Tag: MMA

Monitoring Domain Controllers in SCOM 2016 – Event ID 1102

June 2, 2017June 2, 2017 · 4 Comments ·

So you deploy a SCOM 2016 agent to a Windows 2016 Domain Controller, only problem is, after the agent push, discovery doesn’t work. Well, the agent isn’t corrupted… Ports are open… SCOM agent is being deployed using the System Local account… etc. etc. So, now what?

Taking a look at the Windows 2016 domain controller and its event log, the domain controller OpsMgr log is getting bombarded with Event IDs 1102….

After some investigation, seems to be this has been an issue in SCOM 2012 (and 2012R2) as well. Well, here’s the fix…

Taking a look at the HSLockdown, the Local System account is being denied access.. Browse to the following folder “%windir%\Program Files\Microsoft Monitoring Agent\Agent “and run the following command (elevated access…), “HSLockdown.exe /L“

Now that we can see the Local System account is being denied access, let’s give it access… Running the following command, “HSLockdown /A “NT AUTHORITY\SYSTEM“. Restart the SCOM Agent (net stop HealthService.exe & net start HealthService.exe) and you should be good to go now!

Cheers!

SCOM Agent Version Addendum Management Pack

March 1, 2017 · Leave a comment ·

Earlier this week, Microsoft’s Kevin Holman published an excellent article and SCOM Management Pack that addresses the issue with SCOM 2012 and agent updates. Please have a read, and consider installing this MP to help alleviate the issues SCOM 2012 has created when it comes to understanding which version your SCOM agent is on….

BLOG POST HERE.

Dual-Homing OMS/Microsoft Monitoring Agent (MMA) — Questions

December 14, 2016December 14, 2016 · 8 Comments ·

Earlier this week, I posted on how the OMS/Microsoft Monitoring Agent (MMA) can be dual-homed for multiple OMS Workspaces.

A good question from the community came up (thank you @ Manoj Mathew), “Have you noticed any performance impacts on the Agents when they are multi homed to OMS?“

In the OMS Query below — making use of OMS’ Log Analytics, I checked the performance data in the last 48 hours. Unfortunately I cannot go any further, since the MMA was deployed earlier in that day, and the second OMS workspace was added later that afternoon.

There are a few spikes in the Memory and CPU, but this is also a result of a few factors:

Initially there is a high level of CPU/Memory usage as OMS did its stuff when the MMA/OMS made friends and synced up their data/solutions
There is a small spike when the second OMS workspace was added but this is minimal at best
This server was being patched with 90+ Windows Server OS patches around 8PM.

The query I used to collect the data is here,

Computer="COMPUTERNAME.FQDN" Type=Perf (CounterName="Available MBytes" OR CounterName="% Processor Time") (ObjectName=Memory OR ObjectName=Processor)

A second question being asked here is, “how many OMS Workspace IDs can be added to “dual-home” the MMA agent?“

Unfortunately I only have 3 OMS Workspace’s to work with at the moment in this environment, but with that said, I can surely say a minimum of 3. If you have the ability to test more than 3, I would love to find out!

Dual-Homing OMS/Microsoft Monitoring Agent (MMA)

December 12, 2016December 14, 2016 · 2 Comments ·

Today I learned that the MMA (Microsoft Monitoring Agent) has the ability to be “dual-homed“. Similar to what we have seen in the past with the System Center Operations Manager (SCOM) agent and dual-homing it to multiple SCOM environments/Management Groups, the same can be said for the Operations Management Suite (OMS)/MMA agent. By going into the MMA properties, you can add multiple OMS Workspace IDs. This is great if you want the Computer reporting to multiple OMS Workspaces and/or Azure Subscriptions, as was the case for me today.

Simply launch the MMA agent, and within the Azure Log Analytics (OMS), add your OMS Workspace ID here.

Note, this works for the MMA version, 8.0.11030.0 — Windows. Has not been tested against the Linux Agent.

Monitoring Windows Server 2016 Nano Server with SCOM 2016

November 30, 2016December 1, 2016 · 2 Comments ·

The following post is intended to demonstrate how to monitor your Windows Server 2016 — Nano Server, via System Center Operations Manager (SCOM) 2016.

