ((($dp.ServerNALPath).ToUpper()).Contains($dpName.ToUpper()))
        {
            $dpFound = $true
            Try {
                $dp.RefreshNow = $true
                $dp.Put() | Out-Null
                #$dpName + " – " + $packageID
                }
            Catch [Exception]
            {
                return $_.Exception.Message
            }
        }
    }
    If ($dpFound -eq $false)
    {
        Throw "No results returned."
    }
}
#main pgm
$path1 = "c:\temp\server.csv"
$path2 = "c:\temp\Package.csv"
$SiteCode='CAS'
Import-csv -path $path1 -Header servername | foreach `
{
    $ServerName=$_.servername
    Import-csv -path $path2 -Header  Packageid | foreach `
    {
        $pkgID=$_.Packageid
        $PackageType= ""
        $a= Get-CMPackage | Select-Object  PackageID | Where-Object {$_.PackageID -eq $pkgID }
        if ($a.PackageID -eq $pkgID)
        {
        $PackageType= "Package"
        }
        $a= Get-CMApplication  | Select-Object  PackageID | Where-Object {$_.PackageID -eq $pkgID }
        if ($a.PackageID -eq $pkgID)
        {
        $PackageType= "Application"
        }
        $a= Get-CMDriverPackage  | Select-Object  PackageID | Where-Object {$_.PackageID -eq $pkgID }
        if ($a.PackageID -eq $pkgID)
        {
        $PackageType= "Driver"
        }
        $a= Get-CMBootImage  | Select-Object  PackageID | Where-Object {$_.PackageID -eq $pkgID }
        if ($a.PackageID -eq $pkgID)
        {
        $PackageType= "BootImage"
        }
        $a= Get-CMOperatingSystemImage  | Select-Object  PackageID | Where-Object {$_.PackageID -eq $pkgID }
        if ($a.PackageID -eq $pkgID)
        {
        $PackageType= "OSImage"
        }
         If($PackageType -eq "Package")
                    {
                       $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PkgID' and serverNALPath like '%$Servername%'" | Select-Object ServerNALPath
                          if ($distpoints.ServerNALPath.length -eq 0) {
                        #echo "This is a Package"
                        start-CMContentDistribution -PackageId   "$pkgID" -DistributionPointName "$ServerName"
                         write-host "Distributing Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                        }
                        else {
                         write-host "Re-Distribting Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                         $ar=$PkgID,$SiteCode,$Servername
                        Refresh-SpecificDP ($ar)
                        }
                    }
                    #For applications
                    If($PackageType -eq "Application")
                    {
                                                                                 $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PkgID' and serverNALPath like '%$Servername%'" | Select-Object ServerNALPath
                          if ($distpoints.ServerNALPath.length -eq 0) {
                        #echo "This is an Application"
                        start-CMContentDistribution -ApplicationID  "$pkgID" -DistributionPointName "$ServerName"
                                                                                                write-host "Distributing Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                        }
                        else {
                         write-host "Re-Distribting Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                         $ar=$PkgID,$SiteCode,$Servername
                        Refresh-SpecificDP ($ar)}
                    }
                    #For Driverpackages
                    If($PackageType -eq "Driver")
                    { $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PkgID' and serverNALPath like '%$Servername%'" | Select-Object ServerNALPath
                          if ($distpoints.ServerNALPath.length -eq 0) {
                        #echo "This is a Driver"
                        Start-CMContentDistribution -DriverPackageID  "$pkgID" -DistributionPointName "$ServerName"
                                                                                                write-host "Distributing Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                        }
                        else {
                         write-host "Re-Distribting Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                         $ar=$PkgID,$SiteCode,$Servername
                        Refresh-SpecificDP ($ar)}
                    }
                    #For BootImages
                    If($PackageType -eq "BootImage")
                    { $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PkgID' and serverNALPath like '%$Servername%'" | Select-Object ServerNALPath
                          if ($distpoints.ServerNALPath.length -eq 0) {
                        #echo "This is a BootImage"
                        Start-CMContentDistribution -BootImageID  "$pkgID" -DistributionPointName "$serverName"
                                                                                                write-host "Distributing Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                        }
                        else {
                         write-host "Re-Distribting Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                         $ar=$PkgID,$SiteCode,$Servername
                        Refresh-SpecificDP ($ar)}
                    }
                    #For OSImage
                    If($PackageType -eq "OSImage")
                    { $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PkgID' and serverNALPath like '%$Servername%'" | Select-Object ServerNALPath
                          if ($distpoints.ServerNALPath.length -eq 0) {
                        #echo "This is a OSimage"
                        Start-CMContentDistribution –OperatingSystemImageID  "$pkgID" -DistributionPointName "$serverName"
                                                                                                write-host "Distributing Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                        }
                        else {
                         write-host "Re-Distribting Package :"  $pkgID "of type " $PackageType "to DP:" $serverName
                         $ar=$PkgID,$SiteCode,$Servername
                        Refresh-SpecificDP ($ar)}
                     }
    }
}

