Tag: scom 1801

Configure MMA agent via PowerShell

A car mechanic uses battery jumper cables to charge a dead battery.

 

Do you feel like a mechanic having to jump start the agent configuration like a dead car battery?   Assuming the Agent is already installed, you can configure the SCOM agent via PowerShell.  Even better when you can PowerShell remote to multiple systems.  I hope the PowerShell commands below help you master PowerShell to configure the SCOM side of the MMA agent (house).

 

powershell

/*
# Find/replace variables to your environment like Kevin Holman’s fragments!
##SCOMMGMTGROUP1##
##SCOMMGMTGROUP2##
##SCOMMGMTSERVER1##
##SCOMMGMTSERVER2##
#
*/

$SCOMAgent = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP1##”);$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP2##”)

# If mgmt groups are incorrectly set
$SCOMAgent.RemoveManagementGroup(“##SCOMMGMTGROUP1##”)
$SCOMAgent.RemoveManagementGroup(“##SCOMMGMTGROUP2##”)

restart-service healthservice

# Domain
$SCOMAgent.AddManagementGroup(“##SCOMMGMTGROUP1##”,”##SCOMMGMTSERVER1##”,5723)

# Verify agent config
$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP1##”)
# If you have a second management group

$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP2##”)

# Restart and test connectivity
restart-service healthservice

# Check connectivity
test-netconnection -port 5723 -computername ##SCOMMGMTSERVER1##

 

 

Installing and configuring the MMA agent via Command line

Command prompt

 

GUI install option, see blog

PowerShell Agent configuration, see blog

Updated 1 Feb 2023

Pre-reqs to build out an install script/package

MMA agent executable

ALA Workspace ID

ALA Workspace Primary Key

 

 

Download MMA agent

Click on Windows Servers from Connected Sources to download Windows Agent

Click on Linux Servers from Connected Sources to download Linux Agent

 

 

 

 

Obtain WorkspaceID

From the Azure Portal (https://portal.azure.com)

Click on Log Analytics, <your subscription >

Click on Advanced Settings

My view defaulted to Connected Sources > Windows Servers

 

Save the workspace ID and workspace key to notepad/OneNote for later

 

 

 

 

 

Build out command line for setup file

(optionally to include in Application Deployment package)

 

Grab pre-reqs above: (saved from above to build the command line)

Exe/msi file

Workspace ID

Workspace key

 

Craft out your command line (MECM super installer code updated by Neal Smith

SCOM MECM Agent Package Installer Command Line

The setup.exe or MSI command line parameters to pass are:

MMA-specific optionsNotes
NOAPM=1Optional parameter. Installs the agent without .NET Application Performance Monitoring.
ADD_OPINSIGHTS_WORKSPACE1 = Configure the agent to report to a workspace
OPINSIGHTS_WORKSPACE_IDWorkspace Id (guid) for the workspace to add
OPINSIGHTS_WORKSPACE_KEYWorkspace key used to initially authenticate with the workspace
OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPESpecify the cloud environment where the workspace is located

0 = Azure commercial cloud (default)

1 = Azure Government

OPINSIGHTS_PROXY_URLURI for the proxy to use
OPINSIGHTS_PROXY_USERNAMEUsername to access an authenticated proxy
OPINSIGHTS_PROXY_PASSWORDPassword to access an authenticated proxy

Example:

setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=<your workspace id> OPINSIGHTS_WORKSPACE_KEY=<your workspace key> AcceptEndUserLicenseAgreement=1

 

 

 

Other helpful links

Docs site https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-collect-windows-computer

Daniel Orneling Blog https://blog.orneling.se/2017/01/installing-oms-agent-with-powershell/

TechNet gallery https://gallery.technet.microsoft.com/scriptcenter/Install-OMS-Agent-with-2c9c99ab

Installing and configuring the MMA agent

 

Maybe the MMA agent is like Venom?
Proof I’ve watched too many a Marvel movie…

 

An existential moment perhaps, but the MMA agent can be a bunch of strings stuck from one place to another, monitoring whatever its told to do.

