MOM 2005: How to Create a Repeat Alert

In MOM 2005 you may have found that it is easy to set up a notification when a service goes down and comes back up, but what if you wanted to get an alert every so often while the service was down until it came back up?

This is something that is much easier to do in SCOM 2007, but if you haven’t upgraded to this version yet, you can still make it work with a little bit of effort.

The following gives an example of how you can:

  • Check to see if the Print Spooler service is running every 15 minutes
  • Create an internal MOM Event ID 12345, if it is not running
  • Create an email notification every 15 minutes if it is not running

Create the Script

The first thing you will need to do is go into the Scripts section of the Administration Console and create a new Script. Give it a descriptive name, leave the Language field as the default (VBScript) and paste the following code into the source code area:

'miory 11/19/2007
'Creates MOM Event 12345 if the Print Spooler (Spooler) service is not running
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colRunningServices = objWMIService.ExecQuery _
("Select * from Win32_Service where Name='Spooler'")
For Each objService in colRunningServices
If objService.State <> "Running" Then
CreateError "Print Spooler not Running"
End If
Next
Function CreateError(ByVal sMessage)
On Error Resume Next
Dim oScriptErrorEvent
Set oScriptErrorEvent = ScriptContext.CreateEvent()
With oScriptErrorEvent
.EventNumber = 12345
.EventType = EVENT_TYPE_ERROR
.Message = sMessage
.SetEventParameter """PRINT SPOOLER SERVICE"""
.SetEventParameter sMessage
End With
ScriptContext.Submit oScriptErrorEvent
ScriptContext.Echo "ThrowScriptError('" & sMessage & "')"
End Function
‘End Script

You do not need to specify any parameters for the script, so you can just click Finish.

Create the Rules and Alerts

Create a new rule group.

In that new rule group, create the following rules:

  1. A Timed Event Rule using the provider name: Schedule every 15 minutes synchronize at 00:00. After the rule is created go to the Responses tab and click Add > Launch a script and then choose the script you created earlier.
  2. An Event Rule using the provider name: Script-Generated data. Set the Criteria to with event ID and type 12345. On the Alert tab check the Generate Alert checkbox.
  3. Create an Alert Rule and under Criteria select of Severity and then select Critical Error. Next select only match alerts generated by rules in the following group and choose the new rule group that you created earlier. On the Responses tab click Add > Send a notification to a Notification Group. Choose the appropriate group and put a checkmark in Run this response before duplicate alert suppression.

To complete the changes, just right-click on Management Packs and click Commit Configuration Change.

And that’s it! Hope this helps.

Mike Ory