Hope this helps

Sudheesh Narayanaswamy

This posting /Script  is provided "AS IS" with no warranties and confers no rights

We had requirements on to collect the information of Install date for updates which is not usually collected using inventory.

The below Steps will help to get that information in to SCCM database

1) Import the Cab file

• Take the attached file–> Update Details.cab
• In your ConfigMgr 12 console, on Assets and Compliance, Compliance Settings
• Right-click on "Configuration Baseline"  and Import this file (http://technet.microsoft.com/en-us/library/hh691016.aspx )
• Once done deploy the baseline to the collection of machines from which you need.(http://technet.microsoft.com/en-us/library/hh219289.aspx )

2) Import the MOF file so that SMS_DEF.MOF is updated in 2012 this is how you do

• On the console, Administration -> Client Settings ->  right-click 'Default Client Settings' ->and go to properties.
• Select Hardware Inventory, then on the right "Set Classes.
• Click Import and browse to the updatedetails.mof file you saved.

Content of MOF file
========================================
[ SMS_Report (TRUE),

  SMS_Group_Name ("CM_UpdateDetails"),
  SMS_Class_ID ("MICROSOFT|CM_UPDATEDETAILS|1.0"),
  Namespace ("root\\\\cimv2") ]
class CM_UpdateDetails : SMS_Class_Template
{
    [ SMS_Report (TRUE), key ]
    String     HotFixID;
    [ SMS_Report (TRUE) ]
    String     Installdate;
    [ SMS_Report (TRUE) ]
    String     Installedby;
    [ SMS_Report (TRUE) ]
    String     UpdateType;
};

============================================
You will get the data in the query
select * from v_GS_CM_UPDATEDETAILS

=======================================================================

The powershell script use to create a WMI entry is also available in the Zip file.

This posting /Script  is provided "AS IS" with no warranties and confers no rights

Update.zip

Let us say that we have sample XMl file like this

<?xml version="1.0" encoding="utf-8"?>
<note>
  <to>ToAll</to>
  <from>FromME</from>
  <heading>Reminder</heading>
  <body>Hello World!</body>
</note>

The following will read the file and get us the value of the nodes

$path= "C:\Sample.xml"
$oXMLDocument=New-Object System.XML.XMLDocument 
$oXMLDocument.Load($path) 
write-host "Value to To:" $oXMLDocument.note.to
write-host "Value to From:"$oXMLDocument.note.from
write-host "Value to Heading:"$oXMLDocument.note.heading
write-host "Value to Body:"$oXMLDocument.note.body

This is easy but when i had a do this and checked how it took me lot of time to come to this.

So thought of sharing

Hope it will be helpful

Sudheesh Narayanaswamy

==========================================================

This posting /Script  is provided "AS IS" with no warranties and confers no rights

The application model of Configuration Manager 2012 uses Configuration Items. So the deployment and policy creation is a little different from the package creation. I am trying here to explain the flow of events which happens till the policy created on the server for a specific deployment.

When you create the deployment for an application the SMS provide inserts the data to the basic table and depending on the trigger, it will update the table change notification tables as any other process does.