 

 

 

If you are running SCOM2016 or above, the MMA agent is built-in with Log Analytics, just configure your workspace

 

 

 

 

Download and Install MMA agent

SCOM 2012R2 agent does not have MMA, so download MMA agent from Log Analytics workspace

Azure Portal > Log Analytics > Subscription > Advanced Settings

Click on Windows Servers from Connected Sources to download Windows Agent

Click on Linux Servers from Connected Sources to download Linux Agent

 

 

From the Azure Portal (https://ms.portal.azure.com)

Click on Log Analytics, <your subscription >

Click on Advanced Settings

My view defaulted to Connected Sources > Windows Servers

 

Save the workspace ID and workspace key to notepad/OneNote for later

 

 

 

< Assuming the MMA agent is installed with Log Analytics capability >

 

 

Update MMA Agent with Workspace ID and Key

From MMA agent, update the OMS Workspace with the GUID copied to notepad

 

Click on Start > Control Panel, System and Security > Microsoft Monitoring Agent

Click on Azure Log Analytics (OMS) tab on MMA agent

Click Add

 

Add Workspace ID and Key to agent

Click OK

Click OK again on MMA properties

 

Look for the healthy green checkbox’d circle

 

Troubleshooting Errors in the Operations Manager Event Logs

Blog posts – Verify, 55002

 

 

 

 

 

 

 

 

Azure Log Analytics Service Map Planning and Pre-reqs

My grandfather said two things:

An ounce of prevention is worth a pound of manure

Death and taxes are part of life

 

Planning out a deployment is a good thing.

My best friend would say “No one plans to fail, they just fail to plan”

 

 

This will be a multi-part blog – breaking out the high level steps, and my experience getting the solution set up.

 

What do we need for Service Map?

  • Azure connectivity
    • Setup Log Analytics workspace on MMA/SCOM agent article
    • Troubleshooting onboarding issues KB,
      • Check for Events in Operations Manager event logs blog
  • Computers in scope for visualization
    • What computers (Windows or Linux)
    • Pricing FAQ
  • Dependency agent installed on computers
  • Azure Service Principal
    • (think of it as an SSH shared key ID/password for Azure Apps to communicate)
    • Docs article

 

High level steps

  1. Overview blog
  2. Install the MMA agent blog
  3. Install the dependency agent blog
  4. Configure Azure Service Principal blog
  5. Configure Service Map on SCOM blog

 

Active Directory 2012-2016 Addendum packs updated

Man time flies!

 

Thought I’d share some new functionality for AD DS (Active Directory Domain Services)

 

Ran across some customer errors with AD Event ID 1084, which exists in the old 8321 pack, but not in the v10.x pack.

Well, if you get these errors, your DC isn’t replicating, and most likely will need to be rebuilt.

 

Gallery download

 

Broke out the packs to separate the Recovery Tasks in their own pack, versus added functionality in the addendum.

Figured better to send packs NOT sealed, so that meant 2 packs,

WYSIWYG (wizzy-wig acronym)

 

What this means

v1.0.0.1 pack had just the AD DS Service Recovery Tasks

v1.0.0.2 pack has a Service Recovery Tasks pack, and the Addendum pack

What I think is cool is that the Addendum pack contains 2 rules, simple rule event (enabled by default), and also a PowerShell rule.

 

Rule Figured out how to simply look for criteria, count it, and alert on it.

We always look for alert suppression, some of the sliding/counting monitors are too much.

 

Starting with Holman’s alerting rule fragment, we can create more powerful combinations than just a single symptom.

Using Variations of the get-date command, we can actually specify how far back to look, to count for alerts.

Easier method to count events, to figure out an alert threshold.

 

From the rule in the Addendum pack

# Check blog for more detail https://blogs.technet.microsoft.com/heyscriptingguy/2015/01/21/adding-and-subtracting-dates-with-powershell/
# If you want this in other time increments – AddHours, AddSeconds, AddMilliseconds
#
$LastCheck = (Get-Date).AddMinutes(-65)

[int]$TempCount = (get-eventlog -logName “Directory Service” -Source “NTDS Replication” -InstanceID 1084 -Message “*8451 The replication operation encountered a database error*” -After $LastCheck).Count

IF ($TempCount -ge 1)
{
$Result = “BAD”
$Message = “The number of 1084 Replication Database error events was greater than 1”
}
ELSE
{
$Result = “GOOD”
}

 

Maybe we need multiple event ID’s, or search multiple event logs… you decide, and let me know.

 

SCOM 1801 New Features (previously 1711 Technical Preview)

 

What does the new SCOM bring?!

 

HTML5 Web Dashboards! here

What’s New https://docs.microsoft.com/en-us/system-center/scom/what-is-new-1801?view=sc-om-1801

The SCOM Team published a 5 set blog post on Web Console https://blogs.technet.microsoft.com/momteam/2018/02/12/new-scom-web-console-blog-series-post1/

 

The new SCOM version also gives visibility into

Management Packs Updates and Recommendations

Operations Manager Products (view SCOM topology)

Partner Solutions

 

For now I’ll focus on the last two

 

Operations Manager Products

Click on Administration Tab

Expand Operations Manager Products

Topology features are pretty neat.

Whether you’re new to SCOM, or have interesting Server naming conventions, or someone built the environment and changed jobs or left the company…

At least you can easily find out how the SCOM environment is setup

 

Partner Solutions

Cool!

Silect MP Author, Comtrade, Nutanix, Veeam, Infront, ClearPointe, Backbone

Windows Server Dashboards

These are some cool Dashboards brought to the community by Satya Vel a few years ago.

 

This was brought to my attention for Dashboard functionality from SCOM 2012R2 to provide visibility for Windows Computer Health state

After a history lesson, I had to find the source!

256 cores increased the limit in Windows Server 2008R2

Prior it was 64 cores (look how far we’ve come!)

 

The Processor perfmon object is potentially limited since.  The Windows Team built the ‘Processor Information’ counter to handle above 64 cores (256 as of the below article)

 

Windows 2008 R2 Performance Monitor – Processor Information Counters have replaced Processor Counters

 

 

 

Beyond the history lesson, let’s get to the dashboards!

Why do you ask?     The Windows Server MP’s as far back as I have (MP version 7230) use ‘Processor Information’ instead of ‘Processor’

 

Flash forward to the Momteam blog in 2012

Blog https://blogs.technet.microsoft.com/momteam/2012/06/12/free-windows-server-2008-dashboards-for-opsmgr-2012-and-tool-to-help-create-your-own-customized-dashboards/

 

 

Windows Server Summary Dashboard

 

 

Task Pane Dashboard

 

From the Monitoring Tab

Click on the Windows Computer view

Highlight the computer you want to see performance information on

Click the ‘Windows Server Task Pane Dashboard’ in Tasks pane

 

What happened to CPU!

 

 

Using with SCOM 2012R2, 2016, and even TP1801 the Dashboard happened to work on my DC’s.  Processor is gathered from the AD Directory Services management packs.

 

With some help, the Task Pane Dashboard was corrected to target Processor Information versus Processor

 

 

If you use the console to troubleshoot issues, it’s simple to do.

Save the packs from the Gallery, and import the two MP’s

Go use the dashboards!

 

Gallery https://gallery.technet.microsoft.com/Updated-Windows-Server-ff45737d

 

OpsMgr 1801 All in One – Quick Start Deployment Guide

Maybe you want to play with the new SCOM version like me?

 

Following Kevin Holman’s Quick Start Deployment Guide for SCOM 2016, build out an All in One

 

High Level Deployment Process:

1.  In AD,  note the ID’s and groups used for Operations Manager for the technical preview

2.  Install Windows Server 2016 to all server role servers

3.  Install Prerequisites and SQL 2016.

4.  Install the Management Server and Database Components

5.  Deploy Agents

6.  Import Management packs

7.  Set up security (roles and run-as accounts)

 

 

Prerequisites:

1.  Install Windows Server 2016 on Server

2.  Join server to domain.

3.  Install the Report Viewer controls.  Install them from https://www.microsoft.com/en-us/download/details.aspx?id=45496

          NOTE If SQL is installed on the MS (remember All in One server) 

          “Microsoft System CLR Types for SQL Server 2014” (ENU\x64\SQLSysClrTypes.msi) is not needed. 

