Monday, April 10, 2017

SCOM - New Community MP for Monitoring Windows Services

A couple of months ago I came across a blog post from SCOM community contributor Andy Leibundgut describing a new management pack he'd authored to help monitor Windows Services using SCOM and I was keen to give it a test drive to see exactly what it could do.

Built-in Windows Service Monitoring Option

You might be thinking to yourself that this capability has to be available already out of the box with SCOM and you'd be correct. The Windows Service Monitoring Template (accessible from the Authoring workspace in the SCOM console and shown in the image below) will walk you through a wizard to help configure a custom monitor for a Windows Service that might not be automatically monitored with a vendor management pack.

The Problem

This template wizard certainly meets the requirements of bringing Windows services into SCOM but as Andy points out in his post, there's a lot of monitoring bloat that comes with each service monitoring configuration you create using the template - each service has its own class, its own discovery and comes with 3 monitors and 8 overrides!

Also, if you have a large number of custom Windows services to monitor (a common request from my customers), then using the built-in template in the console to create a monitor for each one can be fairly time-consuming.

The Solution

With these points in mind, Andy looked into a better method of spinning up monitors in SCOM for Windows services without having to deal with the extra bloat and cumbersome on-boarding process for multiple services. The solution he came up with comprises a new management pack and a PowerShell-based Service MP Editor complete with an easy-to-follow user interface (shown below).

Along with the Service MP Editor, the new management pack contains the following features for monitoring Windows Services:

  • Uses the same data source for Windows Service monitoring that SCOM uses.
  • Date and time filtering so you can exclude certain days/times from monitoring on a per-service or service object basis.
  • Handy console tasks for starting, stopping and checking the status of the Windows Service.
  • Automatic service recovery (disabled by default). Works on a 3 strikes and you’re out format (overrideable setting where after 3 failures in a 24 hour period it will stop trying to restart the service). 
  • Timer reset monitor (closes itself after 24 hours and enabled by default) to watch for and alert on the 3 strike out situation.
  • Monitor all service startup types with the exclusion of disabled services from alerting.
  • Custom discovery which discovers and adds all the service objects to one class rather than scattering them about like the templates do.

Taking the MP for a Test Drive

I've been running this MP solution in my demo and semi-production SCOM environments (both 2012 R2 and 2016) for the last couple of months with no issues and I felt it was about time to spread the word on how much effort you can save when you use it.

The first thing you'll need to do is to download the latest version of this management pack and you can get it from the TechNet Gallery here.

Next up, you'll want to get yourself a coffee (or beer, if that's how you roll) and take a read through Andy's original blog post using the link below:

Note: Everything you need to know is available in Andy's blog post and for clarity, I'll just blog my own experience on getting the MP up and running here.

When you download the zip file containing the MP, extract it to a location on a computer that runs the SCOM console and you should see the following three files...

The Readme.txt contains a note from the author highlighting the fact that this MP is still in it's early days of development and that you should always test it in a non-production environment first.

The WindowsServiceMonitor.xml file is the unsealed MP used for monitoring your Windows Services and the ServiceMPEditor.ps1 file is a clever PowerShell script that launches the UI-based editor to help you customize the MP for your own (and customer) environments.

Before we go any further, we need to import the WindowsServiceMonitor.xml file into SCOM using the Import Management Packs option from the Administration\Management Packs area in the console as shown here....

Next up, we'll create a temporary folder on the same computer that you've just used the console to import the management pack with. We'll create a folder in C:\Temp\SCOM (shown in the image below) but you can use whatever path you wish for this.

Once the folder has been created, launch a PowerShell window with administrative permissions and run the ServiceMPEditor.ps1 script to open the Service MP Editor similar to the following image...

Now, there's a specific order of steps that you need to follow when entering information into the Service Editor and for this part, I've borrowed the original numbered step-by-step image from Andy's blog post that should make things easy to understand...

If you want to add monitors for a small number of Windows Services, then follow these steps in order (we'll cover importing a larger list of services later):
  1. Management Server – type the name of one of your SCOM management servers in this field.
  2. Management Pack Location – type the location of the temporary folder that you created earlier (we'll use C:\Temp\SCOM) into this field.
  3. Get MP Config – clicking this button will export a copy of the original WindowsServiceMonitor.xml management pack from your SCOM environment into the temporary folder location specified in the previous step.
  4. New Service – a click of this button will ready the Service Name field to allow you start a new service configuration.
  5. Service Name – it's imperative that you type the exact 'Service name' of the Windows Service in here and not the 'Display Name' (refer to the example in the previous image taken from Andy's blog where he has highlighted the Service name for the Print Spooler service - which is simply named Spooler).
  6. Confirm Service Edit – clicking this after you've specified the Service name and are finished choosing all your service monitoring options.
  7. Save MP Config – click this button when you're finished editing and ready to commit your changes to the management pack.
Here's a screenshot of what the editor looks like in my demo environment where I've added three services (Windows Firewall, Windows Time and Print Spooler).

