Tag: Log Analytics

MMA Agent, cross platform, and Azure

Things that make you go hmmm….

 

 

Ran across a scenario where we were trying to connect Azure Cross-platform (Linux) VM’s and MMA/SCOM agents to SCOM management group.

 

Management group was 2012R2, discovery wizard from SCOM console, failed to install agent, certificate errors.

 

Researching, found this article first

Windows Azure VM monitoring blog

There’s a version history for the Azure Monitor VM extension here

Applies:

SCOM2012R2 after UR12 or SCOM 2016 UR2+ deprecated the SHA1 certificate

 

Deprecating SHA1 certificates
Tech Community blog

 

Product team nicely published a TechNet gallery script to help!

Gallery download – Script to update SHA1 certificates to SHA256 on cross-platform agents – SCOM

TechNet Gallery Download
https://gallery.technet.microsoft.com/scriptcenter/Script-to-update-SHA1-8a30c5ef

 

 

Service Map SCOM pack errors and events

Running Service Map SCOM management pack and getting errors?

 

 

 

Gotta love holidays

Good family time

Not at work if we’re lucky.

When you come back, do you have to go investigate some new/weird errors?

 

 

This was one of those holidays for me 🙂

 

 

 

Figured I’d document SCOM errors, indicate what Event Sources, event ID ranges that aid troubleshooting.

 

Event Source = MS ServiceMap OMS

Event ID range = 46649-46652

 

Long story short, the root cause for my case, my azure workspace was disabled (fun part with a lab is trying to see how much you can do before it disables!)

 

Digging in my inbox, found this over the weekend

Email subject: Your services were disabled because you reached your spending limit

 

 

SCOM Alerts seen:

 

Service Map Unknown Exception

 

SCOM Console alert example

 

Cause:    May point to Network Connectivity, proxy, or subscription disabled

REST request failed, so did name resolution (may indicate DNS issues)

 

Rule details

Operations Manager Event Log

Event Source = MS ServiceMap OMS

Event ID 46651

 

Operations Manager Event log

 

 

 

No Machines Alert

Rule Name = Microsoft System Center ServiceMap No Machines Alert

Event Source = MS ServiceMap OMS

Event ID = 46652

Event ID also seen is 46649 – Error in getting machine details

 

SCOM Console alert

 

 

 

 

Event ID 46649

 

 

 

 

 

Set up Azure Service Principal

 

Azure Service principal is like a Mech ID that does work for you behind the scenes

Stack Overflow states it plainly

An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources.
Docs site defines it as a Security identity object
We will need the AAD Tenant ID, Application ID (service principal, and Password (key)

AAD Tenant ID

 

For Service Map, the Tenant ID is the Azure Active Directory, Directory ID

 

From Azure Portal

Select Azure Active Directory > Properties > Directory ID in the Azure portal

See Docs site link

Save this to notepad, somewhere for safe keeping – password safe

Tenant ID

This is where you setup the Service Principal for an application
Azure Active Directory is NOT required
From Azure Portal
Click on Azure Active Directory
Click on Properties
Copy the Directory ID
From OMS
Click on Overview, Settings
Click on Accounts, Manage Users
Copy the Tenant ID
Once you have the Directory ID copied to notepad, you need to set up an App registration

App Registration ID

From Azure Portal
Click Azure Active Directory
Click App Registrations
Click + New application registration
Create name and URL
My example is ‘ServiceMap-App’ with my domain
Click Create
 
Click Settings
Click Keys
Recommend setting 2 keys, and save to notepad, and somewhere secure
I did 1 year and 2 year keys
Enter name for Description, Duration box, and click Save
Value will be displayed
Copy the value

PLEASE!!!!

Don’t exit without grabbing the keys!  You will have to delete the App-Registration and start over
After creation, copy the values from Notepad for Tenant ID, Application ID, and keys

 

Service Map for SCOM

 

Ever compare your work to an amusement park?

