Tag: MOMAgent.msi

Configure SCOM agent from PowerShell

Configure SCOM agent from PowerShell
Configure SCOM agent from PowerShell

 

Ever have a need to configure a SCOM agent outside the SCOM Console GUI using SCOM.Management pack?   Tyson’s ‘SCOM Helper PowerShell module’ on monitoringguys.com may assist if you can update PowerShell and SnapIn’s.  If Tyson’s solution may not be an applicable solution in a locked down environment, the blog is a PowerShell script to manage agent configuration.

 

A shout out to Aris for his watchful eye testing and playing with this!

 

Configure SCOM agent from PowerShell

GitHub Download  https://github.com/theKevinJustin/SCOMAgentInstallApplication/

First, let’s begin the conversation.  Leverage the PowerShell script to configure SCOM/MOM agent per domain(s).  Whether DMZ forest(s), or multiple forests with SCOM gateways, the script will enable configuration management.  Alternatively, add script as a compliance check to the Configuration Management tool, or as a post install step to configure SCOM Agent (MomAgent.MSI) via application or package.  Third, utilize the PowerShell script where agent upgrade is a pre-req to resolve ‘a really old SCOM agent version’.   Lastly, the script also tests network connectivity, and verifies if configuration is requested/loaded.

 

It all starts with this object from the command:

$SCOMAgent = New-Object -ComObject AgentConfigManager.MgmtSvcCfg

 

Use the PowerShell script to:

Clean up extraneous management groups

Determine domain

Check network connectivity via test-netconnection

Reset healthservice to expedite agent configuration

 

 

Background

Because Kevin Holman blogged this almost 10 years ago in VB, and I’m pretty rusty in VB these days.  Check out Kevin’s blog titled ‘Using the agent scripting objects on a SCOM 2012 agent‘.

 

Documentation

Download https://github.com/theKevinJustin/SCOMAgentInstallApplication/

Kevin Holman’s blog for VB commands

Using the agent scripting objects on a SCOM 2012 agent

The agent configuration objects in MSDN http://msdn.microsoft.com/en-us/library/hh328967.aspx

 

Install SCOM agent MSI via command line

MECM application for SCOM agent MSI
MECM application for SCOM agent MSI
Shout out to AT and Aris for his help with this!

 

Install SCOM agent MSI via command line and roll into a ‘SCOM agent’ MECM application package.

Why an application/package?  Many times, servers are built, and the IT Enterprise doesn’t find out device is NOT monitored until it’s involved in an outage.  Proceed to add to your Configuration management tool will provide a consistent configuration to avoid the ‘NOT monitored’ configuration.

 

While there are a few options to build out a MCM/MEM/MECM/SCCM application/package to install the SCOM agent on managed windows machines.  In August, I posted Neal’s updates to install/configure the SCOM agent.  Neal’s scenario works great for a new environment, and it’s simple PowerShell.  Also, if Neal’s scenario with PowerShell is NOT your preference, try the batch file below.  Another key point, the script has logic for multiple forests and SCOM gateways (to connect said forests).  Basically test the command line script, then roll into a MCM/MEM/MECM/SCCM application/package.  Have the SCOM agent added to task sequence which consequently includes the SCOM agent in the default build.

 

 

Install SCOM agent command line script

First – NOTE each line has no hidden line feed/carriage returns

Second – go through the variables before testing

Variables to review/replace:

##SCOMManagementGroup##      # SCOM Management group, seen in SCOM console on top left corner

SCOMManagementServer##     # SCOM management Server in primary domain
##SCOMManagementServerGW##     # SCOM first gateway
##SCOMManagementServerGW2##     # Second gateway
##Domain## as forest FQDN
##Domain2## as forest FQDN

Determine domain –

‘systeminfo | findstr /i /c:”domain” | findstr /i /c:”##Domain##”

Example Lab output

C:\> systeminfo | findstr /i /c:”domain” | findstr /i /c:”testlab”
Domain:      testlab.net

 

Third – Find/Replace ##hashtagged## variables and test away!

@echo off

cls

REM This script command line is for NEW installs of the agent (nothing prior)
REM Replace ##SCOMManagementGroup## SCOM Management group, seen in SCOM console on top left corner

ECHO Installing SCOM 2019 Windows Agent…

echo Determining domain….

REM Determine if machine is in DMZ….

systeminfo | findstr /i /c:”domain” | findstr /i /c:”DMZ” && (

echo Machine found to be in DMZ…installing for that enclave and management server: ##Domain2##”

echo.

%WinDir%\System32\msiexec.exe /i %~DP0MOMAgent.msi /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 MANAGEMENT_GROUP=##SCOMManagementGroup## MANAGEMENT_SERVER_DNS=##SCOMManagementServerGW## SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1

echo.

GOTO Logging)

REM Determine if machine is on domain….

systeminfo | findstr /i /c:”domain” | findstr /i /c:”##Domain##” && (

echo Machine found to be in ##Domain##…installing for that enclave and management server: ##Domain##

echo.

%WinDir%\System32\msiexec.exe /i %~DP0MOMAgent.msi /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 MANAGEMENT_GROUP=##SCOMManagementGroup##  MANAGEMENT_SERVER_DNS=##SCOMManagementServer## SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1

echo.

GOTO Logging)

REM Neither DMZ or domain joined found above…look for alternate domain(s)

REM These all share this same management server: FOREST2.FQDN and Gateway server

%WinDir%\System32\msiexec.exe /i %~DP0MOMAgent.msi /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 MANAGEMENT_GROUP=##SCOMManagementGroup## MANAGEMENT_SERVER_DNS=##SCOMManagementServerGW2## SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1

:Logging

ECHO Installing SCOM 2019 Windows Agent Completed…>> C:\Windows\Logs\SCOM2019Agent.log

time /t >> C:\Windows\Logs\SCOM2019Agent.log

date /t >> C:\Windows\Logs\SCOM2019Agent.log

 

Lastly enjoy!   In summary, I hope the ‘Install SCOM agent MSI via  command line’ script helps get the agent deployed faster, and more consistent!

SCOM agent application

Stop using the SCOM console to push agents. Move this to Endpoint Manager as application/package and task sequence to install and configure on every server built.
Stop using the SCOM console to push agents. Move this to Endpoint Manager as application/package and task sequence to install and configure on every server built.

Shout out to Neal Smith, for his help simplifying the ‘SCOM agent application’ install per ConfigMgr/MECM best practice!  Stop using the SCOM console to push agents.  Move this to Endpoint Manager as application/package and task sequence to install and configure on every server built. Need a MECM package (Application) for the SCOM agent.  Leverage a best practice, be more secure, include in task sequence, and automate manual install.

 

Easy button wrapper

Why?  Helpdesk and server admin teams don’t have access to Tier0 devices.  After no access, the Manual process (instruction steps get missed), then server is not monitored, becoming an outage resolution task/follow-up.

 

Use the below thread = ‘easy button’ to package SCOM agent when MECM administrator has availability to add SCOM agent to SCCM task sequence.

 

MECM/SCCM Application/package script :

Using Powershell.exe:
###############Startscript
“SCOM Super Installer”
start-transcript -path “c:\windows\ccm\logs\SCOMSUPERINSTALLER.log”

##ONLY THIS SECTION NEEDS TO BE EDITED, replace different domain FQDNS and the gateway/management server(s), management groups

# Leverage find/replace for the ##something## variables

# Provide SCOM Gateway or SCOM management server MS for $SCOMGATEWAYFQDN variable.

# Include SCOM Mgmt Group Name for ##SCOMMGMTGroupName##

Switch ($domain) {
“##DomainFQDN1##” {$SCOMManagementGroup=”##SCOMMGMTGroupName##”;$SCOMGATEWAYFQDN=”##SCOMServerName##”}
“##DomainFQDN2##” {$SCOMManagementGroup=”##SCOMMGMTGroupName##”;$SCOMGATEWAYFQDN=”##SCOMServerName##”}
}
########ONLY THIS SECTION NEEDS TO BE EDITED

“Install”
$commonArgs=”.\MOMAgent.msi /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1 MANAGEMENT_SERVER_DNS=$SCOMGATEWAYFQDN MANAGEMENT_GROUP=$SCOMManagementGroup”

start-process MSIEXEC.exe -ArgumentList $commonArgs -wait -nonewwindow
stop-transcript
###############Endscript

 

Lastly, after SCOM agent added to Endpoint Manager, monitoring new servers should be a no-brainer.  One less manual step having ‘SCOM agent application’ as part of the task sequence.

Enjoy!

 

Documentation

SCOM2022 install agent manually, 2019 here