Test fire any event on any server from any application


Golden Oldies - always popular (tools vs music)


Old Holman blog that's still relevant, even more powerful than EventLog Explorer


Basically anyone who wants to test fire events off a SCOM MP should use this tool.

Event Create, write-eventlog all have limitations (certain event sources that can be used to create events, or event ID number limitations)



First, download the 2007 R2 Admin ResKit here

MomTeam blog reference


Double click the downloaded MSI


I prefer to move extracted files under my SCOM tools/Management pack directory structure under MonAdmin (Monitoring Admin)

Copy extracted files to gold depot




Move to gold depot - SCOM \ tools \ <toolname here>



Go into the MPEventAnalyzer directory

Run the exe


MP Event Analyzer

Click on Investigate Event Sources Tab (bottom middle)

Don't forget you can use the search bar (where I typed apm)


For my example, double click on APM Agent



Search Events on right hand pane


Check checkbox to select the 1319 APM event for configuration error (right hand pane)

Click the 'Add selected events to execution list'

Once event verified in bottom box, click the green box to fire selected event(s)




Verify event in Event Viewer



Validate Management Pack

Stay tuned... this did not complete the validation process.

Comments (4)
  1. thomas1112 says:

    hi guys 🙂

    has anyone tried with “security-auditing” log? when i choose it from the list i get a prompt “cannot retrieve event information for provider microsoft-windows-security-auditing. reason: acces is denied” ? any ideas?

    1. kjustin1996 says:

      Hello Thomas,
      Are you running MP Analyzer, or EventLog Explorer?
      Are you running this as administrator?

      If MP Analyzer, what pack are you loading?
      I don’t see Microsoft-Windows-Security-Auditing on a 2016 server with EventLog Explorer, can you explain further?

      1. Anonymous says:
        (The content was deleted per user request)
      2. thomas1112 says:

        im using MP Event Analyzer, im choosing “investigate event sources” then from the list trying to open “Security-Auditing”

        (im running the app as admin)

Comments are closed.

Skip to main content