Unexpected Shutdown Managementpack

Earlier this year I was talking with a customer about Windows servers which unexpectedly shutdown and how to collect info and be able to see a pattern of the crashes. My very good friend Urban Österberg did a great job in doing a great management pack that save crash info and collect the info if the severs are doing an unexpected shutdown/crash.

The Management Pack contain one Rule, which is using a script and registry to check and save information about the shutdown.

The rule are enabled by default, please override it if you only want to check specific servers.

rule

When the Alert show up please have a closer look..

Alert

Alert3

And in the Alert description you find information about earlier shutdowns In registry you are able to manage Logging and see info of the last check for unexpected shutdowns.

Registry

Please feel free to download this great Management Pack and use this to find those servers that are behaving badly…

Have a great christmas and please remember to relax and enjoy the holidays

Download MP

Download “Get the Unexpected Shutdown Management Pack” CT.UnexpectedShutdown.zip – Downloaded 369 times – 3 KB

Thank you Urban – Very nice work.

Kåre Rude Andersen

By | 2014-12-22T12:45:11+00:00 December 22nd, 2014|Operating Systems, Operations Manager (SCOM)|3 Comments

About the Author:

Kåre Rude Andersen
Microsoft Certified Trainer since 1996, MCSE, TS and ITP in Microsoft Windows, SQL (also Microsoft), Exchange (MS) and Microsoft Operations Manager. Senior Consultant and have recently worked as a consultant at CSC, SAS, ISS, Nokia and Scandlines.

3 Comments

  1. Phil Marcum February 1, 2015 at 2:36 - Reply

    I have your MP imported on a SCOM 2012 R2 RU3 environment. In addition I created an Alert View with the following:

    Name: Unexpected Server Shutdowns
    Description: Unexpected server shutdown alerts.
    Condition: Created by specific sources
    Criteria Description: created by CT Unexpected Shutdown Alert Rule

    Any reason why this wouldn’t work?

    Any responses appreciated.

    tia

  2. Martin Schmidt February 24, 2017 at 10:09 - Reply

    Thanks for sharing. If you use “Get-WinEvent -FilterHashtable @{logname=’system’; id=6008;StartTime=Get-Date($sDate)}” instead of “get-eventlog” the runtime of the script will decrease significantly (with “Get-Eventlog” 101.4 seconds, with “Get-WinEvent” only 1.3 seconds)

    Best regards,
    Martin

  3. http://www.blackhatlinks.com/index_wiki.php

    gonmnqwqs uzygw elskbsq uqqv ydwnuljvuqkcbpb

Leave A Comment