SCOM Advanced Authoring : Powershell Discovery from CSV file – Explained using “TCP Port Monitoring” Scenario

SCOM is exceptional tool which allows IT Administrators to customize the monitoring scenario to any extent. To have a customized monitoring solution, one must understand the authoring capabilities in SCOM, so that the solution can be easily implemented, highly optimized and has less overhead on SCOM Management servers and agents. In this post we will discuss about Powershell Discovery from a centrally located configuration file (CSV format) with an example scenario involving TCP Port monitoring. We will also discuss the impact of this method on end users, IT/SCOM Administrators.

Basics – Classes, Objects, Targets and Discoveries:

An object is the basic unit of management in Operations Manager. An object typically represents something in your computing environment, such as a computer, a logical disk, or a database. A class represents a kind of object, and every object in Operations Manager is considered an instance of a particular class. A target in the Operations console represents all instances of a particular class. A discovery is a special kind of rule to populate the class with instances.


Consider a scenario where you have a datacenter with 1000+ Windows and Unix Servers. We as SCOM Administrators are requested to configure monitoring for various TCP ports from different watcher nodes across various servers in datacenter. This can be accomplished using TCP Port Template in Authoring Pane of console. But the drawbacks of using this template are: Each port for each server needs to be configured manually. Each entry creates bunch of classes, groups, overrides and number of workflows increase which will impact SCOM performance. There is no central configuration/information on what is being monitored and the monitoring criteria. Future changes needs to be manually configured in console. If a watcher node is decommissioned, each port monitored by the watcher node need to be moved to other watcher node manually. Each time application team has a new request to add/delete or modify, SCOM administrator need to make changes. In real environment, this includes Change requests, approvals etc which can consume considerable time.

Effective Solution:

To overcome the issues, it would be better to have a configuration in a central location and pull the information to SCOM at regular intervals. This way, once the initial configuration is setup, The application team can maintain the list and can follow their own approval process to add/modify/delete. The list can be mass updated. The addition/modification/deletion is automatically sync’ed with SCOM at regular intervals. No new workflows are added to SCOM for every addition and hence the impact on SCOM performance is minimal. Thus with handful of monitors and rules 1000s of objects can be monitored. The information is available centrally. The monitoring solution is self supported and cost effective in terms of support hours. Below is step by step process with xml fragments included. The entire MP XML file is attached to the blog which you can download and test it in your lab.

Step 1: 

Create a New Management Pack “GKLab.TCP.Port.Monitoring

Step 2:

Add “” as reference. Here is XML fragment for Step 1 and Step 2

<?xml version="1.0" encoding="utf-8"?><ManagementPack ContentReadable="true" SchemaVersion="2.0" OriginalSchemaVersion="1.0" xmlns:xsd="" xmlns:xsl="">
      <Reference Alias="SystemCenter">
      <Reference Alias="Windows">
      <Reference Alias="MicrosoftSystemCenterSyntheticTransactionsLibrary">
      <Reference Alias="Performance">
      <Reference Alias="System">
      <Reference Alias="SC">
      <Reference Alias="Health">

Step 3:

Create a custom class “GKLab.TCP.Port.Monitoring.Class” to store TCP Port monitoring configuration. The base class is “Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckPerspective”

        <ClassType ID="GKLab.TCP.Port.Monitoring.Class" Accessibility="Internal" Abstract="false" Base="MicrosoftSystemCenterSyntheticTransactionsLibrary!Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckPerspective" Hosted="true" Singleton="false" Extension="false">
          <Property ID="ServerName" Type="string" AutoIncrement="false" Key="true" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" />
          <Property ID="Port" Type="int" AutoIncrement="false" Key="true" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" />
          <Property ID="NoOfRetries" Type="int" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" />
          <Property ID="TimeWindowInSeconds" Type="int" AutoIncrement="false" Key="false" CaseSensitive="false" MaxLength="256" MinLength="0" Required="false" Scale="0" />

Step 4:

