Tag: recovery

ADCS Addendum packs

ADCS 'gift' certificate - don't we all wish!
ADCS ‘gift’ certificate – don’t we all wish!

If only certificates were all gift certificates!  The ‘ADCS Addendum packs’ disables noisy rules, adds OCSP seed, OCSP responder and OCSP group (classes).  Recovery and service monitoring and nCipher event are the main highlights reducing alerts for ADCS 2012,2012R2,2016+.  My thanks to Bob Williams CSA, for the assist!

 

Quick Download(s)

2012  HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADCS2012QAddendum

2012R2 HTTPS://GITHUB.COM/THEKEVINJUSTIN/ADCS2012R2ADDENDUM/

2016+ https://github.com/theKevinJustin/ADCS2016-Addendum

 

Overview of addendum capabilities

Remember the why addendum packs for guiding purpose, transform!

The ADCS Addendum packs discover OCSP (seed class), and OCSP responder registry keys installed on monitored servers.

OCSP seed class
OCSP seed class

Group discovery tailors OCSP classes, for subscription or alert tuning.

OCSP server group can be used for subscription, or alert tuning (depending on class targets)
OCSP server group can be used for subscription, or alert tuning (depending on class targets)

Monitors and service recoveries keep OCSP services monitored, and only alert when manual intervention is required.

OCSP service, certsvc monitors and service recovery automations built in
OCSP service, certsvc monitors and service recovery automations built in

 

 

Tailoring the pack(s) to your environment

First, you must have at least ONE (1) set of ADCS Active Directory Certificate Services management packs so the ‘ADCS Addendum pack’ will load.  The three versions currently supported have addendums, hopefully 2012,2012R2 are planned to be decommissioned in the short term.

Second, if you don’t have OCSP in your environment, download, and then import into your environment –

ELSE

Update the ‘OCSP Responder’ server name(s) for the group regular expressions.

 

Update the ‘OCSP Responder’ server name(s) for the group regular expressions.

In your favorite XML editor (mine is Notepad++), open the addendum pack(s), and find/replace for the following strings:

CAServer##

CERTIFICATESERVERS##

 

Save pack

Import and enjoy!

 

Documentation

ADCS 2016+ version agnostic pack download

ADCS 2012/2012R2 management packs download

Lync 2013 Addendum Management Pack

Continuing the Addendum tradition 🙂 Lync couldn’t be forgotten.

 

To understand options and methods available on the Server and SCOM, re-read the Active Directory Addendum blog

 

 

Lync 2013

Now that we understand the methods available, let’s get to the Addendum.

 

 

The Addendum pack has 32 Recovery Tasks for Lync Service Monitors.

 

The recoveries cover the following services:

Access Edge, CMS Master, File Transfer Agent, Lync Backup Service, Push Notification Service, Replica Replicator Agent, Online Telephony Conferencing, Audio Video Conferencing, BI Data Collector, Conferencing Attendant, Conferencing Announcement, Application Sharing, Persistent Chat, Persistenc Chat Compliance, Centralized Logging Service Agent, Call Park, Web Conferencing, Web Conferencing Edge, IM Conferencing, Legal Intercept Service, Log Retention Service, Audio Video Edge, Mediation, Audio Video Authentication, Bandwidth Policy Service Authentication, Bandwidth Policy Service Core, Server Response Group, Front End Service, World Wide Web Publishing, XMPP Translating Gateway, XMPP Translating Gateway Proxy.

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download          https://gallery.technet.microsoft.com/Lync-2013-Addendum-2a92aa00

Skype for Business 2015 (SfB) Addendum Management Pack

 

 

Continuing the Addendum tradition 🙂 Skype was next on the list.

 

To understand options and methods available on the Server and SCOM, re-read the Active Directory Addendum blog

 

 

Skype for Business 2015 (SfB)

Now that we understand the methods available, let’s get to the Addendum.

This Skype Addendum MP adds Recovery Tasks to the Skype for Business 2015 Service Monitors.

The recovery tasks verify service state, start ‘not running’ services, and recalculate health.

36 services monitored, with 36 recovery tasks.

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download      https://gallery.technet.microsoft.com/Skype-for-Business-2015-b005f49f

 

Active Directory 2012-2016 Addendum Management Pack

A Post-it note is like an addendum, no?

 

 

As an Operations engineer, how many times do you get notified for a service restart?

 

Did you know about Service Recovery actions, or SCOM Recovery Tasks?

 

Why didn’t the SCOM Recovery tasks get added to many of the common Microsoft Applications?

 

 

Hopefully today, we can discuss some actions to help limit the amount of manual rework required to resolve service issues.

 

Let’s explain the basics

  1. Windows Servers have a Recovery tab in the Services.msc menu.
  2. Does your monitoring tool allow for recovery actions?

 

 

To implement recovery actions, here’s an example of the Services Recovery Tab

Here’s an example of the SCOM agent service

          NOTE 3 failures spaced 1 minute apart to restart the service

 

 

Let’s take it one step further, and add a restart to the service from another tool (insert your monitoring tool here).

 

In SCOM, taking an action after identifying the problem can be handled different ways

  • Services are related to Health, which are typically found as monitors, and to apply restart automation falls into Recovery Tasks.

 

  • In Monitors as a ‘Recovery Task’, or in Rules as a response

  • Rule Response

 

 

 

 

Active Directory Domain Services (AD DS)

Now that we understand the methods available, let’s get to the Addendum.

The Active Directory Domain Services Addendum MP will add Recovery tasks to AD DS Service Monitors.

NOTE: This is for the newer v10.0.x.y management packs that support AD DS 2012-2016

 

Specifically, the Pack has 12 Recovery tasks for DFS, NTDS, DFSR, IsmServ, KDC, NetLogon, NTFRS, W32Time, Group Policy, DNS Client, ADWS, and DNS.

 

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download      https://gallery.technet.microsoft.com/SCOM-AD-Directory-Addendum-22d0473a