Category: SCOM

Enabling SCOM 2016 Agent Proxy

Not too much has changed when it comes to SCOM 2012R2 and SCOM 2016. This post is a similar post to SCOM 2012R2, but applicable to SCOM 2016. (See that post here).

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

To prevent this alert in the future, run the following below:

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client"; new-managementGroupConnection -ConnectionString:<strong>yourSCOMMGMTserverFQDNhere</strong>; set-location "OperationsManagerMonitoring::"; Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

 

Advertisements

Monitoring Domain Controllers in SCOM 2016 – Script Automation

Not too long ago, I wrote about how SCOM 2016 has some workarounds for monitoring domain controllers, find that post here. We learned the HSLockdown tool needs to be configured to allow the Local System account to be run under.

I was in an environment were 100+ domain controllers needed this done.. No way was I going to do this manually 100+ times… So, I wrote the following script. Unfortunately, do some PowerShell switch limitations, I had to resort to using a batch command line script.

How it works. Save the list of servers affected to a text file. Using this file/script, and PSExec, we can execute the script against the servers affected. To get that script, please visit the Microsoft TechNet Gallery.

Cheers!

Migrating Notifications from SCOM 2012 R2 to 2016

When upgrading a SCOM environment from 2012R2 (or 2012) to 2016, one of the most time demanding tasks can be replicating the notifications settings. In my case, I had to do a brand new install, and needed some way to migrate the notifications configuration from the old SCOM environment to the new. Luckily there is a pretty quick way to achieve this. Let’s begin!

Log in to the 2012R2 environment, go to the Administrations pane, and locate and export the Notifications Internal Library (Microsoft.SystemCenter.Notifications.Internal). Export this MP somewhere locally.

Open the MP/XML file with some editing tool, Notepad, Notepad++, Visual Studio, etc….

As you can see, this MP version is version 7.1.10226.0.

If you quickly hop over to the SCOM 2016 environment, and locate the same MP (same name, Microsoft.SystemCenter.Notifications.Internal), you will notice it is a different version. What we will need to do here is, update the OLD MP to a version number just slightly higher than the one in the 2016 environment.

So, in my case, I will change 7.1.10226.0 to 7.2.11719.1. Save the XML file, and copy it over to the SCOM 2016 environment.

Next we have two options:

  1. we can either import the updated MP, or,
  2. alternatively we can delete the MP from SCOM 2016 (v7.2.11719.0)

Before doing that, it is recommended to export the MP, and save it for “just in case“. In my case, I deleted the MP.

Now if you go into Notifications settings, you will see an exact copy of the configurations from your SCOM 2012R2 environment. To enable all the notifications, or disable, execute the following cmdlet in the OperationsManager console.

Get-SCOMNotificationSubscription | Enable-SCOMNotificationSubscription
Get-SCOMNotificationSubscription | Disable-SCOMNotificationSubscription

As an FYI, I forgot to disable the subscriptions beforehand. This would have been ideal to do before saving the XML file before importing into SCOM 2016. You can edit this by replacing the following text. Run a Control+H (Replace), and Replace All, Enabled=”true” to Enabled=”false”.

 

There you go! Notifications have been replaced from SCOM 2012R2 to SCOM 2016.

Monitoring Domain Controllers in SCOM 2016 – Event ID 1102

So  you deploy a SCOM 2016 agent to a Windows 2016 Domain Controller, only problem is, after the agent push, discovery doesn’t work. Well, the agent isn’t corrupted… Ports are open… SCOM agent is being deployed using the System Local account…  etc. etc. So, now what?

Taking a look at the Windows 2016 domain controller and its event log, the domain controller OpsMgr log is getting bombarded with Event IDs 1102….

After some investigation, seems to be this has been an issue in SCOM 2012 (and 2012R2) as well. Well, here’s the fix…

Taking a look at the HSLockdown, the Local System account is being denied access..  Browse to the following folder “%windir%\Program Files\Microsoft Monitoring Agent\Agent “and run the following command (elevated access…), “HSLockdown.exe /L

Now that we can see the Local System account is being denied access, let’s give it access… Running the following command, “HSLockdown /A “NT AUTHORITY\SYSTEM“. Restart the SCOM Agent (net stop HealthService.exe & net start HealthService.exe) and you should be good to go now!

Cheers!

SCOM Agent Version Addendum Management Pack

Earlier this week, Microsoft’s Kevin Holman published an excellent article and SCOM Management Pack that addresses the issue with SCOM 2012 and agent updates. Please have a read, and consider installing this MP to help alleviate the issues SCOM 2012 has created when it comes to understanding which version your SCOM agent is on….

BLOG POST HERE.

Step-by-Step – SCOM 2012 R2 Update Rollup 12 (UR12) Install Procedure

My personal notes for installing SCOM 2012 R2 Update Rollup 12, Step-by-Step. UR12 (Update Rollup) has a lot improvements, please see below the many updates being provided in this UR. One thing to mention, UR12 also has resolved an issue with respect to Reporting — please see notes below. Also, it is rather nice to see updates (still) being pushed out for SCOM 2012R2 along with other System Center 2012 products.

It is highly recommended to upgrade your lab/Dev environments first before upgrading your Production environment(s). The step by step procedures below are the steps I took and in no way shape or form do I accept responsibility for any data loss, and/or issues within your environment. It is advised to always take a backup of your SQL databases and/or snapshots of your SCOM environment(s). Please take these notes as suggestions. Always refer to Microsoft’s KB (posted below) for full documentation steps.

