How to Set Up System Center Operations Manager (SCOM) on Windows Server 2022

SCOM Architecture and Components

System Center Operations Manager (SCOM) is Microsoft’s enterprise monitoring platform, part of the System Center suite. It provides agent-based and agentless monitoring of Windows servers, network devices, Linux systems, and cloud workloads. Understanding the architecture before deployment is essential for sizing hardware correctly and planning for high availability.

The core components of a SCOM deployment are:

Management Server — the central orchestration component that receives data from agents, evaluates rules against management packs, generates alerts, and coordinates all monitoring workflows. A standard deployment starts with a single management server but can scale to a management pool for HA.

Operational Database — a SQL Server database (typically named OperationsManager) that stores current state data, alert information, configuration, and recent performance data. This database should be sized with fast SSDs and kept below 50 GB for performance. SQL Server 2019 or 2022 is supported with SCOM 2022.

Data Warehouse Database — a separate SQL Server database (OperationsManagerDW) that stores historical performance and availability data for reporting. This database grows over time and should be on a separate SQL instance from the operational database for production deployments. Retention periods are configurable, typically 400 days for performance data.

Reporting Server — SQL Server Reporting Services (SSRS) integrated with SCOM to produce availability reports, performance trend reports, and SLA dashboards. Requires the SCOM Reporting component installed pointing at the DW database.

Gateway Server — an optional SCOM component deployed in DMZs or untrusted domains. Agents in remote networks connect to the Gateway, which relays data back to the Management Server over a single mutually authenticated channel. This avoids opening firewall ports from every monitored host directly to the management server.

Web Console — an IIS-hosted web application that provides browser-based access to the SCOM Operations Console functionality. Useful for NOC teams that need read access without installing the full console.

Operations Console — the primary management interface, a Windows application installed on administrator workstations. Used for configuring monitoring, viewing alerts, creating dashboards, and deploying agents.

SCOM Prerequisites on Windows Server 2022

Before installing SCOM 2022, prepare the infrastructure on Windows Server 2022. The management server requires a minimum of 4 CPU cores, 8 GB RAM, and 10 GB disk for the installation (performance data storage is on SQL Server). The following prerequisites must be in place:

Active Directory — SCOM requires a domain environment. The management server must be domain-joined. Create a dedicated domain service account (e.g. DOMAINscom_sdk) for the SDK and Configuration service, and a second account (DOMAINscom_action) for the default action account used by agent tasks.

SQL Server — install SQL Server 2019 or 2022 with Database Engine Services, Full-Text and Semantic Extractions for Search (required), and SSRS. Set the SQL Server service account to a domain account. Configure SQL Server collation to SQL_Latin1_General_CP1_CI_AS.

Install required Windows features on the management server:

Install-WindowsFeature `
  Web-Server, `
  Web-Static-Content, `
  Web-Default-Doc, `
  Web-Dir-Browsing, `
  Web-Http-Errors, `
  Web-Http-Logging, `
  Web-Request-Monitor, `
  Web-Filtering, `
  Web-Stat-Compression, `
  Web-Mgmt-Console, `
  Web-Metabase, `
  Web-Asp-Net45, `
  Web-ISAPI-Filter, `
  Web-ISAPI-Ext, `
  NET-Framework-45-Core, `
  NET-Framework-45-ASPNET, `
  NET-WCF-HTTP-Activation45, `
  NET-WCF-TCP-PortSharing45 `
  -Restart:$false

Install the Report Viewer 2015 redistributable and the Microsoft System CLR Types for SQL Server 2014, which SCOM requires for its console. Both are available from the Microsoft Download Center.

SCOM 2022 vs SCOM 2019 on Windows Server 2022

SCOM 2022 (version 10.22.x) is fully supported on Windows Server 2022 for both the management server role and monitored agents. SCOM 2019 (version 10.19.x) can also run on Windows Server 2022 servers but Microsoft recommends upgrading to SCOM 2022 to benefit from improved agent performance, Azure Arc integration, enhanced network monitoring, and the updated web console built on the modern Angular framework. Key improvements in SCOM 2022 include native support for the Windows Server 2022 management pack, improved TLS 1.2 enforcement throughout all components, and Linux agent improvements. The upgrade path from SCOM 2019 to 2022 is in-place without needing to rebuild the management group.

