Creating event based alerting rules in SCOM 2012

Hi Guys,

Below are the step by step method to create event id based rule creation in SCOM.If you want to monitor any event id through SCOM, you can use below steps.

  1. In operation console click to authoring console and right click rule.



2. As we are creating event based NT Event Log(Alert) and save in Management pack.Click Next

Give the rule name(I have given SCOM Test Rule)  and Select the rule category.In Rule target click select and search for all windows computer.


I have enabled the rule.But for production always uncheck this box and based on your requirement you can override the rule.


3.Select the log name.I am creating alert for application log and click next


4. Give the event id which you want to monitor.For example I have given 101 and event Source is EventCreate. Click Next


Click next and Click Create.

Lets Test the event which we created.

Login to any SCOM monitor device and open the CMD as adminstrator.

Run the below command.



After running the CMD you should see the below output.


Now open SCOM operation console and click on new alert








Health Service State folder in OpsMgr 2012 and SCOM 2007

Where is the default location for the Health Service State folder in SCOM 2012 and SCOM 2007

 Operations Manager 2007:

Health Service folder location on SCOM 2007 management server

The default location in OpsMgr 2007 for Management Servers is: \Program Files\System Center Operations Manager 2007\Health Service State

Health Service folder location on SCOM 2007 agent machine

The default location in OpsMgr 2007 for Agents is: \Program Files\System Center Operations Manager 2007\Health Service State

Operations Manager 2012:

Health Service folder location on SCOM 2012 management server

The default location in OpsMgr 2012 for Management Servers is: \program files\System Center 2012\Operations Manager\Server\Health Service State

Health Service folder location on SCOM 2012 agent machine

The default location in OpsMgr 2012for Agents is: \Program Files\System Center Operations Manager\Agent\Health Service State

SCOM 2012 Build Numbers & Update Rollup Packages

System Center Operations Manager 2016

Build Number KB Release Date Description
7.2.11257.0   19/11/2015 SCOM 2016 Technical Preview 4
7.2.11125.0   19/08/2015 SCOM 2016 Technical Preview 3
7.2.11097.0   06/05/2015 SCOM 2016 Technical Preview 2
    01/10/2014 SCOM 2016 Technical Preview 1


System Center Operations Manager 2012 R2

Build Number KB Release Date Description
7.1.10226.1239 3183990   SCOM 2012 R2 UR11
7.1.10226.1177 3129774 27/01/2016 SCOM 2012 R2 UR9
7.1.10226.1118 3096382 27/10/2015 SCOM 2012 R2 UR8
7.1.10226.1090 3064919 11/08/2015 SCOM 2012 R2 UR7
7.1.10226.1064 3051169 28/04/2015 SCOM 2012 R2 UR6
7.1.10226.1052 3023138 10/02/2015 SCOM 2012 R2 UR5
7.1.10226.1046 2992020 27/10/2014 SCOM 2012 R2 UR4
7.1.10226.1037 2965445 29/07/2014 SCOM 2012 R2 UR3
7.1.10226.1015 2929891 23/04/2014 SCOM 2012 R2 UR2
7.1.10226.1009 2904678 27/01/2014 SCOM 2012 R2 UR1
7.1.10226.0   18/10/2013 SCOM 2012 R2


System Center Operations Manager 2012 SP1

Build Number KB Release Date Description
7.0.9538.1136 3071088 11/08/2015 SCOM 2012 SP1 UR10
7.0.9538.1126 3023167 10/02/2015 SCOM 2012 SP1 UR9
7.0.9538.1123 2991997 27/10/2014 SCOM 2012 SP1 UR8
7.0.9538.1117 2965420 29/07/2014 SCOM 2012 SP1 UR7
7.0.9538.1109 2929885 23/04/2014 SCOM 2012 SP1 UR6
7.0.9538.1106 2904680 27/01/2014 SCOM 2012 SP1 UR5
7.0.9538.1084 2879276 21/10/2013 SCOM 2012 SP1 UR4
7.0.9538.1069 2836751 23/07/2013 SCOM 2012 SP1 UR3
7.0.9538.1047 2802159 08/04/2013 SCOM 2012 SP1 UR2
7.0.9538.1005 2785682 23/01/2013 SCOM 2012 SP1 UR1
7.0.9538.0   15/01/2013 SCOM 2012 SP1


System Center Operations Manager 2012

Build Number KB Release Date Description
7.0.8560.1048 3071089 11/08/2015 SCOM 2012 UR8
  MP link 22/10/2013 SCOM 2012 UR7 – MP for UNIX and Linux Operating Systems
    08/10/2013 SCOM 2012 UR6 – MP for UNIX and Linux Operating Systems
    08/04/2013 SCOM 2012 UR5 – MP for UNIX and Linux Operating Systems
    08/01/2013 SCOM 2012 UR4 – MP for UNIX and Linux Operating Systems
7.0.8560.1036 2756127 08/10/2012 SCOM 2012 UR3
7.0.8560.1027 2706783 28/10/2012 SCOM 2012 UR2
7.0.8560.1021 2686249 07/05/2012 SCOM 2012 UR1
7.0.8560   04/03/2012 SCOM 2012 RTM



How to check current SCOM version and UR

Open SCOM operation console.You can click on help option and check the product version.

You can check the build number from below link


Powershell to check the SCOM version

 You can use below command to view SCOM current version.You have to run the below command in operation shell


How to check SCOM agent version and UR

You can go to SCOM operation console and click to Agent by version. there you able to see SCOM agent details.

You can customise the view as per your requirement.






System Center 2016 makes it easy to deploy, configure, manage and monitor your virtualized workloads, software defined datacenter and hybrid cloud infrastructure. Enabling a comprehensive datacenter management solution support for everything from provisioning the physical and virtual infrastructure to IT process and service management.

System Center 2016 offers an array of new capabilities across components (see Table 1).




Manage your virtualized datacenter with Virtual Machine Manager

System Center 2016 Virtual Machine Manager provides a comprehensive solution for deploying and managing the advanced compute, storage, networking and assurance aspects of your Windows Server 2016-based software-defined datacenters. With Virtual Machine Manager (VMM), you can:

Effectively upgrade, scale and manage your datacenter environment

 Deploy compute and storage clusters from bare metal machines

 Manage the lifecycle of the new, minimal-footprint Nano Server-based hosts and VMs

 Perform rolling upgrade of Windows Server 2012 R2 clusters to Windows Server 2016 clusters with no  downtime for the hosted workloads

 Take application-consistent VM checkpoints (production checkpoints)

 Change memory and virtual network adapter configuration of a running VM

 Perform intelligent placement and live migration of VMs

 Have a scalable installation of up to 25K VMs on 1K hosts

Build highly available storage at low cost

 Deploy and manage storage clusters with Storage Spaces Direct (S2D) in disaggregated and hyper-converged topology. S2D reduces storage costs by building highly available and scalable storage systems using industry standard servers with local storage

 Replicate storage volumes synchronously using Storage Replica (SR) instead of expensive storage-based replication

 Enforce Quality of service (QoS) for virtual machine storage to avoid the noisy neighbor problem.

Configure the network using software instead of hardware

 Easily deploy Software Defined Networking (SDN) components such as the Network Controller, Software Load Balancer (SLB) and virtual network gateways using pre-defined and customizable service templates

 Create and configure virtual networks on demand

 Control network traffic entering and egressing VMs using port access control lists (port ACLs)

 Provision SDN Quality of Service (QoS)

Easily deploy applications

 Easily deploy multi-tier applications using templates with drag-and-drop template authoring

 Easily scale-in and scale-out applications

 Utilize custom scripts for application deployment

Enhance the security of your compute infrastructure

 Create and manage the lifecycle of guarded hosts that provide the infrastructure for Shielded VMs

 Create Shielded VMs using the VMM console and Windows Azure Pack (WAP)

 Convert non-shielded virtual machines to Shielded VMs using VMM console and WAP 

Monitor your datacenter infrastructure and applications using Operations Manager

System Center 2016 Operations Manager expands the surface area and experience of monitoring infrastructure and applications across public and private clouds. It provides full support for monitoring Window Server 2016-based software-defined datacenter technologies. With Operations Manager (OM), you can:

Monitor diverse environments

 Monitor your deployment of Nano Servers and associated workloads, such as DNS workloads

 Monitor your S2D and SDN deployments

 Monitor Linux and Unix servers, with up to 1000 hosts monitored per management server

 Monitor the LAMP stack

 Monitor Azure, O365, SQL, Exchange, Server OS, DHCP, DNS, NLB, IIS, etc. using new management packs (MP)

Perform enhanced network monitoring

 Monitor a broad range of network devices with automatic MP generation from published Management Information Bases (MIBs)

 Live monitor network performance such as loss and latency within and across your datacenters and hybrid cloud infrastructure

Achieve operational simplicity

 Get dashboard views from any browser using the new HTML5 web console

 Plan and schedule maintenance windows for workloads without generating spurious alerts in OM  console

 Seamlessly discover, install and update required management packs right from the OM console

 Tune management packs, and alter the monitors and alerting rules – either at source level or group level – to reduce alert noise

 Discover third-party management packs, authoring tools, dashboard utilities, etc. right from the OM console

 Experience a more responsive application console, including the ability to navigate across different views and pivots without having to wait for the data to load

 Perform in-place upgrade of OM servers


Get rich data analytics

 Attach to OMS right from the OM console and get log analytics and correlation of alerts

 Utilize new services for audit collection

 Visualize data in richer form in OM dashboards

Deploy, configure, and keep your Windows and mobile devices up to date using Configuration Manager

