Category: Automation

Hyper-V Network Virtual Switches

So you’ve spun up a Windows 2012R2 machine with Hyper-V installed and ready to go. However, now you’re stuck and not sure which type of  Network Virtual Switch (vSwitch) applies to your environment(s)…

In Windows 2012R2, Hyper-V’s network virtual switch runs at Layer 2 (Data Link layer). If you are unfamiliar with this, or either terms, I suggest good old Wikipedia. 🙂 Layer 2 maintains a MAC address table contains the MAC addresses of all the virtual machines (VMs) connected to it. The switch determines where to direct/redirect the packets to based on MAC addresses. It should be noted, in Hyper-V, you can have an unlimited amount of VMs connected to this vSwitch.

In Hyper-V you have three types of Network Virtual Switches: External, Internal and Private. All have similar functions but are disgustingly different.

  1. External vSwitch allows communication between the VMs running within the Hyper-V hosts, the Hyper-V parent partition, and between all VMs on the remote host server. The External vSwitch does require a network adapter on the host (that is not mapped to any other Hyper-V External vSwitch). You can also tag to a VLAN ID.
  2. Internal vSwitch allows communication between all VMs that are connected to the vSwitch and also allows communication between the Hyper-V parent partition. You can also tag to a VLAN ID.
  3. Private vSwitch allows communication between all VMs that are connected to the vSwitch, and that is it. (Note, no communication between the VMs and its Hyper-V parent partition. Also no VLAN ID tagging can occur on the vSwitch)

Without the use of SCVMM (System Center Virtual Machine Manager), I have found there are two ways to go about creating a vSwitch, one via Hyper-V GUI and second via PowerShell.

Let’s start with the GUI:

Launch the Hyper-V console, and right-click on the Hypervisor’s Virtual Switch Manager. Now selecting New virtual network switch, you can specify your properties here. Name your vSwitch, associate to the correct vNIC, tag to the appropriate VLAN ID, etc.

1 vSwitch HyperV Host

You can now specify which vSwitch for your guest VM to use. Within the VMs properties, you will have the option to chose within the Virtual Switch (you will need to create a Network Adapter if not already done). Once selected you can specify your VLAN ID here. (I am finding you cannot specify the VLAN within the Management vSwitch, but it must be done on the client VM’s end) *Again, this is without the use of SCVMM..yet*

2 vSwitch client OS

 

The same process above can be automated via PowerShell. If you’re like me and need to provision a few dozen Hyper-V hosts, creating vSwitches via the GUI is rather tedious. This can be automated with PowerShell (and SCVMM). Please see the code below:

First you will need to get a list of all the Network Adapters your Hyper-V host has to offer. Hopefully you have named them, if you have not, I highly suggest doing this, and considering this best practice and keeping your sanity.

3 Get Adapter names via PS

Once you have the list of vNICs and their names, you can go ahead and start creating vSwitches.

4 Create vSwitch via PS Code 5 Output Create vSwitch via PS

If the code below worked (note only Line 6 is needed to create the External vSwitch) your Hyper-V host should have the vSwitch, or something similar:

1 vSwitch HyperV Host

 

(more…)

Load Balancing SCOM Agents

So you have multiple SCOM Management Servers, yet you just happen to have all of your SCOM agents reporting to one server, or maybe two if you half tried to load balance your agents. There are several reasons why you would want to have multiple Management Servers, ie. off-load workflows, reduce stress on servers, etc., etc. Well what is the point of having multiple Management Servers yet nearly all of your agents are reporting to one, or maybe two at best Management Servers, while the others are collecting dust. Load balance those agents! You could manually move an agent by right clicking and moving to a new server, or you could let our friend PowerShell automate this for you.

In my experience I have seen many SCOM environments where load balancing is either done manually, or not done at all. And usually manually implies the SCOM administrator takes a look which of the servers has the least agents, and deploys away. That works, but why not deploy to any server then let PowerShell load balance for you.

In the solution below, I am using PowerShell along with Orchestrator 2012R2. The runbook can be setup to run ad-hoc, or run regularly, ie. monthly, weekly, etc. Of course if you do not Orchestrator deployed in your environment, you could very well take the script and schedule it to run via Windows Scheduled tasks.

ce63742c-85d7-402e-b114-c3979b7ce32b

Here I have created a Runbook to execute the script, and then send back a warning notification if the Runbook failed, or an informational notification that the Runbook executed successfully.

