Category: Best Practice

Set up SCOM 2016 for TLS1.2

Security bugging you about SCOM using TLS1.0 ?

 

Have questions on the TLS1.2 Protocol Support Deployment guide link?

If using ACS, please review ACS steps to configure from the guide above

 

It’s time to update SCOM 2016 to TLS1.2!

 

Pre-requisites

.Net and SQL native client, ODBC must be updated to TLS1.2 compliant version

HTTPS Endpoints must be CA signed certificates using SHA1 or SHA2

 

 

 

Ensure .Net version 4.6 is installed on all SC components

Determine which .Net is installed https://docs.microsoft.com/en-us/dotnet/framework/migrationguide/how-to-determine-which-versions-are-installed

From PowerShell (run as admin is NOT required)

Get-ChildItem ‘HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP’ -recurse | Get-ItemProperty -name Version,Release -EA 0 | Where { $_.PSChildName -match ‘^(?!S)\p{L}’} | Select PSChildName, Version, Release

 

Above commands from StackOverFlow article

Guide to .Net versions and dependencies https://docs.microsoft.com/enus/dotnet/framework/migration-guide/versions-and-dependencies

 

Sample output from win2k8R2 sp1 server (and same from 2016 server)

 

 

 

 

SQL Server updates

Install the required SQL server update supporting TLS1.2

From PowerShell as Administrator
Invoke-Sqlcmd -Query “SELECT @@VERSION;” -QueryTimeout 3

Example Output
PS C:\Windows\system32> Invoke-Sqlcmd -Query “SELECT @@VERSION;” -QueryTimeout 3
Column1

——

Microsoft SQL Server 2016 (RTM-GDR) (KB3210111) – 13.0.1728.2 (X64) …

OR

Microsoft SQL Server 2008 R2 (SP2) – 10.50.4000.0 (X64)

 

Compare to SQL matrix to download and install appropriate version
TLS 1.2 SQL Support https://support.microsoft.com/en-in/help/3135244/tls-1.2-support-for-microsoft-sql-server
NOTE Verify you are running a compliant cumulative update (CU), you will need the patch (SQL2016 natively supports TLS1.2)
SQL Server 2008R2 SP2 is NOT supported for TLS1.2  https://blogs.msdn.microsoft.com/sqlreleaseservices/tls-1-2-support-for-sql-server-2008-2008-r2-2012and-2014/

 

Install the required SQL Native Client
FYI – SQL 2016 uses the SQL 2012 Native client
Download link https://www.microsoft.com/en-us/download/details.aspx?id=50402

 

SQL Native client 11.0 should be installed on ALL MS and SQL servers (SQL 2008-2016)

From PowerShell as Administrator
get-odbcdriver -name “SQL Server Native Client*”

 

Example Output

 

 

From Control Panel, Programs and Features, Installed Programs

 

Stop SQL Server and SQL Server agent services
Stop-service SQLSERVERAGENT

Stop-service MSSQLSERVER

 

Install SQL Native Client MSI

Double click on SQL Native Client MSI file to begin installation

Click on Yes to begin installation

Click Next on the Installer window

 

Click I accept radio button

Click Next

 

Click Next on Feature Selection

 

Click Install

 

Click Yes on User Account Control (UAC) prompt

 

Stop SQL Server and SQL Server agent (if they restarted)

 

Watch installer status

 

Click Finish when complete

 

 

 

Verify SQL Native Client Verification

Verify SQL services are running
Stop SQL Server and SQL Server agent services From PowerShell as Admin
Get-service SQLSERVERAGENT

Get-service MSSQLSERVER

From PowerShell as Admin If necessary, start SQL Server and SQL Server agent services
Start-service SQLSERVERAGENT

Start-service MSSQLSERVER
Verify Installer completed
In Event Viewer, Windows Logs, Application look for event 11728

 

From PowerShell

Get-EventLog -LogName Application | ? { $_.InstanceId -eq 11728 }

Rinse and Repeat for other MS and SQL servers in environment

 

 

Install ODBC on all Management Servers

 

For SCOM & SM, ODBC 11.0 or ODBC 13.0 should be installed on all MS and SQL servers

 

Verify ODBC v11 for server win2k8R2

From Control Panel

Click on Programs

Click on Programs and Features

Search for ODBC

 