Now we need to create discovery data source. Before that we will discuss the CSV file format we will be using to store the configuration data. We will name it as “TCPPortMonitoringList.csv“. The CSV has ServerName, PortNumber, WatcherNode, IntervalSeconds, NoOfRetries and TimeWindowInSeconds as header. ServerName – Monitored Server Name (NetBIOS or FQDN) PortNumber – Port Number to be monitored in monitored server. WatcherNode – Computer/SCOM Agent that needs to monitor the port in monitored server. IntervalSeconds – Monitoring Interval in seconds. NoOfRetries – Number of times the monitor should fail before the alert is generated. This will reduce the alerts generated due to network latency. (Minimum value – 2) TimeWindowInSeconds – Total time interval within which the monitor has to fail to generate an alert. (Minimum value = IntervalSeconds)

Step 5:

Since we will use Powershell Script discovery, create a custom data source with a System.SimpleScheduler module and a Microsoft.Windows.PowerShellDiscoveryProbe probe module. Since we have a centralized configuration CSV file, we can run the discovery from any one management server and populate the objects. In SCOM 2012, we will target the discovery against All Management Server Resource Pool, so that anyone MS will pick up the workflow. The discovery is thus highly available. The CSV file path should be shared so that it can be accessed from any MS. Below is XML fragment for Custom Discovery module with embedded Powershell script.

      <DataSourceModuleType ID="GKLab.TCP.Port.Monitoring.Discovery.DataSource" Accessibility="Internal" Batching="false">
          <xsd:element minOccurs="1" name="IntervalSeconds" type="xsd:integer" xmlns:xsd="" />
          <xsd:element minOccurs="1" name="SyncTime" type="xsd:string" xmlns:xsd="" />
          <xsd:element minOccurs="1" name="filePath" type="xsd:string" xmlns:xsd="" />
          <OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int" />
          <OverrideableParameter ID="FilePath" Selector="$Config/filePath$" ParameterType="string" />
        <ModuleImplementation Isolation="Any">
              <DataSource ID="DS" TypeID="System!System.SimpleScheduler">
              <ProbeAction ID="Probe" TypeID="Windows!Microsoft.Windows.PowerShellDiscoveryProbe">
[string] $sourceId,
[string] $managedEntityId,
[string] $filePath  )
#Initialize SCOM API 
$api = new-object -comObject 'MOM.ScriptAPI'
$discoveryData = $api.CreateDiscoveryData(0, $SourceId, $ManagedEntityId) 
write-eventlog -logname "Operations Manager" -Source "Health Service Script" -EventID 999 -Message "TCP Port Monitoring: looking for CSV file" -EntryType Information
# $filePath variable contains UNC path of CSV Config file
if (test-path $filePath) {
    write-eventlog -logname "Operations Manager" -Source "Health Service Script" -EventID 999 -Message "TCP Port Monitoring: Accessing CSV file" -EntryType Information
       $contents = Import-Csv $filePath
       $Path = (Get-ItemProperty "HKLM:SOFTWARE\Microsoft\System Center Operations Manager\12\Setup\Powershell\V2").InstallDirectory
    $Path1 = $Path + "OperationsManager\OperationsManager.psm1"
    if (Test-Path $Path1)
        Import-Module $Path1
        Import-Module OperationsManager
        #Retrieve all windows computers which can be used as watcher nodes
           $allServers = Get-SCClass | where { $_.Name -eq ("Microsoft.Windows.Computer")} | get-scommonitoringobject
    write-eventlog -logname "Operations Manager" -Source "Health Service Script" -EventID 999 -Message "TCP Port Monitoring: $_" -EntryType Information
    #Read line by line from configuration file and create instance of TCP Port Monitoring Class
    $contents | ForEach-Object{
        $ServerName = $_.ServerName
        $PortNumber = $_.PortNumber
        $WatcherNode = $_.WatcherNode
        $NoOfRetries = $_.NoOfRetries
        $TimeWindowInSeconds = $_.TimeWindowInSeconds
        $Config = "$ServerName"+":"+"$PortNumber" # Will be used as display name
        write-eventlog -logname "Operations Manager" -Source "Health Service Script" -EventID 555 -Message "Checking servers" -EntryType Information
        $allServers | ForEach-Object{
            #Create instance only if the watcher node is managed by SCOM as the instance will hosted by the watcher node.
            #The hosting object is windows computer whose display name is equal to watcher node value from CSV
            #If there is no matching windows computer managed by SCOM, then the instance cannot be hosted. Hence the instance is not discovered.
                write-eventlog -logname "Operations Manager" -Source "Health Service Script" -EventID 555 -Message "Creating Instance for $Config" -EntryType Information
                $instance = $discoveryData.CreateClassInstance("$MPElement[Name='GKLab.TCP.Port.Monitoring.Class']$")
                $instance.AddProperty("$MPElement[Name='GKLab.TCP.Port.Monitoring.Class']/ServerName$", $ServerName)
                $instance.AddProperty("$MPElement[Name='GKLab.TCP.Port.Monitoring.Class']/Port$", $PortNumber)
                $instance.AddProperty("$MPElement[Name='GKLab.TCP.Port.Monitoring.Class']/NoOfRetries$", $NoOfRetries)
                $instance.AddProperty("$MPElement[Name='GKLab.TCP.Port.Monitoring.Class']/TimeWindowInSeconds$", $TimeWindowInSeconds)
                #The hosting object is windows computer whose display name is equal to watcher node value from CSV
                $instance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $_.DisplayName)
                $instance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $Config)
Remove-variable api
Remove-variable discoveryData
              <Node ID="Probe">
                <Node ID="DS" />

Step 6:

Now that we have created discovery data source, we will create a discovery GKLab.TCP.Port.Monitoring.Discovery.
Below is the discovery xml fragment. The UNC Path is mentioned in filePath.

      <Discovery ID="GKLab.TCP.Port.Monitoring.Discovery" Enabled="false" Target="SC!Microsoft.SystemCenter.AllManagementServersPool" ConfirmDelivery="true" Remotable="true" Priority="Normal">
          <DiscoveryClass TypeID="GKLab.TCP.Port.Monitoring.Class" />
        <DataSource ID="DS" TypeID="GKLab.TCP.Port.Monitoring.Discovery.DataSource">

Step 7:

Add Language Packs and close the ManagementPack tag.

    <LanguagePack ID="ENU" IsDefault="true">
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring">
          <Name>GKLab TCP Port Monitoring</Name>
          <Description>This Management pack monitors the list of ports discovered from config file.</Description>
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Class">
          <Name>GKLab TCP Port Monitoring Class</Name>
          <Description>Class Contains Instances of TCP Ports that needs to be monitored from specific watcher nodes</Description>
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Class" SubElementID="NoOfRetries">
          <Name>No Of Retries</Name>
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Class" SubElementID="Port">
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Class" SubElementID="ServerName">
          <Name>Server Name</Name>
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Class" SubElementID="TimeWindowInSeconds">
          <Name>Time Window In Seconds</Name>
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Discovery">
          <Name>GKLab TCP Port Monitoring Discovery</Name>
          <Description>Discovers TCP Port Monitoring Configs from given CSV file.</Description>
        <DisplayString ElementID="GKLab.TCP.Port.Monitoring.Discovery.DataSource">
          <Name>GKLab TCP Port Monitoring Discovery Data Source</Name>
          <Description>Data Source used by TCP Port Monitoring Discovery Rule</Description>

Step 8:

Now import the management pack in SCOM and check if the configuration from CSV are discovered.  Go to Discovered Inventory in SCOM Console and change target to “GKLab TCP Port Monitoring Class” to view the discovered items.

Step 9:

Now you can develop custom monitors and rules targeting this class. Thus, the entire configuration can be maintained in a CSV file located in a shared location. For any new or modification in requirement, the CSV file can be updated accordingly. There is no changes required in SCOM side unless any additional headers are added and need to be absorbed in SCOM. You can download the sample Management Pack here.

Follow-up Post on Creating TCP Port Monitoring –

Happy SCOMing!!!

One thought on “SCOM Advanced Authoring : Powershell Discovery from CSV file – Explained using “TCP Port Monitoring” Scenario

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.