Category Archives: SCOM

SCOM Agent Config for Domain Controllers

Well known configuration that needs applying to domain controler after the SCOM agent is installed.

Clue that this has not been done is that the relevent domain controller will show in the SCOM console as not monitored.

  • Open an elevated command prompt.
  • Navigate to the agent install folder on the domain controller, typically C:\Program Files\Microsoft Monitoring Agent\Agent.
  • Run  – HSLockdown.exe /A “NT AUTHORITY\SYSTEM”
  • Restart the SCOM agent service – run net stop healthservice & net start healthservice

Thanks yet agin to Kevin Holman.


SCCM 1702 Failed Install – OLEDB Data Link Properties Tool

Easy way to test a connection to an OLEDB  data source.

  • Save an empty file to desktop with a UDL extension.
  • Double-click to open and use the Data Link tool to test connectivity to the required source using the choice of providers.

Used this tool when troubleshooting a failed SCCM 1702 install.  Logs indicated SQL native client error.  Tested connection to SCCM DB using this tool using the server name (worked) and then FQDN (failed).  Found a reg key to change this setting.  Restarted the SCCM 1702 install and it worked!

SCOM 2016 Maintenance Schedules – The Execute Permission Was Denied For Object ‘sp_help_jobactivity’


Attempting to automate some maintenance schedules using the new SCOM 2016 functionality and received the following error:

The Execute Permission Was Denied For Object ‘sp_help_jobactivity’.


Assign  the following rights for the SCOM Data Access Service account (SDK service) against the msdb database:

  • SQLAgentOperatorRole
  • SQLAgentReaderRole
  • SQLAgentUserRole

As always many thanks to Kevin Holman – more info about this issue here:

SCOM 2012 – Display the Active Directory Description Attribute in the SCOM 2012 R2 Admin Console


The objective of this procedure is to display the Active Directory (AD) description attribute in a State View in the SCOM 2012 R2 Admin Console.  The basic steps are:

  • Create a VB script to write the AD description attribute to a system environment variable called ADDescription.
  • Assign the script as a Group Policy Startup script.
  • Configure a new Custom Attribute in the SCOM console to read the ADDescription value from the registry.
  • Create a State View in the SCOM console and expose the column containing the value of ADDescription for relevant devices.


The Windows Computer class has already been extended so that the Windows Computer_Extended class already exists and there is an unsealed management pack available to save custom settings to.


Step 1 – The script

Option Explicit

On Error Resume Next

Dim WSHShell, strComputer, strDescription, objSysInfo, objComp

Set WSHShell = WScript.CreateObject(“WScript.Shell”)

Set objSysInfo = CreateObject(“ADSystemInfo”)

Set objComp = GetObject(“LDAP://” & objSysInfo.ComputerName)

strDescription = objComp.Description

WSHShell.RegWrite “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ADDescription”, strDescription, “REG_SZ”

Step 2 – Group Policy

  • In the Group Policy Management console select the relevant OU against which the new policy object is to be applied, e.g.  the Default Domain Policy, and select Edit from the context menu.
  • In the Group Policy Editor navigate to Computer Configuration # Policies # Windows Settings # Scripts # Startup and assign the script created in Step 1.

Step 3 – Create a Custom Attribute in SCOM

  • Go to the Authoring workspace in the SCOM console.
  • Select Management Pack Objects # Attributes.
  • Create a new attribute using these settings:
    • Discovery Type – Registry
    • Target – Windows Computer_Extended.

Probe configuration

  • Key or Value Type – Value,
  • Path = SYSTEM\CurrentControlSet\Control\Session Manager\Environment\ADDescription.
  • Attribute type = String.
  • Query Interval – to suit the target environment.

Step 4 – Create the State View

  • Access the SCOM monitoring workspace.
  • Ensure the custom management pack used to save the ADDescription attribute to is viewable.
  • Create a new State View, setting the Object to Windows Computer_Extended and use the Display tab to select the relevant columns which will included the ADDescription.


Applying a license to an evaluation version of SCOM 2012 R2

I have just completed a fresh install of SCOM 2012 R2 and on completion the install needs to be licensed. This process is unnecessarily cumbersome.

  • Run Powershell as administrator.
  • import-module operationsmanager and hit return.

This loads the SCOM Powershell module.

  • New-SCOMManagementGroupConnection -ComputerName OPS1SVR and hit return.

This creates the connection to the SCOM server, OPS1SVR in this instance.

  • Get-SCOMManagementGroupConnection and hit return.

This is just to check the connection to the SCOM server is OK.

  • Set-SCOMLicense -ProductId “xxxxx-xxxxxx-xxxxx-xxxxx-xxxxx” and hit return.

This loads the product key – replace all the “xxxxx” bits as appropriate.

  • Get-SCOMManagementGroup | ft skuforlicense, version, timeofexpiration –a and hit return.

This displays the details of the installed license.  When I did this it still showed the evaluation license details.

  • Restart the server!!
  • After the restart run Powershell as administrator again.
  • Get-SCOMManagementGroup | ft skuforlicense, version, timeofexpiration –a and hit return.

The full license details should now be displayed.