Verify ODBC v13 for Server 2016

Verify version from PowerShell (run as administrator NOT required)
get-odbcdriver -name “ODBC Driver * SQL Server”

 

Output

Download and install appropriate version

11.0: https://www.microsoft.com/en-us/download/details.aspx?id=36434 (Version 2.0.5543.11)
13.0: https://www.microsoft.com/en-us/download/details.aspx?id=50420
Verify Installer completed
In Event Viewer, Windows Logs, Application look for event 11728

 

From PowerShell

Get-EventLog -LogName Application | ? { $_.InstanceId -eq 11728 } | ? { $_.Message -like “*Microsoft ODBC*”

 

Output

 

NOTE Please make sure servers are patched with latest Monthly Rollup Updates

Had issue where KB3080079 was NOT installed on server.  Patch applied to Win7, Server 2008,2008R2

From Powershell

get-hotfix -id KB3080079

 

Output

 

 

 

Install SCOM 2016 UR4 update

See Kevin Holman’s UR4 install blog https://blogs.technet.microsoft.com/kevinholman/2017/10/28/ur4-for-scom-2016-step-by-step/

 

Time to enable TLS1.2 Secure Channel messages on MS and SQL server (gateway if installed in your environment)

See Gallery for add/query/remove registry keys

 

Add SCHANNEL path for TLS

$ProtocolList       = @(“SSL 2.0″,”SSL 3.0″,”TLS 1.0”, “TLS 1.1”, “TLS 1.2”)
$ProtocolSubKeyList = @(“Client”, “Server”)
$DisabledByDefault = “DisabledByDefault”
$Enabled = “Enabled”
$registryPath = “HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\”

foreach($Protocol in $ProtocolList)
{
    Write-Host ” In 1st For loop”
foreach($key in $ProtocolSubKeyList)
{
$currentRegPath = $registryPath + $Protocol + “\” + $key
Write-Host ” Current Registry Path $currentRegPath”

if(!(Test-Path $currentRegPath))
{
    Write-Host “creating the registry”
New-Item -Path $currentRegPath -Force | out-Null
}
if($Protocol -eq “TLS 1.2”)
{
    Write-Host “Working for TLS 1.2”
New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value “0” -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $currentRegPath -Name $Enabled -Value “1” -PropertyType DWORD -Force | Out-Null

}
else
{
    Write-Host “Working for other protocol”
New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value “1” -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $currentRegPath -Name $Enabled -Value “0” -PropertyType DWORD -Force | Out-Null
}
}
}

 

# Tighten up the .NET Framework
$NetRegistryPath = “HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319”
 New-ItemProperty -Path $NetRegistryPath -Name “SchUseStrongCrypto” -Value “1” -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = “HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319”
 New-ItemProperty -Path $NetRegistryPath -Name “SchUseStrongCrypto” -Value “1” -PropertyType DWORD -Force | Out-Null

 

Restart servers

 

 

Verify SCOM Console for alerts and connectivity

 

Adding UNIX agents via PowerShell

First, a shout out to Vanessa Bruwer @VanessaBruwer and Tyson Paul for their help!

 

Feel like I was pounding rocks, and had a great find! 🙂

…How to add UNIX agents manually via command line

 

 

 

Required

1. Unix Agent action account and agent maintenance account ID and passwords
2. Unix Resource Pool name (use get-SCOMResourcePool)

Don’t confuse the WSMAN login and use your MSAA ID

BTW, cmdlets exist with 2012R2 and 2016

 

 

From MS running PowerShell as admin

$MyPool = Get-SCOMResourcePool “UNIX/Linux Monitoring Resource Pool”
$SSHCredential = Get-SCXSSHCredential -UserName scom -ElevationType sudo
$WSCredential = Get-Credential scom

# Using MSAA account this fails

$DiscResult = Invoke-SCXDiscovery -Name “ubuntu.testlab.net” -ResourcePool $MyPool -WSManCredential $WSCredential -SSHCredential $SSHCredential

# Alternative Discovery for Network IP range
$DiscResult = Invoke-SCXDiscovery -IPRange 192.168.1.50,192.168.1.75  -ResourcePool $MyPool -WSManCredential $WSCredential -SSHCredential $SSHCredential

 

$DiscResult |fl -property *

 

