SCOM 2012: Automatic Maintenance Mode during patch windows

There is always a problem with unwanted alerts in SCOM during patch windows when server reboots etc. I want to show you a concept which combines different tools for an automated solution.

This concept assumes you are using WSUS and GPO settings with configured automatic updates scoped to AD groups.

Here are the overall steps:
1. Populate SCOM Groups with members from the AD Groups used in WSUS.
2. Schedule these SCOM Groups in align with the reboot schedule of the WSUS GPO settings.

Lets begin!

 

Creating and Populating SCOM Groups based on corresponding AD Groups

First of all we need to create SCOM groups and populate them with Windows computer objects with the corresponding AD Groups used in WSUS.
Arjan Vroege has made a great Management Pack that accomplish this. It is described on his blog here http://www.vroege.biz/?p=819 or can be directly downloaded from technet
https://gallery.technet.microsoft.com/Based-on-an-article-of-e3437fad

Once you have the corresponding SCOM groups populated with Windows Computers Objects we are all set. In my enviroment I have several WSUS groups.

2016-07-04 08_40_07-Groups - Operations Manager

The Windows Computers in one of the above Groups.

2016-07-04 08_52_25-Managed Objects - Operations Manager

Scheduling Maintenance Mode

There are different examples and concepts on the web to schedule Maintenance Mode in SCOM. By Powershell Script, Orchestrator etc.
In this example I will use Tim McFaddens great tool  Maintenance Mode Scheduler http://www.scom2k7.com/scom-2012-maintenance-mode-scheduler

Look up The SCOM Group you want to schedule Maintenance Mode for. Set the time-window (Start Time and End Time) to allow the patches to be installed and the computers restarted according to your WSUS GPO settings. Do this for the rest of your groups as well.

2016-07-04 08_38_18-Group - Internet Explorer

If you have setup the Schedule correctly the servers will go into Maintenance Mode during patching and you will not have a bunch of Alerts in SCOM.

 

Building a dashboard in Squared Up

If you are a big fan of Squared Up for SCOM like I am we can build a nice dashboard to show the numbers of servers in each SCOM WSUS Group. This could be valuable for your team that does the patching.

In Squared Up, choose SQL Query Content.

In the Connection field, enter the values to your Operations Manager DB

In the Query field, enter the Query below (Remember to change the Group Names so you get all your SCOM Groups)

Change to ‘tabular’

select SourceObjectDisplayName as ‘Group Name’,
Count(TargetObjectDisplayName) as ‘Number’
from RelationshipGenericView
where isDeleted=0
AND SourceObjectDisplayName like ‘<Your SCOM WSUS group names here>’ group by SourceObjectDisplayName
ORDER BY SourceObjectDisplayName

And we get an nice view of the groups and the number of Computer Objects in each group.

2016-07-04 10_40_49-Patchinfo - Squared Up - Internet Explorer

Advertisements

4 thoughts on “SCOM 2012: Automatic Maintenance Mode during patch windows”

  1. Hello…love this post!!! However this only covers maintenance mode on standard windows computer objects. Could you add or explain how we could adapt this to cover putting a windows cluster into maintenance mode as well as a cluster SQL DB into maintenance mode. In particular the objects required to achieve the cluster and Clustered SQL DB being put into maintenance mode,

    Like

    1. Hi

      Glad you enjoyed the post. This post only covers Windows objects that are used in WSUS and haven’t planned on covering other objects.

      If you have Maintenance Mode Scheduler (MM Scheduler), the best way to achieve what you want is to get those DB objects/clusters in a Group (there are plenty of other post that covers this) Then you can use MM Scheduler to put the Group in Maintenance Mode.

      Like

  2. We are having some issues getting the SCOM group to populate. We see the script showing the computer names in the event logs but they are not in the SCOM group. Is there something I am missing? feeling like a noob on this one.

    Like

    1. Hi

      The Script (if its the default that Arjan wrote) writes an event id 101 when it finds a computer object in AD. So it doesn’t write an event to show if the Discovery populated the Group in SCOM. If the Discovery doesn’t populate you should have error or warnings in the Operations Manager log on the Management Server that runs the workflow (script).

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s