See below for the PowerShell script. Please note, you will need to change the Line 5 with a SCOM Management server applicable to your environment, duh. This script can also be modified, and you can load balance between two gateway servers.

The script can be found HERE!

Happy SCOM’ing!

SCOM Servers not “Remotely Manageable”? – Automation

Few posts ago, I blogged on how you can change your manually installed SCOM agents to actually appear as console-deployed. Although this solution is essentially a one time work-around, the solution below is intended for on-going manual installs. The solution below using the same SQL query and creating an automated SQL tasks that runs on a user-defined interval. Following the steps below, you can set this to run every month (or week, or quarter, etc.) and any manually installed will back their “Change Primary Management Server” enabled again.

In my solution below, I was working with SQL Server 2012SP1. This should work for previous iterations of SQL Server as well, 2012, 2008R2, etc.

Following the steps below, and using the SQL query used in a previous POST, you can automate this as well!

 

image001

image002

image003

 

image004

SCOM 2012R2 IIS Prerequisites

If you’re like me, a System Center Operations Manager consultant, then I am sure you have already ‘googled’ this a few times by now. I constantly find myself looking this up, so I figured I would write my very own blog post on this.

It should be noted, the following code below was found on various sites, and I have now pieced it together to suite my own needs.

For starters, when installing SCOM 2012R2 and its Web Console, you are required to meet certain IIS prerequisites. You can either do Option 1, the manual way, or Option 2, the PowerShell way.

If you go with Option 1, you will need to install the following IIS features:

  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Logging
  • Request Monitor
  • Request Filtering
  • Static Content Compression
  • Web Server (IIS) Support
  • IIS 6 Metabase Compatibility
  • ASP.NET
  • Windows Authentication

Or, Option 2, you can use PowerShell to automate this for you…. (Note, you will need to launch PowerShell console as an Administrator)

Import-Module ServerManager
Add-WindowsFeature NET-Framework-Core,AS-HTTP-Activation,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,AS-Web-Support,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –restart

scom preq PS capture RT

Creating certificates for Azure authorization

So let’s say you want monitor your Azure environment using your on-premises SCOM, you would think all you need is an Azure environment and an Azure Management Pack and SCOM. Well for the most part that is true, but to authenticate Azure and SCOM, you will require a certificated based authentication to bind the two environments. For starters, you will need the tools below, and can follow the steps I have outlined below.

Prerequisites

  1. Azure subscription
  2. Azure (SCOM) Management Pack
  3. Local SCOM environment (with Internet access)
  4. Windows 8.1 SDK or Visual Studio

I used my Windows 8.1 machine, therefore I needed the Windows 8 SDK. If you do not already have the SDK, it can be downloaded from HERE. Once you have installed the SDK, we will then need to create the certificate.

I used PowerShell, but you could probably use Command Prompt just as well. Please note, run as Administrator.

First browse to the SDK directory, “C:\Program Files (x86)\Windows Kits\8.1\bin\x86

1

Then, using the following code below, this will create a self-signed certificate. Please note, your certificate name should match in both places here.

makecert -sky exchange -r -n "CN=yourCERTnameHERE" -pe -a sha1 -len 2048 -ss My "yourCERTnameHERE.cer"

2

Now, I don’t know what all these switches meant so I did look it up. Also, I used the links below as reference:

If the step above, you should have got “Succeeded”.

Next, we will generate the PFX with a private key. Use the code below in squence, again in Administrator mode, PowerShell or Command Prompt.

$MyPwd = ConvertTo-SecureString -String "yourPASSWORDhere" -Force –AsPlainText

$AzureCert = Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -match "yourCERTnameHERE”}

Export-PfxCertificate -FilePath C:\yourCERTnameHERE.pfx -Password $MyPwd -Cert $AzureCert

 

3

If all went well, you can now import your PFX certificate. Go into the Certificate Store (launch MMC services, add the Certificate snap-in, run as Local Computer), and right click on Personal > Certificates > Import. Browse to your *.pfx certificate and import. You will be required for the Private Key (password to complete).