$installResult = Install-SCXAgent -DiscoveryResult $DiscResult -Verbose
$installResult | fl -property *

 

 

Using MSAA account this fails

 

Using SCOM Agent Maintenance Account

 

Console verified

 

Resources
Old https://blogs.msdn.microsoft.com/scxplat/2009/12/11/cross-platform-powershell-scripts-released/
2012R2 (tested on my 2016 lab) https://operatingquadrant.com/2012/12/06/using-powershell-for-automated-unixlinux-agent-discovery/
PoSH cmdlet reference https://docs.microsoft.com/en-us/previous-versions/system-center/powershell/system-center-2012-r2/hh545212(v=sc.20)

 

 

 

 

MPViewer reloaded

The previous post covered the MPViewer 2012 version here

 

Jan Van Meirvenne spent the time to update the functionality even further

MPViewer “2012 Reloaded (release 1)” http://scug.be/jan/2016/06/06/mp-viewer-2012reloaded/

 

Use MPViewer reloaded will allow you to

  1. Open multiple management pack files (MP and MPB)
  2. See Modules to view underlying scripts (always wondering how a monitor got its state or property bag info)
  3. Load files from Management Group (typically this required command line or Silect MP Studio!)
  4. OpenWith file association (load MPViewer when clicking on files in explorer)

Using MP Viewer to unseal or export MP to XLS or HTML

Use MPViewer and open the management pack files (MP and MPB)

 

Updated 14 Dec 2018

 

Thanks to Daniele Muscetta for converting this so many years ago!

MPViewer tool originally at this blog https://blogs.msdn.microsoft.com/dmuscett/2012/02/19/boriss-opsmgr-tools-updated/

MPViewer v2.3.3 added to TechNet Gallery for download here

 

Jan Van Meirvenne spent the time to update the functionality even further

MPViewer “2012 Reloaded (release 1)” http://scug.be/jan/2016/06/06/mp-viewer-2012reloaded/

 

 

 

Load Management pack

GUI

In MPViewer,

Click on File, Load Management Pack

The 2012 Reloaded MPViewer allows you to open multiple management packs, or from a Management group

 

 

Go to your directory where you saved the UNIX SCOM 2016 UR2 management packs

If necessary, change the dropdown to mpb

 

 

Command line options

.\MPViewer.exe –help

Example syntax above

Remember to encapsulate your paths with quotes to be successful!

Opens MP and saves as HTML

.\MPViewer.exe “MP Path and file name” “Outputfilename.html”

Opens MP and saves as XLS

.\MPViewer.exe “MP Path and file name” “Outputfilename.xls”

 

 

Best practice is to keep same naming convention – makes it easier to track down the original MP

Example export MP to XLS

.\MPViewer.exe “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.mp” “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.xls”

Output

PS C:\Users\scomadmin\desktop> .\MPViewer.exe “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.mp” “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\Microsoft.SQLServer.2012.Monitoring.xls”

PS C:\Users\scomadmin\desktop> gci “S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012\*.xls”

Directory: S:\MonAdmin\scom\Management packs\sql\v7.0.7.0\2008-2012

Mode                LastWriteTime         Length Name
—-                ————-         —— —-
-a—-       12/13/2018   8:40 AM         527618 Microsoft.SQLServer.2012.Monitoring.xls

 

 

 

To unseal MP to view in Notepad++

 

Once MP is loaded

Click File

Click Unseal MP (my path defaults to desktop)

Open file in Notepad++ or XML Editor, or your favorite XML viewer of choice

 

 

 

To export a management pack to XLS

Once MP is loaded

Click File

Click Save to Excel (my path defaults to desktop)

 

Choose path

My personal preference is to append filename with XLS for visibility

 

Copy file to a machine with Excel installed

 

Open the XML file in Excel, and hide all tabs but the Monitor tabs, and rules tab

Turn on auto-filter, etc.

 

Sealing SCOM MP’s

 

Sealing MP’s

This is an updated version of Kevin Holman’s blog, and Jonathan Almquist’s blog for SCOM2012R2 and 2016

 

First why seal?

If you seal the MP – we will be able to use the classes/groups created for overrides in any other override MP.

Unsealed MP – any overrides you use for classes/groups will be forced into this same MP.

