locked
SCOM Exclusion RRS feed

  • Question

  • Hello All,

    We have a SCOM 2007 R2 environment in which we monitor multiple applications like AD,Exchange,SQL,OCS,Sharepoint etc..I knew by default all the available MPs will be sent to all the agents when the SCOM agent is installed.I like to know is it possible to exclude AD Rules and Monitors from the AD MP being sent to other application servers and vice versa.

    I would appreciate if someone can give your input.


    raj

    Tuesday, May 29, 2012 5:47 AM

Answers

  • The only workflows (rules, monitors) from that respective MP which would run on any agent-managed server initially would be the discovery rules.  If the system is not hosting that particular application (such as Active Directory because it is a member server and not a DC), then all the rules/monitors from the ADMP would not get downloaded to the agen-managed system and begin running.  If you are looking to prevent a particular system from being discovered which is running that component (such as SQL Server, Exchange, or the like) and therefore not moniotored from that perspective, you can create a custom group, place the Windows Computer object representing that system in the group, and override the discovery rule for that MP which targets the Windows Computer class.  This would negate having to disable all workflows (rules/monitors) that target classes which represent that application from being downloaded and run on the agent.  However, the timing of this approach is crucuial because if the agent was already deployed and the MP imported, as soon as the child health services are notified their cache is dirty, they will resync and pull down the discovery rules and then discovered to be running that specific application.  In that case if you disable the discovery rule(s) after the fact, you would need to run the PowerShell cmdllet - remove-disabledmonitoringobject to delete the discovered object and those workflows would get unloaded from the agent that you don't want to be monitored from that perspective in its entirety.  Otherwise, if there are particular workflows that you don't want to be enabled on that system from that management pack (but others from it you do want running), you would need to override them accordingly. 

    In the future, if you know you don't want a set of systems to be monitored in its entirety from a specific MP, before you import the MP create an override MP in a test/dev/qa management group that includes the overrides for the discovery rule(s) in question (typically it will be one or two the most discover rules that target the Windows Computer class) targetting your custom group created in that override MP, and now target the override against that group and import both together as a "package" into the production MP (after you test in the dev/test/qa MG).  This is another approach to consider in managing this scenario.

    Hope that helps.

    • Proposed as answer by Blake Mengotto Tuesday, May 29, 2012 4:22 PM
    • Marked as answer by Yog Li Tuesday, June 5, 2012 8:04 AM
    Tuesday, May 29, 2012 2:44 PM
  • The best way to do this Raj, is not create overrides for all rules and monitors for a mp, just override the discoveries for the groups that you don't want MP's to discover and deploy their rules and monitors too.

    Once you override disable the discoveries (make sure you target the seed discoveries - most of these will be looking at windows.computer or windows.server), wait for the updates to get out in your environment then you run:

    remove-disabledmonitoringobject

    from the SCOM powershell and watch the previously discovered servers as say AD boxes, disappear from your discovered inventory view in the console.



    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

    • Marked as answer by Yog Li Tuesday, June 5, 2012 8:04 AM
    Tuesday, May 29, 2012 4:22 PM

All replies

  • You can use override or disable the monitor, rule if you don't wish those to be running on a particular server or group of servers.. Agents send information based on what all application, services are running on a server and apply the MP workflows accordingly.

    Thanks,

    Varun

    Tuesday, May 29, 2012 7:29 AM
  • Hi Varun,

    Thanks for the quick reply.But if the number of servers ,monitors and rules are more in number then we need to spend more time in applying the overrides to the servers which is time consuming.

    is there a better way to do this ...


    raj

    Tuesday, May 29, 2012 7:52 AM
  • Hi Raj,

    You can create a group with those servers and then set an override to the group. Always make sure you create a custom MP and then store any change or override into that MP.

    There is a best practise on override http://support.microsoft.com/kb/943239 and a similar thread

    http://social.technet.microsoft.com/Forums/sk/operationsmanagerreporting/thread/614d4d29-69f1-4f24-99ac-5a8e4bf98ebc 

    Hope this helps..

    Varun  

    Tuesday, May 29, 2012 8:51 AM
  • The only workflows (rules, monitors) from that respective MP which would run on any agent-managed server initially would be the discovery rules.  If the system is not hosting that particular application (such as Active Directory because it is a member server and not a DC), then all the rules/monitors from the ADMP would not get downloaded to the agen-managed system and begin running.  If you are looking to prevent a particular system from being discovered which is running that component (such as SQL Server, Exchange, or the like) and therefore not moniotored from that perspective, you can create a custom group, place the Windows Computer object representing that system in the group, and override the discovery rule for that MP which targets the Windows Computer class.  This would negate having to disable all workflows (rules/monitors) that target classes which represent that application from being downloaded and run on the agent.  However, the timing of this approach is crucuial because if the agent was already deployed and the MP imported, as soon as the child health services are notified their cache is dirty, they will resync and pull down the discovery rules and then discovered to be running that specific application.  In that case if you disable the discovery rule(s) after the fact, you would need to run the PowerShell cmdllet - remove-disabledmonitoringobject to delete the discovered object and those workflows would get unloaded from the agent that you don't want to be monitored from that perspective in its entirety.  Otherwise, if there are particular workflows that you don't want to be enabled on that system from that management pack (but others from it you do want running), you would need to override them accordingly. 

    In the future, if you know you don't want a set of systems to be monitored in its entirety from a specific MP, before you import the MP create an override MP in a test/dev/qa management group that includes the overrides for the discovery rule(s) in question (typically it will be one or two the most discover rules that target the Windows Computer class) targetting your custom group created in that override MP, and now target the override against that group and import both together as a "package" into the production MP (after you test in the dev/test/qa MG).  This is another approach to consider in managing this scenario.

    Hope that helps.

    • Proposed as answer by Blake Mengotto Tuesday, May 29, 2012 4:22 PM
    • Marked as answer by Yog Li Tuesday, June 5, 2012 8:04 AM
    Tuesday, May 29, 2012 2:44 PM
  • The best way to do this Raj, is not create overrides for all rules and monitors for a mp, just override the discoveries for the groups that you don't want MP's to discover and deploy their rules and monitors too.

    Once you override disable the discoveries (make sure you target the seed discoveries - most of these will be looking at windows.computer or windows.server), wait for the updates to get out in your environment then you run:

    remove-disabledmonitoringobject

    from the SCOM powershell and watch the previously discovered servers as say AD boxes, disappear from your discovered inventory view in the console.



    Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/

    • Marked as answer by Yog Li Tuesday, June 5, 2012 8:04 AM
    Tuesday, May 29, 2012 4:22 PM
  • Hi All,

    Thankyou for the valuable clarification.I have created a group and added the servers to it and applied override the discovery rule for the MP.And run the powershell cmdlet remove-disabledmonitoringobject.

    everything looks good now.Thankyou once again


    raj

    Wednesday, June 6, 2012 1:56 PM