Monthly Archives: September 2016

The issue of closing alerts triggered by monitors – proposing a new solution

The issue is by no means new to SCOM community, so I will just briefly mention it here: monitoring inconsistencies are introduced when an alert (generated by a monitor) is closed without the error condition itself being resolved; that monitor in an unhealthy state will never raise another alert to warn you of the underlying error condition until the monitor returns to a healthy state back again.

My solution to address this issue is the Management Pack that I uploaded to TechNet gallery: https://gallery.technet.microsoft.com/Alerts-Watchdog-Management-d5b3ea77

The MP is actually simple: it only implements a rule that has a DataSource of type Microsoft.SystemCenter.SubscribedAlertProvider with the Criteria defined as:
Resolution State = 255 and IsMonitorAlert = True and LastModifiedBy <> System and LastModifiedBy <> Auto-resolve and LastModifiedBy <> Maintenance Mode.

The rule has 2 write actions:

– First to generate an informational alert, something in line with the example below:

Alert Name: Logical Disk Free Space is low was closed manually by
Alert Description:
The alert was triggered by monitor {12631e6d-900b-d685-a713-e821d2c06c70}
The Managed Entity Full Name is: Microsoft.Windows.Server.2008.LogicalDisk:;C:
(with Id {d28f408e-1bf7-ffeb-c42c-695b889f8496})
The health state will be now reset to ensure consistent monitoring…

– Second is a type Microsoft.Windows.PowerShellPropertyBagWriteAction write action and it executes a script that is resetting the associated monitor (passed parameters are $Data/WorkflowId$ and $Data/ManagedEntity$ from the DataItem provided by the DataSource)