 

 

If you don’t have Visual Studio 2013 and above with VSAE, or have other requirements, you will need to download the SDK to get the SN.exe utility

 

Download SDK

Win2008 & R2 SDK No longer available for Download

Win2012 & R2 SDK Download

Win10 SDK Download https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk

Release blog https://blogs.windows.com/buildingapps/2017/05/11/windows-10-sdk-preview-build-16190-released/

NOTE Install path to go grab the sn.exe file

 

 

Install SDK

Copy file to the local machine

Open PowerShell window as administrator

cd $HOME/desktop

.\sdksetup.exe          # .\winsdksetup.exe for Server 2016/win10

 

 

Verify SN.exe is found after SDK install completes

Server 2008 – sn.exe located in C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\x64

Server 2012 – sn.exe located in C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools

Server 2016 and Win 10 – sn.exe located in C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools

 

 

 

Create the MPSeal folders

Repository where you want to keep the MPSeal.exe, SNK files, and related sealed packs for any MP sealed
C:\monadmin\MPSeal
C:\monadmin\MPSeal\unsealed
C:\monadmin\MPSeal\sealed # Reference sealed MP’s
C:\monadmin\MPSeal\key
C:\monadmin\MPSeal\output

PowerShell as Admin commands to create repository

new-item -itemtype directory -path c:\monadmin\
new-item -itemtype directory -path c:\monadmin\MPSeal
new-item -itemtype directory -path c:\monadmin\MPSeal\unsealed
new-item -itemtype directory -path c:\monadmin\MPSeal\sealed
new-item -itemtype directory -path c:\monadmin\MPSeal\key
new-item -itemtype directory -path c:\monadmin\MPSeal\output

 

 

Copy MPSeal utility from Support directory on SCOM ISO

On ISO, copy mpseal* from ISO SupportTools\AMD64 directory to c:\monadmin\MPSeal

 

 

 

Let’s get the Key file generated and start sealing MP’s!

 

Create SNK files
Note SN.exe only needs to be run once to create the SNK file
***Critical note – you need to keep a backup of this key… because it will be required for making updates to this MP in the future, re-sealing, and keeping the ability to upgrade the existing MP in production.

 

sn -k <yourDomainNameHere>.snk

Sample syntax from win2k8 server

Copy this SNK file to c:\monadmin\MPSeal\key

 

 

Copy Referenced MP’s
This is a good opportunity to add the MP’s referenced in the ISO, UR updates, and/or RTM folder when installing SCOM, Unix MP’s, etc.

Copy sealed MP’s to c:\monadmin\MPSeal\sealed

 

 

Seal MP

MPSeal.exe c:\monadmin\mpseal\unsealed\<mpNameHere>.xml /I “c:\monadmin\mpseal\sealed” /Keyfile “c:\monadmin\mpseal\key\PairKey.snk” /Company “CompanyName” /Outdir “c:\monadmin\mpseal\output”

 

 

References
How to Seal MP https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/hh457550(v=sc.12)

 

 

Clarification on Registry Key discoveries

 

Ran across this in my travels, difficulty getting a monitor to work properly

To clarify some of the registry MP fragments, make sure you follow the whole path

This post is to help with using the Monitor.RegistryValue.Exists.mpx fragment

 

 

Example – Verify Registry Key under TestService

 

This is an excerpt from the MP Fragment header

%%
Description:
    This fragment includes a Monitor which checks for the existence of a registry VALUE
 RegValuePath – needs to be in the format of “SOFTWARE\Microsoft\CCM\HttpPort” or “SYSTEM\CurrentControlSet\Services\CcmExec\Start” as HKLM is assumed
 RegValueName – needs to be the actual Reg VALUE name or your description of it (NO SPACES or special characters allowed) such as “HttpPort”
Version: 1.1
LastModified: 29-May-2017
%%

In the MP Fragment, you substitute the variables

<AttributeName>##RegValueName##</AttributeName>
<Path>##RegValuePath##</Path>

<AttributeName>ObjectName</AttributeName>
<Path>SYSTEM\SysInfo\AppName</Path>

 

Registry Key = HKLM\SYSTEM\CurrentControlSet\Services\HealthService\Test

Fragment variable (##RegValueName##) = SYSTEM\CurrentControlSet\Services\HealthService\Test

AttributeName or ##RegValueName## is simply whatever you want to call the attribute

Simply the name of the Registry value for my example is Test

Substitute ##RegValueName## for Test

 

If you’re testing in the lab, decrease frequency so you don’t have to wait as long

<Frequency>120</Frequency>

Remember to increase the frequency when you’re done

 

Upload MP (don’t forget to version your pack!)

 

Watch Health Explorer and test away adding or removing your key

 

Helpful testing tips to add a key to the registry and flip the health

reg add “HKLM\System\CurrentControlSet\Services\TestService” /v “Test” /t REG_SZ /d Test

reg delete “HKLM\System\CurrentControlSet\Services\TestService” /v “Test”

 

Use DWdataRP utility on SCOM2016

Extra, Extra, read all about it!   Updated 24 June 2022

The DWdataRP utility works on SCOM2016+ 

 

 

This tool has been around since SCOM 2007, and blogged about by Kevin Holman and the SCOM Engineering Team

DW Retention https://kevinholman.com/2010/01/05/understanding-and-modifying-data-warehouse-retention-and-grooming/

Kevin added these –

Here is a link to the original command line tool, DWDATARP:   https://kevinholman.com/files/dwdatarp.zip

Here is a tool which makes this even simpler:  https://www.scom2k7.com/scom-datawarehouse-grooming-settings-super-easy-with-new-gui-tool/

And the latest new tool which adds features and simplicity, which is what I recommend: https://blakedrumm.com/blog/scom-dw-grooming-tool/

 

DWDataRP https://techcommunity.microsoft.com/t5/System-Center-Blog/Data-Warehouse-Data-Retention-Policy-dwdatarp-exe/ba-p/340415?search-action-id=139683980150&search-result-uid=340415

 

 

Download the link at the second link, and save to your machine (x86 or x64)

 

Run the executable

dwdatarp.exe -s <DB Server Name> -D <DW Database Name>

 

Example dwdatarp.exe -s 16DB02 -D OperationsManagerDW

 

 

Set Data sets according to SLA

 

 

Ever need to shorten up your Lab DB, so you can export it, to leverage PowerBI dashboards?

 

Example Output

PS C:\Users\sqladmin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW
Dataset name Aggregation name Max Age Current Size, Kb
—————————— ——————– ——- ——————–
Alert data set Raw data 180 28,736 ( 0%)
Client Monitoring data set Raw data 30 0 ( 0%)
Client Monitoring data set Daily aggregations 400 136 ( 0%)
Configuration dataset Raw data 400 259,968 ( 3%)
DPM event dataset Raw data 400 0 ( 0%)
DPM.Backup.DataSet Raw data 400 0 ( 0%)
DPM.Backup.DataSet Hourly aggregations 3 0 ( 0%)
DPM.Backup.DataSet Daily aggregations 182 0 ( 0%)
DPM.DiskMgmt.DataSet Raw data 400 0 ( 0%)
DPM.DiskMgmt.DataSet Hourly aggregations 3 0 ( 0%)
DPM.DiskMgmt.DataSet Daily aggregations 182 0 ( 0%)
DPM.DiskUtilization.DataSet Raw data 400 0 ( 0%)
DPM.DiskUtilization.DataSet Hourly aggregations 3 0 ( 0%)
DPM.DiskUtilization.DataSet Daily aggregations 182 0 ( 0%)
DPM.Recovery.DataSet Raw data 400 0 ( 0%)
DPM.Recovery.DataSet Hourly aggregations 3 0 ( 0%)
DPM.Recovery.DataSet Daily aggregations 182 0 ( 0%)
DPM.SLATrend.DataSet Raw data 400 0 ( 0%)
DPM.SLATrend.DataSet Hourly aggregations 3 0 ( 0%)
DPM.SLATrend.DataSet Daily aggregations 182 0 ( 0%)
DPM.TapeUtilization.DataSet Raw data 400 0 ( 0%)
DPM.TapeUtilization.DataSet Hourly aggregations 3 0 ( 0%)
DPM.TapeUtilization.DataSet Daily aggregations 182 0 ( 0%)
Event data set Raw data 100 456,144 ( 5%)
Exchange 2013: Mailbox Database data warehouse dataset Raw data 30 0 ( 0%)
Exchange 2013: Mailbox statistics data warehouse dataset Raw data 30 0 ( 0%)
Exchange 2013: Mailbox statistics data warehouse dataset Daily aggregations 400 0 ( 0%)
Performance data set Raw data 10 216,096 ( 2%)
Performance data set Hourly aggregations 400 5,552,832 ( 61%)
Performance data set Daily aggregations 400 221,312 ( 2%)
Process Monitoring: Performance Metric State data warehouse dataset Raw data 10 0 ( 0%)
Process Monitoring: Performance Metric State data warehouse dataset Hourly aggregations 90 0 ( 0%)
Process Monitoring: Performance Metric State data warehouse dataset Daily aggregations 180 0 ( 0%)
Process Monitoring: Process Health State data warehouse dataset Raw data 10 0 ( 0%)
Process Monitoring: Process Network Ports data warehouse dataset Raw data 10 0 ( 0%)
State data set Raw data 180 6,080 ( 0%)
State data set Hourly aggregations 400 2,335,968 ( 25%)
State data set Daily aggregations 400 99,840 ( 1%)

