Category: SCOM

SCOM 2012 SP1 to SCOM 2012R2 Upgrade Prerequisites

When upgrading from SCOM 2012 SP1 to 2012R2, you will need to install the following prerequisites:

  1. MICROSOFT® REPORT VIEWER 2012 RUNTIME
  2. Microsoft System CLR Types for SQL Server 2012

Of course you can also download them straight from Microsoft. The links are provided below.

SCOM 2016 Technical Preview 5 (TP5)

SCOM 2016 (RTM) along with the System Center 2016 suite and Window Server 2016 are only months away from release. Microsoft just released System Center and Server 2016 TP5 today. Check out the LINK for more information. I will be setting up monitoring with SCOM 2016 TP5 and Server 2016TP5 in the next few days, so feel free to check back in.

Cheers!

SCOM 2012R2 Web Console Timeout

By default, the SCOM 2012R2 Web Console will timeout after 30 minutes of inactivity. This can be easily disabled/changed by modifying its web.config.

As mentioned the default setting is 30 minutes, in the notes below, I am disabling the timeout completely. If you feel that is too aggressive, you can change this setting to something more conservative, let’s say 60 minutes, then change the value from 30 to 60.

Step 1, locate the web.config path, typically it is found here, “C:\Program Files\System Center Operations Manager 2012\WebConsole\WebHost\

Step 2, backup the web.config.

Step 3, open the web.config (not the backup) and find the following code (which ever tool you are using, Notepad, WordPad, Notepad ++, etc. make sure you are running the application as a Local Administrator):

<connection autoSignIn=”true” autoSignOutInterval=”30″>
<session encryptionKey=”SessionEncryptionKey”>
<overrideTicket encryptionKey=”OverrideTicketEncryptionKey”/>
</session>
<managementServer name=”localhost”/>
</connection>

Step 4, replace the following code (above) with the code below:

<connection autoSignIn=”true” autoSignOutInterval=”0″>
<session encryptionKey=”SessionEncryptionKey”>
<overrideTicket encryptionKey=”OverrideTicketEncryptionKey”/>
</session>
<managementServer name=”localhost”/>
</connection>

Step 5, save the web.config

Step 6, close (any) open sessions with the Web Console.

Step 7, restart the application pool or, perform an IIS reset (IISReset)

Capture

 

That is it!

Load Balancing SCOM Agents

So you have multiple SCOM Management Servers, yet you just happen to have all of your SCOM agents reporting to one server, or maybe two if you half tried to load balance your agents. There are several reasons why you would want to have multiple Management Servers, ie. off-load workflows, reduce stress on servers, etc., etc. Well what is the point of having multiple Management Servers yet nearly all of your agents are reporting to one, or maybe two at best Management Servers, while the others are collecting dust. Load balance those agents! You could manually move an agent by right clicking and moving to a new server, or you could let our friend PowerShell automate this for you.

In my experience I have seen many SCOM environments where load balancing is either done manually, or not done at all. And usually manually implies the SCOM administrator takes a look which of the servers has the least agents, and deploys away. That works, but why not deploy to any server then let PowerShell load balance for you.

In the solution below, I am using PowerShell along with Orchestrator 2012R2. The runbook can be setup to run ad-hoc, or run regularly, ie. monthly, weekly, etc. Of course if you do not Orchestrator deployed in your environment, you could very well take the script and schedule it to run via Windows Scheduled tasks.

ce63742c-85d7-402e-b114-c3979b7ce32b

Here I have created a Runbook to execute the script, and then send back a warning notification if the Runbook failed, or an informational notification that the Runbook executed successfully.

See below for the PowerShell script. Please note, you will need to change the Line 5 with a SCOM Management server applicable to your environment, duh. This script can also be modified, and you can load balance between two gateway servers.

The script can be found HERE!

Happy SCOM’ing!

SCOM Servers not “Remotely Manageable”? – Automation

Few posts ago, I blogged on how you can change your manually installed SCOM agents to actually appear as console-deployed. Although this solution is essentially a one time work-around, the solution below is intended for on-going manual installs. The solution below using the same SQL query and creating an automated SQL tasks that runs on a user-defined interval. Following the steps below, you can set this to run every month (or week, or quarter, etc.) and any manually installed will back their “Change Primary Management Server” enabled again.

In my solution below, I was working with SQL Server 2012SP1. This should work for previous iterations of SQL Server as well, 2012, 2008R2, etc.

Following the steps below, and using the SQL query used in a previous POST, you can automate this as well!

 

image001

image002

image003

 

image004

SCOM 2012R2 IIS Prerequisites

If you’re like me, a System Center Operations Manager consultant, then I am sure you have already ‘googled’ this a few times by now. I constantly find myself looking this up, so I figured I would write my very own blog post on this.

It should be noted, the following code below was found on various sites, and I have now pieced it together to suite my own needs.

For starters, when installing SCOM 2012R2 and its Web Console, you are required to meet certain IIS prerequisites. You can either do Option 1, the manual way, or Option 2, the PowerShell way.

If you go with Option 1, you will need to install the following IIS features:

  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Logging
  • Request Monitor
  • Request Filtering
  • Static Content Compression
  • Web Server (IIS) Support
  • IIS 6 Metabase Compatibility
  • ASP.NET
  • Windows Authentication

Or, Option 2, you can use PowerShell to automate this for you…. (Note, you will need to launch PowerShell console as an Administrator)

Import-Module ServerManager
Add-WindowsFeature NET-Framework-Core,AS-HTTP-Activation,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,AS-Web-Support,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –restart

scom preq PS capture RT

Creating certificates for Azure authorization

So let’s say you want monitor your Azure environment using your on-premises SCOM, you would think all you need is an Azure environment and an Azure Management Pack and SCOM. Well for the most part that is true, but to authenticate Azure and SCOM, you will require a certificated based authentication to bind the two environments. For starters, you will need the tools below, and can follow the steps I have outlined below.

Prerequisites

  1. Azure subscription
  2. Azure (SCOM) Management Pack
  3. Local SCOM environment (with Internet access)
  4. Windows 8.1 SDK or Visual Studio

I used my Windows 8.1 machine, therefore I needed the Windows 8 SDK. If you do not already have the SDK, it can be downloaded from HERE. Once you have installed the SDK, we will then need to create the certificate.

I used PowerShell, but you could probably use Command Prompt just as well. Please note, run as Administrator.

First browse to the SDK directory, “C:\Program Files (x86)\Windows Kits\8.1\bin\x86

1

Then, using the following code below, this will create a self-signed certificate. Please note, your certificate name should match in both places here.

makecert -sky exchange -r -n "CN=yourCERTnameHERE" -pe -a sha1 -len 2048 -ss My "yourCERTnameHERE.cer"

2

Now, I don’t know what all these switches meant so I did look it up. Also, I used the links below as reference:

If the step above, you should have got “Succeeded”.

Next, we will generate the PFX with a private key. Use the code below in squence, again in Administrator mode, PowerShell or Command Prompt.

$MyPwd = ConvertTo-SecureString -String "yourPASSWORDhere" -Force –AsPlainText

$AzureCert = Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -match "yourCERTnameHERE”}

Export-PfxCertificate -FilePath C:\yourCERTnameHERE.pfx -Password $MyPwd -Cert $AzureCert

 

3

If all went well, you can now import your PFX certificate. Go into the Certificate Store (launch MMC services, add the Certificate snap-in, run as Local Computer), and right click on Personal > Certificates > Import. Browse to your *.pfx certificate and import. You will be required for the Private Key (password to complete).

If all went well you should now be able to see the certificate within your Certificate Store, under Personal.

6

Now, Azure will want a *.cer based certificate, so we will now need to export our *.pfx certificate from the Certificate Store. This is pretty straight forward, export on the certificate, and save as a *.cer file.

Once you have export the PFX as a CER file, you can now go back to Azure, and import/upload the certificate we have just created!

7

Configuring Office 365 (O365) Management Pack in SCOM

For starters, I am assuming you have a valid Office 365 account, a SCOM environment (with Internet access), and the Office 365 Management Pack.

Once you have imported the MP, next within the Administrations tab, you will need to add your O365 subscription. I used the “All Management Servers Resource Pool” for my Server Pool.

1

2

Once successful, you should have your Office 365 Subscription within the Office 365 Overview:

3

If you go back to the Monitoring tab, you should now see the Office 365 folder along with some native views.

5

 

I went a step further and added the, “Message Center” webpage, same view you would see within an browser.

I copied the two views from the MP into My Workspace, and added a new Web Page view, with the URL here, https://portal.office.com/MessageCenter/MessageCenter.aspx.

When you launch the view the first time, you will be required to sign-in. I also check marked “stay logged in” to avoid this down the road.

6

7

8

 

And that is it! Pretty easy!

Enabling SCOM 2012R2 Agent Proxy

The other day, I’m asked, “what the heck are these SCOM agent proxy alerts!?” I’m sure you fellow SCOM admins have seen these alerts before:

1

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

 

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

3

 

To prevent this alert in the future, run the following below:

 

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client";
new-managementGroupConnection -ConnectionString:yourSCOMserverFQDNhere;
set-location "OperationsManagerMonitoring::";
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

4

 

(more…)