Category: System Center

Load Balancing SCOM Agents

So you have multiple SCOM Management Servers, yet you just happen to have all of your SCOM agents reporting to one server, or maybe two if you half tried to load balance your agents. There are several reasons why you would want to have multiple Management Servers, ie. off-load workflows, reduce stress on servers, etc., etc. Well what is the point of having multiple Management Servers yet nearly all of your agents are reporting to one, or maybe two at best Management Servers, while the others are collecting dust. Load balance those agents! You could manually move an agent by right clicking and moving to a new server, or you could let our friend PowerShell automate this for you.

In my experience I have seen many SCOM environments where load balancing is either done manually, or not done at all. And usually manually implies the SCOM administrator takes a look which of the servers has the least agents, and deploys away. That works, but why not deploy to any server then let PowerShell load balance for you.

In the solution below, I am using PowerShell along with Orchestrator 2012R2. The runbook can be setup to run ad-hoc, or run regularly, ie. monthly, weekly, etc. Of course if you do not Orchestrator deployed in your environment, you could very well take the script and schedule it to run via Windows Scheduled tasks.

ce63742c-85d7-402e-b114-c3979b7ce32b

Here I have created a Runbook to execute the script, and then send back a warning notification if the Runbook failed, or an informational notification that the Runbook executed successfully.

See below for the PowerShell script. Please note, you will need to change the Line 5 with a SCOM Management server applicable to your environment, duh. This script can also be modified, and you can load balance between two gateway servers.

The script can be found HERE!

Happy SCOM’ing!

Advertisements

Pesky UNIX/Linux SCOM Agents (Gray State) – RETURN CODE: 1

This is a post I was meant to post quite some time ago, but forgot. Nevertheless…

If you have administrated a SCOM environment with both Wintel and UNIX/Linux machines, I am betting you have experienced some gray agents, specifically for UNIX/Linux machines.

The issue was, the server was definitely online, however according the SCOM, the server was offline or at least in a gray state. Below are the steps below I took resolve the gray agent for the machine, the server was Red Hat (RHEL) 6.x.


Steps to diagnose the issue:

  1. Could I ping the server from any of the SCOM management servers? Yes.
  2. Could I ping the server from its resource pool? Yes.
  3. Was there communication between ports 22 and 1270? Yes.
  4. Was I able to establish a Putty session via port 22? Yes.
  5. Was the SCOM process running on the server? Hmm, that’s a funny error…

1


Next are the steps I took to resolve the issue:

  1. Restart SCOM process, “sxcadmin” … Cannot, “RETURN CODE: 1”
  2. Googling, many members in the community have also had this error, and have isolated the issue to a corrupted CIM.Socket and SCX-CMID.PID file(s).
  3. Delete the files:

2

4. Let’s restart the SCX Agent…

3

5. Well that did not work either, check to see if port 1270 is evening listening…

4

6. Okay, let’s kill all processes associated scxadmin service…

5

7. Now let’s start the scxadmin process, and check again to see if port 1270 is listening…

6

8. Perfect! And what does SCOM say?

7

 

Problem solved! There are ways to automate this process, and this was achieved with the use of SCORCH and Runbooks. I will post that solution soon. Stay tuned.

 

Happy SCOM’ing! =)

(more…)

Creating certificates for Azure authorization

So let’s say you want monitor your Azure environment using your on-premises SCOM, you would think all you need is an Azure environment and an Azure Management Pack and SCOM. Well for the most part that is true, but to authenticate Azure and SCOM, you will require a certificated based authentication to bind the two environments. For starters, you will need the tools below, and can follow the steps I have outlined below.

Prerequisites

  1. Azure subscription
  2. Azure (SCOM) Management Pack
  3. Local SCOM environment (with Internet access)
  4. Windows 8.1 SDK or Visual Studio

I used my Windows 8.1 machine, therefore I needed the Windows 8 SDK. If you do not already have the SDK, it can be downloaded from HERE. Once you have installed the SDK, we will then need to create the certificate.

I used PowerShell, but you could probably use Command Prompt just as well. Please note, run as Administrator.

First browse to the SDK directory, “C:\Program Files (x86)\Windows Kits\8.1\bin\x86

1

Then, using the following code below, this will create a self-signed certificate. Please note, your certificate name should match in both places here.

makecert -sky exchange -r -n "CN=yourCERTnameHERE" -pe -a sha1 -len 2048 -ss My "yourCERTnameHERE.cer"

2

Now, I don’t know what all these switches meant so I did look it up. Also, I used the links below as reference:

If the step above, you should have got “Succeeded”.

Next, we will generate the PFX with a private key. Use the code below in squence, again in Administrator mode, PowerShell or Command Prompt.

$MyPwd = ConvertTo-SecureString -String "yourPASSWORDhere" -Force –AsPlainText

$AzureCert = Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -match "yourCERTnameHERE”}

Export-PfxCertificate -FilePath C:\yourCERTnameHERE.pfx -Password $MyPwd -Cert $AzureCert

 

3

If all went well, you can now import your PFX certificate. Go into the Certificate Store (launch MMC services, add the Certificate snap-in, run as Local Computer), and right click on Personal > Certificates > Import. Browse to your *.pfx certificate and import. You will be required for the Private Key (password to complete).

If all went well you should now be able to see the certificate within your Certificate Store, under Personal.

6

Now, Azure will want a *.cer based certificate, so we will now need to export our *.pfx certificate from the Certificate Store. This is pretty straight forward, export on the certificate, and save as a *.cer file.

Once you have export the PFX as a CER file, you can now go back to Azure, and import/upload the certificate we have just created!

7

Enabling SCOM 2012R2 Agent Proxy

The other day, I’m asked, “what the heck are these SCOM agent proxy alerts!?” I’m sure you fellow SCOM admins have seen these alerts before:

1

You could go to the computer that SCOM is complaining about and manually enable the agent proxy via Administration > Managed Computers, and modifying its properties, see below:

2

 

Or…… you could make your life easier, and do this…

The fix is easy, and the explanation are both below:

To resolve the “Agent proxy not enabled” alert for all machines in your current environment, run the following PowerShell code in the SCOM PowerShell Console:

get-SCOMagent | where {$_.ProxyingEnabled -match "False"} | Enable-SCOMAgentProxy

3

 

To prevent this alert in the future, run the following below:

 

add-pssnapin "Microsoft.EnterpriseManagement.OperationsManager.Client";
new-managementGroupConnection -ConnectionString:yourSCOMserverFQDNhere;
set-location "OperationsManagerMonitoring::";
Set-DefaultSetting -Name HealthService\ProxyingEnabled -Value True

4

 

(more…)

Adding ESX/vCenter to SCVMM

Adding a Hyper-V host to SCVMM is pretty straight forward, I would only hope so, since they are both Microsoft products. Well, as quick as it is to add a Hyper-V host, adding an ESX/vCenter is just as quick. Here are the steps I took to add an ESX host and vCenter appliance to SCVMM 2012 R2.

Some prerequisites, well, I am assuming you have already deployed an ESX/ESXi server which also has a vCenter appliance installed and configured with a static IP and hostname. In my lab, I have vCenter installed on the ESX host itself. I am also assuming your SCVMM and ESX/ESXi environment(s) are able to communicate with one another.

  • Launch the SCVMM console
  • Create a Run As account, here I used the default VMware credentials (root/vmware)
  • Under the Fabric pane, and under the Servers > Infrastructure Node, right click on vCenter Servers, and add a new VMware vCenter Server

1

 

  • Input the vCenter IP address, leaving the TCP/IP port as default (443)
  • Also, specify the Run As account, select the one you created back at Step 2
  • Keep Communicate with VMware ESX host in secure mode enabled

2

 

  • Next, if the Run As account validated successfully, you should now get an Import Certificate prompt. Select Import

3

 

  • You can view the status of the new addition within the Jobs window

4

 

  • If all went smoothly, your vCenter appliance/server should now be within the vCenter Servers view!

5

  • Next, you will want to essentially the same steps above, but this time, we will add the ESX host
  • Select, Add VMware ESX Hosts and Clusters

6

  • Hopefully here it should auto populate the search with the host, if not, search for it, using its IP or hostname

7

  • If all went went, proper Run As account, etc. etc, then it should soon be visible within the Server > All  Hosts view. Confirm by viewing the Jobs window for any errors/messages.

9

8

(more…)

OMS SQL Assessment Solution

First things, first, what is the SQL Assessment Solution? OMS SQL Assessment Solution does exactly what it sounds like, it assesses a given SQL environment, providing a health check and risk assessment. The solution executes on a fixed (for now) interval monitoring and evaluates your SQL environment.

With the solution, it provides six focus areas, where it allows you and your SQL team(s) to understand where your environment may need attention either soon, or immediately. The focus areas provide recommendations based on Microsoft’s KB and Microsoft’s engineers across multiple environments, industries and scenarios. These recommendations are suggested in order to get your environment back in good standing.

