Raphael Burri's blog

Mostly about Systemcenter Operations Manager 2012

Scheduled Task and PS Scheduled Job Management Pack –

Posted by rburri on August, 12 2014

And now for the task scheduler: Today’s update has been on my to-do list for a very long time. Same story as with the certificate MP: I have completely re-written the scheduled task MP based on PowerShell, aiming to fully support SCOM 2012 and Windows 2012.

MP change history
  • SCOM 2012 and 2012 R2 only.
  • Windows 2008, 2008 R2, 2012 and 2012 R2 support (limited Windows 2003 compatibility via legacy MP).
  • PowerShell Scheduled Job support added (PoSh 3.0 and later).
  • Timing is mostly event-driven: significantly reduce the number of script calls required on the average agent system.
  • Verbose filters to adjust task discovery.
  • Disabled root discovery out-of-the-box (quick start MP included).
  • Disabled advanced monitors and rules out-of-the-box.

Please read the included MP guide and the release notes carefully. Especially if you are upgrading from the previous (SCOM 2007) MP version.

Please make sure that PowerShell >=2.0 is installed on all agents that require task scheduler monitoring.

Previous versions of this MP had the root discoveries enabled. As this was changed to disabled, you will need to configure re-enable overrides to the required discoveries plus advanced monitors if you were relying on them.


Download (from OneDrive)

Download: Scheduled Task MP (SCOM 2012)

  • SHA-1: 181f245b04b31eeb4afa8594eac5dec84d8e2730

Download: Scheduled Task MP (legacy SCOM 2007). Note that this version is no longer being developed.

  • SHA-1: dcba000dff5115fe89508c7b21b90bf39c0fe9bf

Task Scheduler

Posted in SCOm 2012 | Leave a Comment »

PKI Certificate Verification MP – Update

Posted by rburri on August, 12 2014

The 1st update to the rewritten certificate management pack is ready. The update to is mostly about more powerful filtering options for the certificate discoveries. It is now possible to use regular expressions to:

  • Include / Exclude based on “Subject”
  • Include / Exclude based on “Issuer”
  • Exclude based on “Enhanced Key Usage” OIDs

Note that the filters will have to be based on the exact string output of the certificate objects as presented in PowerShell. Hence check those before attempting to write RegEx filters using:

 ls cert:\LocalMachine\My | fl Subject, Issuer

All characters (including blanks) are being taken into account. The discovery filters are using .NET RegEx expression syntax. Please test your expressions using a suitabe tool before using them for your overrides (I am often using Regex Hero but there are plenty of other options out there).

Once store discovery is enabled, the default filter settings of the MP will discover any certificates with the exception of self-signed and MS NAP ones. Refer to the MP guide and the release notes if you plan to make use of the advanced filter options. And remember to override the store discovery, not the certificate one.


Find the Management Pack at its home on System Center Central:

PKI Certificate Verification MP at SystemCenterCentral.com MP Catalog

Posted in SCOm 2012 | 1 Comment »

PKI Certificate Verification Management Pack Update –

Posted by rburri on April, 16 2014

Many years have passed since I first published the certificate MP back in summer 2009. Almost 5 years(!) later this management pack still fills a gap by keeping an eye on PKI certificates installed locally in servers’ certificate stores. Certainly about time for an update.

Today I am able to release a major update – a complete re-write rather – of the PKI Certificate Verification MP. It is hosted over at SystemCenterCentral.com in the MP Catalog.

MP change history
  • SCOM 2012 / 2012 R2 support only (the legacy MP is still available for use on SCOM 2007).
  • main monitoring script now uses PowerShell instead of VB Script, making it compatible with any system locale and easier to maintain.
  • new, advanced certificate verification flag overrides
  • dashboard view
Some extra words on the effort

The main aim with this update is to make the MP’s code easier to maintain. Hence I first recreated the entire MP as a Visual Studio project with the Authoring Extensions. This involves taking apart the MP’s elements, adding each one as a separate item to a VS project structure. Next I started writing a new discovery and monitoring script based on PowerShell. This script does most of the work by essentially enumerating certificates and certificate revocation lists in local certificate stores. Due to limitations in PowerShell regarding CRLs and alternate certificate stores, this script got rather complex. No chance of getting away with something easy and straight forward as ‘ls cert:\LocalMachine’. With the first CRLs getting discovered, tests, more tests, some extra testing plus updating the documentation were left.