After you've clicked the Save MP Config button, you can close the editor and check that the C:\Temp\SCOM\WindowsServiceMonitor.xml management pack contains the newly added services...

Now re-import the management pack from your temporary location back into SCOM using the Import Management Packs from the console. You'll get a notification stating that the management pack is already installed and you can just ignore this and hit the Install button to re-import it again as shown here...

Once the management pack completes it's discovery, you should be able to see the newly monitored services light up in the Discovered Inventory view from the Monitoring workspace of the console (make sure to change the target for this view to WindowsService as shown below).

If you're impatient like me and don't want to wait for the discovery to kick in automatically (by default it's configured to run once a day), you can either reduce the discovery time with an override or simply bounce the Microsoft Monitoring Agent service on the server(s) running the service that you want monitored and you should then see the Discovered Inventory view populating like this...

To test the management pack, stop one of your newly monitored services and after a minute or so, you should see the service roll up as a critical state to the Windows Computer object that's hosting it as shown here in this diagram view...

The nice thing with this management pack is that it comes with some custom tasks to help you manage your monitored services and clicking the Start Service task from the pane on the left (shown below), will then restart the problematic service for you without the need to logon directly to the computer!

Note: You could also enable the automatic WindowsService.ServiceStart.Recovery task option from the Diagnostic and Recovery tab of the monitor to get SCOM to restart the service automatically itself in the event of it stopping unexpectedly. This recovery task will restart the service automatically up to 3 times before giving up and alerting you to the fact that the service is constantly being stopped and started.

Importing a Custom List of Services

If you have a large list of Windows Services that you want to monitor and don't fancy having to manually enter each one into the Service Editor, then there's a handy Import Services option that allows you to import a CSV file with the list of custom services that you want monitored.

You need to understand the format the CSV file needs to be in first however as if you get it wrong, you'll end up having to either edit the XML file directly or just start the whole process again.

Here's the steps I went through in the editor to get this bulk import option working:
  1. Management Server – type the name of one of your SCOM management servers in this field.
  2. Management Pack Location – type the location of the temporary folder that you created earlier (we'll use C:\Temp\SCOM) into this field.
  3. Get MP Config – clicking this button will export a copy of the original WindowsServiceMonitor.xml management pack from your SCOM environment into the temporary folder location specified in the previous step.
  4. Import Services –  this button is used to select a CSV file that contains a list of Windows Service names that you want to monitor. The CSV file must be named WindowsServiceMonitor.csv and needs to be located in the temporary folder location specified in the Management Pack Location field.
Here's a screenshot of the steps you need to take in the editor when you want to import a list from CSV....

When you click the Import Services button, you'll be presented with the warning below stating the name and location that your CSV file needs to have...

Assuming you've named your CSV file correctly and copied it to the temporary location specified in the warning dialog, click Yes to continue and you'll be presented with the custom list of services to be monitored as specified in the CSV you previously created.

CSV Creation Tip #1 - The  CSV file needs to be formatted with four column names (Service, Start, End, DaysofWeekMask) and you need to specify values similar to the image below...

CSV Creation Tip #2 - An easy way to quickly grab a CSV file in the correct format is to just manually add one or two Windows Services to the Service Editor and then use the Export Services button to export a template CSV file that you can edit as you need.

CSV Creation Tip #3 - You can export a full list of Windows Service names to a CSV file by using the following PowerShell command (this exported CSV file won't be in the correct format for the Service Editor so you'll need to then copy/paste the names from here into the previously created WindowsServiceMonitor.csv file):

Get-Service | Sort-Object -Property DisplayName | Export-CSV -path C:\winserviceexport.csv

When you're satisfied with the imported bulk list of Windows Services, the final step you need to complete in the editor is to hit the Save MP Config button to commit the changes to the MP.

Now all that's left to do is to close the editor and re-import the newly updated MP from your temporary location back into SCOM.

After the discovery process completes, you can see the full list of monitored services from the Discovered Inventory view similar to my demo environment here...

All credit goes to Andy Leibundgut for his contribution of this management pack to the SCOM community - and make sure to leave any comments you have on bugs or suggested improvements directly on his original blog post here.

1 comment:

  1. Hi Andy / Kevin,
    Thanks for your hard work and for a wonderful blog respectively.

    As per my understanding this service monitor is targeted on all Windows Operating system class.
    What if i need to monitor a couple or 10 servers for example.
    How to do an override for this monitoring.

    Any suggestion would be highly appreciated.