OpsMgr 2012: Discovering a network device

In OpsMgr 2012 we have enhanced the capabilities around network monitoring.  In this article I will demonstrate how to discover and monitor a network device.

This is also covered in great detail at:  http://technet.microsoft.com/en-us/library/hh205982.aspx


Launch the discovery wizard and select Network Devices:




Give a name for your discovery cycle, select the management server that you want to handle the network device discovery, then choose a resource pool.  If you want only specific management servers or gateways, you can create a custom resource pool as I have done below, named “Network Monitoring Resource Pool”




Next up choose explicit discovery, or recursive.  Since I am targeting a specific device, I will choose explicit.  If you didn’t know all your managed network devices and wanted to discover them by reading the ARP cache of each discovered device, you can choose recursive.


Create a RunAs account.  In this case – the RunAs account for network devices is simply the SNMP Community string.  You can create as many as you need.  I am just using the default which is “public” so I will create that.






Next up I click “Add” and type in the IP address of my router, leaving the rest at default settings.





Next I need to pick a schedule, if I want this discovery to run on a regular basis, and pick up and discover/monitor newly added network devices.  For this example – I will choose to run manually.


Create the discovery, and you will see the following popup:



Choose YES to continue – this will automatically distribute the community string based RunAs account to any management servers in your resource pool, and to the management server you chose to execute the discovery.


In the admin console – you can see your newly created discovery rule:




You can follow the discovery process in the event log of the Management Server where you assigned discovery to run:



After a few minutes if discovery was a success – you will see your network device show up in the Admin console, under Network devices.  Take note of the Certification value – if it states CERTIFIED it means the devices was recognized by the OpsMgr network equipment database and we will apply specific monitoring for that device.




Back in the monitoring pane – select Network Devices – and you will see we have discovered your device.  In this case – I have a Cisco 1605 branch office access router:




Open Health Explorer for the device and you can see the out of the box monitoring provided for this specific discovered device:




For my device – we monitor ICMP and SNMP availability (as long as one of those is available we consider the device “up”)

Free memory, and memory pool fragmentation, and additionally CPU utilization monitoring.


We will also begin collecting performance data in the warehouse for each device, similar to the statistics that we monitor out of the box, such as memory, CPU, power supply, temperature and voltage sensors, and fans.





Taking use of the new Dashboards in OpsMgr 2012 – there is a network node dashboard that will give us a lot of cool “at a glance information” about this Network device:




Comments (33)

  1. Kevin Holman says:

    @Bubslg –

    Yes there are – SP1 added many new devices but I am not sure if we published these in a list.

    Have you attempted to discover them?

    We can "support" any SNMP device – we just might not have extended monitoring for it out of the box.

  2. Kelly_Bee says:

    Same question as @Brett …  How can we supress alerts behind a monitored network device if that device is down.  I clearly remember being told at an MMS presentation for SCOM 2012 network monitoring that this would be possible.

  3. Matt Br says:

    @Brett is there any update on your issue?  I can't believe more people aren't having the issue with loss of network connectivity to a remote site causing false SCOM alerts.

  4. Anonymous says:

    Kevin, are there plans for adding support for more devices?  I have a number of Cisco MDS switches but only 1 of the 3 models I use are supported so far.

  5. Anonymous says:

    @Carl – You can force the network device to use the MIB 2 system name, even if the name does not appear in DNS (or the IP address resolves to something else you do not want to use. I have blogegd the instructions here blogs.inframon.com/…/How-to-use-the-MIB2-System-Name-for-a-device-in-SCOM-2012.aspx

    Sorry the response is around a year late – but hopefully this will help some other people as they search


  6. Hollisorama says:

    When I created my initial network discovery I got one instance of each node. Now this morning, I am seeing a second instance of a few nodes. All the information about the node is the same except the System Name/Device Key fields which corresponds to a
    MAC address on the device. When the device was initially discovered, the System Name/Device Key was the MAC corresponding to the IP for the VLAN interface I used in the discovery. The new instance of the device has a MAC corresponding to the Bridge ID address.
    I’m not sure which one to delete or how to handle the duplication otherwise.

  7. Hollisorama says:

    When Installing OpsMgr 2012 R2 on Server 2012 R2, firewall rules necessary for network monitoring are created but left disabled. I enabled them and the discovery worked successfully. The firewall rule names are Operations Manager SNMP Response, Operations
    Manager SNMP Trap Listener & Operations Manager Ping Response

  8. Kevin Holman says:

    You need to run the tasks to enable port monitoring.

  9. carl says:

    Great job on this functionality but still disappointed that the NW Device is referenced by IP and not sysName ("MIB 2 System Name").  I know you can add that column to the state views but performance views will be less inviting since you can't add the column there.  Dashboards would benefit from sysName too.  Do alert descriptions contain the sysName in addition to the ip address?  If not, assuming sealed MP's, that's going to create some unfortunate work for some of us whose users want alerts with host/system names and not IP's.  I do love the look though.

  10. Discover Linux device says:

    Can you do a blog post on discovering a Linux/Unix server?