Six Focus Areas:

  1. Security and Compliance
  2. Availability and Business Continuity
  3. Performance and Scalability
  4. Upgrade, Migration and Deployment
  5. Operations and Monitoring
  6. Change and Configuration Management

Each focus area will break down its recommendations based on a weighted system. The weighted system is based on three metrics: Impact, Probability and Effort.

Each metric can be broken down as follows:

  • The Impact of the issue on your organization if it does cause a problem. The higher the impact equates to a larger overall score for the recommendation.
  • The Probability that an issue identified will cause problems within the environment. The higher the probability equates to a larger overall score for the recommendation.
  • The Effort required to implement the suggested recommendation. A higher effort equates to a smaller overall score for the recommendation.

For example, if the “Schedule full database backups at least weekly,” is weighted with 4.0, this means after implementing the recommendations and satisfying the assessment, this will improve our SQL assessment score from 88% to 92%, an overall increase of 4%.

temp

Implementing the OMS Solution

To get the SQL Assessment Solution implemented, you will obviously need a SQL environment to monitor, and its Microsoft Monitoring Agent (MMA) either configured to OMS, or the agent/server a member of the OMS server group with SCOM.

Here are the steps you will need to follow to configure the SQL Run As account in the SCOM console:

Note, the Run As account you will be using, needs to be a member of the Local Administrators group on all of the Windows Servers hosting the SQL Server Instances.

  1. In SCOM, go to the Administrations tab
  2. Under the Run As Configuration, click Accounts
  3. Create the Run As Account, following through the Wizard, creating a Windows account
    1. Under Distribution Security, select More secure
  4. Go back to the Run As Configuration and click Profiles
  5. Search for the SQL Assessment Profile
  6. Assuming you are using SCOM 2012 R2 UR7, the profile name should be, “Micorsoft System Center Advisor SQL Assessment Run As Profile
  7. Right click and update its properties, and add the recently created Run As Account we just created in step 3
  8. Now you need to add the Run As account to the SQL database, and grant it the permissions it will need. Use the SQL code below, this will need to be executed on all SQL instances you are interested in incorporating into the SQL Assessment Solution. (I used this from the OMS documentation site; link can be found at the bottom of this blog)

---
    -- Replace "DOMAIN\UserName" with the actual user name being used as Run As Account (removing the quotes).
    USE master

    -- Create login for the user, comment this line if login is already created.
    CREATE LOGIN ["DOMAIN\UserName"] FROM WINDOWS

    -- Grant permissions to user.
    GRANT VIEW SERVER STATE TO ["DOMAIN\UserName"]
    GRANT VIEW ANY DEFINITION TO ["DOMAIN\UserName"]
    GRANT VIEW ANY DATABASE TO ["DOMAIN\UserName"]

    -- Add database user for all the databases on SQL Server Instance, this is required for connecting to individual databases.
    -- NOTE: This command must be run anytime new databases are added to SQL Server instances.
    EXEC sp_msforeachdb N'USE [?]; CREATE USER ["DOMAIN\UserName"] FOR LOGIN ["DOMAIN\UserName"];'

Once you have implemented the steps above, and assuming everything went successfully, soon, with OMS, you will see your SQL environment under the SQL Assessment Solution.

Hopefully there isn’t too much to fix. =)

SQL Assessment OMS

(more…)

Connecting Operations Management Suite (OMS) to SCOM

Assuming you are now equipped SCOM 2012 R2 UR7 the following procedure below to link your SCOM environment to your OMS workspace should be almost identical. If you are running on SCOM 2012 R2 UR6, then the steps below are similar, however please note, Microsoft was still referring to OMS as Operational Insights. With the UR7 update, the name was changed to Operations Management Suite.

For starters, I am going to assume you have an OMS workspace created and an Azure subscription. I am also going to assume you have a SCOM 2012 R2 (UR6 or higher) and some servers within your SCOM environment.

  • To begin, you will need to launch the Operations Manager console and go to the Administration tab/pane.
  • Within the Administration settings, select the Operations Management Suite (or Operational Insights on UR6).
  • Expand Operations Management Suite, and select connection.
  • Select Configure Operations Management Suite and follow the wizard instructions.
  • After you have successfully paired SCOM with OMS you can now add servers to your OMS Computer Group. Select Add a Computer/Group.

1 (3)

  • Within the Search, find the servers you want to add to the OMS group

2 (3)

  • Select the servers/computers, and hit OK
  • Once the servers have been added, you will now be able to see them within the Managed Computers, under the Operations Management Suite node

3 (3)

  • Now if you go back to the Operations Management Suite web portal, and select Connected Sources, under your settings, you should not only see your SCOM Management Group name, but also see the servers we have now added to the OMS group via SCOM.

4 (3)