Every business application compares to a ride, roller coaster, or even a kiddie ride.

Anyone ever ask you directions to that ride, or more technical based questions like ‘what’ communication makes up that business application?

 

 

In comes Service Map to save the day!

 

 

Last year I blogged about setting up Service Map with OMS/Log Analytics, but I didn’t get the feature installed for SCOM.

December blog on how to set up OMS/Log Analytics

 

It’s basically the SCOM Agent (MMA) and a Dependency Agent (think old Blue Stripe agent)

 

Excited to see the new Service Map to hit public preview, hoping by September

 

 

Check out the blog series

Planning and PreReqs blog
Install and configure MMA agent blog
Dependency agent blog

Set up Azure Service Principal blog
Set up SCOM Management Group blog

 

 

Installing and configuring the MMA agent

 

Maybe the MMA agent is like Venom?
Proof I’ve watched too many a Marvel movie…

 

An existential moment perhaps, but the MMA agent can be a bunch of strings stuck from one place to another, monitoring whatever its told to do.

 

 

 

If you are running SCOM2016 or above, the MMA agent is built-in with Log Analytics, just configure your workspace

 

 

 

 

Download and Install MMA agent

SCOM 2012R2 agent does not have MMA, so download MMA agent from Log Analytics workspace

Azure Portal > Log Analytics > Subscription > Advanced Settings

Click on Windows Servers from Connected Sources to download Windows Agent

Click on Linux Servers from Connected Sources to download Linux Agent

 

 

From the Azure Portal (https://ms.portal.azure.com)

Click on Log Analytics, <your subscription >

Click on Advanced Settings

My view defaulted to Connected Sources > Windows Servers

 

Save the workspace ID and workspace key to notepad/OneNote for later

 

 

 

< Assuming the MMA agent is installed with Log Analytics capability >

 

 

Update MMA Agent with Workspace ID and Key

From MMA agent, update the OMS Workspace with the GUID copied to notepad

 

Click on Start > Control Panel, System and Security > Microsoft Monitoring Agent

Click on Azure Log Analytics (OMS) tab on MMA agent

Click Add

 

Add Workspace ID and Key to agent

Click OK

Click OK again on MMA properties

 

Look for the healthy green checkbox’d circle

 

Troubleshooting Errors in the Operations Manager Event Logs

Blog posts – Verify, 55002

 

 

 

 

 

 

 

 

Azure Log Analytics Service Map Planning and Pre-reqs

My grandfather said two things:

An ounce of prevention is worth a pound of manure

Death and taxes are part of life

 

Planning out a deployment is a good thing.

My best friend would say “No one plans to fail, they just fail to plan”

 

 

This will be a multi-part blog – breaking out the high level steps, and my experience getting the solution set up.

 

What do we need for Service Map?

  • Azure connectivity
    • Setup Log Analytics workspace on MMA/SCOM agent article
    • Troubleshooting onboarding issues KB,
      • Check for Events in Operations Manager event logs blog
  • Computers in scope for visualization
    • What computers (Windows or Linux)
    • Pricing FAQ
  • Dependency agent installed on computers
  • Azure Service Principal
    • (think of it as an SSH shared key ID/password for Azure Apps to communicate)
    • Docs article

 

High level steps

  1. Overview blog
  2. Install the MMA agent blog
  3. Install the dependency agent blog
  4. Configure Azure Service Principal blog
  5. Configure Service Map on SCOM blog

 

OMS Heartbeat failures and creating alerts

 

Feel like you have a ton of data, but lack insights?

 

 

Would like to thank the Product team to clarify how to do this with Kusto (new OMS Query language)

 

If you use OMS and need to verify the most recent data collection

Heartbeat | summarize max(TimeGenerated)

If you want to check a specific machine you can run this one:  

Heartbeat | where Computer==”contosovm” | summarize max(TimeGenerated)

If you want to build an alert based on it you can write something like:

Heartbeat | where Computer==”contosovm” | summarize m=max(TimeGenerated) | where m < ago(15m)

The last query will return result only if you have heartbeat missing for more than 15 minutes.