SQL SysClrTypes available here:   https://www.microsoft.com/en-us/download/details.aspx?id=42295

4.  Install all available Windows Updates.

5.  Add the “OMAdmins” domain global group to the Local Administrators group on each server.

6. Install IIS on any management server that will also host a web console:

Open PowerShell (as an administrator) and run the following:

Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –Restart

Note:  The server needs to be restarted at this point, even if you are not prompted to do so.  If you do not reboot, you will get false failures about prerequisites missing for ISAPI/CGI/ASP.net registration.

 

 

7. Install SQL 2016 to the server

  • Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
  • Run setup, choose Installation > New SQL Server stand-alone installation…

 

When prompted for feature selection, install ALL of the following:

  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing, labs, and production deployments. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
  • On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.  Set the SQL Agent to AUTOMATIC.
  • On the Collation Tab – accept the default which is SQL_Latin1_General_CP1_CI_AS
  • On the Account provisioning tab – add your personal domain user account and/or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
  • On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
  • Choose Install, and setup will complete.
  • You will need to disable Windows Firewall on the SQL server, or make the necessary modifications to the firewall to allow all SQL traffic.  See http://msdn.microsoft.com/en-us/library/ms175043.aspx
  • When you complete the installation – you might consider also downloading and installing SQL Server Management Studio Tools from the installation setup page, or https://msdn.microsoft.com/en-us/library/mt238290.aspx

 

 

 

 

 

SCOM Step by step deployment guide:

 

1.  Install the Management Server role on SCOM1.

  • Log on using your personal domain user account that is a member of the OMAdmins group, and has System Administrator (SA) rights over the SQL instances.
  • Run Setup.exe

  • Click Install

 

  • Select the following, and then click Next:
    • Management Server
    • Operations Console
    • Web Console

 

 

 

  • Accept or change the default install path and click Next.

 

  • You might see an error from the Prerequisites here. If so – read each error and try to resolve it.

 

  • On the Proceed with Setup screen – click Next.

 

  • On the specify an installation screen – choose to create the first management server in a new management group.
  • Give your management group a name. Don’t use any special or Unicode characters, just simple text.
  • KEEP YOUR MANAGEMENT GROUP NAME SIMPLE, and don’t put version info in there.
  • Click Next.

 

 

  • Accept the license.  Next.

 

 

  • On the Configure the Operational Database screen, enter in the name of your SQL database server name and instance.
  • In my case this is “18MSB01”.
  • Leave the port at default unless you are using a special custom fixed port.
  • If necessary, change the database locations for the DB and log files.
  • I changed the default size to 5000 MB for now.
  • Click Next.

 

  • On the Configure the Data Warehouse Database screen, enter in the name of your SQL database server name and instance.
  • In my case this is “18MS01”.
  • Leave the port at default unless you are using a special custom fixed port.
  • If necessary, change the database locations for the DB and log files.
  • I changed the default size to 5000 MB. Click Next.

 

 

 

  • On the Web Console screen, choose the Default Web Site, and leave SSL unchecked. If you have already set up SSL for your default website with a certificate, you can choose SSL.  Click Next.

 

 

  • On the Web Console authentication screen, choose Mixed authentication and click Next.

 

 

  • On the accounts screen, change the accounts to Domain Account for ALL services,
  • Enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, DOMAIN\OMWRITE
  • accounts we created previously.
  • It is a best practice to use separate accounts for distinct roles in OpsMgr
  • Although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to
  • simplify your installation (Data Access, Reader, and Writer accounts).
  • Click Next.

 

  • On the Diagnostic and Usage Data Click Next

 

  • Microsoft Update screen – choose to use updates or not.  Click Next
  • Click Install

 

  • Watch Installation progress

 

  • After a few minutes, when installation completes
  • Close when complete.

 

 

  • The Management Server will be very busy (CPU) for several minutes after the installation completes. Before continuing it is best to give the Management Server time to complete all post install processes, complete discoveries, database sync and configuration, etc. 10 minutes is typically sufficient.