The application details are as below which is was used

Application ID : ScopeId_2A471255-BD73-43F1-B1C0-613FC1A40798/Application_c637da7c-a62d-494e-a71e-b863b1a7196b/1
Application CI_ID :224
Deployment ID : {D82B1B46-9636-4560-AE1A-22110840A7AC}
Assignment ID : 1677218
Collection SITEID: 00100015 ,
Collection ID : 14

Now the SMSDBMON comes to action

You would see the following changes and corresponding files getting dropped by SMSDBMON

RCV: INSERT on CI_CIAssignments for CIAssignmentNotify_iu [16777218 ][157236] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: INSERT on RBAC_ChangeNotification for Rbac_Sync_ChangeNotification [431 ][157237] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: INSERT on CrpChange_Notify for CrpChange_Notify_ins [14 ][157238] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777218 ][157239] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777218 ][157240] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_ADDED [16777218 ][157241] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777218 ][157242] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RCV: INSERT on RBAC_ChangeNotification for Rbac_Sync_ChangeNotification [432 ][157243] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)

CIA File is dropped in objgmgr.box
Modified trigger definition for Object Replication Manager[CIAssignmentNotify_iu]: table CI_CIAssignments(AssignmentID) on insert,update, file CIA in dir C:\Program Files\Microsoft Configuration Manager\inboxes\objmgr.box\ SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
SND: Dropped C:\Program Files\Microsoft Configuration Manager\inboxes\objmgr.box\16777218.CIA [157236] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
RBC file is dropped for the RBAC on hman.box
Modified trigger definition for Hierarchy Manager[Rbac_Sync_ChangeNotification]: table RBAC_ChangeNotification(ID) on insert, file RBC in dir C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\ SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
SND: Dropped C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\431.RBC [157237] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
CRP file for the policypv.box with <collectionID>.CRP
Modified trigger definition for Policy Targeting Evaluator[CrpChange_Notify_ins]: table CrpChange_Notify(CollectionID) on insert, file CRP in dir C:\Program Files\Microsoft Configuration Manager\inboxes\policypv.box\policytargeteval\ SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)
SND: Dropped C:\Program Files\Microsoft Configuration Manager\inboxes\policypv.box\policytargeteval\14.CRP [157238] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:56:58 PM 2536 (0x09E8)

There are few other files which get dropped bases on the CI Model, currently not taking in to consideration on this.

Now the Objreplmgr component then picks the CIA file and process the same

***** Processing Application Assignment {D82B1B46-9636-4560-AE1A-22110840A7AC} ***** SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:58 PM 2932 (0x0B74)
Deleting notification file C:\Program Files\Microsoft Configuration Manager\inboxes\objmgr.box\16777218.CIA SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:58 PM 2932 (0x0B74)
Found file trigger for C:\Program Files\Microsoft Configuration Manager\inboxes\objmgr.box\16777218.ADD SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:58 PM 2932 (0x0B74)
Info: Sussessfully get New CI Added notification file C:\Program Files\Microsoft Configuration Manager\inboxes\objmgr.box\16777218.ADD for CI Assignment Id 16777218, new CI added to this assignment SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:58 PM 2932 (0x0B74)
CI Assignment {D82B1B46-9636-4560-AE1A-22110840A7AC} has 1 Targeted CI(s) SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:58 PM 2932 (0x0B74)
PolicyID {D82B1B46-9636-4560-AE1A-22110840A7AC} PolicyVersion 1.00 PolicyHash SHA256:387A3415CDE9CE97E3213077D3DD3305FAF79085F5B156A4186F89740436CBF0 SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:58 PM 2932 (0x0B74)
Notifying policy provider about changes in policy content/targeting SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:59 PM 2932 (0x0B74)
Successfully created policy for CI Assignment {D82B1B46-9636-4560-AE1A-22110840A7AC} SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:59 PM 2932 (0x0B74)
Catalog evaluation: Getting model id for CI Assignment ID = 16777218 SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:59 PM 2932 (0x0B74)
Catalog table insert/update evaluation for Model Id 224 SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:56:59 PM 2932 (0x0B74)
Notifying policy provider about changes in policy content/targeting SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:00 PM 2932 (0x0B74)
Successfully updated Policy Targeting for CI Assignment {D82B1B46-9636-4560-AE1A-22110840A7AC} SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:00 PM 2932 (0x0B74)

Once this is completed you would find the CI_assignments table update

At the same time the CRP file which is dropped in the

Found 14.CRP SMS_POLICY_PROVIDER 8/23/2015 6:56:58 PM 2796 (0x0AEC)
Adding to delete list: C:\Program Files\Microsoft Configuration Manager\inboxes\policypv.box\policytargeteval\14.CRP SMS_POLICY_PROVIDER 8/23/2015 6:56:58 PM 2796 (0x0AEC)
–WaitForInboxChangeNotification SMS_POLICY_PROVIDER 8/23/2015 6:57:00 PM 2796 (0x0AEC)

Now the objereplmgr find the related CI items and do the needful. The relation is like this for CI_ID related to this application with CI_ID 224

Assigned CIs: [ 39 226 ] SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:00 PM 2932 (0x0B74)
Begin processing Assigned CI: [39] SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:00 PM 2932 (0x0B74)
39 Referenced VS CIs: [ ] SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:00 PM 2932 (0x0B74)
VersionInfo policy for CI 39 is Machine type SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:00 PM 2932 (0x0B74)
VersionInfo policy for CI 39 is Machine type SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
PolicyID Windows/All_Windows_Client_Server/VI/VS PolicyVersion 1.00 PolicyHash SHA256:2D646F6A67F56E7A13A7EBF26C6488EA4BB7D9C2AA83447DFC3B3647B9015243 SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
VersionInfo policy for CI 39 is up-to-date SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
VersionInfo policy Windows/All_Windows_Client_Server/VI/VS is up-to-date SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
Begin processing Assigned CI: [226] SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
Creating VersionInfo policy for CI 226 SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
Creating VersionInfo policy ScopeId_2A471255-BD73-43F1-B1C0-613FC1A40798/RequiredApplication_c637da7c-a62d-494e-a71e-b863b1a7196b/VI/VS SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
226 Referenced VS CIs: [ 224 225 149 122 133 ] SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:01 PM 2932 (0x0B74)
##############
##############
You would then see that the CI_assignment processing is done
Successfully updated CRCs for CI Assignment {D82B1B46-9636-4560-AE1A-22110840A7AC} SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:05 PM 2932 (0x0B74)
Successfully processed Application Assignment {D82B1B46-9636-4560-AE1A-22110840A7AC} SMS_OBJECT_REPLICATION_MANAGER 8/23/2015 6:57:05 PM 2932 (0x0B74)

We would then see that PAC file getting dropped by smsdbmon

Modified trigger definition for Policy Targeting Evaluator[PolicyAssignmentChg_Notify_iu]: table PolicyAssignmentChg_Notify(PADBID) on insert,update, file PAC in dir C:\Program Files\Microsoft Configuration Manager\inboxes\policypv.box\policytargeteval\ SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:57:13 PM 2536 (0x09E8)
SND: Dropped C:\Program Files\Microsoft Configuration Manager\inboxes\policypv.box\policytargeteval\16809612.PAC [157247] SMS_DATABASE_NOTIFICATION_MONITOR 8/23/2015 6:57:13 PM 2536 (0x09E8)

The policy provider then would see that processing

Found the certificate that matches the SHA1 hash. SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
Completed batch with beginning PADBID = 16809612 ending PADBID = 16809614. SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
–Process Policy Changes SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
Found some Policy changes, returning New LastRowversion=0x000000000035604C SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
Processing Updated Policies SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)

Building Collection Change List from New and Targeting Changed Policies SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
–Update Policy Targeting Map SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
**** Evaluating Collection 14 for targeting changes **** SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
Advanced client policy changes detected for collection 14, *** 3 Added & 0 Deleted ***. SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)
–Process Policy Targeting Map SMS_POLICY_PROVIDER 8/23/2015 6:57:19 PM 3720 (0x0E88)

You should then see the relation in respolicymap table for the all the members of the collection

Hope this Helps

Sudheesh Narayanaswamy