Hi everyone, My company is currently running SCOM 2007 R2 CU3. The decision was made to only have SCOM send e-mail notifications on Critical alerts only. Therefore, we went ahead and created a subscription that would generate notifications on anything that was in a critical state. Normally, this works fine for us. However, if we import a new management pack to SCOM, usually the new MP will generate some critical notification "noise" before we've had a chance to tune the MP properly. So here's my question: is there a way to create a subscription that notifies on critical alerts only, but does not notify on alerts generated from specific management packs until the MP is "approved" by us? Essentially, I guess the concept would be to place a management pack into maintenance mode for subscriptions only (but not maintenance mode for alerts - so that tuning could occur). Is this possible? One option I found was to create a group for everything and then create a subscription for that group - so that new MPs would need to be manually added to that group. However, this can get messy very quickly. Another option was to create a subscription for Critical alerts that was also based on Priority. From what I remember seeing, most alerts are by default set to Priority 1 (including alerts from new Management Packs). So one possibility would be to have SCOM notify on Critical alerts with Priority of 2. But since we consider critical alerts requiring immediate action, this model would not generate notifications for existing critical alerts (with a priority of 1) until we have moved everything to use Priority 2. This could cause some unwanted outages if something critical occurs and we are not notified about it. Does anyone have any suggestions on the best way to go about creating a subscription for critical alerts? How does everyone else have subscriptions setup? Thank you in advance!

There is no option to "opt out" of alerts for a specific management pack - subscriptions are "opt in" in the way they are configured. In order to eliminate alerts for a specific MP, you would need to create a subscription in which you explicitly select all classes EXCEPT those in the management pack you want to exclude. If you had multiple MPs you wanted to exclude, you'd have to deselect all classes from each MP. In theory this would work. In practice this would be a tad inconvenient.Pete Zerger, MVP-OpsMgr and SCE | http://www.systemcentercentral.com

Hi Chris, I guess this is what one would run into. I also think that creating groups that contain specifically everything you currently have (before you import the new one) would become messy. Would be either a monster selection of groups and classes in your subscription or a monster group creation wizard to solve that one. What you could do, but that is a bit basic, is to use a testenvironment to run your MPs and create overrides. Keep these as general as possible of course as an override for one specific machine will not transfer to the production scom environment (othe guids). This way you can either transfer the overrides mp or quickly create the overrides you need with the least amount of time to tune. Next thing could be that you stop the notification channel for the duration of this import/tune action. I guess this is only feasable when the period is short. You could opt to wait for the discovery and go to the state view in the MP and set those discovered items into maintenance mode. But that doesnt give you opportunity to tune as you wont get alerts at all this way. Except when doing most of that work in the testenvironment to start with.Bob Cornelissen - BICTT (My BICTT Blog)

Here is a great link on how you set custom alert fields with PowerShell. It also details how to use a command notification to enable this. Reading the comments one can conclude that there are side-effects with running this through a notification channel but using a scheduled job should be doable. http://blogs.msdn.com/b/steverac/archive/2010/08/17/updating-custom-alert-fields-using-subscriptions-and-powershell.aspx It's feasable that you, for test periods (only do it when you need it) use a custom alert field to signal which critical alerts should be emailed. /RogerThis posting is provided "AS IS" with no warranties, and confers no rights.

Thank you all for your replies. I appreciate the help!