O R G A N I C / F E R T I L I Z E R: 07.06

Jul 30, 2006

sms: dcm - alpha tech solutions

a few folks have posted comments regarding training on dcm that's available from alpha tech solutions. i wasn't sure how seriously to take it since i'd never heard of it before ... but after talking to one of the dcm dev folks, i decided to look into it a little bit. i emailed their sales person and asked for an eval so that i could go through the training set and review it. to my surprise, they were more than willing. :) training is broken down into two parts. the first part covers the following:
  1. introduction
  2. installing the dcm authoring tool
  3. creating and customizing manifests
  4. customizing scenarios (part 1)
    • check service state
    • check file version
    • verify automatic updates
    • verify smtp default domain
    • verify minimum password length
the second section covers the following:
  1. customizing scenarios (part 2)
    • verify if a hotfix is installed
    • verify if a service exists
    • check file existence
    • number range
    • firewall status
  2. deployment and execution
  3. reporting
by the time you've gone through the training, if you follow along, you'll have built a decent manifest by which you should be able to go back and edit it for your own use. it's not necessary though since the manifest is available with the training material. there are a quite a few examples of advanced rule building that you will want to pay attention to such as the number range which can determine if a machine's memory is within a tolerable range to meet compliance. there are some assumptions about the level of knowledge the viewer should have. having sms knowledge is helpful since they don't cover any of the how-to parts on deploying packages, creating collections, etc, etc, etc. also, having some knowledge about wmi will be very helpful since most of the scenarios happen to use wmi. i haven't gone through the dcm documentation (the one released by microsoft) to any reasonable extent so i'm not sure how much overlap there is. however, i can say that it is much easier to watch the examples given in the demonstrations than read it on paper (or screen). there are some scenarios that i wished had been covered in greater detail such as the formulaic parts of an xpath expression and detail about the various query functions. none the less, it's more than you're going to find out there. by the way, the whole thing is done in flash so you can navigate around the topics, fast forward through scenarios to get to the part you want, reverse, stop, etc. if your organization is looking at using dcm for configuration monitoring, you may want to consider looking at this available training guide. much cheaper than sending someone to class since it runs a buck shy of $200. it's about two hours long so it can be consumed in the space of a couple of lunches. :) they seem to believe in this stuff. i say that because they've got a product called rulegen that apparently will build a manifest from a golden machine. kind of neat. check them out...

sms: start to finish guide to mof editing

i finished reading start to finish guide to mof editing: the definitive guide to systems management server hardware inventory customization last week but hadn't had a chance to write up my thoughts about it until now. i had decided to load up vista ... which is another story entirely. i met the author at a user group conference in atlanta (southeast management user group). if you know jeff gilbert, you know what a character he can be. i'll just ask you to keep that in mind as you read the book. i think his intent was to try to make the book as easy to read as possible. i mean, a book on mof editing, is not exactly exciting material. however, he does try to add a bit of humor to keep the reader interested. the examples he uses are also clever enough to help some of the providers make sense. i remember way back when michael schultz asked me to review and edit his original mof editing guide. around this time, the sms mailing list was pretty active with most of us trying to figure out the hell to extend the sms_def.mof. i was more than happy to go through it because it made a fantastic learning opportunity. i thought i had some idea of how it all worked but was amazed at how much he had managed to uncover about all the little secrets that went undocumented or was extremely difficult to find. good stuff... so present day, i feel like i know mof editing pretty well. so to me, reviewing another book on mof editing, i felt like i'd be happy if i could take away at least one good gem of knowledge. since the book is a start to finish, there are some parts i read through quickly (mostly the beginner stuff) but slowed down to absorb the information on the various providers and tapping into them. when i hit that part, i started making dog ears on the pages. i was pleasantly surprised to keep reading gems of useful information that i know i'll be using at some point in the future. it goes into much further detail than just extending sms_def.mof. it covers static inventory, scripted inventory, and cleaning up obsolete classes and data. clearly the guy has done his homework. there's not a whole lot that i'd have expected to see or have asked for. i do wish there was more detail about the tools that can help an administrator extract data out of wmi (namely so i can throw the book at people and tell them to do it themselves). oh... also, an index would have been nice. :) overall, it's a great book for beginners and advanced mof editors alike. this will definitely be sitting on my reference shelf! (i had my copy printed.) great job, jeff!

Jul 27, 2006

mom: memory processes

NOTE: this script is deprecated. feel free to use it, but you should refer to this post, which actually has a newer, cooler script.

this is kind of a follow on to my earlier post regarding cpu processes.

this time, it detects memory processes. anyway, the thing works pretty much the same way. the logic is a bit different in the way it returns information, only because i didn't want to figure out how to do a bubble sort in vbscript and finding a threshold marker ... wasn't too sure about that either.

i don't profess to be a script guru. what i did was tally up the total process workingsetsize by the number of total processes. using that as a kind of median value, the script returns anything above that threshold line. workingsetsize divided by 1024 gives you the same thing as task manager, in case you were wondering about that.

if you have better suggestions, please do rewrite or modify and let me know! :) it's posted to the usual places: momresources.org myitforum.com

Jul 26, 2006

misc: atlanta smug coming up 9/20 8.5 - 3.00

hey folks, there's another southeast management user group coming up september 20, 2006. it'll run from about 8:30 to 3:00 at the sanctuary park facilities up here in alpharetta. if you remember, these run about every quarter or so. looks like a great lineup ... try to be there! the user group section on myitforum.com will be updated soon to reflect the new agenda. if you can't make it, as usual, the presentations will be posted to the site. look forward to seeing you all there. Agenda
  8:30am - 9:00am  Breakfast
 9:00am - 10:15am  Server and Desktop Deployment Methodologies with SMS 2003 Part 1
10:15am - 10:30am  Break
10:30am - 11:00am  SMS Admin Roundtable
11:00am - 12:00pm  System Center Operation Manager Beta 2 via Webast in Atlanta
  12:00 - 12:45pm  Working Lunch Data Protection Manager Today and Beyond
   12:45 - 2:00pm  Server and Desktop Deployment Methodologies with SMS 2003 Part 2
  2:00pm - 2:15pm  Break
  2:15pm - 3:00pm  MOM and SMS Top 10 issues

Jul 25, 2006

sms: stopping errant package from sending to distribution points

not real sure how else to put it. this came up on the myitforum sms discussion list today. an administrator inadvertently created a very large patch package and replicated it to all of his distribution points. there's a few things to be aware of here:
  • distribution points off of the site server are not governed by lan sender, hence have no bandwidth throttling
  • distribution manager will attempt to complete the cycle before attempting to stop the cycle
i'm not sure what his lan senders were set to ... but distribution manager sending this humongous package out to 20 or so distribution points (which only a few were local) was choking his wan links. how did he stop it? here's the steps:
  1. delete the package off the source site server
  2. execute stopjob.exe against all destination site servers

Jul 21, 2006

sms: itmu cannot start updates installation due to install window violation

don't inadvertently make this happen. it's pretty silly...

inside the dsuw, you probably recall being presented with the option to force installations to comply to a window for advanced clients only. this setting is nearly useless if you're using dsuw the way it was intended (as in reoccurring schedules). it's also useless if you're forcing package download and execute instead of running from a remote distribution point.

the window that is specified uses the advertisement start time as its beginning marker. this means if you set an early start time to make sure your clients downloaded this month's patches and then a mandatory execution 3 days later, your advertisement would fail. why?

well, going on the default setting of 90 minutes, by the time the execution fires, you've already long lapsed that install window. you'll get an error in patchinstall.log that reads:

cannot start updates installation due to install window violation. 


if you've already setup dsuw this way, don't waste time going back through the wizard. instead, remove the /l:[time] switch from the program command line. something like this...


PatchInstall.exe /n /z:ws /l:90 /s /q /c:5 /p /t:30 /m:"PatchAuthorize.xml"



PatchInstall.exe /n /z:ws /s /q /c:5 /p /t:30 /m:"PatchAuthorize.xml" 

Jul 19, 2006

mom: monitoring cpu spikes the right way

NOTE: this script is deprecated. feel free to use it, but you should refer to this post, which actually has a newer, cooler script.

one of the things i can't stand about most monitoring systems nowadays is that they're not really designed to be viewed by an operator. i think we've diluted that term. we don't enable "operators" to really do much of anything. we give them a little console they can stare at and hope that if they see some alert pop up, they'll wake up and dial someone. how does that translate into a successful use of technology? i think we've all been around a phone long enough to know how to dial it. so ... why not take some baby steps and move forward?

here's my baby step. i don't really do things out of my own volition because unless it's making my life easier, it's hard to be inspired. anyway, a fellow coworker received an alert on a cpu spike and asked the obvious question. what's making the condition occur? this raises interesting questions on its own because in order for anyone to answer this, they'd have to be at the machine at the time the problem occurred...

or at least in spirit, proxy, or whatever. then, you've armed your operator with at least a tad more information than what they had before. for mom anyway, the best way to do this is letting the agent handle it.

i wrote up a script that was bastardized out of microsoft windows base operating system state monitoring script. it's the one used to detect cpu spike conditions. that script returns a list of processes utilizing more than 10% of the cpu. so... i took most of the pieces, rearranged them, added a parameter for threshold ... and have added it our environment. aforementioned, it doesn't make sense to use this as a task or anything like that since you'd have to be sitting there glaring at the console, waiting for a cpu spike, and then executing, to get the problem occurance. just add the script as a response to an event or maybe a threshold rule.

it'll create an event so make sure you have an alert that'll pick it up. now, i suppose things that happen over a duration, the information returned may be pointless... since there could be multiple things going on over that duration. oh well... it's a start.

for my sample setup, i created a performance threshold rule that would alert on processor % time utilization. i set it to continously fire just for my test. appended to that, i created a response to run the script to return processes. since the script writes an event, i setup an event rule to grab the event and generate an informational alert. anyway, here's the details:

script properties:
  • name: Top Processes
  • parameters: Percentage
  • value: 5
threshold rule properties:
  • rule name: [Test Rule] Processor spike occurring!
  • provider: Processor-% Processor Time-_Total-2.0-minutes
  • threshold: the sampled value
  • match when: always
  • response: Top Processes
event rule properties:
  • rule name: [Test Rule] Pick up events for top processes.
  • source: Top Processes Script
  • event id: 40100
i've posted the script to momresources.org and myitforum.com. pete's usually great about getting back to me once the file has been posted so i'm sure it'll happen soon. have fun with it and let me know what you think. it's rough around the edges, but i think you get the idea.

Jul 11, 2006

os: kerberos maxtokensize giving you problems?

i experienced issues with this pretty quickly awhile back when we were rolling out windows 2000 so whenever i see something on maxtokensize, i wake up. anyway, again, one of the best sources of information, the activedir.org mailing list, carried a conversation on this which lead to a couple of great links: address problems due to access token limitation tokensz tool

Jul 6, 2006

sms: looking for the dcm manifest beta?

saikodi updated his blog recently with some further instructions on locating the dcm manifest beta. i tried to locate it again but couldn't find it. i tried all variations of names to locate it but had no success. know why? i was already signed up. once i switched to "my participation", it was there, hiding in plain sight. search for the word "manifest" in the available list. it should be under the "core infrastructure solutions" connection.