Creating the SCOM Management Group

Run the SCOM 2022 installer (Setup.exe from the ISO) as a local administrator. On the Getting Started page, click Install. On the Select features to install page, select Management server, Operations console, and Web console for an all-in-one deployment. Click through to the Management Group configuration page.

Enter a Management Group Name — this is permanent and cannot be changed after installation. Use a meaningful name such as your organisation name followed by MG (e.g. ACMECORP-MG). Provide the SQL Server name and instance for both the Operational database and the Data Warehouse database. Use the Browse button to verify SQL connectivity before proceeding.

On the Configure Operations Manager accounts screen, specify your pre-created service accounts. SCOM will validate that these accounts have appropriate SQL permissions. If you receive SQL permission errors, run the following on the SQL Server:

-- Grant required SQL Server roles for SCOM installation account
USE [master]
GO
CREATE LOGIN [DOMAINscom_install] FROM WINDOWS
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [DOMAINscom_install]
GO

The installation takes approximately 20-30 minutes. On completion the Operations Console opens automatically and connects to the newly created management group.

Deploying SCOM Agents via Push Installation

The most common method for deploying SCOM agents to Windows servers is push installation from the Operations Console. In the console, navigate to Administration > Device Management > Agent Managed. Right-click Agent Managed and select Discover Computers. The Computer and Device Management Wizard opens.

Select Advanced discovery, choose Windows computers as the device type, and specify the management server as the scanner. On the discovery criteria page, enter the computer names or an IP range to scan. Provide domain credentials with local administrator rights on the target servers. The wizard performs a ping and DNS resolution before attempting agent push.

After the discovery scan completes, check the boxes next to the servers you want to monitor and click Next. On the Summary page, click Finish. The agent installation process begins. Progress can be monitored in Administration > Pending Management.

For environments where direct push is blocked by firewalls, install the agent manually on each server. Copy the MOMAgent.msi from the SCOM management server at C:Program FilesMicrosoft System CenterOperations ManagerServerAgentManagementamd64 to the target server and run:

msiexec /i MOMAgent.msi `
  /qn `
  MANAGEMENT_GROUP=ACMECORP-MG `
  MANAGEMENT_SERVER_DNS=scom-ms01.yourdomain.com `
  MANAGEMENT_SERVER_PORT=5723 `
  SECURE_PORT=5724 `
  USE_SETTINGS_FROM_AD=0 `
  INSTALLDIR="C:Program FilesMicrosoft Monitoring Agent" `
  /l*v C:logsscom_agent_install.log

After installation, open the Microsoft Monitoring Agent applet in Control Panel to verify the management group is listed with a green indicator confirming the agent is connected and communicating.

Importing the Windows Server Management Pack

Management Packs (MPs) are XML-based bundles of monitoring logic that tell SCOM what to monitor, what thresholds indicate problems, and what knowledge articles describe remediation. Import the Windows Server 2022 management pack bundle to enable comprehensive OS monitoring.

In the Operations Console, go to Administration > Management Packs and click Import Management Packs. Select Add from catalog and search for Windows Server 2022. Import the following management packs in order (some have dependencies that require importing in the correct sequence):

Microsoft.Windows.Server.Library
Microsoft.Windows.Server.2022.Discovery
Microsoft.Windows.Server.2022.Monitoring
Microsoft.Windows.InternetInformationServices.2016  (for IIS on WS2022)
Microsoft.SQLServer.Library  (if SQL Server is installed)
Microsoft.SQLServer.2019.Discovery
Microsoft.SQLServer.2019.Monitoring

Management packs can also be imported from sealed MP files downloaded from the Microsoft Management Pack Catalog or vendor sites using the Import from disk option. After import, allow 15-30 minutes for discovery workflows to run and populate the monitored computers with Windows-specific components.

Key Monitors Created by the Windows Server Management Pack

Once the Windows Server 2022 management pack is imported and the agent is deployed, SCOM automatically creates monitoring coverage for the following areas:

Logical Disk Health — monitors each drive for free space percentage. Default thresholds alert at 10% free (Warning) and 5% free (Critical). These thresholds can be overridden per host group without modifying the sealed management pack using Override functionality.

Processor Performance — monitors CPU utilisation with a default alert threshold of 90% sustained for 20 minutes. The monitor uses Windows Management Instrumentation (WMI) performance counters.

Memory Performance — monitors available megabytes and pages per second. Persistent paging activity above threshold triggers a Memory Performance Degraded alert.

Windows Service Monitoring — discovery automatically identifies services set to Automatic start type and creates monitors for each. If a service stops unexpectedly, SCOM generates a critical alert and optionally attempts to restart the service via a recovery task.

Event Log Monitoring — pre-configured rules capture specific Windows event IDs from the System, Application, and Security logs that indicate hardware failures, disk errors (NTFS/Storport events), application crashes, and security audit events.

Configuring SCOM Alerts and Notification Channels

To receive email notifications when SCOM generates alerts, configure a notification channel. In Administration > Notifications > Channels, click New > Email (SMTP). Enter your SMTP server address, from address, port (587 for TLS), and authentication credentials. Test the channel by clicking Send Test and verifying the email arrives.

Create a notification subscription in Notifications > Subscriptions to define which alerts trigger notifications. Click New Subscription and configure the criteria — for example, send email for all alerts with severity Critical or Warning from the Windows Server class. Set the recipient to your operations distribution list. The subscription evaluates alert conditions and routes matching alerts through the configured channel.

SCOM Maintenance Windows

Maintenance Mode prevents SCOM from generating alerts during planned maintenance windows such as patching cycles. Place a server in maintenance mode from the console by right-clicking the computer object in Monitoring > Windows Computers > Windows Server Computer and selecting Maintenance Mode > Start Maintenance Mode.

Schedule recurring maintenance windows using PowerShell. The following example sets a weekly maintenance window every Sunday at 02:00 for 2 hours on a server named WEBSRV01:

Import-Module OperationsManager
New-SCOMManagementGroupConnection -ComputerName scom-ms01.yourdomain.com

$targetClass = Get-SCOMClass -Name "Microsoft.Windows.Computer"
$target = Get-SCOMMonitoringObject -Class $targetClass | Where-Object {$_.DisplayName -eq "WEBSRV01.yourdomain.com"}

# Set maintenance mode for 2 hours starting now
Start-SCOMMaintenanceMode `
  -Instance $target `
  -EndTime (Get-Date).AddHours(2) `
  -Reason "PlannedMaintenance" `
  -Comment "Weekly patching window"

Creating SCOM Dashboards

SCOM 2022 dashboards are created in the Monitoring workspace of the Operations Console. Right-click the My Workspace or a custom folder and select New > Dashboard View. The Grid layout is recommended as it allows flexible widget placement. Available widgets include Alert widget (filtered list of current alerts), State widget (health state of a group of servers), Performance widget (real-time graphs of performance counters), Topology widget (dependency maps), and Summary Dashboard widget.

Create a Windows Server Summary dashboard with an Alert widget filtered to Windows Server class at Critical severity, a State widget showing all Windows Server 2022 objects with their health state coloured green/yellow/red, and a Performance widget displaying CPU and memory across the fleet. Save the dashboard and it becomes available to all console users with appropriate permissions.

Exporting Monitoring Data from SCOM

SCOM stores historical performance data in the Data Warehouse database. Export this data via the built-in SSRS reports, or query the DW database directly for custom exports. The standard SCOM reports are accessible from the Reporting workspace and include Availability, Performance, and Alert reports with date range selection and export to Excel, PDF, or CSV.

For programmatic data export, use PowerShell to query the SCOM SDK:

Import-Module OperationsManager
New-SCOMManagementGroupConnection -ComputerName scom-ms01.yourdomain.com

# Get all active critical alerts
Get-SCOMAlert -Severity 2 -ResolutionState 0 | 
  Select-Object Name, MonitoringObjectDisplayName, TimeRaised, Description |
  Export-Csv -Path C:reportscritical_alerts.csv -NoTypeInformation

# Get health state of all Windows servers
$class = Get-SCOMClass -Name "Microsoft.Windows.Computer"
Get-SCOMMonitoringObject -Class $class |
  Select-Object DisplayName, HealthState, InMaintenanceMode |
  Sort-Object HealthState |
  Export-Csv -Path C:reportsserver_health.csv -NoTypeInformation

SCOM provides a mature, deeply integrated monitoring solution for Windows Server 2022 environments that is particularly valuable in organisations already using the Microsoft ecosystem. Its management pack model means vendors like Microsoft, Dell, HP, and NetApp publish detailed monitoring logic that requires minimal configuration to deploy effective monitoring coverage.