While I did not clock the hours, the update kept me busy in much of my spare and commuting time during the last 4 months. And I must mention everybody helping with code samples, advise, by testing and reviewing.  Pete, Vadim, Marc, Joel, Bob, Dan, Marnix, Stan, Tao and Dirk – this wouldn’t be here today without your help!

Certificate MP in VSAE

MP Solution opened in Visual Studio

Posted in SCOm 2012 | Tagged: , , , , , | 7 Comments »

SQL Server Mirroring MP Update V

Posted by rburri on April, 28 2011

Today I was able to release an update to the SQL Server DB Mirroring Management Pack.

The update doesn’t bring any new features but fixes a potential issue on larger management groups which would lead to discoveries failing. In order to work around this I have altered the Powershell discovery scripts such that they do no longer make use of any SCOM console cmdlets. Instead direct SDK .NET calls are being used. I recommend to update existing installations specifically if you are using management group connectors, the Exchange 2010 correlation engine or other custom MPs which make use of SDK workflows.

Download of the management pack is available trough the SystemCenterCentral.com MP Catalog. You need to register but registration is free.

MP Change History

Version – April, 28 2011 (no functional changes)

  • Corrected spelling in language pack.
  • Replaced all SCOM shell cmdlets with .NET calls to overcome a potential issue when several connectors and other MPs share a single SDK connection.
  • Improved discovery script timing behaviour when using desired configuration for a large number of mirrors.

Version – September, 10 2010

  • Support for SQL Server 2005 has been added and compatibility with SQL Server 2008 R2 has been verified. Starting with version, Microsoft SQL Server 2005, 2008 and 2008 R2 are supported.
  • Default Display Names of discovered DB Mirror Groups have been shortened and may optionally be changed to a customized string. See the guide for details.

Version – June, 04 2010

  • Original release – SQL Server 2008 support only

Posted in OpsMgr 2007 | Tagged: , , , , | Leave a Comment »

PKI Certificate Management Pack Update V1.0.1.15

Posted by rburri on March, 31 2011

After having had very helpful feedback by various users, I was able to incorporate some enhancement requests for the PKI Certificate Management Pack.

Version will deal correctly specific certificates that have somewhat unusual ‘Issued to’ and ‘Issued By’ properties. Furthermore it will only monitor CA certificates if they haven’t been superseded. Download from SystemCenterCentral.com. You need to register but registration is free.

Changes in version
  • Improved discovery of Issued to and Issued by properties: Will use Subject Alternative Name if certificate doesn’t have a subject and will correctly extract the subject if CN= isn’t encountered on the first line of the subject string.
  • Additional certificate property: CA Version (based on extension szOID_CERTSRV_CA_VERSION). If this property holds a value, that certificate is a Windows CA one.
  • Does no longer discover superseded CA certificates. Evaluation is based on the CA Version property. Additional override to change that behavior if required.
  • Monitors will not mark superseded CA certificates as expired if their discovery is enabled.
  • Expose script timeout as an overridable parameter
  • Changed alert priority to ‘Low’.
  • Broke upgrade path to avoid potential agent stale issues when upgrading from V or earlier.

Please study the included release notes and the MP guide carefully, especially when you’re planning to update from a previous version. I did deliberately break upgrade compatibility after some users had reported stale agent conditions during test cycles. You will need to remove any previous version of the MP from your Management Group before importing the latest one.

