Alert on Dropped Power Shell Scripts

Microsoft.SystemCenter.PowerShellModule.AlertOnDroppedResponses (Rule)

Alerts on dropped Power Shell scripts.

Knowledge Base article:

Summary

The System Center Management Health Service could not run a PowerShell script as part of a rule or monitor due to over utilization.

This may affect some monitoring or discovery.

Causes

This can be caused by:

Too many PowerShell scripts being run by the System Center Management Health Service.
PowerShell scripts are taking too long to execute.
PowerShell scripts are running too frequently.
The computer does not have enough resources (for example; memory) to run the PowerShell script.

Resolutions

The alert description and context has information indicating which rule or monitor failed. However, there may be other rules or monitors failing as well. The following link will display all events indicating a failure to run the executable:

View PowerShell Events

After reviewing the error in the context, consider reducing the frequency of the PowerShell script.

Ensure that the computer is not over utilized.

Check Task Manager to see if there is enough free memory.
Check Task Manager to see if there are any processes consuming all the CPU.

This can also be caused when too many PowerShell scripts are being scheduled. This could be the result of an event storm or a misconfigured timer. In both cases the rule configuration will have to be examined to determine why the PowerShell script is running too often and usually will need to be backed down somehow (increasing the interval).

Element properties:

Target

Microsoft.SystemCenter.HealthService

Category

Alert

Enabled

True

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

Power Shell script was dropped

{0}

Event Log

Operations Manager

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.EventProvider	Default
Consolidator	ConditionDetection	System.ConsolidatorCondition	Default
GenerateAlert	WriteAction	System.Health.GenerateAlert	Default

Source Code:

<Rule ID="Microsoft.SystemCenter.PowerShellModule.AlertOnDroppedResponses" Enabled="true" Target="SCLibrary!Microsoft.SystemCenter.HealthService" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>Alert</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Operations Manager</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Health Service Modules</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Params/Param[1]</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">$Target/ManagementGroup/Name$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">22411</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <ConditionDetection ID="Consolidator" TypeID="System!System.ConsolidatorCondition">

    <Consolidator>

      <ConsolidationProperties>

        <PropertyXPathQuery>Params/Param[1]</PropertyXPathQuery>

      </ConsolidationProperties>

      <TimeControl>

        <WithinTimeSchedule>

          <Interval>300</Interval>

        </WithinTimeSchedule>

      </TimeControl>

      <CountingCondition>

        <Count>10</Count>

        <CountMode>OnNewItemTestOutputRestart_OnTimerSlideByOne</CountMode>

      </CountingCondition>

    </Consolidator>

  </ConditionDetection>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertName/>

      <AlertMessageId>$MPElement[Name="Microsoft.SystemCenter.PowerShellModule.AlertOnDroppedResponses.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/Context/DataItem/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue>$Data/Context/DataItem/Params/Param[2]$</SuppressionValue>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>