 

If you need additional information on OMS query syntax, check out Antoni’s blog

https://blogs.technet.microsoft.com/antoni/2018/02/03/operations-management-suite-101-log-analytics-queries-101/

 

Kusto site http://kusto/

Nutanix Monitoring on SCOM or OMS

Comtrade has been around quite some time now delivering custom management packs, in my experience for everything Citrix, F5 now, and Nutanix for SCOM and OMS.

Their profile is accurate in my opinion “The SCOM Extension Specialists”

Comtrade’s Channel Profile states “we natively integrate with System Center Operations Manager, providing a comprehensive monitoring of network (F5) and hyperconverged infrastructure (Nutanix) with insight into Citrix and Microsoft applications.”

Note: These MP’s are not free.  Contact for a trial key and download.

 

If you use Nutanix hosts, this will provide insights on configuration, logs, resource performance, and overloaded clusters/hosts

SCOM MP dashboards don’t look that much different, but provide easy insight into your virtual environment

 

How the solution works

OMS specifically

 

 

OMS Dashboard

 

 

Log Analytics

 

 

OMS Hardware Dashboard

 

 

Cluster Performance

 

 

Host Summary

 

 

 

Additional information

Nutanix Monitoring on OMS by Comtrade https://www.comtradesoftware.com/nutanix-monitoring/comtrade-oms-solution/

Nutanix OMS Solution https://blogs.technet.microsoft.com/msoms/2017/05/16/announcing-the-general-availability-of-oms-solutions-for-nutanix-by-comtrade-software/

Webinar https://www.brighttalk.com/webcast/14061/227057

Datasheet https://www.comtradesoftware.com/wp-content/uploads/2017/03/Comtrade-Software-OMS-Nutanix-Datasheet.pdf

SCOM MP information https://www.comtradesoftware.com/nutanix-monitoring/scom-management-pack/

 

 

How to be heard (provide feedback on Microsoft products)

Ever feel like everyone’s not listening?

UserVoice
Do you want to be heard?

Are you willing to share ideas and feedback about OMS and the various products?
Good, Microsoft development has that covered.

 

I recommend this to ALL of my customers
Please sign-in, vote on ideas and feedback.

Please put your comment, suggestion, feature out to the community!

 

Example – Custom Security events filtering is your number one priority

Vote for this request https://feedback.azure.com/forums/267889-log-analytics/suggestions/17010730-allow-custom-flexible-security-events-filtering

ADFS auditing https://feedback.azure.com/forums/267889-log-analytics/suggestions/17268227-adfs-auditing

 

 

Additional information
UserVoice websites (please verify the links http://www.windowsobserver.com/2014/08/18/microsoft-and-uservoice-feedback-portals/ )

OMS Log Analytics https://feedback.azure.com/forums/267889-log-analytics/

SCOM UserVoice https://systemcenterom.uservoice.com/

Getting Started with OMS – Operations Manager Suite

How do you make sure the business you’re in is productive and making widgets?

 

What does OMS do?

Acronym:  OMS – Operations Manager Suite

IMHO

Answer:  Pretty much anything you can imagine to help provide a single pane of glass into what is happening in your IT environment.

Do you use System Center?

You can tailor OMS to any solution in the Solutions gallery, and you can even request solutions and functionality in the UserVoice website.

 

Ready to dig into OMS, even if you’re not cloud based?

 

OMS has four basic services

 

Learn more about the OMS solutions

Verify OMS managed Computers link

Capacity and Performance (HyperV) link

Service Map link

How to be heard link

 

 

Additional information

OMS Overview Azure Monitor overview

Channel 9 videos https://channel9.msdn.com/Shows/OMS-TECH-Fridays
OMS Blog https://blogs.technet.microsoft.com/msoms/