Geeky background information

The issues after upgrades were caused by moving the overridable timing parameters from the certificate object workflows to the parent certificate store’s properties. This left already discovered certificate objects’ workflows without any timing information until their parents were re-discovered and got their default timing properties added. During my own test all the agents recovered after that and re-enabled the certificate workflows.

Other users had less luck and ended up with a partly stale agent population that could only be corrected by removing the MP from the Management Group. To avoid issues I simply decided to break the upgrade path and force everyone upgrading to remove the previous MP. Breaking was easy by the way. It only took altering the caption of a property on a public class.

I do apologize for having to make go through the process of removing the MP (and it’s override MPs) before being able to upgrade. On the other hand I wouldn’t want anyone to experience stale agent conditions due to that.

Lesson learned: There are indeed rare conditions under which an MP author may write an upgradeable MP that would pass MPVerify and will import without complaints but still causing upgrade issues on the Management Group. Watch out for those! Test, test, test – then test once more.

Posted in OpsMgr 2007 | Tagged: , , , , | 10 Comments »

SQL Server DB Mirroring MP Update

Posted by rburri on September, 10 2010

When I published the original release of the SQL Server DB Mirroring Management Pack, I promised that I would provide support for SQL Server 2005 if demand justified the effort. I am almost certain that you have an idea of what follows now: The latest version of the MP does support mirrored databases on SQL Server 2005, SQL Server 2008 and SQL Server 2008 R2.

All improvements over the first release include:

  • SQL Server 2005 database mirror supported
  • tested compatibility with SQL MP 6.1.314.36 (SQL 2008 R2 support)
  • timing improvements in script workflows
  • allow mirror group display name to be configured via Desired Configuration XML file
  • fix alert parameter replacement failures seen occasionally after initial discovery
  • an override pack to make discovery faster in non production environments only

Before importing this management pack I strongly encourage you to carefully read the guide contained in the download. Some features will only work when all prerequisites have been met!

Get the SQL Server DB Mirroring MP from SystemCenterCentral.com (Version


This update wouldn’t have been possible without the assistance of Dirk Decher who has kindly provided an extended testing environment and taken the time to share his ideas around DB mirroring monitoring with me. And last but not least: I was thrilled to learn that this MP has won the gold medal at the System Center Influencers Program Management Pack Extension Contest 2010. Some of you guys know how much effort goes into writing an MP. A reward like that makes up for some of those many late and wee hours spent tracking down that XPath failure. Do check out the other participant’s entries as well. Some true gems are amongst them.


Posted in OpsMgr 2007 | 1 Comment »

SQL Server DB Mirroring Management Pack

Posted by rburri on June, 5 2010

My latest addition to the community MP catalog augments the SQL Server MP with database mirroring discovery and monitoring. The SQL Server DB Mirroring Management Pack helps you by:

  • discovering db mirror roles and objects on SQL 2008 DB engines
  • automatically creating service components per mirrored database (consider them mini DADs)
  • probe based monitoring of the mirrored DB state with alerting should the mirror no longer run synchronized or loose its witness
  • optionally checking the mirror mode and db roles against a Desired Configuration setting (alerts when the mirror roles are swapped etc.)
  • delivering mirror inventory and availability reports


DB Mirroring Relationships and Health Roll Up

The Management Pack comes with a comprehensive guide which is a must read. The pack will only work as expected if some prerequisites are met. The guide also discusses how to enable Desired Configuration monitoring for your DB mirrors.

 Get the SQL Server DB Mirroring MP from SystemCenterCentral.com (Version

The download also contains an override MP for the SQL Server Extension MP published on OpsMgr Jam. The extension MP already features useful event and performance collection rules that help monitoring an SQL DB mirror but as it does not contain any discoveries, they are targeting any SQL server. My override MP helps by adjusting their targeting so that those rules are only active on SQL Engines that host mirrored DBs.