System Center 2016 Configuration Manager (current branch) provides a unified management console with an automated set of administrative tools to deploy software, protect data, monitor health, and enforce compliance across all devices in your organization. New enhancements in Configuration Manager make deploying and managing Windows and Windows Server easier than ever before with new improvements including the support of the latest Windows 10 features, Windows in-place upgrade, more frequent and easier updates, unified end-user portal, and more. With Configuration Manager, you can:

 Deploy, upgrade, and provision Windows with modern methods such as in-place upgrade and provisioning packages and profiles

 Keep Windows up to date with new configurable deployment rings, servicing dashboard, and cluster-aware settings

 Manage Windows in a way that works the best for your organization through the Configuration Manager agent,on-premises MDM, and the cloud when Configuration Manager is connected with Microsoft Intune

 Enhance Windows management through integrations with Windows Store for Business, Windows Hello for Business, Windows Defender Advanced Threat Protection, and more

 Get more frequent and easier to install updates directly in the management console to support new Windows,Configuration Manager, and mobile device management capabilities

 Allow users to access all their applications from a unified end user portal

Automate your datacenter tasks with Orchestrator and Service Manager Automation

You can choose to use System Center 2016 Orchestrator or Service Management Automation to automate your datacenter tasks. Service Management Automation incorporates improved experiences for authoring, testing, debugging and executing runbooks. With System Center automation technologies, you can:

Deploy services and process automatically

 Create runbooks with native PowerShell scripts and execute runbooks more predictably without heavy precompilation steps

 Utilize an Integrated Scripting Environment (ISE) plugin for authoring and testing runbooks locally

 Utilize Windows Management Framework 5.0 for authoring runbooks with PowerShell 5.0 scripts

Manage events and incidents with Service Manager

Working closely with customers through the development on System Center 2016 enables sharper focus on areas of development and investment for Service Manager. Through new improvements available today, System Center 2016 Service Manager enables greater ease of use, improved performance and increased scale. With Service Manager, you can:

Easily publish and consume IT services

 Deploy HTML5 based self-service portal with updated UX and better performance

 Use Lync 2013 and Skype for business with Service Manager

 Create rich reports and slice data based on Year, Quarter, Month, and Day using new date dimensions in Service Manager data warehouse cubes

Efficiently integrate people, processes and knowledge

 Experience up to 10x improvement in console performance when creating/updating work items, up to 2x gain in workflow processing, and up to 4x improvement in incident processing capacity

 Get Configuration Manager and Active Directory (AD) data through connectors up to 67% and 50% faster, respectively, with Entity Change Log (ECL) log disabling

 Complete incident workflows up to 50% faster

 Schedule AD group expansion workflows and get up to 75% faster performance

 Perform ECL grooming up to three times faster

Protect your datacenter with Data Protection Manager

Windows Server 2016 Hyper-V includes new features that help in reducing overall total cost of ownership of private

cloud deployments. System Center 2016 Data Protection Manager has increased support and functionality for protecting workloads and virtual machines deployed in partnership with Windows Server 2016. With Data Protection Manager (DPM), you can:

Reduce the TCO of your backup infrastructure

 Continue doing VM backup in the presence of Hyper-V node crash or VM storage migration using the new

Resilient Change Tracking (RCT) protection technology

 Maintain Hyper-V VM backup even as Windows cluster upgrade is in progress

 Backup and recover shielded VMs

 Protect VMs deployed on Storage Spaces Direct configuration

System Center 2016 and Operations Management Suite

System Center provides comprehensive management of heterogeneous infrastructure and workloads, a rich ecosystem of third party solutions to enrich the management capabilities and user experience and breadth of coverage across multi-vendor systems on-premises and in the cloud. Furthermore, System Center is often deeply integrated with other business-critical systems in users’ environments. Microsoft Operations Management Suite

(OMS) leverages the power of the cloud to provide rich analytics, elastic compute and storage, scale, operational

simplicity, reach from anywhere and any device, and a fast cadence of new services. With System Center 2016, we continue to connect the breadth and depth of System Center and the power of OMS to bring new services and enhanced experiences to customers. The following capabilities are now available:

Log Analytics: Easily attach Operations Manager to OMS and use the Log Analytics service to gain insight and troubleshoot issues faster. You can connect Operations Manager to OMS with a few clicks from the Operations Manager console and start sending data to the service. Expose SCOM alerts through a rich dashboard experience, and leverage inbuilt log search and visualization capabilities to get insights and perform troubleshooting.

Network Performance Monitor: Monitor performance parameters of networks within and across

datacenters using OMS Network Performance Monitor. Network Performance Monitor works with and

complements the network health monitoring that Operations Manager provides. With Network Performance Monitor, you can determine loss and latency characteristics between any pair of points in your network within or across your datacenter(s), including your assets in the public cloud (Azure/AWS). This information can be used by network administrators for monitoring network characteristics and SLAs, and incorporated in application performance monitoring by application or system admins.