 

 

 

Verify Console

Login to Management Group

 

 

Import Management Packs

Import your preferred management packs

 

 

Continue with Optional Activities

 

 

Verify any errors in the Operations Manager Event logs

Note the Maintenance permissions is still an issue

Operations Manager Event logs

 

SCOM 1801 dashboards (previously 1711)

Here dashboard dashboard <dong>

Come out, come out wherever you are!

 

 

Looking at SCOM dashboards in the new Technical Preview had me wondering.

I was totally excited after Ignite for System Center v.Next…

          Start at 16:34 in video – BRK1023 https://myignite.microsoft.com/videos/54778

 

 

Found the documents before I found the actual widgets

HTML5 overview https://docs.microsoft.com/en-us/system-center/scom/manage-overview-html5-webconsole?view=sc-om-1801

What’s new in 1801 https://docs.microsoft.com/en-us/system-center/scom/what-is-new-1801?view=sc-om-1801

Release Notes https://docs.microsoft.com/en-us/system-center/scom/release-notes-1801?view=sc-om-1801

 

What’s new in 1711 https://docs.microsoft.com/en-us/system-center/scom/what-is-new-1711?view=sc-om-1711

Release notes https://docs.microsoft.com/en-us/system-center/scom/release-notes-tp1711?view=sc-om-1711

 

We have lots of widgets to choose from

 

Unfortunately, the SQL MP visualizations are not yet HTML5 🙁

 

 

Web Console, well, okay, I can play

 

 

Alert Widget

Scope – Setup for a group or class (my example is All Windows Computers group, could be SQL Servers, SharePoint Servers, etc.)

Criteria – Selected Severity = Warning or Critical, changed Alert age to 1 day (default was 7)

Display – No changes made

Select Columns to display – looks like all the console options when you click on ‘Personalize view’

Group by – Last modified was selected

 

 

Completion  Click on Save Widget

Saving widget

 

Alert Widget

 

 

 

 

State Widget

Scope – Setup for a group AND class (my example is All Windows Computers group, could be SQL Servers, SharePoint Servers, etc.)

Criteria – Selected Severity = Warning or Critical

Display

Selected 4 columns  (Health, Display Name, Path, Principal Name )

Group by – Health

Completion – Named widget and added Description

Click on Save Widget

 

Saved State Widget (NOTE no unhealthy windows computers)

 

 

 

 

Performance Widget

Scope – Setup for a group AND class (my example is SQL Server Computers, could be All Windows Computers, or SharePoint Servers, etc.)

Metrics – Use filter by keyword

Search string = Memory

Selected = Stolen Server Memory

Criteria – Time Range default is 24 hours

Recommend dropping time to 1-4 hours to display less data

Display

Left Default

See difference, checkbox is counter intuitive (uncheck gives visual graph)

Completion – Named widget and added Description

Click on Save Widget

Performance Widget (visualizations check box checked, NOTE NO visual)

 

Performance Widget (visualizations check box UN-checked)

 

 

 

 

 

 

Tile Widget

Simple, can setup for a group or class

Click on Save Widget

 

 

 

Topology Widget

Gotta have a little fun, right!?

Click on Save Widget

 

 

 

Tile and Topology Dashboards

 

 

Now let’s continue this further next week!

SCOM 1711 – Technical Preview for upcoming 1801

If you’re not aware, System Center will start doing 6 month releases, and will be YYDD named

 

Example 

SCOM released in Jan 2018 is 1801, then 180x, 190x, etc.

Technical previews will also exist prior (currently 1711 – the technical preview for 1801).

 

Register for Technical Preview

Evaluate and download https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-release

Save appropriate product(s)

 

Extract for ISO files

Go to path where files were saved

 

Double click on file to extract

 

Click on Run to run the file

 

Answer Yes to UAC prompt

Click ‘I accept for EULA

 

Click Next to begin the setup wizard

Select Path to save file

Click Next

 

File extract completes

 

Click Finish

 

 

Looks like SCOM ISO

 

 

Now it’s time to grab Holman’s quick start guide and set up new servers for 1801 management group (if you don’t already have the steps down pat!)