Tag: Windows 2012R2

Step-by-Step – Upgrading to SCOM 2016 from SCOM 2012 R2

So you’ve decided to take the jump and upgrade to System Center Operations Manager 2016? Assuming you are running a SCOM 2012R2 (UR11) environment, this post will be exactly what you need to have a successful SCOM 2012 R2 to SCOM 2016 upgrade. **Although the recommended path is to upgrade from UR9**

In my environment, here is the quick breakdown:

  • SCOM 2012 R2 environment has two Management Servers.
    • Handful of clients (Windows 2012R2) being monitored.
  • Both Management Servers live on a Windows 2012 R2 operating system.
    • Both Management Servers are running with UR 11 (Update Rollup) **Microsoft recommends upgrading the environment at latest version number minus one (latest – 1), so in this case, UR9 (UR10 was never issued for SCOM 2012R2)**.
  • The SQL environment is a SQL Server 2014 SP2 also running on Windows 2012 R2.
    • The Operations and Data Warehouse live on dedicated SQL instances, however reside on the same server.

Pre-Upgrade Tasks

Let’s get started!

First, we need to do some “Pre-Upgrade” Tasks. Follow these in order.

  1. Back up the Operations Manager Databases
  2. Review the Operations Manager Event Logs
  3. Cleanup the Database (ETL Table)
  4. Remove Agents from Pending Management
  5. Disable the Notification Subscriptions
  6. Stop the Services or Disable any Connectors
  7. Verify that the Operational Database Has More Than 50 Percent Free Space
  8. Back up the Operations Manager Databases

To Cleanup the ETL Tables, you will need to run the following script:

  • The following script will determine the number of rows that will (need) be deleted:

DECLARE @SubscriptionWatermark bigint = 0;

SELECT @SubscriptionWatermark = dbo.fn_GetEntityChangeLogGroomingWatermark();

Select COUNT (*)
FROM EntityTransactionLog ETL with(nolock)
WHERE NOT EXISTS (SELECT 1 FROM EntityChangeLog ECL with(nolock) WHERE ECL.EntityTransactionLogId = ETL.EntityTransactionLogId)
AND NOT EXISTS (SELECT 1 FROM RelatedEntityChangeLog RECL with(nolock) WHERE RECL.EntityTransactionLogId = ETL.EntityTransactionLogId)
AND EntityTransactionLogId < @SubscriptionWatermark;

etl-cleanup-1

  • Now we can go ahead and clean up the ETL table running the script below:

DECLARE @RowCount int = 1;
DECLARE @BatchSize int = 100000;
DECLARE @SubscriptionWatermark bigint = 0;
DECLARE @LastErr int;

SELECT @SubscriptionWatermark = dbo.fn_GetEntityChangeLogGroomingWatermark();
WHILE(@RowCount > 0)
BEGIN
DELETE TOP (@BatchSize) ETL
FROM EntityTransactionLog ETL
WHERE NOT EXISTS (SELECT 1 FROM EntityChangeLog ECL WHERE ECL.EntityTransactionLogId = ETL.EntityTransactionLogId)
AND NOT EXISTS (SELECT 1 FROM RelatedEntityChangeLog RECL WHERE RECL.EntityTransactionLogId = ETL.EntityTransactionLogId)
AND ETL.EntityTransactionLogId < @SubscriptionWatermark;

SELECT @LastErr = @@ERROR, @RowCount = @@ROWCOUNT;

END

etl-cleanup-2

Great! Let this run, which may take a few minutes, or hours depending on your environment..

Now we are ready to get started with the upgrade. (Don’t get to backup your databases (Report Server, Operations, Data Warehouse!!)

1


Upgrading to SCOM 2016

After you have downloaded the RTM image file, as you may have noticed, it is not an ISO file. So let’s extract the file contents locally…

2

Before moving on with the install, I stopped the following SCOM services on all of the Management Servers:

  1. Microsoft Monitoring Agent (healthservice)
  2. System Center Data Access Service (OMSDK)
  3. System Center Management Configuration (cshost)

Now we can run the installer (Run As Administrator or, SCOM Data Access/SDK account)

3

4

5

6

7

Sweet! Although this was expected, since no new changes were required for Windows Server 2012 R2.

8

I cannot stress how useful it is to use dedicated service accounts. Here input your Data Access/SDK account.

9

Once quick review before we begin the Upgrade..

10

Let this run… For me, the upgrade took around 50 minutes for the first Management Server..

11

Sweet! All good. Remember to install the license key before the 120 days are up.

Let’s launch the console just to make sure we are in all working order.

12

Great! Now we will need to repeat the process for the second/other Management servers…

Once complete, let’s upgrade our client agents to SCOM 2016 (v 8.0.10918.0)

13

At this time we can make use of the SCOM 2016 features, and update our out-dated Management Packs. Remember this feature really only works for Microsoft based Management Packs, ie. SQL, Windows Server, Client OS, etc.

14

 

I hope this helped! For additional information, and or upgrading other items such as Gateways, ACS (Audit Collection Services), etc. Please visit Microsoft’s guides HERE.

 

Lastly, it is highly recommended to upgrade to SCOM 2016 Update Rollup 1 (UR1). For that guide, please visit this LINK.

 

Happy SCOM’ing 2016!

(more…)

Creating a Site-to-Site (S2S) VPN with Azure Resource Manager (ARM) and Windows 2012R2

To begin, I am setting up a Site-to-Site VPN (Virtual Private Network) between my home-lab and Azure. The same concept(s) can be applied to an On-Premises/Data-Center environment and enterprise grade firewalls/routers.

For starters you will need to know the IP of your home network, my IP is dynamic, so it is continuously changing. If you don’t know your public IP, go HERE to get that now. Also, I will be using the Azure Resource Manager portal, and not the classic portal, and lastly working with IPv4, not IPv6. Lastly, I am going to assume you already know a few things about Azure, Windows Server 2012R2 RRAS (Routing and Remote Access Service) and the basics of Networking.

This setup consists of 2 steps — Step 1, setting up and configuring Azure, and Step 2, setting up and configuring your Windows RRAS server. Let’s begin:


Setting up/Configuring Azure:

Step 1: Create a Resource Group

1

Step 2: Create a Virtual Network

Now we need to create a Virtual Network. This virtual network will provide IPs to machines assigned within this resource group. The IP spacing can be whatever you choose, however it is best to choose an address space different from your home-network. I have chosen a 172.10.0.0/24; my home network is a 10.10.10.0/24.The resource group will always the one you created back in Step 1.

2a

Next I will add two subnets, one for the back-end and one for the gateway of my servers. Within your Virtual Network, select Subnets, and add as many subnets as needed.

2b

Step 3: Create a Virtual Network Gateway

Next we will create the Virtual Network Gateway. The virtual network gateway will be responsible for sending and receiving data. Essentially the bridge between (gateway) Azure and your RRAS server/home-network.

I have kept the defaults, VPN as the Gateway type, and Route based for the VPN type. The resource group will always the one you created back in Step 1.

Depending on your environment and requirements, you will need to decide which VPN type is best for you.

  • Route based, will support dynamic routing and support multiple VPN connections, using IKEv2.
  • Policy based, will support static routing, supporting a single VPN connection, and will use IKEv1.

3

  • The Virtual Network will be what we just created in Step 2,
  • The Public IP address will be one of Azure’s Public IPs,
  • Gateway type will be VPN,
  • VPN type will be Route based.

Once you have entered all the properties successfully, it will take about an hour for Azure to create the Virtual Network Gateway. (Good time for lunch/a break)

Step 4: Create a Local Network Gateway

Now we need to create the local network gateway, this gateway will be configured with all of your on-premises network.

  • IP address will be the IP address of your VPN endpoint, ie. Public Facing IP
  • Address space will be the address space you are using on-premises, in my case my home network is on a 10.10.10.0/24 network. (If you have multiple address spaces on-premises, then add them all here (only add if you want a machine in that space to be Azure accessible))

Keep in mind, the address space here MUST NOT overlap with the address space in Azure (this is why my Azure Local Network was provided a 172.10.0.0/24 address space to differentiate)

The resource group will always the one you created back in Step 1.

4a

Step 5: Create the VPN connection

Now that all the fun stuff is done, now we need to create the VPN connection. Within the Local Network Gateway we just created (Step 4) go within the Connections, and configure a VPN connection.

5b

  • You will need to specify the Virtual and Local LAN gateways we created in Step 3 and Step 4, for the Virtual Network Gateway and Local Network Gateway, respectively.
  • The Shared key (PSK) will need to be a string that will be used between the VPN connection and your RRAS server to encrypt and authenticate. I used a password generator with 32 characters, and only used letters and numbers (no special characters). Make sure to save this key, because you will need it in the Windows RRAS setup to complete the Site-to-Site connection!

 

Great Step 1 – Azure done! After configuring the RRAS server, we will need to come back to Azure, and connect/confirm the VPN traffic is flowing.

 



 

Setting up/Configuring Windows RRAS:

Step 1: Install the RRAS Windows Role 

Microsoft explains this pretty well and it is pretty straight-forward, so I won’t bother, see HERE.

Step 2: Configure and Enable Routing and Remote Access

Right click on the Network Interface, and select a New Demand-dial Interface

1a

Call it something meaningful…

1

Continue through the wizard, choose VPN.

2

Use IKEv2 Encryption here for the VPN Type (as we chose back in Step 5 within the VPN Connection configuration for Azure; they must match…duh)

3

Here you need to specify the Azure Public IP:

4

If you don’t know your Azure Public IP, go to your Virtual LAN Gateway, and see within the Essentials properties:

5

Leave Route IP packets on this interface enabled….

6

Since we are providing a PSK, credentials here don’t matter.. I just entered, Azure and left the rest blank…

7

Now add the Static Route for your local network, as mentioned, my network is a 10.10.10.0/24; 255.255.255.0.

10

Once complete, right-click on the interface we just created, and go to the Security settings. By default “Use machine certificates” will be enabled, select the preshared key for authentication option, and now enter that PSK we used in Step 5 of Azure….

8

Hit OK, and now let’s try to connect…..

Step 3: Test Connection on Server

11

Give this a few minutes, I gave it about 5 minutes, and it finally connected to Azure.

Step 4: Establish/Test Connection on Azure VPN

Go back to Azure, and within your VPN connection, hit Connect. For me, this took some time. Initially it connects, then fails, and repeats for a few minutes. I’d say after 5 minutes or so, it finally connected and stayed connected! YAY!

vpn_connection_success

 

vpn_connection_success_2

After all that, we now have a VPN connection established between Azure and my home network. This is evident as we can see traffic going in and out via Azure’s Gateway! Sweet!!!

 


(more…)

Exporting and Importing VMs in Hyper-V 2012R2

Let’s say you have a Virtual Machine on one Hyper-V server, and need to migrate it over to another Hyper-V server. For whatever reasons, end of life on the existing server, different data center, etc. Of course this is one of the many good reasons why having a clustered Hyper-V environment is the way to go, but this post is not about that. So, let’s get to it.

 

  • First, shutdown your VM and determine a destination to store the VM. Simply shutdown the VM within the Hyper-V console, and right-click and select Export. Once you define this, you can track its progress. Depending on your storage, how big the VM is, Hyper-V server specs, etc. this could take a few minutes…

1

2

3

  • Next, copy the VM data (you just exported) to the new Hyper-V server or some storage location. Again, based on your environment, network, server etc., this could take a few minutes.

4

  • Next, on your (new) Hyper-V server, launch the Hyper-V console, and select Import. Browse to the location where the VM being imported resides.

5

6

  • When selecting the Import Type, I chose the third option (Copy the virtual machine (create a new unique ID))

8

  • Now you can set the location of the VMs properties, or leave them defaulted to your Hyper-V servers settings.

9

  • Depending on your VM/Hyper-V server, you may have had some fancy properties, like a virtual switch. In my case I did, and on the new Hyper-V server I did not have the same virtual switch, or at least not the same name. You can either create the Network Switch your VM requires, or select “Not Connected” and finish this task later.

10

  • Now you can go ahead and finish the import process, and allow the new machine to be officially imported on your new Hyper-V hypervisor. Again, based on your environment, this may take a few moments, so go get another coffee, and enjoy!

11

 

 

Setting up a KMS Server – Windows Server 2012R2

What is a KMS? Microsoft’s KMS allows you to automate license activation for Windows servers and/or applications. In my case, I am using KMS for Windows 2012R2 license activation.  (Oh, KMS stands for Key Management Server) The setup is simple, it took me no more than 15 minutes. Below are the steps I took to set this up. Some pieces of information, I decided to dedicate a server for KMS. Also, when adding the Windows server key, double check and ensure you are using a valid Volume License key, and a KMS key — not MAK! (Yes, there is a difference)

For starters I am going to assume you already made note of the license key from your Microsoft Volume License Servicing Center portal.

As mentioned, I decided to stand up a server dedicated for KMS.

From the Windows Server Manager, install the “Volume Activation Services” role either via the GUI, or via PowerShell. If via PowerShell, here is that command, “Install-WindowsFeature -Name VolumeActivation -IncludeAllSubFeature

Once the role has been installed, launch the Volume Activation Tool console, and essentially next, next, finish!

  • Browse/Select the server that will be hosting the KMS (service):

1

  • Paste in your KMS Host/License Key:

2

3

  • Choose “Active online

4

5

Here, you have some options, how often would you like KMS to check-in, how often would like KMS to apply the key, etc. I left my settings at default, but (assuming) your environment is domain based, check mark Domain for KMS firewall exceptions. Also, by default, KMS listens on TCP port 1688.

6

 

And that is is! Now your existing/new Windows 2012R2 servers will have their licence automatically activated within 2 hours.

(more…)

SCOM 2012R2 IIS Prerequisites

If you’re like me, a System Center Operations Manager consultant, then I am sure you have already ‘googled’ this a few times by now. I constantly find myself looking this up, so I figured I would write my very own blog post on this.

It should be noted, the following code below was found on various sites, and I have now pieced it together to suite my own needs.

For starters, when installing SCOM 2012R2 and its Web Console, you are required to meet certain IIS prerequisites. You can either do Option 1, the manual way, or Option 2, the PowerShell way.

If you go with Option 1, you will need to install the following IIS features:

  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Logging
  • Request Monitor
  • Request Filtering
  • Static Content Compression
  • Web Server (IIS) Support
  • IIS 6 Metabase Compatibility
  • ASP.NET
  • Windows Authentication

Or, Option 2, you can use PowerShell to automate this for you…. (Note, you will need to launch PowerShell console as an Administrator)

Import-Module ServerManager
Add-WindowsFeature NET-Framework-Core,AS-HTTP-Activation,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,AS-Web-Support,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –restart

scom preq PS capture RT