System Center Operations Manager Assessment: Get insights into the health of your System Center Operations Manager deployment and remediation assistance to fix issues with the System Center Operations Manager Assessment solution in OMS. Once you have connected Operations Manager to OMS, you can assess your Operation Manager environment for best practices, identify issues that could potentially impact operations or cause inefficiencies, and get specific recommendations to fix these issues. The System Center Operations Manager Assessment solution continuously monitors your Operations Manager management servers, collects various parameters, applies rules, identifies potential issues and their severity, and provides recommendations to fix these issues. This service leverages crowd-sourced knowledge to help you proactively remediate issues.


Business needs and technology innovations are converging to offer unique opportunities for IT professionals to better deliver IT resources that meet business requirements. Today’s organizations are adopting hybrid cloud to extend their IT infrastructure for better flexibility and scalability. Enterprises are looking for a comprehensive infrastructure management solution that can enable these benefits, including shared resources as well as the elasticity to scale up and down on-demand to meet changing business needs—minimizing downtime and failures while maximizing cost efficiencies. With System Center 2016, you now have the capabilities you need for simplified datacenter management across your hybrid environment.

SCOM gateway server installation Step by step method

SCOM gateway server installation Step by step method-applicable for SCOM 2007,2012,2016

Hi Guys,

I am writing this post because I could not find any detailed post for SCOM gateway installation. Never mind after reading this post you will able to deploy SCOM gateway server easily.

Make sure port 5723 is by directional enabled between SCOM gateway server and SCOM management server.

You can check by login to gateway server,open the CMD and type telnet SCOM MS ip 5723 .you should able to connect.

What is SCOM gateway server?

SCOM gateway server helps to monitor non trusted domain server, DMZ server, workgroup servers. Gateway server is similar as SCOM management server but it does not communicate with database directly or indirectly.

Why we use SCOM gateway Server and how it works

SCOM gateway use for monitoring un trusted domain servers.  That’s mean if some servers not of your domain or they part of different domain, you can use SCOM gateway server to monitor those servers.

All the non-trusted SCOM agent server reporting to SCOM gateway server and gateway server compress the data and send to SCOM management server.

Installing gateway server is similar as workgroup server monitoring.

  1. You must have certificate server to generate certificate for SCOM MS server and Gateway Server. If you have enterprise CA servers that well and good. You can create 2 certificates, one for your management server and other for your gateway server. Download the root chain certificate.


For example

SCOM Management server-

SCOM Gateway server        


You have to create certificate for and


  1. Login to your SCOM management server. Import the SCOM management server certificate in certificate personal folder and root chain certificate in trusted folder.
  2. After importing the certificate you can run the MOMcert Import in SCOM management server.
  3. Now in management server open command prompt run as administrator and run the gateway approval tool. After successfully gateway approval tool,you will able to see the gateway server in scom administrative console, management server. Gateway server should be in unmonitored state. Now work is over in SCOM management server.
  4. Login to SCOM gateway server. Import the SCOM gateway server certificate and root certificate.
  5. Run the Gateway setup. Remember you have to give SCOM management group name and SCOM management server name.
  6. Now open CMD as administrator and run the MOM cert import tool.
  7. Wow it’s done. Just restart the health service in gateway server and check the status in SCOM console.

Steps in SCOM Managemnet server

  1. Import the certificate
  2. Run the momcertimport tool
  3. Run Gateway approval tool

Steps in SCOM gateway server

  1. Import the gateway certificate
  2. Run the gateway installation
  3. Run the momcertimport tool
  4. Restart the health service.

Download document










SCOM Gateway Server Frequently getting grayed out

Hi Guys,

Recently we had issue with SCOM gateway server where frequently SCOM gateway was getting grayed out.below are the below steps to troubleshoot the issue.

  1. Check the gateway server operation manager logs.As you know logs will give you complete detail and help you to troubleshoot.
  2. Check the pattern how frequently your gateway going grayed out.
  3. Check the authentication certificate and firewall port between gateway and management server.

In my case there no  network issue.I was able to telnet 5723 port from gateway server to management server.Health service was running without any issue.I opened the operation logs and found 4506 error.After validating the SCOM gateway logs looks like data is dropping due to outstanding data.They had recently installed the Mcafee anti virus on the gateway server and because of that gateway was getting grayed out frequently.



This event logs usually comes when anti virus is scanning the SCOM agent directory.

Please exclude below directory on Gateway server rom Mcafee antivirus scan to resolve the issue.

C:\Program Files\System Center Operations Manager

C:\Program Files\System Center Operations Manager 2012

Note: Directory can be differ based on the directory selection during agent installation.