Month: September 2015

Pesky UNIX/Linux SCOM Agents (Gray State) – RETURN CODE: 1

This is a post I was meant to post quite some time ago, but forgot. Nevertheless…

If you have administrated a SCOM environment with both Wintel and UNIX/Linux machines, I am betting you have experienced some gray agents, specifically for UNIX/Linux machines.

The issue was, the server was definitely online, however according the SCOM, the server was offline or at least in a gray state. Below are the steps below I took resolve the gray agent for the machine, the server was Red Hat (RHEL) 6.x.


Steps to diagnose the issue:

  1. Could I ping the server from any of the SCOM management servers? Yes.
  2. Could I ping the server from its resource pool? Yes.
  3. Was there communication between ports 22 and 1270? Yes.
  4. Was I able to establish a Putty session via port 22? Yes.
  5. Was the SCOM process running on the server? Hmm, that’s a funny error…

1


Next are the steps I took to resolve the issue:

  1. Restart SCOM process, “sxcadmin” … Cannot, “RETURN CODE: 1”
  2. Googling, many members in the community have also had this error, and have isolated the issue to a corrupted CIM.Socket and SCX-CMID.PID file(s).
  3. Delete the files:

2

4. Let’s restart the SCX Agent…

3

5. Well that did not work either, check to see if port 1270 is evening listening…

4

6. Okay, let’s kill all processes associated scxadmin service…

5

7. Now let’s start the scxadmin process, and check again to see if port 1270 is listening…

6

8. Perfect! And what does SCOM say?

7

 

Problem solved! There are ways to automate this process, and this was achieved with the use of SCORCH and Runbooks. I will post that solution soon. Stay tuned.

 

Happy SCOM’ing! =)

(more…)

Advertisements

Creating certificates for Azure authorization

So let’s say you want monitor your Azure environment using your on-premises SCOM, you would think all you need is an Azure environment and an Azure Management Pack and SCOM. Well for the most part that is true, but to authenticate Azure and SCOM, you will require a certificated based authentication to bind the two environments. For starters, you will need the tools below, and can follow the steps I have outlined below.

Prerequisites

  1. Azure subscription
  2. Azure (SCOM) Management Pack
  3. Local SCOM environment (with Internet access)
  4. Windows 8.1 SDK or Visual Studio

I used my Windows 8.1 machine, therefore I needed the Windows 8 SDK. If you do not already have the SDK, it can be downloaded from HERE. Once you have installed the SDK, we will then need to create the certificate.

I used PowerShell, but you could probably use Command Prompt just as well. Please note, run as Administrator.

First browse to the SDK directory, “C:\Program Files (x86)\Windows Kits\8.1\bin\x86

1

Then, using the following code below, this will create a self-signed certificate. Please note, your certificate name should match in both places here.

makecert -sky exchange -r -n "CN=yourCERTnameHERE" -pe -a sha1 -len 2048 -ss My "yourCERTnameHERE.cer"

2

Now, I don’t know what all these switches meant so I did look it up. Also, I used the links below as reference:

If the step above, you should have got “Succeeded”.

Next, we will generate the PFX with a private key. Use the code below in squence, again in Administrator mode, PowerShell or Command Prompt.

$MyPwd = ConvertTo-SecureString -String "yourPASSWORDhere" -Force –AsPlainText

$AzureCert = Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -match "yourCERTnameHERE”}

Export-PfxCertificate -FilePath C:\yourCERTnameHERE.pfx -Password $MyPwd -Cert $AzureCert

 

3

If all went well, you can now import your PFX certificate. Go into the Certificate Store (launch MMC services, add the Certificate snap-in, run as Local Computer), and right click on Personal > Certificates > Import. Browse to your *.pfx certificate and import. You will be required for the Private Key (password to complete).

If all went well you should now be able to see the certificate within your Certificate Store, under Personal.

6

Now, Azure will want a *.cer based certificate, so we will now need to export our *.pfx certificate from the Certificate Store. This is pretty straight forward, export on the certificate, and save as a *.cer file.

Once you have export the PFX as a CER file, you can now go back to Azure, and import/upload the certificate we have just created!

7

Configuring Office 365 (O365) Management Pack in SCOM

For starters, I am assuming you have a valid Office 365 account, a SCOM environment (with Internet access), and the Office 365 Management Pack.

Once you have imported the MP, next within the Administrations tab, you will need to add your O365 subscription. I used the “All Management Servers Resource Pool” for my Server Pool.

1

2

Once successful, you should have your Office 365 Subscription within the Office 365 Overview:

3

If you go back to the Monitoring tab, you should now see the Office 365 folder along with some native views.

5

 

I went a step further and added the, “Message Center” webpage, same view you would see within an browser.

I copied the two views from the MP into My Workspace, and added a new Web Page view, with the URL here, https://portal.office.com/MessageCenter/MessageCenter.aspx.

When you launch the view the first time, you will be required to sign-in. I also check marked “stay logged in” to avoid this down the road.

6

7

8

 

And that is it! Pretty easy!

Azure Runbook Limitiation

Here I am testing my Runbooks in my Azure lab, and all of a sudden I get the following alert, “The job failed. The quota for the monthly total job run time has been reached for this subscription. To get more job run time you can change to a different Automation plan or wait until next month when the quota will reset.

Whaaaaat!!?

1

Well that sucks… I don’t wait to wait another month! And I certainly do not want to upgrade my Azure subscription plan.

I contact Microsoft, and they advised me the same, I will need to either wait until next month, or upgrade my subscription plan.

“…using a Free account, then it is limited to 500 job minutes per calendar month. You can change to the Basic pricing tier and get unlimited job minutes for just $0.002 / minute.”

Turns out, with the Free account, I am limited to 500 job (Runbook) minutes per calendar month. If I upgrade then I get unlimited job minutes, but at a cost of $0.002 per minute.

Well this is certainly good to know, also good to know, when creating Runbooks, we should code efficiently, otherwise our 500 minutes will but gone soon. =)

Thanks to Chris Sanders, Program Manager @ Microsoft for the helpful information!

Enabling SCOM 2012R2 Agent Proxy

The other day, I’m asked, “what the heck are these SCOM agent proxy alerts!?” I’m sure you fellow SCOM admins have seen these alerts before:

1

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

 

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

3

 

To prevent this alert in the future, run the following below:

 

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client";
new-managementGroupConnection -ConnectionString:yourSCOMserverFQDNhere;
set-location "OperationsManagerMonitoring::";
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

4

 

(more…)

Adding ESX/vCenter to SCVMM

Adding a Hyper-V host to SCVMM is pretty straight forward, I would only hope so, since they are both Microsoft products. Well, as quick as it is to add a Hyper-V host, adding an ESX/vCenter is just as quick. Here are the steps I took to add an ESX host and vCenter appliance to SCVMM 2012 R2.

Some prerequisites, well, I am assuming you have already deployed an ESX/ESXi server which also has a vCenter appliance installed and configured with a static IP and hostname. In my lab, I have vCenter installed on the ESX host itself. I am also assuming your SCVMM and ESX/ESXi environment(s) are able to communicate with one another.

  • Launch the SCVMM console
  • Create a Run As account, here I used the default VMware credentials (root/vmware)
  • Under the Fabric pane, and under the Servers > Infrastructure Node, right click on vCenter Servers, and add a new VMware vCenter Server

1

 

  • Input the vCenter IP address, leaving the TCP/IP port as default (443)
  • Also, specify the Run As account, select the one you created back at Step 2
  • Keep Communicate with VMware ESX host in secure mode enabled

2

 

  • Next, if the Run As account validated successfully, you should now get an Import Certificate prompt. Select Import

3

 

  • You can view the status of the new addition within the Jobs window

4

 

  • If all went smoothly, your vCenter appliance/server should now be within the vCenter Servers view!

5

  • Next, you will want to essentially the same steps above, but this time, we will add the ESX host
  • Select, Add VMware ESX Hosts and Clusters

6

  • Hopefully here it should auto populate the search with the host, if not, search for it, using its IP or hostname

7

  • If all went went, proper Run As account, etc. etc, then it should soon be visible within the Server > All  Hosts view. Confirm by viewing the Jobs window for any errors/messages.

9

8

(more…)

Automating Start and Stop Times for Azure VMs

So you have set up an Azure lab, but you are now starting to see your billing costs are higher than you anticipated, or maybe you are getting tired of logging in to the Azure portal, every morning and every evening to start and shutdown your lab/Virtual Machine(s). Unfortunately there is no UI in the Azure portal that allows you to input a start and stop time for your Virtual Machines to be powered on and/or off, however there are some clever workarounds! Below are the steps I have taken to automate this problem.

Of course you will need an Azure environment, at least one Virtual Machine and some (very) basic PowerShell knowledge.

For starters, I have already built my VM, and I have already created an account that is a member of the domain administrators.


  • Log into the Azure portal and expand the Browse All icon, located on the left pane.

1

  • Select Automation Accounts and create a new Automation Account. I called mine “MachineStartStopAutomation”.

2

  • Next under the new account, select Assets

3

  • Here we will assign credentials associated to this Automation account. Within Assets, select Credentials

4

5

  • Once you have created the Credentials, next we will need to create the Runbook
  • Go back to the Automation Account, and this time select Runbooks

6

  • Provide some descriptive name for the Runbook. I used “Start<hostname>VM”. Also, I had some issues creating/editing the Runbook script when using the Graphical Runbook type, so I used the PowerShell Workflow. I would advise using the PowerShell Workflow option.

7

  • Within the script, use the code similar here. Note, your workflow will be name of your Runbook name. Also, in line 5, the -Name <hostname> will be your VM you are interested in automating the PowerOn. To be safe, I specified the FQDN.

8

  • Once complete, you can test and/or publish the Runbook. (You will need to Publish the Runbook in order to make use of it)
  • Next you will need to create a schedule. Go back to the Runbook, and select Schedules

9

  • Since I would like to start this VM daily, I set it for daily Recurrence.

10

You will now need to repeat all the steps above (starting at step 7) to create an automated shutdown Runbook. The PowerShell code will be almost exactly the same, but you will make use of the “Stop-VM -Name <hostname>” Cmdlets.

Once complete, your new Automation Runbook should look similar to this. Hopefully this will keep your Azure billing costs down, and hopefully no more daily/manual starting and shutting down your lab/Virtual Machine(s). =)

11