Friday, August 3, 2012

Microsoft System Center Operation Manager 2012 - Alert subscription doesn't work with custom parameter

I recently worked on SCOM 2012 case which was very intresting to work upon, after initial basic troubleshooting, collaborated with Microsoft and worked together, so I thought good to share here if anyone face this issue.

Issue-
Alert subscription doesn't work if select "with specific text in description" and specifying any parameter like - %test%.


OS - Microsoft Windows 2008 R2
Application - Microsoft SCOM 2012 (System Center Operation Manager)

But able to receive email if removing filter.

Information:-

By Design, if configure the criteria with the first word mentioned in the “Alert Description” the subscription works. If select any other word mentioned in the alert details, the subscription doesn’t work. So it meants, if the alert description field is not generated by custom fields it will work as expected. If the Alert description has any information which is generated by custom fields it will not work.

Here in the above example, in the Alert Description section, have certain details. And “Source”, “Path”, “Alert Rule” they are in different section. This is the default configuration. If don’t have anything with the targeted keyword in the “Alert Description” section the subscription will fail. If have the targeted keyword in any place other than “Alert Description” section and in “Subscription Criteria”  selected “With Specific text in description” the alert will never send a notification. So will have to edit the Alert properties to add some Alert Description with the desired keyword.
Cause: 

This is found to be the design of the product and is a BUG. This is only reproducible when the Criteria "With specific text in description" is set to a variable in the description. Any static text in the description will work as expected.    

For example, if create a rule that is triggered for Event ID 644, and assign the Alert description as "Event ID for NotificationRule: $Data/EventID$".   When the alert shows up, can see alert description as - "Event ID for NotificationRule: 644"     Under this condition: If criteria for description text is "%NotificationRule%" for example, the notification will be sent. If criteria for description text is "%644%" the notification will not be sent, because the 644 is a variable.
- When create a Notification Subscription with the option selected as - "With specific text in description", the following is being logged as a criteria in the Notification Internal Library:  -----------------------------------------------------  <Expression>                        <SimpleExpression>                          <ValueExpression>                            <Property>AlertDescription</Property>                          </ValueExpression>                          <Operator>Equal</Operator>                          <ValueExpression>                            <Value>Pradeep</Value>                          </ValueExpression>                        </SimpleExpression>                      </Expression>                    </And>  ----------------------------------------------------- 

Whereas if used any variable in the alert description (while creating the Rule or Monitor), the Alert description will look like:
"The threshold for the Memory \ % Used Memory counter on computer {0} has been exceeded. The value that exceeded the threshold is: {1} "  -- [Example for Memory threshold]    Inside the DB all these information’s will go to the 'Dbo.Alert' table, the static content will go to 'AlertDescription' column. Where-as the variable output will go to 'AlertParams' column in the dbo.alert  table. This is where it fails for sending the notification, as the query looks at 'AlertDescription' column but the entry itself is in different column ('AlertParams'). 

Resolution: 

So far no solution to this (it is a bug) but the following workaround. 
After creating the notification, can manually modify the Notification MP XML to search at the required location and reimport this MP. However, with every change in the notification (in console) then need have to modify the MP manually again. Export the MP>Modify the expression to reflect the 'AlertParams' column>save the changes>Import the MP into configuration.   Or not to use dynamic contents/variables for alert description generation. 

No comments: