SCOM – Hybrid IT Pro

If you are a user of VmWare platform and are often looking at you Application log in Windows, you are probably aware of the spam that vmStatsProvider brings with the events id 256 and 258. A lot of threads in forums since many years on this issue. Since i became angry about those spam in the EventViewer that i try to keep clean, i’ve worked to find the cause. I took my favorites sysinternals tools (ProcMon, Process Explorer) to demonstrate that the calls perform by our monitoring tools on the Performance counter of VM (that uses the vmware dll behind) were the source of those events. So i had a talked with a VmWare developper who kindly accepted to modify the behavior of the dll and it’s now included in VmWare Tools 10.2.5 (March 28 2018) !!!

Many stupid solutions like to remove the performance counters in your VmWare Tools installation were published in the past years and i’m really proud to have contribute to the Clean EventViewer Community of SysAdmin.

Enjoy!

Hi,

It has been a long time since i posted. I’ll try to get back to this blog for the next year.

At work i recently had to investigate why the Microsoft SCOM management pack for Windows Server 2016 was not completely working on some of the 2016 servers. The Logical disks discovery was not working in the management pack. The management pack relies on WMI calls and the version of the management pack (the current version as i’m writing) uses remote calls for this monitor. So your remote WinRM needs to be working. You can test this by running “C:\WinRm id “and comparing the result with “C:\WinRM id -r:yourmachinename”. In my case the second one was not working.

I start looking into forums and everything was pointing on the winhttp proxy setting, that you need to reset this setting to have the “Direct” configuration, but that didn’t work.

What i found is that in my machine configuration policy (GPO, DSC) I had this WinRM setting :

Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service

Allow remote server management through WinRM – IPv4 = * and IPv6 = “”

The IPv6 settings to “” says that it’s refused

So because the management pack use a remote call (can’t understand why since it’s running locally) to get the Logical Disks monitors, the IPv6 was use prior than the IPv4 and was refused. One was could have been to disable the IPv6 on the server, but since it’s not a good practice, i just reconfigure the policy the have

Allow remote server management through WinRM – IPv4 = * and IPv6 = *

Only a GPO update was required to make it work again, no reboot needed.

I hope this post could help you

vmStatsProvider event 256 – 258

Trouble with Windows Server 2016 SCOM Management Pack