Knowing is better than guessing, that is an indisputable fact as far as I know and since we try to automate more and more (someone wrote –automating the world, line by line and that is so darn correct) we now need to monitor much more. OS Deployment has been possible to automate for many years, but the level of monitoring to see if everything is working correctly is in place and there are many reasons for that, some solutions just takes forever to deploy and configure and some takes forever to understand how they work.
The Problem:
We need to be able to see if everything works as expect, we all work in the Service Sector, we are suppose to service our organizations and help our users so they can do whatever they are suppose to do (I know, working in IT is not that cool anymore). If you have MDT you could enable the monitoring feature, but it will only tell you ongoing deployments and if they went well or not, you cannot see the issues, only the number of issues. If you have SCCM it is far better, but, better could be better…
The Solution
In MDT there is a monitoring feature and what not so many know about is that it is actually writing to the event log.
$MDTevents = Get-EventLog -LogName Application -Source MDT_Monitor -EntryType Warning,Error
$MDTevents | Select Message
Output from running the commands above.
So, if we could create script that dumps that, split the message into 3 objects, machine name, type of error, and message, add the path to the logs for each machine we have a solution, right?
Issue Number one
The event log is fantastic, it has so many parameters to work with, but in this case it does not work, since all data is just a string in the event it self, so we need to extract that and “bend the rules a bit”, this is what we get if we don’t do anything at all
As you can see, it is all in the EventData, just as a dumb string.
With this little function we can now dump the data, turn the string into 3 objects, flip them around so that the computer name comes first (like to sort it on computer name), remove junk
Issue Number two
Converting to HTML with links to the logs, well that can be done rather easy using this part
Here you can see that we dump out the data running the Function Get-MDTIssues with a select statement that on the first position creates a new object called “link” and it will add a href tag on the computer name, so now we have a nice HTML page, well not really. there is another problem
Issue Number three
ConvertTo-HTML does not like HTML, it will of course convert everything to HTML, including HTML and the HTML we had is no HTML anymore…
But, Convertto-html is an object, so we can of course convert that on the fly using –replace and at the same time we can add the computer name correctly to the server we are running this on
Issue Number four
Now everything works, Yeah, well no, as soon as you have this “not-so-very-designed-web-page” you will be able to click the links and THAT works, you will end up in the log folders
So let us click one of them:
So far so good:
But you cannot click any of the links until you add a mime type for .log in IIS
Install and Configure
- Download file from here:
- Store it locally on the MDT server (The server with the Deployment workbench, it is possible to run the script from an other machine, but then you need to modify the script to read the log from another computer)
- Make sure that MDT Monitoring is enabled
- Make sure that CustomSettings.ini is correctly configured to store the logs and to enable to send monitor data
- SLShare=\\SRVMGT01\Logs$
- EventService=http://SRVMGT01:9800
- Add the IIS Feature
- Add two Web Applications
- Enable Directory Browsing for Logs and MDT (If you call the file default.htm or similar you don’t need that)
- Schedule the script to run (You could a be smart, schedule a task based on the MDT_Monitor to run the script for warnings and errors
- Testing could be done in two ways, you could either deploy a machine and hope it fails or you could run this POSH command:
Write-EventLog -LogName Application -Source MDT_Monitor -EntryType Warning -EventId 2000 -Message “Error logged for computer TEST01: Application Install – HP Support Pack returned an unexpected return code: 1”
and if everything works correct, well you should be able to see that in the webpage
Happy “Warnings, errors and failures”
/mike
Share this:
Categories: Deployment, MDT, SCCM
The Deployment Bunny 
Thank you for this post. Since I am interested I tried to implement this in our situation.
Sadly it didn’t work. Maybe I did something wrong in IIS or the script isn’t working. The webpage is empty.
When I test it with your POSH command, I can see there is an Event made in Appl Log. Also the Scheduled Task is running with no errors.
How can I troubleshoot the problem? Maybe I missed something or I did misconfigure things,
It should be easy to t-shoot,
1. You need issues, create an issue if you dont have one using POSH, but this seems to be correct in your case
2. The script will be stored in C:\MDTWEB as you can see on the line Close to the end, change that if your IIS Application Folder is an other
3. The script assumes that you are running the site on port 80, if you are using anyother port you need to change that to, it is also close to the end.
The first thing is to make sure that the webpage is created, next step si to se the content and adjust the script so that the output is the way you like it
Do you mean that the MonitorMDT.ps1 script should be placed in C:\MDTWEB (not in my case)?
In IIS The “MDT” application folder is redirected to C:\MDTWEB. Directory Browsing is enabled and I created a “Default Document” named MDTIssues.htm.
Still the “MDTIssues.htm” is not created or when I create it manually, it is not updated.
Do you give any additional arguments In the Task Scheduler”? I have stated: -File “%path to location%\MonitorMDT.ps1”
Ok, that is correct,
The script should create the webpage, but if it is blank it means that there is no data to use. Verify that the script reads the eventlog and creates a webpage at all.
NO, there is no other options, just the -file and path to the file.
/m
Hello, thanks for your post. I did exactly what you write. And after I execute command “powershell c:\mdtweb\monitormdt.ps1″, a file named Mdtissues.htm is generated. But here is the content of the html file:
BODY{background-color:peachpuff;}TABLE{border-width: 2px;border-style: solid;border-color: black;border-collapse: collapse;}TH{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:thistle}TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black}
2014-02-02 – 23:17:25
Deployment Status for: Generated by Power of the Shell
LinkNotificationMessage
<a href=”>
For details, contact support@internet.com
so there is no content on the page, and the content under Link is ““. But when I execute command “Get-EventLog -LogName Application -Source MDT_Monitor -EntryType Warning,Error”, there is content. So it seems the script didn’t get correct content. Could you advise how could I troubleshoot this?
Hi, that could be almost anything, but first verify permissions, the account that runs the script needs to have access to the eventlog, file location and so on. If that does not work create a copy of the script open an elevated ISE PowerShell prompt, open the script copy and run selected parts and verify.
Your example works like a charm but our systems are not triggering MDT Events, they are logging status to the server, we can track them in the Deployment Tool bench but nothing shows up in the Event properties. I can write into the event log with no issues. We are using a CM07 ZTI deployments. I can post events remotely. Do you know of anything else I could check to see why these events don’t show up? Within the log files it looks like the machine is posting successfully
Hi Mikael!
Do you know how I could write serial number, make, model and task sequenceID to eventlog?
MDT writes Deployment started on %OSDComputerName% to eventlog already. Trying to figure out how I could add more information to that event.
Thanks
That is a function within the MDT monitor and as far as I know that cannot be changed (easy). Could you explain a bit more, maybe I can figure out a solution for you?
I tried to use oLogging.CreateEvent(iEventID, iType, sMessage, arrParms) from ZTIUtility.vbs, but I couldn’t get it to write to eventlog.
I’m just trying to get a simple solution to monitor how many computers are installed, what was the task sequence used, what was the model, make and serial number etc. I thoght I could easily get this information to eventlog and display it on a webpage like this.
I’m alredy using SLShare that makes a logfile per machine, but the main problem is that every machine has own logfile and you don’t have single view to get the information you need.
Maybe I could write a script that reads those logfiles and gathers the needed information to single file.
I installed Orchestrator and I was able to write the information I need to eventlog. It was very easy with Orchestrator. I’m in love with this awesome product.
If you have Orchestrator up and running, you are going to like an upcoming post :-)
Thanks! Can’t wait! :)