Operations Manager – Discovered Entity Cleanup

We have been tracking a problem with some of our Operations Manager Server 2008 R2 agents. We have a pool of single CPU VMs that have been reporting “Operations Manager Agent CPU too high” alerts every ten hours or so (give or take a few hours). Unfortunately, I am not able to catch the agents while the CPU spike is taking place. Maybe I could set up a “Data Collector Set” to gather lots of process information when a CPU spike condition occurs, but I am feeling lazy and don’t want to do it.

So instead, I am taking a different approach… disabling non-essential discoveries to see if this lightens the load on the agents enough to stop the CPU spikes.  I thought I knew how to do this already, but my fist pass failed, and I had to learn something new (gasp!).  My thanks to Jonathan Almquist for his post on this subject:
http://blogs.technet.com/b/jonathanalmquist/archive/2008/09/14/remove-disabledmonitoringobject.aspx
Without that one, I would still be foundering.

I our case, I wanted to suppress discovery of System Center Configuration Manager 2007 Clients in the SCCM 2007 Management Pack.  To accomplish this, we need to identify the pertinent discovery rules, create a group that contains the agents that we want to exclude from discovery, then override the discovery for this new group.  We then can speed cleanup of the now obsolete discovered objects using the PowerShell “remove-disabledMonitoringObject” cmdlet.

  1. Go to the OpsMgr console, change to the the Authoring->Management Pack Objects->Object Discoveries view.  Use the “change scope” option to limit the displayed discovery rules to only those in the Configuration Manager management packs.  In this instance, we see there are rules for “Microsoft ConfigMgr 2007 Clients Discovery” and “Microsoft ConfigMgr 2007 Advanced Client Discovery”.  I will disable discovery for both of these.  Before moving on, take careful note of the “target” column.  In this case the target is “MOM 2005 Backward Compatibility Computer”, not “Windows Computer”, as you might expect.
  2. Change to the Authoring->Groups view.  Create a group that includes only objects of the type you identified in the first step.  I used dynamic inclusion rules to add all entities that do not match the naming convention of our Configuration Manager servers.
  3. Now go back to the Object Discoveries view, find the rules you want to override again, and add an override for objects in your new group.
  4. You could wait a few discovery cycles for the discovered entities to go away, or just pop into the OpsMgr PowerShell console, and run “remove-DisabledMonitoringObject”.  If you did your override rules properly, your undesirable objects should disappear right away.

I now have removed discovery and monitoring of the SCCM Client on all of the Windows Servers in my monitored environment.  We now shall see if this makes the OpsMgr Agent CPU utilization alerts go away.

The Cake is a lie (and so is abecmd.exe)

In addition to playing Portal 2 (good work, Valve guys!), I have been doing that some of thing called “work”. Today I decided to get back to the question of whether it is possible to enable and disable the Windows file server feature known as “Access Based Enumeration” (or “ABE”) from the command line.

Documentation suggests “yes”, that this is possible, using a tool known as “abecmd.exe”. Unfortunately, I can find no evidence that such a tool exists on Server 2008 R2. Curious… under Server 2003 R2 you needed to use the command line to enable ABE. Now under 2008 R2, you cannot (easily) use anything other than the GUI. Also interestingly, the only GUI that supports enabling ABE is the “Share and Storage Management” MMC that is included with “Server Manager” (the old “Shared Folders” MMC does not have this feature, and neither does the “Sharing” tab in Windows Explorer). It gets even better… if you create a share from the command line using “net share”, ABE is not enabled on the share. WTF? I thought Microsoft was supposed to be reducing the number of features that require the GUI, not ramping them up.

Of course, the ABE flag can be set using the NetShareSetInfo function of the netapi32.dll. However, using these older dlls in PowerShell is a touch more complicated than I care to deal with on a daliy basis. Have gander at this code:
http://poshcode.org/1635
Yuck! (No insult to the code intended… I just mean that I should not have to deal with this to perform basic share admin tasks!)

Fortunately, Bill Steward over at Windows IP Pro has taken mercy on us:
http://www.windowsitpro.com/article/scripting/managing-abe-from-the-command-line
Here he provides a small executable called “ShareABE.exe”, with source code, that will show and set ABE status on a server share.

Thanks, Bill!

I sure hope that Window Server “8” includes a new .NET assembly for file and print server management. These old APIs are a real pain in the keister.