Category: Windows OS

Step-by-Step – Installing System Center Operations Manager (SCOM) 2016 on Windows Server 2016 with SQL 2016

· 58 Comments ·

This post I will be installing System Center Operations Manager 2016 (SCOM) RTM, Build Number 7.2.11719.0.

Here is some of the background information. As this post will concentrate on the installation of SCOM 2016, I am going to omit the setup and configuration of the Domain Controller, Windows Server 2016 for both SCOM Management Server and SQL Server (Please note, I am using SQL Server 2016, both servers on Windows 2016).

If you need help setting up SQL 2016 for SCOM 2016, please visit HERE.

Environment:  Virtual; ESX 6.0 Hypervisor

SCOM Management Server:

  • Windows Server 2016
  • 4 vCPU (2.00GHz)
  • 12 GB memory
  • 100GB Diskspace
  • 1GB vNIC

SQL Server:

  • Windows Server 2016
  • SQL Server 2016
  • 4 vCPU (2.00GHz)
  • 24 GB memory
  • 300GB Diskspace
  • 1GB vNIC

Service Accounts and Local Administrator:

Domain\Account Description Local Admin on…
domain\SCOM_AA SCOM Action Account SCOM & SQL
domain\SCOM_DA SCOM Data Access/SDK Account SCOM & SQL
domain\SCOM_SQL_READ SCOM SQL Reader SQL
domain\SCOM_SQL_WRITE SCOM SQL Writer SQL
domain\SCOM_Admins SCOM Administrators Group SCOM
domain\SQL_SA SQL Service Account SQL
domain\SQL_SSRS SQL Service Reporting Services Account SCOM

 

Now, if you’re lazy like me, or are tired of doing this setup for environments, I have scripted the automation of these accounts. You can find that link here, Microsoft TechNet Gallery.

Let’s Begin:

2

3

For completeness, let’s install all the features of SCOM 2016. (I am hosting a default SQL 2016 instance on the SCOM Management Server for SSRS)

4

5

Well, that’s not new… Errors. Since this is a clean, vanilla Windows 2016 server, we will need to install all the necessary Web Console components, along with Report Viewer Controls (probably SQL CLR Types too..).

  • For the Report Viewer Prerequisites, go HERE.

Note, oddly I was unable to install with CLR SQL 2016, Reports Viewer still complained and required CLR SQL 2014.

  • Here is the PowerShell command I ran to install the necessary IIS features/roles:
Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs -restart

 

Once the server is back online, you will need to register ASP.Net.

6

You will need to apply the following using Command Prompt (as Administrator)).

  1. cd %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\
  2. aspnet_regiis.exe -r
  3. IISRESET
  4. Reboot your server…

Once the server is back online, let’s try that Prerequisites check again….

7

Great! Now all of Prerequisites have been met!

8

Provide a meaningful Management Group Name (there’s no going back after this…)

9

SQL Server will be where your SCOM SQL instance(s) were installed. For me, I have built two instances on my SQL2016 server (SCOM_OPSMGR & SCOM_DW).

10

11

12

13

14

15

16

17

I recommend always keeping this off, and manually updating your SCOM infrastructure.

18

One quick review. Looks good. Hit Install, and get some fresh air!

19

A few minutes later….

20

Sweet! All good. I hope this helps. If you have any questions or issues, please drop me a line.

Please note, it is STRONGLY ADVISED to install the Update Rollup 1 once you have deployed SCOM 2016. For that walk-through, please visit the following post, HERE.

Happy 2016 SCOM’ing!

(more…)

Microsoft Most Valuable Professional Award – Cloud and Datacenter Management

· 4 Comments ·

I am proud and happy to announce, Microsoft has awarded me their Most Valuable Professional award this October, for my contributions within the Cloud and Datacenter Management technical communities.

mvp_logo_horizontal_preferred_cyan300_rgb_300ppi

“Microsoft Most Valuable Professionals, or MVPs, are community leaders who’ve demonstrated an exemplary commitment to helping others get the most out of their experience with Microsoft technologies. They share their exceptional passion, real-world knowledge, and technical expertise with the community and with Microsoft.”

For more information, please visit the LINK.

 

Creating a Site-to-Site (S2S) VPN with Azure Resource Manager (ARM) and Windows 2012R2

· 8 Comments ·

To begin, I am setting up a Site-to-Site VPN (Virtual Private Network) between my home-lab and Azure. The same concept(s) can be applied to an On-Premises/Data-Center environment and enterprise grade firewalls/routers.

For starters you will need to know the IP of your home network, my IP is dynamic, so it is continuously changing. If you don’t know your public IP, go HERE to get that now. Also, I will be using the Azure Resource Manager portal, and not the classic portal, and lastly working with IPv4, not IPv6. Lastly, I am going to assume you already know a few things about Azure, Windows Server 2012R2 RRAS (Routing and Remote Access Service) and the basics of Networking.

This setup consists of 2 steps — Step 1, setting up and configuring Azure, and Step 2, setting up and configuring your Windows RRAS server. Let’s begin:

Setting up/Configuring Azure:

Step 1: Create a Resource Group

1

Step 2: Create a Virtual Network

Now we need to create a Virtual Network. This virtual network will provide IPs to machines assigned within this resource group. The IP spacing can be whatever you choose, however it is best to choose an address space different from your home-network. I have chosen a 172.10.0.0/24; my home network is a 10.10.10.0/24.The resource group will always the one you created back in Step 1.

