SCOM agents not sending performance (CPU and Memory) data in the last 4 hours

The report shows servers that has not send Processor (CPU) and memory performance data in the last 4 hours.
Note: This report excludes clusters (agent-less) from the query.
Possible causes for agents appearing on this report can be
1. problematic agent/unhealthy, stopped health service etc etc.
2. Performance counter corruption, perfmon shows numbers instead of names
3. Firewall between the agent and the management server
4. Server decommissioned – greyed out
Next improvements:
1. Look at agents on *nix servers like Unix and Linux.
PM me if you are interested in the query or report.

SCOM Alert as an SNMP Trap

I succesfully “integrated” SCOM with CA Spectrum using SCOM Alerts send as SNMP traps.


The powershell script gets called inside a SCOM command notification channel and only the AlertID is passed to the script.

The script below retrieves the alert details from SCOM and uses the “trapgen.exe” to send SNMP traps to a trap receiver/listener. On the receiving side the alert fields is then mapped

to the specific system in this CA Spectrum’s states and severities. 

Script Code

#Get alertid parameter
$alertid = $alertid.toString()

# Load SCOM snap-inn
#add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”

# Connect to SCOM – change management server to your RMS
#new-managementGroupConnection -ConnectionString:<SCOM 2012 Management server name of SCOM 2007 RMS server name here>
#set-location “OperationsManagerMonitoring::”

Import-Module OperationsManager

# Update alert custom field
$alert = Get-SCOMAlert -Id $alertid

$computername = $alert.NetBiosComputerName

if (!$computername) {
$computername = $alert.MonitoringObjectDisplayName
$computername = $alert.PrincipalName
$where = $computername.indexof(“.”)
write-host $computername

$computername = $computername.substring(0, $where)

if ($computername.indexof(“(Mailbox)”) -gt 0)
 $objfirst = $computername.indexof(“-“)+2
 $objsecond = $computername.indexof(“(Mailbox)”)
 $objdiff = $objsecond – $objfirst

 $computername = $computername.substring($objfirst, $objdiff)


#Below is the most common used list of variables available per alert
#$Computername   -Formatted computername, this variable in build in this script and will always contain the nebios name of the alert
#$alert.timeadded – Contains the date/time the alert was created/add to SCOM
#$alert.timeraised – date/time the alert was raised on the monitored system
#$    – SCOM Alert Name
#$alert.description   – SCOM Alert long/detailed description
#$alert.severity  – Will be “Error”,”Warning”,”Information”
#$alert.managementgroupname   – SCOM management group name of the scom implementation
#$alert.priority – Priority of the alert, will be “Normal”,”
#$Alert.customfield1-10 – Used for additional alert information populated by some of the management packs
#$alert.owner – owner of the alert, this is populated normally by scom users
#$ – unique ID of the scom alert
#$alert.monitoringobjectpath – path,
#$alert.monitoringobjectfullname – fullname of the object for this alert
#$alert.resolution – will be a number showing status 0 is normally “new”/”Open” and 255 is closure

#Below codelines send snmpt traps when scom alert is created/opened/new
if ($alert.resolution -ne 255)
 & “c:\trapgen1\TrapGen.exe” -d <IP of Spectrum server> -c public -o <oid to be used> -i <ip of SCOM server> -v <oid varbind to be used> STRING $alert.description -v <oid/varbind to be used STRING $computername.tostring()NG $ -v STRING $alert.severity -v STRING $alert.timeraised -v STRING “Open” -v STRING “Open”
#Add more parameters as “-v” above for the additional alert fields that you require into spectrum

#Below codelines send snmp when a scom alert is closed/resolved
if ($alert.resolution -eq 255)
 & “c:\trapgen1\TrapGen.exe” -d <IP of Spectrum server> -c public -o <oid to be used> -i <ip of SCOM server> -v <oid varbind to be used> STRING $alert.description -v <oid/varbind to be used STRING $computername.tostring()NG $ -v STRING $alert.severity -v STRING $alert.timeraised -v STRING “Open” -v STRING “Closed”

The biggest drawback of this solution is that when there is more than 5 alerts at the same time it will only send the first 5 alerts as traps unless you change the registry key for AsyncProcessLimit.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Modules\Global\Command Executer

In this key create a Dword called AsyncProcessLimit, be very carefull when adjusting this value, the maximum setting is 100.

The second biggest drawback is the impact this script will have on the management server, for each alert a powershell instance will be spawned each with its own memory and cpu requirements, imagine 20 powershell instance each requiring +-20MB of memory.

We are busy working on creating a full fledged SCOM product connector for the CA Spectrum integration that will circumvent the above drawbacks.

SCOM Alert Dashboard

I received a requirement from one of my clients to create a Alert dashboard that shows all current active/open alerts in the SCOM console per group.

Below is what i’ve come up with


The report shows the current open alerts in the SCOM console per technology area. It shows the top 10 alerts per server as a percentage of the total.

There is drill-down functionality on the dials that allows you to view the detail alert information as well.

For example if I click on the dial showing Current SCOM Error Alerts i get the information as per below


Notice that the above screen only shows the Error alerts, the information is sorted by the Time Raised column and the alert description is viewable in a drill-down