 

Commands to run to clean up the warehouse…

.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds Performance -a Hourly -m 60
.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds Performance -a Hourly -m 60
.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds State -a Hourly -m 60
.\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds event -a raw -m 30

Example Output
PS C:\Users\admin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds Performan
ce -a Hourly -m 60
Max data age set to 60 on dataset “Performance data set” aggregation type “Hourly aggregations”
PS C:\Users\admin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds State -a
Hourly -m 60
Max data age set to 60 on dataset “State data set” aggregation type “Hourly aggregations”
PS C:\Users\admin\Documents\DWDataRP\amd64> .\dwdatarp.exe -s 16db02.testlab.net -d OperationsManagerDW -ds event -a
raw -m 30
Max data age set to 30 on dataset “Event data set” aggregation type “Raw data”

 

 

Don’t forget to execute cleanup

–This will manually run grooming for this dataset
DECLARE @DatasetId uniqueidentifier
SET @DatasetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘Alert’)
EXEC StandardDatasetGroom @DatasetId

–This will manually run grooming for this dataset
DECLARE @DatasetId uniqueidentifier
SET @DatasetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘Event’)
EXEC StandardDatasetGroom @DatasetId

–This will manually run grooming for this dataset
DECLARE @DataSetId uniqueidentifier
SET @DataSetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘Perf’)
EXEC StandardDatasetGroom @DataSetId

–This will manually run grooming for this dataset
DECLARE @DataSetId uniqueidentifier
SET @DataSetId = (SELECT DatasetId FROM StandardDataset WHERE SchemaName = ‘State’)
EXEC StandardDatasetGroom @DataSetId

Update MP’s for SCOM with VMM2012 R2

The fun starts here.

 

VMM is like more 3rd party management packs that require an app update, then push updates to SCOM.

 

The initial VMM MS configuration will upload the VMM UR packs to SCOM, but what do you do the next time you update VMM how do you upgrade SCOM to the latest UR?

 

Here’s a script to upgrade SCOM once VMM UR is updated on your VMM management server.

 

$UR=”UR11″

$VMMServer = “12VMM01”

 

# Set up your path, this example is monadmin\backup

$date = Get-Date -UFormat “%Y-%m-%d”

 

# Set up backup path

$backupPath = “C:\monadmin\backup”

$backupDrive = “C:”

 

####################################################################

# Functions

# Verify OperationsManager SnapIn Installed

 

Function VerifyOpsMgrSnapIn

{

If ( get-pssnapin -r | ? { $_.Description -contains “Operations Manager” } )

{

Write-host -f green “Operations Manager SnapIn already loaded!”

}

Else

{

add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”;

Write-host -f green “Operations Manager SnapIn loaded”

}

}

 

function BackupMP

{

if ( test-path -pathtype Container $backuppath )

{

new-item -itemtype directory -path $backupPath

write-host -f green “Created $backupPath ”

}

else

{

write-host -f green “Backup Path already created $backupPath ”

}

 

# Get VMM management pack versions before

$before = ( get-scommanagementpack -name “*VirtualMachineManager*” )

 

# Set up Backup Path

$backupDrive

cd $backupPath

new-item -itemtype directory -path $backupPath\$date

cd $backupPath\$date

new-item -itemtype directory -path $backupPath\$date\SCVMM_MP$UR

cd $backupPath\$date\SCVMM_MP$UR

 

# Copy SCVMM MP’s to SCOM MS

#

copy-item “\\$VMMServer\d$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\ManagementPacks\*” -destination $backupPath\$date\SCVMM_MP$UR

 

# Backup existing MP’s on SCOM MS

#

# Backup SCOM Management packs to C drive

$backupDrive

cd $backupPath

new-item -itemtype directory -path c:\monadmin\backup\$date\SCVMM_MP$UR_OLD

cd $date

Get-SCOMManagementPack -Name *VirtualMachine* | Export-SCOMManagementPack -Path “$backupPath\$date”

Write-Host -f green “MP’s backed up to $backupDrive\$backupPath\$date\SCVMM_MP$UR_OLD”

 

# Verify copy

if ( test-path -pathtype leaf $backupPath\$date\SCVMM_MP$UR\*.mp )

{

Write-Host -f green “MP’s copied”

}

else

{

Write-Host -f yellow “Specify proper path for MP’s copy”

}

}

 

 

 

Function ImportMPIntoSCOM

{

# Import VMM MP’s into SCOM

# https://docs.microsoft.com/en-us/previous-versions/system-center/powershell/system-center-2012-r2/hh920193(v=sc.20)

# http://www.systemcentercentral.com/bulk-import-operations-manager-2012-management-packs/

 

$mpdir = “$backupPath\$date\SCVMM_MP$UR”

$mpfiles = (Get-item -path $backupPath\$date\SCVMM_MP$UR\*).Name

$mpcnt = $mpfiles.Count

Write-Host “Script is requesting to import $mpcnt management packs.”

 

If ($mpcnt -gt 0)

{

Write-Host “$Instcnt management packs were added to installation queue, installing now”

foreach ($ManagementPack in $mpfiles)

{

Set-Location $mpdir

Import-SCOMManagementPack -Fullname $ManagementPack -ErrorAction SilentlyContinue

Write-host -f green “Imported $ManagementPack into SCOM”

}

}

}

 

 

 

 

 

VerifyOpsMgrSnapIn

BackupMP

#UpdateRegistry

ImportMPIntoSCOM

 

 

# Verify SCOM Management packs loaded

 

Write-host -f Green “Before Management pack versions”

 

$before.Version

 

Write-host

 

$after = ( get-scommanagementpack -name “*VirtualMachineManager*” )

$after.version

 

Write-host -f yellow “Is After greater than Before?”

Write-host

 

 

Have a lot of SCOM subscriptions?

You logged into SCOM because someone said they didn’t get a notification

Looked at subscriptions and it’s blank

 

Do you know if you backed up your subscriptions?

 

Hopefully, you read this and back up your management packs

Hope you read this blog, and it saved your life!

 

For those who love the Console UI

You can manually back up the MP

From the SCOM console

Click on the Administration Tab

Click on Management Packs (2012), or Installed Management Packs (2016)

Type ‘notification’ in the ‘Look for:’ bar

Hit Enter

Highlight the ‘Notifications Internal Library’ pack

Click on Export Management Pack

Name your path

Hit OK

 

For simple PowerShell

 

# Backup Management packs to C drive

# Set up your path, this example is monadmin\backup

$date = Get-Date -UFormat “%Y-%m-%d”

c:

cd monadmin\backup

new-item -itemtype directory -path c:\monadmin\backup\$date

cd $date

Get-SCOMManagementPack -Name *Notification* | Export-SCOMManagementPack -Path “C:\monadmin\backup\$date”

 

Optimize SQL for SCOM

Maybe I’m old school, but do you ever feel like optimizing SQL is like playing a video game?

Keep on shooting, hopefully you don’t hit your thrusters and drift and then die!

 

Does your SQL DBA Team (or did you):

NTFS Allocation Unit set to 64KB for the SQL Server drives

Dedicate memory for the OS (set SQL to use max memory)

Set autogrow to be greater than 1 MB?

MaxDOP (degrees of parallelism)

TempDB’s are on separate mounts (and match the number of cores)

Database and log files are on separate mounts

Backup SQL Server encryption keys

Disable XpCommandShell

 

Most of the documentation can be had from a single link

https://docs.microsoft.com/en-us/system-center/scom/plan-sqlserver-design?view=sc-om-1711

 

Disable XpCommandShell https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql