Category: System Center

SCVMM 2012R2 – Error 25100 – Unable to Delete Logical Network

SCVMM 2012R2 – Error 25100 – VMM is Unable to delete the logical network

This error will occur when you are trying to delete a logical network which still has resources bound to it.

After creating some virtual machines that were bound to this logical network, I realized there was no communication between the VMs. This was a result of not selecting the VLAN-based independent network  as I chose “one connected network”. I went back to each VM and removed the network adapter/logical network. I then tried to delete the logical network and was presented with this error.

Error

Within the SCVMM Fabric and right-clicking the Logical Network in question and viewing its Dependent Resources, I was able to view that there were numerous “Temporary Templates” still associated to the Logical Network. Since time was not of the essence, I could not wait for SQL and/or SCVMM to flush the data on its own time/interval. So, therefore I forcefully removed the dependencies. Here is how:

As mentioned, if you right-click on the Logical Network and view its Dependent Resources, you will get something similar to this. Take note of the name of the string.

List of Dep Resources

Now, launch the SCVMM PowerShell Console (Run as Administrator), and run the following cmdlet, “Remove-SCVMTemplate -VMTemplate “<templateID>“.

PSCode

If the template ID was inputted correctly, you should have got the following output:

PSResult

You will need to repeat this cmdlet for all of the dependent template IDs.

 

Hope that helps!

Advertisements

SCCM 2012 R2 (Configuration Manager) – Setup is unable to connect to SQL Server

Chances are you have a named instance for your SCCM SQL install, which is definitely the way to go. However, when installing SCCM 2012 (R2) you are presented with the following error.

Setup is unable to connect to SQL Server with the connection information provided. Verify the following:

  • The SQL Server and instance names are entered correctly
  • The specified SQL Server instance is not configured to use dynamic ports
  • If a firewall is enabled on the SQL Server, inbound rules exist to allow connections to the correct ports
  • The account used to run Setup has permissions to connect to the specified SQL server instance

1

 

To resolve this is pretty pain-less.

In my scenario, I implemented the following two solutions:

  1. Enable Named Pipes for your SQL Server Network Configuration
  2. Delete all Dynamic (TCP/IP) Ports within the Protocols for your SQL Named Instance

First, to Enable Named Pipes, Launch SQL Server Configuration Manager, expand the SQL Server Network Configuration. Locate your named instance, right-click on TCP/IP and enable.

2

Second, within the same console view, double-click and open the TCP/IP properties.

  • Here you need to delete any 0‘s (Zero’s) assigned to the TCP Dynamic Ports (Yes, remove for all IPv4, IPv6, IPAll, etc.).
  • Also within the IPAll there will be a random port assigned here (TCP Dynamic Ports), go ahead and delete this too.
  • Lastly, now you need to assign some port (ensure this port is open between your SCCM server and SCCM SQL server, if you are making use of the Windows or any Firewall(s)). In my case, I decided to assign port 1433. Within each interface, IPv4, IPv6, etc. apply your port here within the TCP Port. (See below)

2b

 

Once you have implemented the two solutions above, now go ahead and restart the SQL Server (instance name) service.

3

Now proceed with your SCCM 2012 R2 Install.

If you want to learn more on Configuring SQL Server and TCP Port(s), please see the following Microsoft article, HERE.

Cheers!

Creating Easy Tier (Multi-tier) Pool with IBM Storwize

Creating an Easy Tier (aka Multi-tier) pool within IBM’s Storwize is pretty simple, just it cannot be done via its GUI. The GUI definitely lacks this functionality, and thus I had to resort to learning some IBM CLI for the Storwize(V5000). I have been told (from IBM) the command(s) are the same for both the Storwize v7000 and v3700 series as well.

The benefits of IBM’s Easy Tier is rather impressive, and I am sure (please correct me if I am wrong) this exists within other SAN vendors as well. In my pool, there are three types of disk drives, SSD and SAS (both enterprise grade and nearline). The benefits of the multi-tiered (easy tier) pool allows data to be (seamlessly) migrated to higher-IO drives/pools that provide higher performance, ie. SSD pools.

In my case this is great, as I will have heavy-hitting IOPS SQL virtual machines that will probably require the higher performing SAS if not SSD drives. And whereas low-IOPS hitting data such as Quorums on nearline drives.

As IBM states, “Easy Tier can automatically migrate data at the sub-LUN/sub-volume level to the most appropriate storage tier. This includes the ability to automatically and non-disruptively relocate logical volume extents with high activity to storage media with higher performance characteristics, while extents with low activity are migrated to storage media with lower performance characteristics.

So how is this all done?

I am going to assume you have already created your mdisk/RAID groups. In my case my SSD drives are a RAID-5 likewise with my SAS (enterprise) drives. RAID-6 for my SAS nearline drives.

Within the CLI, you will need to get the IDs of all your drives, you can do this by running the following command, “lsdrive“. Now you can see all your drives, and their disk types, IDs, etc.

1

Now you need to create your Easy Tier pool with the mkarray command. (More syntax info can be found HERE)

“mkarray -level <raidType> -drive <IDrangeOfDrivesPerDiskTypeGroupSepeartedByColon(s)> <YourPoolName>”

mkarray -level raid5 -drive 0:1:2:3 EasyTier-Pool
*Do not forget to leave 1 drive behind as a spare within your MDisk pool, otherwise you will have no hot-spare, and will have to rebuild*
4 5

Once you have created your pool, and assoicated all the drives to the Easy Tier pool, you can now see all the mdiskX groups, using the lsmdisk command.

2

For more details, use the lsmdiskgrp command.

3

We can now also confirm the Easy Tier pool within the GUI.

image004

Now we can start building/migrating or whatever it is your SAN was designed for! 🙂

 

For more literature on IBM’s Easy Tier, please visit the LINK.

Load Balancing SCOM Agents

So you have multiple SCOM Management Servers, yet you just happen to have all of your SCOM agents reporting to one server, or maybe two if you half tried to load balance your agents. There are several reasons why you would want to have multiple Management Servers, ie. off-load workflows, reduce stress on servers, etc., etc. Well what is the point of having multiple Management Servers yet nearly all of your agents are reporting to one, or maybe two at best Management Servers, while the others are collecting dust. Load balance those agents! You could manually move an agent by right clicking and moving to a new server, or you could let our friend PowerShell automate this for you.

In my experience I have seen many SCOM environments where load balancing is either done manually, or not done at all. And usually manually implies the SCOM administrator takes a look which of the servers has the least agents, and deploys away. That works, but why not deploy to any server then let PowerShell load balance for you.

In the solution below, I am using PowerShell along with Orchestrator 2012R2. The runbook can be setup to run ad-hoc, or run regularly, ie. monthly, weekly, etc. Of course if you do not Orchestrator deployed in your environment, you could very well take the script and schedule it to run via Windows Scheduled tasks.

ce63742c-85d7-402e-b114-c3979b7ce32b

Here I have created a Runbook to execute the script, and then send back a warning notification if the Runbook failed, or an informational notification that the Runbook executed successfully.

See below for the PowerShell script. Please note, you will need to change the Line 5 with a SCOM Management server applicable to your environment, duh. This script can also be modified, and you can load balance between two gateway servers.

The script can be found HERE!

Happy SCOM’ing!

Pesky UNIX/Linux SCOM Agents (Gray State) – RETURN CODE: 1

This is a post I was meant to post quite some time ago, but forgot. Nevertheless…

If you have administrated a SCOM environment with both Wintel and UNIX/Linux machines, I am betting you have experienced some gray agents, specifically for UNIX/Linux machines.

The issue was, the server was definitely online, however according the SCOM, the server was offline or at least in a gray state. Below are the steps below I took resolve the gray agent for the machine, the server was Red Hat (RHEL) 6.x.


Steps to diagnose the issue:

  1. Could I ping the server from any of the SCOM management servers? Yes.
  2. Could I ping the server from its resource pool? Yes.
  3. Was there communication between ports 22 and 1270? Yes.
  4. Was I able to establish a Putty session via port 22? Yes.
  5. Was the SCOM process running on the server? Hmm, that’s a funny error…

1


Next are the steps I took to resolve the issue:

  1. Restart SCOM process, “sxcadmin” … Cannot, “RETURN CODE: 1”
  2. Googling, many members in the community have also had this error, and have isolated the issue to a corrupted CIM.Socket and SCX-CMID.PID file(s).
  3. Delete the files:

2

4. Let’s restart the SCX Agent…

3

5. Well that did not work either, check to see if port 1270 is evening listening…

4

6. Okay, let’s kill all processes associated scxadmin service…

5

7. Now let’s start the scxadmin process, and check again to see if port 1270 is listening…

6

8. Perfect! And what does SCOM say?

7

 

Problem solved! There are ways to automate this process, and this was achieved with the use of SCORCH and Runbooks. I will post that solution soon. Stay tuned.

 

Happy SCOM’ing! =)

(more…)

Creating certificates for Azure authorization

So let’s say you want monitor your Azure environment using your on-premises SCOM, you would think all you need is an Azure environment and an Azure Management Pack and SCOM. Well for the most part that is true, but to authenticate Azure and SCOM, you will require a certificated based authentication to bind the two environments. For starters, you will need the tools below, and can follow the steps I have outlined below.

Prerequisites

  1. Azure subscription
  2. Azure (SCOM) Management Pack
  3. Local SCOM environment (with Internet access)
  4. Windows 8.1 SDK or Visual Studio

I used my Windows 8.1 machine, therefore I needed the Windows 8 SDK. If you do not already have the SDK, it can be downloaded from HERE. Once you have installed the SDK, we will then need to create the certificate.

I used PowerShell, but you could probably use Command Prompt just as well. Please note, run as Administrator.

First browse to the SDK directory, “C:\Program Files (x86)\Windows Kits\8.1\bin\x86

1

Then, using the following code below, this will create a self-signed certificate. Please note, your certificate name should match in both places here.

makecert -sky exchange -r -n "CN=yourCERTnameHERE" -pe -a sha1 -len 2048 -ss My "yourCERTnameHERE.cer"

2

Now, I don’t know what all these switches meant so I did look it up. Also, I used the links below as reference:

If the step above, you should have got “Succeeded”.

Next, we will generate the PFX with a private key. Use the code below in squence, again in Administrator mode, PowerShell or Command Prompt.

$MyPwd = ConvertTo-SecureString -String "yourPASSWORDhere" -Force –AsPlainText

$AzureCert = Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -match "yourCERTnameHERE”}

Export-PfxCertificate -FilePath C:\yourCERTnameHERE.pfx -Password $MyPwd -Cert $AzureCert

 

3

If all went well, you can now import your PFX certificate. Go into the Certificate Store (launch MMC services, add the Certificate snap-in, run as Local Computer), and right click on Personal > Certificates > Import. Browse to your *.pfx certificate and import. You will be required for the Private Key (password to complete).

If all went well you should now be able to see the certificate within your Certificate Store, under Personal.

6

Now, Azure will want a *.cer based certificate, so we will now need to export our *.pfx certificate from the Certificate Store. This is pretty straight forward, export on the certificate, and save as a *.cer file.

Once you have export the PFX as a CER file, you can now go back to Azure, and import/upload the certificate we have just created!

7

Enabling SCOM 2012R2 Agent Proxy

The other day, I’m asked, “what the heck are these SCOM agent proxy alerts!?” I’m sure you fellow SCOM admins have seen these alerts before:

1

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

 

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

3

 

To prevent this alert in the future, run the following below:

 

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client";
new-managementGroupConnection -ConnectionString:yourSCOMserverFQDNhere;
set-location "OperationsManagerMonitoring::";
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

4

 

(more…)