How to Monitor Vcenter alarm using Monitoring agent tool such as SCOM opmanager

There are many ways  to monitor v center alarm. here I would like to share how to monitor v center alarm that installed on windows OS with monitoring tools such as SCOM.

components:

1) microsoft eventcreate.exe tool

2) monitoring tool agents

steps:

1)  create the pre list with the custom event ID and description as below.
create alert at cluster , hosts and VM level as well data store level and   where ever it's needed

example list:

Host level:
101.  Vcenter Alerting Host Connection failure for ESXI Server
102.  Vcenter Alerting Host battery status
103.  Vcenter Alerting Host Baseboard Management Controller status
104.  Vcenter  Alerting Cannot connect to storage status
105.  Vcenter  Alerting Host cpu usage
106. Vcenter  Alerting Host hardware fan status
107. Vcenter  Alerting Host hardware power status
108. Vcenter Alerting for Host hardware system board status
109. Vcenter Alerting for Host hardware temperature status
110. Vcenter Alerting for Host memory status
111. Vcenter Alerting for Host processor status
112. Vcenter Alerting for Network connectivity lost
113. Vcenter Alerting for Network uplink redundancy degraded
114. Vcenter Alerting for Network uplink redundancy lost
115.  Vcenter Alerting for Storage Path Alert
116. Vcenter Alerting for Host memory usage


2) In the alarm configuration , instead of using "send a notification trap" option,  you have to use " Run a command"  option in actions tab and it will execute the eventcreate.exe file to generate custom event ID in windows event viewer logs under application. 

please add this line in configuration tab   C:\Windows\System32\eventcreate.exe /t warning /id 101 /d "Host connection failure for host123, please check ESXI server on datacenter 1 cluster 1"

info about eventcreate.exe settings  http://technet.microsoft.com/en-us/library/bb490899.aspx 

so this will generate event id 101 in event viewer application logs with the description "Host connection failure for host123, please check ESXI server on datacenter 1 cluster"  as below


 



As you know, all the operation manager tool has option to monitor each and every windows event ID in it's configuration.  just install agent and configure op manger to monitor these custom event ID's. thats all


example from scom alert for data store usage

VMWARE Unable to connect to the MKS:

after I did patching for ESX, I found that I could not able to open the console of VM guest in vcenter which i have accessed from another server vsphere client . it shows "Unable to connect to the MKS:"

when i try to do it from the vcenter server vsphere cleint it was successful




up on checking the esx firewall settings port 902 was opened and configured and i could able to open the vmconsole from vcenter server  and there is no issue.

moreover i have asked network team whether this port is blocked by firewall? the answer is YES. i have raised the request ticket  to open this port in firewall and the issue was solved

CISCO UCS balde / fabric / path down; reason waiting for flogi ALERT

Today I have patched my esxi server which is installed in UCS blade server and rebooted. after I reboot, I found in UCS Manager that there is two alarm was triggered as below but it supposed to be cleared automatically

Solution:

solution 1: once again I rebooted but this time the same alert triggered on fabric B. then I just found  the quick solution is need to just shutdown the server for 1 or 2 mins and power it on again. now there is no more error in the ucs manager, all alert was cleared automatically it self.

Easiest Solution:

check which server HBA having this issue and reset connectivity for that HBA. So that It will be soaked again and will get resolved

Cisco reason for the cause:

This is know issue in UCS. Bug no is CSCtn89396 and upgrade the UCS to latest Cisco suggested version

Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue

Issue:

Recently, I have received security scan report from my company security team. in that report the have stated one of my windows server has Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue


Issue as below:

Windows Unquoted/Trusted Service Paths Privilege Escalation Security Issue
QID: 105484 CVSS Base: 6.8 [1]
Category: Security Policy CVSS Temporal: 6.4
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Service Modified: 04/04/2013
User Modified: -
Edited: No
PCI Vuln: Yes
THREAT:
There exists a security issue with Windows when handling the paths of services running on the system. When the service path is a long name and
contains a space and not quoted, the file name becomes ambiguous.
For example, consider the string "c:\program files\sub dir\program name". This string can be interpreted in a number of ways. The system tries to
interpret the possibilities in the following order:
c:\program.exe files\sub dir\program name
c:\program files\sub.exe dir\program name
c:\program files\sub dir\program.exe name
If an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM.
IMPACT:
Successfully exploiting this security issue might allow a remote attacker to gain escalated privileges
SOLUTION:
There are no-vendor supplied patches available at this time.

Workaround:
Properly enclose all the service paths with quotes if they have spaces in them.
RESULTS:
Service Name Image Path
C:\Program Files (x86)\Skype\Updater\Updater.exe


Solution:

I have run below command on command prompt and it has listed out issue vulnerabilities

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """

wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
Then I found that one of my server service was not quoted in registry path. I quoted and the issue was solved

example path:
 before:

BINARY_PATH_NAME :  C:\Program Files (x86)\Skype\Updater\Updater.exe”

after

make changes in registry

BINARY_PATH_NAME : “C:\Program Files (x86)\Skype\Updater\Updater.exe”