Also, a quick note, the SCOM team released the Windows Server 2016 Operating System Management Pack today, see HERE for the download/MP. One of the many updates to this MP (version 10.0.8.0) is the added compatibility of the Nano agent! So without further ado, let’s try installing the SCOM 2016 agent on a Nano server!

To begin, I have an out-of-the-box Windows 2016 (No UI) VM. I gave it 1GB of memory, and 2 vCPU’s.

Once the VM is online, first things first, we need to add this machine to our domain, unless you want to go the DMZ/Certificates route…. For simplicity, I am adding the Nano server to my domain, same domain as the SCOM Management Server(s) — The Nano Server and SCOM Management Server MUST be on the same domain. Same network space, etc. etc.

Assuming the above is completed, let’s begin with assigning a static IP address to the server. However, before we do this, we need to get the name of the Network Adapter(s).

Network Adapter Information

Get-NetAdapter
Get-NetIPConfiguration

These cmdlets will give us the network adapter name and current settings. As you can see below, the domain controller/DHCP has already given our server a dynamic IP (10.10.10.50). We want to change this….

Assign Static IP

New-NetIPAddress -InterfaceIndex 2 -IPAddress 10.10.10.37 -PrefixLength 24 -DefaultGateway 10.10.10.1

By default, the -PrefixLength 24, will assign the subnet mask of 255.255.255.0.

Next, since this is Active Directory, we want to assign the DNS Server(s) to our Network Adapter.

Assign DNS Server(s)

Set-DnsClientServerAddress -InterfaceIndex 2 -ServerAddresses 10.10.10.30, 10.10.10.31

If you only have one DNS/DC server, then remove the second entry.

Now that we have communication with the domain controllers, now we can add our machine to the domain.

First, let’s change the server name from its random default, to something we like. I am going to go with “NANO01“.

Change Server Name

Rename-Computer -NewName "NANO01" -Restart

Next, we can now add the server to the domain.

Add Server to Domain

Add-Computer -DomainName "RaviLocal.com" -Restart

To quickly verify our server has been added to AD, we can take a looking at the AD Users and Computers UI:

Great, there it is! Now we can go ahead and deploy our Microsoft Monitoring Agent (MMA)/SCOM Agent.

Deploy SCOM 2016 Agent

Since I am taking the lazy approach, I will be deploying the agent via SCOM console. If you want to make use of PowerShell, see Microsoft’s TechNet article HERE.

Great, MMA deployed as expected! Quickly verify it is now communicating with SCOM:

All good!

Happy SCOM’ing 2016!

Load Balancing SCOM Agents

December 2, 2015March 6, 2017 · 1 Comment ·

So you have multiple SCOM Management Servers, yet you just happen to have all of your SCOM agents reporting to one server, or maybe two if you half tried to load balance your agents. There are several reasons why you would want to have multiple Management Servers, ie. off-load workflows, reduce stress on servers, etc., etc. Well what is the point of having multiple Management Servers yet nearly all of your agents are reporting to one, or maybe two at best Management Servers, while the others are collecting dust. Load balance those agents! You could manually move an agent by right clicking and moving to a new server, or you could let our friend PowerShell automate this for you.

In my experience I have seen many SCOM environments where load balancing is either done manually, or not done at all. And usually manually implies the SCOM administrator takes a look which of the servers has the least agents, and deploys away. That works, but why not deploy to any server then let PowerShell load balance for you.

In the solution below, I am using PowerShell along with Orchestrator 2012R2. The runbook can be setup to run ad-hoc, or run regularly, ie. monthly, weekly, etc. Of course if you do not Orchestrator deployed in your environment, you could very well take the script and schedule it to run via Windows Scheduled tasks.

Here I have created a Runbook to execute the script, and then send back a warning notification if the Runbook failed, or an informational notification that the Runbook executed successfully.

See below for the PowerShell script. Please note, you will need to change the Line 5 with a SCOM Management server applicable to your environment, duh. This script can also be modified, and you can load balance between two gateway servers.

The script can be found HERE!

Happy SCOM’ing!

SCOM & Other Geeky Stuff

A series of blog posts around Microsoft Cloud and Datacenter technologies, specifically Azure Cloud, System Center and other various Microsoft technologies.