2a

Next I will add two subnets, one for the back-end and one for the gateway of my servers. Within your Virtual Network, select Subnets, and add as many subnets as needed.

2b

Step 3: Create a Virtual Network Gateway

Next we will create the Virtual Network Gateway. The virtual network gateway will be responsible for sending and receiving data. Essentially the bridge between (gateway) Azure and your RRAS server/home-network.

I have kept the defaults, VPN as the Gateway type, and Route based for the VPN type. The resource group will always the one you created back in Step 1.

Depending on your environment and requirements, you will need to decide which VPN type is best for you.

  • Route based, will support dynamic routing and support multiple VPN connections, using IKEv2.
  • Policy based, will support static routing, supporting a single VPN connection, and will use IKEv1.

3

  • The Virtual Network will be what we just created in Step 2,
  • The Public IP address will be one of Azure’s Public IPs,
  • Gateway type will be VPN,
  • VPN type will be Route based.

Once you have entered all the properties successfully, it will take about an hour for Azure to create the Virtual Network Gateway. (Good time for lunch/a break)

Step 4: Create a Local Network Gateway

Now we need to create the local network gateway, this gateway will be configured with all of your on-premises network.

  • IP address will be the IP address of your VPN endpoint, ie. Public Facing IP
  • Address space will be the address space you are using on-premises, in my case my home network is on a 10.10.10.0/24 network. (If you have multiple address spaces on-premises, then add them all here (only add if you want a machine in that space to be Azure accessible))

Keep in mind, the address space here MUST NOT overlap with the address space in Azure (this is why my Azure Local Network was provided a 172.10.0.0/24 address space to differentiate)

The resource group will always the one you created back in Step 1.

4a

Step 5: Create the VPN connection

Now that all the fun stuff is done, now we need to create the VPN connection. Within the Local Network Gateway we just created (Step 4) go within the Connections, and configure a VPN connection.

5b

  • You will need to specify the Virtual and Local LAN gateways we created in Step 3 and Step 4, for the Virtual Network Gateway and Local Network Gateway, respectively.
  • The Shared key (PSK) will need to be a string that will be used between the VPN connection and your RRAS server to encrypt and authenticate. I used a password generator with 32 characters, and only used letters and numbers (no special characters). Make sure to save this key, because you will need it in the Windows RRAS setup to complete the Site-to-Site connection!

 

Great Step 1 – Azure done! After configuring the RRAS server, we will need to come back to Azure, and connect/confirm the VPN traffic is flowing.

 

 

Setting up/Configuring Windows RRAS:

Step 1: Install the RRAS Windows Role 

Microsoft explains this pretty well and it is pretty straight-forward, so I won’t bother, see HERE.

Step 2: Configure and Enable Routing and Remote Access

Right click on the Network Interface, and select a New Demand-dial Interface

1a

Call it something meaningful…

1

Continue through the wizard, choose VPN.

2

Use IKEv2 Encryption here for the VPN Type (as we chose back in Step 5 within the VPN Connection configuration for Azure; they must match…duh)

3

Here you need to specify the Azure Public IP:

4

If you don’t know your Azure Public IP, go to your Virtual LAN Gateway, and see within the Essentials properties:

5

Leave Route IP packets on this interface enabled….

6

Since we are providing a PSK, credentials here don’t matter.. I just entered, Azure and left the rest blank…

7

Now add the Static Route for your local network, as mentioned, my network is a 10.10.10.0/24; 255.255.255.0.

10

Once complete, right-click on the interface we just created, and go to the Security settings. By default “Use machine certificates” will be enabled, select the preshared key for authentication option, and now enter that PSK we used in Step 5 of Azure….

8

Hit OK, and now let’s try to connect…..

Step 3: Test Connection on Server

11

Give this a few minutes, I gave it about 5 minutes, and it finally connected to Azure.

Step 4: Establish/Test Connection on Azure VPN

Go back to Azure, and within your VPN connection, hit Connect. For me, this took some time. Initially it connects, then fails, and repeats for a few minutes. I’d say after 5 minutes or so, it finally connected and stayed connected! YAY!

vpn_connection_success

 

vpn_connection_success_2

After all that, we now have a VPN connection established between Azure and my home network. This is evident as we can see traffic going in and out via Azure’s Gateway! Sweet!!!

 

(more…)

How to disable Windows 10 Lock Screen

· Leave a comment ·

After using Windows 10 on my work PCs for the last year and so, I decided it was time to upgrade my home PC. Overall Windows 10 seems great, I am able to use all my applications as I did before, and no issues with the drivers/hardware.

However, I after a few hours I really started to get annoyed with the Lock Screen activating every time I leave my desk for a few minutes. Rather than increasing that threshold, I rather disable the lock screen completely.

Here are the steps I took to disable the Windows 10 Lock Screen.

  • Launch the Registry Editor (you can do this by pressing the Windows icon button on your keyboard, plus the R key on your keyboard (simultaneously).

RunRegedit

  • Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\
  • Create the following Key, “Personalization

Registry

  • Create the DWORD, “NoLockScreen” and assign it the value 1

RegKey

And that is it! No reboot for me was required. If you are finding the lock screen still kicking in, try a reboot.

 

Cheers!