  11. michel kamp says:

    Hi Kevin,

    maybe something to mention: Disable (or change) the firewall settings of the management server(s) where you are kicking off the network discovery. I noticed that the discovery process will not give you any error/warning event on this. It will simply tell you no devices are discovered…


  12. Have you messed with any of the interface overrides for the network devices yet? By default they are all disabled. I have been trying to figure out how to turn on interface monitoring, however I have yet to find discoveries for this. The monitors are there, which makes me interested to see how much QA the dev team performed to support more SNMP GUID Monitors in this version.

    As aways, great posts. don't know what I would do without some of them.

  13. Vishnu Nath says:

    @Carl, the naming algorithm actually uses several branches, it attempts DNS resolution on the following items in the order listed, the first one to succeed wins 1) Loopback IP 2) sysName 3) Public IP 4) Private IP 5)SNMP Agent IP

    @Michel We have added diagnostic and recoveries around firewall not being configured in RC/RTM

    @Jason By default the only interfaces with monitoring enabled are those that make up connections between network devices or network devices and servers you are monitoring.  If you wish to enable monitoring on another interface simply add it to the "Critical Network Adapters Group"


    -Vishnu Nath

    Program Manager – Operations Manager

  14. Alok Sinha says:

    Hi All, Is there any power shell script avialable for discovering Network devices in SCOM 2012

  15. brett says:

    Has anyone tried supressing alerts to the computer/agents when the network link goes down?  I have remote offices which often lose connectivity and when doing so i get numerous alerts about AD, DNS, etc relating to the servers at the site.  I thought the new scom 2012 was suppossed to help with oliviating this.  If someone has any experience or guidance with this that would be great as this is what we have been waiting for.



  16. vijayh says:


    If ping is blocked at the network device end, will SCOM be able to discover the device?

  17. Yasar Yigitsoy says:

    Hi All, Kevin,

    I’m running scom2012SP1 on a Windows2012 server and I can’t get any network devices working with SNMP.

    The message which I get is “No response SNMP” but I am sure that the ip/community string is correct. In scom2007R2 on win2k8 is working fine. Of course I added the ip adress of the scom server in the network devices, but it is still not working! Even when I disabled the windows Firewall.(I thought maybe I made the wrong exclusion) The SNMP feature are also installed and the SNMP trap service is disabled.

    Hope you can help me!

  18. muhammad says:

    "No Response SNMP" message while discovering a cisco switch with SNMPv3 enabled.


    Some of the same model/OS switches with the same configuration were discovered but others sowing the above message. No configuration difference at all.

    Any suggestions ?

  19. Anonymous says:

    Pingback from SCOM QUICK Install | config.re

  20. js says:

    I thought ICMP & SNMP access method required both to successful else it will fail? Above you state ‘as long as one of those is available we consider the device up’

  21. Hollisorama says:

    I opened a Microsoft case and got a fix for the duplicate device issue. It is a private fix so I suggest opening another ticket and requesting the fix. The issue is resolved with an updated version of he "ic.iftable.asl" file

  22. Anonymous says:

    There are several really good blogs out there which document some of the struggles and workarounds with

  23. Robinson Asirvatham says:

    Hi Kevin,
    I always follow your article and I love it . I just have one question on Reporting on Networking devices .

    I am trying to generate a report for "Interface Traffic Volume " and the report is blank . Does it require the Rules to be enabled by override?

  24. Mark Derouen says:

    Has anyone solved the issue Bret was asking about?

  25. Sam John says:

    I have a Cisco 2960 switch, but it is not monitoring the power supply or fans. How do I enable monitoring for these components?

  26. robber1974 says:

    @Muhammad: AES256 isn’t supported by SCOM. Switch to AES128 and it will work. Or just basic troubleshooting ofcourse.

    Is the fix Hollisorama is talking about already in some SCOM UR update (running scom r2 ur7 now, but we still have this issue).

  27. vincent says:

    Hi Everyone,

    I have a problem with network discovery. I previously discovered a Cisco device that is certified by SCOM, but for now, its not discovering as certified. Have any of you encountered this issue?

    Please help and advise

  28. Steve says:

    Great stuff! Now the tough part, I need to create a class/group of network interfaces on like network devices for monitoring. I followed the directions at http://blogs.catapultsystems.com/cfuller/archive/2013/06/20/how-to-add-monitoring-for-a-port-or-interface-on-a-network-device-in-operations-manager-2012-scom-sysctr/ but that isn’t dynamic enough for me. any help would be much appreciated.

  29. Nabil Laamrani says:

    Hi Kevin,

    I have SCOM2012R2 and i want to catch alerts from vRops 6.2 .
    I can’t discover the vROPS .There is not firewall between the vROPS and the SCOM.
    Also ,i can see the snmp trap from the vROPS on the SCOM server with wireshark ,but i can’t discover it.
    Need help please.

    Best regards

  30. TedH says:

    Is there a way to discover a windows computer that is running an application that generates SNMP traps. Discovering the windows computer fails because it is a windows computer even if SNMP is responding correctly. In our case the application generates SNMP traps only and SCOM will only accept the trap if it comes from a previously discovered device.

    Would it work to have the discovery work against a device using the same IP as the server will get after the discovery? This way I could discover the bogus device at the IP and then replace the real server at the same IP.

    Any other ideas?