SCOM 2016

With the release of SCOM (System Center Operations Manager) 2016 Microsoft released a new version of SCOM. The look and feel of SCOM is almost the same as the 2012 version. Of course Microsoft add a couple of new features which are very useful. Microsoft has listened to the feature requests of the SCOM Community. I will describe the new features.

New features SCOM 2016

Management pack updates and recommendations

SCOM Management packs can be obtained from the Microsoft website, or other third party websites which has developed their own Management packs for custom applications. In SCOM 2016 you be able to view the current status of the management pack. When a management pack is older than the one in the Microsoft catalog the status will be changed to “update available”. The new tab is placed in the management packs folder under the Administration tab.
When you look into the management packs folder it have some new buttons available, with this new buttons you can find some more information, download page, install guides or other recommendations.

Management pack tuning and alert data management

In SCOM 2012 it was a hard job to tune the alerts, rules and discoveries when there was something wrong. You must report these with the reporting feature and change them by hand.
SCOM 2016 facilitate alert tuning by default. This enabled you to avoid the flooding of non-essentials repeated alerts and give you the focus back. In the management pack tab there is a new window called “Tune Management packs”. With the Identify button you can set the time range to analyze the data, and set the minimum number of alerts for the management packs you want to display. In this view you see the alert count, priority, source and name. Alerts can be tuned for all objects of the target class, group, or a specific object of a class or for all objects of another class. Direct from the tune alerts tab.

Improvement of the Unix, Linux monitoring

SCOM 2016 make use of a new “Management Infrastructure MI” API. With this API you can monitor much more Linux agents. Supported configuration of 1000 Unix agents to one SCOM 2016 management server. The use of the new API is not enabled by default; to enable this you must create a new registry key in:

Name: UseMIAPI
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup

Extensible network monitoring

SCOM 2016 comes with a new tool for creating custom management packs for network device monitoring. With the “NetMonMpGenerator.exe” tool located in the install directory on your SCOM management server you be able to create Management packs from .XML files with the well-known OIDs in it. This will spare you a lot of time.

Scheduled maintenance mode

With SCOM 2016 it is possible to schedule maintenance mode for specific objects. You can suspend the monitoring for a specific date / time. This is possible in the Maintenance mode scheduler wizard. Another nice feature is the client side maintenance mode enabler. This enables you to set the SCOM client in maintenance mode from the client side. So you don’t have to login to operations console for this action. This can be done with the following PowerShell command: Start-SCOMAgentMaintenanceMode cmdlet.

Monitor Nano server and workloads

SCOM 2016 has included Nano server support. The following features are available for Nano server:

  • Discover and deploy Nano server monitoring agents. Also available with PowerShell.
  • Monitor Nano server IIS and DNS roles.
  • ACS Audit event collection.
  • Support for Active Directory Integration.

Faster web console

SCOM 2016 has removed the Silverlight dependency for accessing the Web Console. Silverlight is only needed for opening Dashboard views, the rest is programmed in HTML which can be accessed from multiple browsers (chrome, firefox etc.)

Improved console performance

The SCOM 2016 console is way faster than the SCOM 2012 console. The load time of diagram and state views is reduced.

Partner program in administration console
There is a new tab available for third party Tools for creating management packs or downloading third party management packs.

New features SCOM 2016 Unix/Linux monitoring

  • New management packs for Apache HTTP server, MySQL and MariaDB.
  • New Linux monitoring agents which include OMI (Open management Infrastructure)
  • Multi-threaded agent which allows parallel execution.
  • Templates for Two-state, Three-state monitors, Agent tasks, Performance rules and Alert rules. You can now use shell, perl, phython, ruby or any other scripting language.
  • Default credentials for discover Unix and linux computers.
  • Filter logical disks or file systems by file name or type. Discovery rule overrides can now exclude file systems that you don’t want to monitor.


Exchange backup VEEAM

Veeam Backup and Replication gives the possibility to create a consistent backup from your Exchange farm. This can be a standalone Exchange system or an Exchange DAG cluster. It makes use of the Microsoft Exchange VSS writers inside the VM. The Veeam server creates a RPC connection to the Exchange servers, and place some backup scripts on the /ADMIN$ share. When the backup starts Veeam starts this script which talks to the Microsoft VSS Writers to create a consistent backup.

Enable application aware processing

To create an application aware backup in Veeam you must enable the “Application aware processing” option in the Veeam job properties. Then go to applications for application specific settings. In this tab you can configure VSS, Log and error settings. Configure settings which are suitable for your systems.

User rights Veeam Exchange backup

Select credentials which have full rights (read / write) to all files in the folder with the database.
For direct restore to your exchange farm the user must also have full access to the Mailbox. This user permissions can be set with the following command:

When you have a service account for restoring to all mailboxes you can use Exchange impersonation. This can be set with the following command:


Back-up Exchange DAG Cluster

When you create a backup of an Exchange DAG Cluster node, default all active and passive nodes are available for restore. So theoretically you only have one backup of 1 exchange node.

Tips for creating backup of your Exchange DAG Cluster:

  • Backup both of your exchange servers in one backup job, this gives you better dedup results.
  • Don’t backup your exchange nodes in separate jobs at the same time, this can cause a failover.
  • Veeam backup can cause load on your exchange server, the best situation is to create a new exchange cluster node server with only passive mailboxes.
  • When your exchange servers failover during a backup you can increase the failover time of your exchange cluster nodes. Commands for changing the cluster parameters:




Veeam Backup free

Veeam delivers powerful backup software for backup your virtual or psychical servers (veeam endpoint). The backup method for VMWare or Hyper-V virtual systems is agentless. There is no need to install something on the guest system. Veeam Connects to the Hypervisor layer, creates a snapshot, transports this snapshot to a backup repository and saves it. Veeam make use of the Hypervisor API to create a backup. When there is some application installed on the system there is a possibility to create a what they called application aware backup. The Veeam service connects with RPC to the virtual system and make use of the application VSS writers to create a consistent backup.

VEEAM Backup free features:

Veeam Free make use of the VeeamZIP to create ad hoc backups of the virtual machine for operational, portability or archival purposes.

Following features are enabled in the free edition:veeam_endpoint_backup

Backup & Restore: Full back up creation and restore.
VM File recovery: The possibility to restore VM files (vmdk, vmx for example).
Veeam Explorer: Restore AD, SQL, Exchange or Sharepoint objects.
Native tape support: copying files to tape drives.
Backup encryption: Allows you to encrypt the backup files.

Veeam Backup psychical server, client or desktop

Veeam endpoint protection allows you to make use of a stand-alone Windows service for backup of your physical client or server. It does not require a dedicated server or repository’s. You just install the software on each server you want to protect. The windows server makes use of a little local MS SQL DB. It is possible to integrate Veeam endpoint with Veeam Backup and Replication software. This allows you to save your endpoint backup on a Veeam repository.
Note: Veeam Endpoint does not support Application VSS writers yet. So the backup is not Application consistent. But for many situations is a crash consistent enough.

Features Veeam endpoint backup:

Backup & Recovery: Choose to back up your entire computer, volume or just a couple of maps.
Scheduler: When do you want that the backup task runs?
Backup target: Where do you want to place the created backup? When you choose a removable device (USB stick) you can choose to detach the device when ready. This protect the device from ransomware.
Bitlocker: Veeam endpoint supports bitlocker encrypted drives.
Create recovery media: In case of a full system crash you can use your created recovery boot USB stick.
Support: Veeam gives free support, because they want to be the best. Yes this is awesome 

Veeam download

Click here

Migrate Hyper-V Virtual machine to Azure

In this post I will describe how to migrate virtual machines to Azure without Virtual machine manager.

My setup:
Hyper-V host: On-premise Hyper-V Server with VM’s on it.
Azure site recovery agent: The provider which communicates with Azure site recovery over port 443 HTTPS.
Azure subscription: My azure subscription, with my storage account and virtual networks.

First create a Recovery vault in Azure Recovery Services Vaults.
Usually under “More Services” -> “Recovery services vaults” (i pinned this one to my menu) -> “+ ADD”


Next, fix the pre-requirements which are located under the “Getting started” tab which are placed in the “Settings” tab.

Step 1: Prepare the infrastructure

Protection goal:

  • We want to replicate to Azure
  • From my Hyper-v server
  • Without virtual machine manager (VMM)

Source prepare / register the source Hyper-v host wich is placed on-premis:

  • Create a Hyper-v Site (can be anything, just a name of your Azure Hyper-v Site)
  • Check if the Hyper-v server can acces the following urls:  (* / * / * / * /* / with port 443)
  • Download the installer for the Microsoft Azure Site Recovery Provider.
  • Install the azure site recovery provider on your local Hyper-v server
  • After the completed setup, you must register your Hyper-v server in the azure cloud. To accomplish this you must download the register file and import this in the “after setup / register wizard”.