2010 Management Pack Extension Contest

South Africa 2010 is about to take off and even on planet SCOM we currently have a great tournament:

The System Center Influencers program has sponsored the Management Pack Extension Contest. Entered Management Packs should extend one of the product’s pack with

  • reporting
  • diagram or service level
  • Visio or Dashboard
  • by tuning it

My own MP does certainly extend the SQL Server Management Pack and it does fit more or less into three of the contest categories. The deadline for entries is June 30, 2010. So why don’t you upload your own entries to compete with me?

Posted in OpsMgr 2007 | Tagged: , , , , | Leave a Comment »

Updates to Management Packs

Posted by rburri on June, 3 2010

It has been quiet on this blog for a long time. With the community efforts luckily having rapidly picked up grounds, there is much less newly discovered to write about. As I rather not repost knowledge found by other folks, I haven’t had much to place up here lately.

However; I do greatly appreciate feedback, especially on my published Management Packs. Knowing what needs and headaches other OpsMgr users have, gives me a chance to improve the packs. So there are updates for the following MPs:

Adobe Flash Media Server

Version works with FMS 3.5 and OpsMgr 2007 R2. Download from this blog.

PKI Certificate Validation

Version allows improved customization of monitoring frequencies and now contains an example MP that shows how additional certificate stores may be discovered. Download from SystemCenterCentral.com.

Untrusted Active Directory Domain Discovery

Version of that extension Management Pack is compatible with the current product MP 6.0.7065.0. Download from this blog.

Posted in OpsMgr 2007 | 2 Comments »

PKI Certificate Verification Management Pack

Posted by rburri on September, 2 2009

PKI certificates are used to provide SSL encryption for web sites, to secure cross-server traffic (for example to join security gateways or agents in untrusted domains on OpsMgr), to guarantee the identity of the sender of a message and so on. What all certificates have in common is that their destiny often means to be forgotten after having been requested and installed. Until a certificate becomes invalid that was vital to a service. Mostly because it has expired.

To avoid service interruptions or embarrassment due to SSL warning messages displayed to users, the PKI Certificate Verification Management Pack was born. It discovers certificates and certificate revocation lists stored locally on computers and alerts you when:

  – a certificate’s lifetime is about to expire (by default 21 days in advance)
  – a certificate’s lifetime has ended
  – a certificate has become invalid because of a different reason
  – a CRL has not been updated in a timely manner

The MP also includes a series of inventory reports, which help keeping up with all those certificates in your environment. You will find more details in the comprehensive MP guide.


Certificate Verification Screen Shot

The MP and the guide are available for download at the SystemCenterCentral.com site:

Download from SystemCenterCentral.com MP Catalog

I wrote the MP in close collaboration with Pete Zerger and Jaime Correia of the SCC community. Without their help and the support of everyone testing the MP, it wouldn’t be here today.

MP Creation Zen

And there’s more! For everyone interested in learning how to author MPs: Have a look at the 6 part series MP Creation Zen. The articles will walk you through the process of writing an MP, carefully clarifying everything you need to know. Whenever possible, all authoring examples are explained using the new and much improved OpsMgr 2007 R2 Authoring Console, telling you how the PKI Certificate Verification MP was written. I recommend the documents to everyone planning to write a Management Pack by themselves without being application developers.

Posted in OpsMgr 2007 | Tagged: , , , , | 17 Comments »

Minor update to the Scheduled Task MP (Version

Posted by rburri on July, 1 2009

August 12, 2014 – link to latest update: https://rburri.wordpress.com/2014/08/12/scheduled-task…pack-1-2-0-500/ ‎


I have just uploaded an update to the Scheduled Task Management Pack. Under certain circumstances the discovery of Windows 2003 tasks failed. The new version fixes the bug in the discovery script.

I do recommend everyone who is currently using version to upgrade to Simply download the new version here and update the management pack by importing Custom.Windows.TaskScheduler.Windows2003.Monitoring.mp.

Many thanks to Aengus and Mark for making me aware of this bug.

Posted in OpsMgr 2007 | 4 Comments »


Get every new post delivered to your Inbox.