If all went well you should now be able to see the certificate within your Certificate Store, under Personal.

6

Now, Azure will want a *.cer based certificate, so we will now need to export our *.pfx certificate from the Certificate Store. This is pretty straight forward, export on the certificate, and save as a *.cer file.

Once you have export the PFX as a CER file, you can now go back to Azure, and import/upload the certificate we have just created!

7

Azure Runbook Limitiation

Here I am testing my Runbooks in my Azure lab, and all of a sudden I get the following alert, “The job failed. The quota for the monthly total job run time has been reached for this subscription. To get more job run time you can change to a different Automation plan or wait until next month when the quota will reset.

Whaaaaat!!?

1

Well that sucks… I don’t wait to wait another month! And I certainly do not want to upgrade my Azure subscription plan.

I contact Microsoft, and they advised me the same, I will need to either wait until next month, or upgrade my subscription plan.

“…using a Free account, then it is limited to 500 job minutes per calendar month. You can change to the Basic pricing tier and get unlimited job minutes for just $0.002 / minute.”

Turns out, with the Free account, I am limited to 500 job (Runbook) minutes per calendar month. If I upgrade then I get unlimited job minutes, but at a cost of $0.002 per minute.

Well this is certainly good to know, also good to know, when creating Runbooks, we should code efficiently, otherwise our 500 minutes will but gone soon. =)

Thanks to Chris Sanders, Program Manager @ Microsoft for the helpful information!

Enabling SCOM 2012R2 Agent Proxy

The other day, I’m asked, “what the heck are these SCOM agent proxy alerts!?” I’m sure you fellow SCOM admins have seen these alerts before:

1

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

 

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

3

 

To prevent this alert in the future, run the following below:

 

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client";
new-managementGroupConnection -ConnectionString:yourSCOMserverFQDNhere;
set-location "OperationsManagerMonitoring::";
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

4

 

(more…)

Automating Start and Stop Times for Azure VMs

So you have set up an Azure lab, but you are now starting to see your billing costs are higher than you anticipated, or maybe you are getting tired of logging in to the Azure portal, every morning and every evening to start and shutdown your lab/Virtual Machine(s). Unfortunately there is no UI in the Azure portal that allows you to input a start and stop time for your Virtual Machines to be powered on and/or off, however there are some clever workarounds! Below are the steps I have taken to automate this problem.

Of course you will need an Azure environment, at least one Virtual Machine and some (very) basic PowerShell knowledge.

For starters, I have already built my VM, and I have already created an account that is a member of the domain administrators.


  • Log into the Azure portal and expand the Browse All icon, located on the left pane.

1

  • Select Automation Accounts and create a new Automation Account. I called mine “MachineStartStopAutomation”.

2

  • Next under the new account, select Assets

3

  • Here we will assign credentials associated to this Automation account. Within Assets, select Credentials

4

5

  • Once you have created the Credentials, next we will need to create the Runbook
  • Go back to the Automation Account, and this time select Runbooks

6

  • Provide some descriptive name for the Runbook. I used “Start<hostname>VM”. Also, I had some issues creating/editing the Runbook script when using the Graphical Runbook type, so I used the PowerShell Workflow. I would advise using the PowerShell Workflow option.

7

  • Within the script, use the code similar here. Note, your workflow will be name of your Runbook name. Also, in line 5, the -Name <hostname> will be your VM you are interested in automating the PowerOn. To be safe, I specified the FQDN.

8

  • Once complete, you can test and/or publish the Runbook. (You will need to Publish the Runbook in order to make use of it)
  • Next you will need to create a schedule. Go back to the Runbook, and select Schedules

9

  • Since I would like to start this VM daily, I set it for daily Recurrence.

10

You will now need to repeat all the steps above (starting at step 7) to create an automated shutdown Runbook. The PowerShell code will be almost exactly the same, but you will make use of the “Stop-VM -Name <hostname>” Cmdlets.

Once complete, your new Automation Runbook should look similar to this. Hopefully this will keep your Azure billing costs down, and hopefully no more daily/manual starting and shutting down your lab/Virtual Machine(s). =)

11