7

Here are the key updates for UR12 (source Microsoft):

Issues that are fixed in Operations Manager Update Rollup 12

  • When you try to upgrade System Center 2012 R2 Operations Manager Reporting Server to System Center 2016 Operations Manager reporting server, the upgrade fails for the following configuration:
      • Server A is configured as System Center 2012 R2 Operations Manager including Management Server.
      • Server B is configured as System Center 2012 R2 Operations Manager, including Operations Manager Database (OpsMgrDB), Operations Manager Data Warehouse (OpsMgrDW) and Operations Manager Reporting Server.
  • Recovery tasks on “Computer Not Reachable” messages in the System Center Operations Manager Monitor generate failed logons for System Center Operations Manager Agents that are not part of the same domain as the Management Groups.
  • When a Management Server is removed from the All Management Servers Resource Pool, the monitoring host process do not update the Type Space Cache.
  • SHA1 is deprecated for the System Center 2012 R2 Operations Manager Agent and SHA2 is now supported.
  • Because of incorrect computations of configuration and overrides, some managed entities go into an unmonitored state. This behavior is accompanied by event 1215 errors that are logged in the Operations Manager log.
  • IntelliTrace Profiling workflows fail on certain Windows operating system versions. The workflow cannot resolve Shell32 interface issues correctly.
  • There is a character limitation of 50 characters on the custom fields in the notification subscription criteria. This update increases the size of the limitation to 255 characters.
  • You cannot add Windows Client computers for Operational Insights (OMS) monitoring. This update fixes the OMS Managed Computers wizard in the System Center Operations Manager Administration pane to let you search or add Windows Client computers.
  • When you use the Unix Process Monitoring Template wizard to add a new template to the monitor processes on UNIX servers, the monitored data is not inserted into the database. This issue occurs until the Monitoring Host is restarted

Install Procedure

Once you are ready to begin your upgrade, it is recommend you do the following server/roles in the order below:

  1. Install the update rollup package on the following server infrastructure:
  • Management server or servers
  • Audit Collection Services
  • Gateway servers
  • Web console server role computers
  • Operations console role computers
  • Reporting Services
  • Agent Updates
  1. Apply SQL scripts.
  2. Manually import the management packs.
  3. Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

Once you have downloaded the rollup files, I like to extract and only keep the language I need, in this case, ENU (English). You will need to install these with Administrative rights, I like to use PowerShell as Local Administrator. It really does frustrate me, as there is no indication that the rollup installed correctly, (other than looking at the file version number change via File Explorer).

1

2

Personally, I prefer to execute the MSP files via PowerShell (RunAs Administrator) console.

Again, the order needs to be:

  1. Management Servers
  2. Audit Collection Services
  3. Gateway Servers
  4. Web Console Role Servers
  5. Operations console role computers
  6. Reporting Services
  7. Agent Updates

Once the updates are installed, server(s) are rebooted, etc., you will now need to apply the SQL scripts. First update the Data Warehouse, then followed by the OpsMgr DB.

The scripts can be found here, “%SystemDrive%\Program Files\System Center 2012 R2\Operations Manager\Server\SQL Script for Update Rollups

Please note, the user executing these scripts needs to have read and write permissions to the database(s).

Execute the SQL queries in the following order:

  1. UR_Datawarehouse.sql
  2. update_rollup_mom_db

3

4

5

 

Once you have successfully executed the SQL scripts, you will now need to import the updated Management Packs (MP). These MPs can be found here, “%SystemDrive%\Program Files\System Center 2012 R2\Operations Manager\Server\Management Packs for Update Rollups“.

You will need to import the following MPs, please see below:

  • Microsoft.SystemCenter.TFSWISynchronization.mpb, which has the following dependencies:
    • Microsoft.SystemCenter.AlertAttachment.mpb, which should be installed from the System Center Operations Manager 2012 R2 media.
    • Microsoft.SystemCenter.Visualization.Library.mpb
  • Microsoft.SystemCenter.Visualization.Component.Library.mpb
  • Microsoft.SystemCenter.ClientMonitoring.Library.mp
  • Microsoft.SystemCenter.DataWarehouse.Report.Library.mp
  • Microsoft.SystemCenter.ClientMonitoring.Views.Internal.mp
  • Microsoft.SystemCenter.Apm.Infrastructure.mpb
  • Microsoft.SystemCenter.Apm.Library.mpb
  • Microsoft.SystemCenter.Apm.Library.Resources.(LANGUAGECODE_3LTR).mpb
  • Microsoft.Windows.InternetInformationServices.2016.mp (this MP has to be downloaded separately from the Microsoft Update Catalog) which has the following dependency:
    • Microsoft.Windows.Server.2016.Discovery.mp (this MP has to be downloaded separately from the Microsoft Update Catalog)
  • Microsoft.SystemCenter.Visualization.Library.mpb
  • Microsoft.SystemCenter.Advisor.mpb
  • Microsoft.SystemCenter.Advisor.Internal.mpb
  • Microsoft.SystemCenter.2007.mp
  • Microsoft.SystemCenter.Advisor.Resources.(LANGUAGECODE_3LTR).mpb
  • Microsoft.SystemCenter.SyntheticTransactions.Library.mp
  • Microsoft.SystemCenter.OperationsManager.Library.mp
  • Microsoft.SystemCenter.OperationsManager.Internal.mp
  • Microsoft.SystemCenter.Apm.Web.IIS10.mp, which has the following dependencies:
  • Microsoft.SystemCenter.ClientMonitoring.Internal.mp, which has the following dependency:
  • Microsoft.SystemCenter.OperationsManager.AM.DR.2007.mp

 

6

Once the MPs have been imported, you should now go back to your Pending Management view, under the Administrations pane, and update all servers.

8

And that is that! You are now on the latest and greatest System Center release for SCOM 2012 R2 Update Rollup 12!