Target prepare:

  • After 10 minutes and refreshing the azure page I saw that the server is registered in the cloud.
  • Next, select your subscription and the deployment model. I prefer the new one (Resource manager).

Replication settings:

  • Create a replication policy, and wait till the Hyper-V host is associated with the new policy.

Capacity planning:

  • Download the capacity planner and / or Click you have completed the capacity planner :).

Step 2: Replicate application

  • Select the source Hyper-v host
  • Select your target Azure subscription
  • Select the virtual machine you want to replicate
  • Configure the virtual machine propertys (Windows / linux)
  • Click on the last OK and then Enable replication.

When you look into Hyper-v Manager you see that there was taken a snapshot wich will be send to Azure.
See the replication health, right click on the VM -> Replication details


Step 3: Select recovery plan

Using a recovery plan you can specify the order of recovery of the virtual machines. The virtual machine placed in group 1 will recover and start first, and then the virtual machine in group 2 will follow.

In this example we are not using a recovery plan.

Step 4: Planned failover

Confirm you want to failover the Virtual machine from on-premis to Azure.
You may get an error about Virtual machine networks. Go to your replication VM and select the correct network settings.



Planned failover:


That’s it.


Manage Microsoft Azure with PowerShell

Today I finally activated my free trial subscription on Microsoft Azure. This gives me the possibility to play around with all the nice Azure features. After playing around in the GUI I wanted to start looking at the PowerShell commands to manage my Azure subscription with PowerShell locally.

There is a difference between the old and the new PowerShell module, the old module is the “Azure” module with is based on the old portal and Azure Service Manager (ASM) model. The new module “AzureRM” is based on the Azure Resource Manager (ARM) technology. Don’t like old stuff so I use the new AzureRM commands.

Fist we need to Install the Resource Manager module, start PowerShell as Administrator.

Then login to your subscription with the command.

Now you are connected to the Azure Resource manager.
Some sample commands:


The WinRM client cannot process the request. If the authentication scheme is different from Kerberos

When a computer is not a domain member and there are no SSL Certificates available for HTTPS. You must change the trusted hosts on the client side.

Run: gpedit.msc
Then: Computer Configuration -> Administrative Templates -> Windows Components ->  Windows Remote Management (WinRM) -> WinRM Client
Last: Enable “Trust the remote machine” and add the server to the trustedhost field.

Or with PowerShell:


How to: Create Nano server image

With Server 2016 TP5 available today, we want to test it by ourselves.
First; how-to deploy a Nano server image.

Download the server 2016 ISO and mount it.

  1. Launch PowerShell as Administrator.
  2. Copy Nano server folder with the following command:
  3. Import the PowerShell module for building the the image with the following command:
  1. Run command

Gives a GUI where you can give the parameters for deploying the nano server VHD.
* Note: When you select other roles you must use the -Mediapath variable to the ISO.
** Note: AdministratorPassword must be a secure string. In the GUI Password field: (ConvertTo-SecureString -String “YourPassword” -AsPlainText -Force)

In order to automate things you can also do it by hand:


Get PowerShell version

Sometimes you need to check the PowerShell version of your Windows System, to get the PowerShell version you need to open a PowerShell prompt (taskbar type PowerShell).

This information is contained in the following variable:

Will give you the exact version.
Other commands which can be used are:


Get external IP Address using PowerShell

In some cases it can be useful to check your external IP Address within a PowerShell script.
So I created this little script:

Create PowerShell monitor SCOM

With scripts you can monitor almost everything in SCOM. Out of the box SCOM uses mostly VBScript instead of PowerShell, because it works on all Windows versions. I prefer PowerShell above VBScript, so I created some PowerShell performance collection rules and PowerShell monitors.

Silect created an awesome tool called MP Author to build management packs wizard driven.

The steps:

– Create new management pack, give it a name, choose a folder, locate the references and select Empty Management pack.
– Create a custom application class. In MPAuthor this called Targets, create a new target. I used WMI to locate the custom application service (Select * From Win32_Service Where Name Like “%Service name%”). We are working with a Windows local application, with Windows Computer as target.
– Next, create a custom PowerShell performance rule or a PowerShell monitor (works the same). New “Script performance rule”. Give the script a name and paste the code in the script area. In the next page provide the parameters:

Counter: Pagespeed
Instance: Someinstance
Value:  $Data/Property[@Name=’Pageloadtime’]$

Select the target we created the above and finish the wizard.

Example script to explain the used SCOM variables: