Create 100’s of TCP monitors in minutes with SCOM.

Hello everyone,

As you may or may not know, creating TCP monitors in SCOM through use of the template is a fairly time intensive task, especially if you have to create a ton of TCP monitors. Furthermore, templates are fine for smaller scale Operations Manager environments but tend to create a lot of unneccessary groups, overrides, views etc.

So naturally I was looking for a more elegant solution as I did not want to go through creating 100’s TCP monitors. My first thought was to google if anything exists already, and to my surprise, I did not find any immediate solutions.
What I did find however was the following post. (Credits to Gowdhaman Karthikeyan)

This post explains how you can use a powershell discovery with a comma seperated file or ‘CSV’ to add the proper TCP Port instances in SCOM.
This has some significant advantages over using the template (as  outlined in the blog post):

• You can let other teams add TCP monitors themselves, with minimum SCOM knowledge or access.
• It is more scalable, as it does not create any unnecessary groups, overrides, views compared to the template.
• It is a lot faster, as you dont have to go through the template for each TCP monitor you want to create.
• The information is centrally stored in the CSV.

The blogpost covers the class/discovery creation of these TCP port instances, but does not cover the monitoring part. As I did not have time to wait for part 2, I decided to use his management pack to add monitoring to it as well.

To enable monitoring I went through the following steps:

• Created a Visual Studio solution and migrated the classes/discovery in my new management pack.
• Create a ‘dummy’ TCP port monitor from the template wizard and save it in a new management pack.
• Export this management pack, and manipulating the datasources to change the hardcoded stuff to the properties of our custom class.

This is what the initial datasource for the monitor looks like generated by the template:

<ModuleTypes>
<DataSourceModuleType ID=”TCPPortCheck_078ada71de03493d927d74746d848bd6.TCPPortCheckDataSource” Accessibility=”Public” Batching=”false”>
<Configuration />
<ModuleImplementation Isolation=”Any”>
<Composite>
<MemberModules>
<DataSource ID=”Scheduler” TypeID=”System!System.Scheduler”>
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit=”Seconds”>120</Interval>
</SimpleReccuringSchedule>
<ExcludeDates />
</Scheduler>
</DataSource>
<ProbeAction ID=”Probe” TypeID=”MicrosoftSystemCenterSyntheticTransactionsLibrary!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckProbe”>
<ServerName>server1.customer.org</ServerName>
<Port>80</Port>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID=”Probe”>
<Node ID=”Scheduler” />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>MicrosoftSystemCenterSyntheticTransactionsLibrary!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckData</OutputType>
</DataSourceModuleType>

The bold part is the hardcoded part we have to replace. However, we do not have added any data yet from our target class to the data source, which we will have to add as well. The datasource eventually looks like this:

<DataSourceModuleType ID=”TCPPortMonitor.TCPPortCheck.DataSource” Accessibility=”Public” Batching=”false”>
<Configuration>
<xsd:element name=”ServerName” type=”xsd:string” />
<xsd:element name=”Port” type=”xsd:int” />
<xsd:element name=”NoOfRetries” type=”xsd:int” />
<xsd:element name=”TimeWindowInSeconds” type=”xsd:int” />
</Configuration>
<ModuleImplementation Isolation=”Any”>
<Composite>
<MemberModules>
<DataSource ID=”Scheduler” TypeID=”System!System.Scheduler”>
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit=”Seconds”>$Config/TimeWindowInSeconds$</Interval>
</SimpleReccuringSchedule>
<ExcludeDates />
</Scheduler>
</DataSource>
<ProbeAction ID=”Probe” TypeID=”Synth!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckProbe”>
<ServerName>$Config/ServerName$</ServerName>
<Port>$Config/Port$</Port>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID=”Probe”>
<Node ID=”Scheduler” />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>Synth!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckData</OutputType>
</DataSourceModuleType>
</ModuleTypes>

The monitor types will have to be changed as well, as the properties of the class are not passed through in the template version of the monitor.
So it went from this:

<UnitMonitorType ID=”TCPPortCheck_078ada71de03493d927d74746d848bd6.TimeOut” Accessibility=”Public”>
<MonitorTypeStates>
<MonitorTypeState ID=”TimeOutFailure” NoDetection=”false” />
<MonitorTypeState ID=”NoTimeOutFailure” NoDetection=”false” />
</MonitorTypeStates>
<Configuration />
<MonitorImplementation>
<MemberModules>
<DataSource ID=”DS1″ TypeID=”TCPPortCheck_078ada71de03493d927d74746d848bd6.TCPPortCheckDataSource” />
<ConditionDetection ID=”CDTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<ConditionDetection ID=”CDNoTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
</MemberModules>
<RegularDetections>
<RegularDetection MonitorTypeStateID=”TimeOutFailure”>
<Node ID=”CDTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID=”NoTimeOutFailure”>
<Node ID=”CDNoTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
</RegularDetections>
</MonitorImplementation>
</UnitMonitorType>

To this:

<UnitMonitorType ID=”TCPPortMonitor.TimeOut.MonitorType” Accessibility=”Public”>
<MonitorTypeStates>
<MonitorTypeState ID=”TimeOutFailure” NoDetection=”false” />
<MonitorTypeState ID=”NoTimeOutFailure” NoDetection=”false” />
</MonitorTypeStates>
<Configuration>
<xsd:element name=”ServerName” type=”xsd:string” />
<xsd:element name=”Port” type=”xsd:int” />
<xsd:element name=”NoOfRetries” type=”xsd:int” />
<xsd:element name=”TimeWindowInSeconds” type=”xsd:int” />
</Configuration>
<MonitorImplementation>
<MemberModules>
<DataSource ID=”DS1″ TypeID=”TCPPortMonitor.TCPPortCheck.DataSource”>
<ServerName>$Config/ServerName$</ServerName>
<Port>$Config/Port$</Port>
<NoOfRetries>$Config/NoOfRetries$</NoOfRetries>
<TimeWindowInSeconds>$Config/TimeWindowInSeconds$</TimeWindowInSeconds>
</DataSource>
<ConditionDetection ID=”CDTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<ConditionDetection ID=”CDNoTimeOutFailure” TypeID=”System!System.ExpressionFilter”>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type=”UnsignedInteger”>StatusCode</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type=”UnsignedInteger”>2147952460</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
</MemberModules>
<RegularDetections>
<RegularDetection MonitorTypeStateID=”TimeOutFailure”>
<Node ID=”CDTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID=”NoTimeOutFailure”>
<Node ID=”CDNoTimeOutFailure”>
<Node ID=”DS1″ />
</Node>
</RegularDetection>
</RegularDetections>
</MonitorImplementation>
</UnitMonitorType>

By changing the monitor types and datasource part of the code, the hardest part is basically done. All we have to do is create 4 monitors and use the proper monitor types. These are the monitors that are included in the management pack:

• TCP Unreachable Monitor
• TCP Timeout Monitor
• DNS Resolution Monitor
• Connection Refused Monitors.

I have not added any performance collection yet, but will probably add this in a later stage.

Before of after importing the management pack, make sure you still have to follow these steps:

• A share on which you will place the CSV file. It should be reachable from the management servers and the default management server action account should have access to the share. The discovery runs on an a default interval of  4 hours. The CSV file should look like this (make sure to use a ‘comma’ as your delimiter!):
• Change the sharename of the discovery by overriding the filepath property in the discovery (TCP Monitoring Class Discovery).
  
• Create views based on the TCP Monitoring Class, as I always use Squared Up instead of the standard scom console, I decided not to include any views in the MP. Here are some screenshots of what it looks like:
  
  
  
  

Note: this MP only works with 2012 R2, but you can change the references to an older version and it should work as well.

As always, I would recommend to test the management pack before using it. Feel free to comment should you run into any issues. The management pack can be downloaded here

Regards,

Jasper