Tag: SCOM 2012

What ID’s is SCOM using

Ever need to audit what ID’s SCOM is using?

Maybe you have to figure out how someone else setup SCOM.

Did they set up SCOM as recommended for best practices with different AD accounts per role?

 

If the ID’s are not logged during install, it’s a little more difficult to figure out what ID was used.

  • Domain Account for ALL services,
  • Enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, DOMAIN\OMWRITE

 

Try these PowerShell commands to find what SCOM is using.

 

ON MS (from PowerShell (don’t need admin unless you’re restarting services)

$Services = ( Get-WmiObject -Class Win32_Service )

$Services | ? { $_.Name -eq “OMSDK” -OR $_.Name -eq “cshost” -OR $_.Name -eq “HealthService” } |

ft name,Startname,StartMode

 

 

 

ON SCOM DB’s, Reporting (from PowerShell (don’t need admin unless you’re restarting services)

$Services = ( Get-WmiObject -Class Win32_Service )

$Services | ? { $_.DisplayName -like “*SQL*” } | ft name,Startname,StartMode

 

 

Source https://blogs.technet.microsoft.com/heyscriptingguy/2012/02/15/the-scripting-wife-uses-powershell-to-find-service-accounts/

 

 

Active Directory 2012-2016 Addendum packs updated

Man time flies!

 

Thought I’d share some new functionality for AD DS (Active Directory Domain Services)

 

Ran across some customer errors with AD Event ID 1084, which exists in the old 8321 pack, but not in the v10.x pack.

Well, if you get these errors, your DC isn’t replicating, and most likely will need to be rebuilt.

 

Gallery download

 

Broke out the packs to separate the Recovery Tasks in their own pack, versus added functionality in the addendum.

Figured better to send packs NOT sealed, so that meant 2 packs,

WYSIWYG (wizzy-wig acronym)

 

What this means

v1.0.0.1 pack had just the AD DS Service Recovery Tasks

v1.0.0.2 pack has a Service Recovery Tasks pack, and the Addendum pack

What I think is cool is that the Addendum pack contains 2 rules, simple rule event (enabled by default), and also a PowerShell rule.

 

Rule Figured out how to simply look for criteria, count it, and alert on it.

We always look for alert suppression, some of the sliding/counting monitors are too much.

 

Starting with Holman’s alerting rule fragment, we can create more powerful combinations than just a single symptom.

Using Variations of the get-date command, we can actually specify how far back to look, to count for alerts.

Easier method to count events, to figure out an alert threshold.

 

From the rule in the Addendum pack

# Check blog for more detail https://blogs.technet.microsoft.com/heyscriptingguy/2015/01/21/adding-and-subtracting-dates-with-powershell/
# If you want this in other time increments – AddHours, AddSeconds, AddMilliseconds
#
$LastCheck = (Get-Date).AddMinutes(-65)

[int]$TempCount = (get-eventlog -logName “Directory Service” -Source “NTDS Replication” -InstanceID 1084 -Message “*8451 The replication operation encountered a database error*” -After $LastCheck).Count

IF ($TempCount -ge 1)
{
$Result = “BAD”
$Message = “The number of 1084 Replication Database error events was greater than 1”
}
ELSE
{
$Result = “GOOD”
}

 

Maybe we need multiple event ID’s, or search multiple event logs… you decide, and let me know.

 

Lync 2013 Addendum Management Pack

Continuing the Addendum tradition 🙂 Lync couldn’t be forgotten.

 

To understand options and methods available on the Server and SCOM, re-read the Active Directory Addendum blog

 

 

Lync 2013

Now that we understand the methods available, let’s get to the Addendum.

 

 

The Addendum pack has 32 Recovery Tasks for Lync Service Monitors.

 

The recoveries cover the following services:

Access Edge, CMS Master, File Transfer Agent, Lync Backup Service, Push Notification Service, Replica Replicator Agent, Online Telephony Conferencing, Audio Video Conferencing, BI Data Collector, Conferencing Attendant, Conferencing Announcement, Application Sharing, Persistent Chat, Persistenc Chat Compliance, Centralized Logging Service Agent, Call Park, Web Conferencing, Web Conferencing Edge, IM Conferencing, Legal Intercept Service, Log Retention Service, Audio Video Edge, Mediation, Audio Video Authentication, Bandwidth Policy Service Authentication, Bandwidth Policy Service Core, Server Response Group, Front End Service, World Wide Web Publishing, XMPP Translating Gateway, XMPP Translating Gateway Proxy.

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download          https://gallery.technet.microsoft.com/Lync-2013-Addendum-2a92aa00

Skype for Business 2015 (SfB) Addendum Management Pack

 

 

Continuing the Addendum tradition 🙂 Skype was next on the list.

 

To understand options and methods available on the Server and SCOM, re-read the Active Directory Addendum blog

 

 

Skype for Business 2015 (SfB)

Now that we understand the methods available, let’s get to the Addendum.

This Skype Addendum MP adds Recovery Tasks to the Skype for Business 2015 Service Monitors.

The recovery tasks verify service state, start ‘not running’ services, and recalculate health.

36 services monitored, with 36 recovery tasks.

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download      https://gallery.technet.microsoft.com/Skype-for-Business-2015-b005f49f

 

Active Directory 2012-2016 Addendum Management Pack

A Post-it note is like an addendum, no?

 

 

As an Operations engineer, how many times do you get notified for a service restart?

 

Did you know about Service Recovery actions, or SCOM Recovery Tasks?

 

Why didn’t the SCOM Recovery tasks get added to many of the common Microsoft Applications?

 

 

Hopefully today, we can discuss some actions to help limit the amount of manual rework required to resolve service issues.

 

Let’s explain the basics

  1. Windows Servers have a Recovery tab in the Services.msc menu.
  2. Does your monitoring tool allow for recovery actions?

 

 

To implement recovery actions, here’s an example of the Services Recovery Tab

Here’s an example of the SCOM agent service

          NOTE 3 failures spaced 1 minute apart to restart the service

 

 

Let’s take it one step further, and add a restart to the service from another tool (insert your monitoring tool here).

 

In SCOM, taking an action after identifying the problem can be handled different ways

  • Services are related to Health, which are typically found as monitors, and to apply restart automation falls into Recovery Tasks.

 

  • In Monitors as a ‘Recovery Task’, or in Rules as a response

  • Rule Response

 

 

 

 

Active Directory Domain Services (AD DS)

Now that we understand the methods available, let’s get to the Addendum.

The Active Directory Domain Services Addendum MP will add Recovery tasks to AD DS Service Monitors.

NOTE: This is for the newer v10.0.x.y management packs that support AD DS 2012-2016

 

Specifically, the Pack has 12 Recovery tasks for DFS, NTDS, DFSR, IsmServ, KDC, NetLogon, NTFRS, W32Time, Group Policy, DNS Client, ADWS, and DNS.

 

The recovery tasks verify service state, start ‘not running’ services, and include the option to recalculate health.

 

 

My goal is automation that helps anyone work smarter versus harder, with the goal to avoid being woke up at 2am just to restart a service.

 

Gallery Download      https://gallery.technet.microsoft.com/SCOM-AD-Directory-Addendum-22d0473a

 

SYSTEM CENTER 2016/2019 Operations Manager – Anti-Virus Exclusions

Updated 30 June, 7 July 2020 and includes docs.microsoft.com article updates

 

 

 

NOTE: Process name exclusion wildcards could potentially prevent some dangerous programs from being detected.

 

Hopefully this table is helpful (my thanks to Matt Goedtel for the docs site updates, and Matt’s efforts to keep docs the ‘go-to’ site)

 

Previously the blog left the SCOM Admin and Security teams with questions where blogs did NOT match vendor site documentation.  The blog merged the PFE UK team blog & Kevin Holman blog  into an easier tabular view per component)

 

Original Blog introduction

As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.

 

Best practice is to implement specific exclusions.

 

Exclusions\RoleMSDBGWRSWebAgent
Folder
Management Server installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\”		*
Agent installation folder
 Default: “C:\Program Files\Microsoft Monitoring Agent”		**
Gateway installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Gateway\”		*
Reporting installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Reporting”		*
WebConsole installation folder
 Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole”		*
SQL Data installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Data”		*
SQL Log installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Log”		*
SQL Reporting installation folder
 Default: “C:\Program Files\Microsoft SQL Server\MSRS.1x<INSTANCENAME>		*
File Types
EDB*****
CHK*****
LOG*****
LDF**
MDF**
NDF**
Processes
CShost.exe*
HealthService.exe******
Microsoft.Mom.Sdk.ServiceHost.exe*
MonitoringHost.exe******
SQL Server
 Default: “C:\Program Files\Microsoft SQL Server\MSSQL1x.<Instance Name>\MSSQL\Binn\SQLServr.exe”		*
SQL Reporting Services
 Default: “C:\Program Files\Microsoft SQL Server\MSRS1x.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe”		**

 

Useful information for decoding the matrix

Docs site https://docs.microsoft.com/en-us/system-center/scom/plan-security-antivirus?view=sc-om-2019

Platform https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows

SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager

PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/

SQL

https://support.microsoft.com/en-us/help/309422/choosing-antivirus-software-for-computers-that-run-sql-server

https://blogs.technet.microsoft.com/raymond_ris/2014/01/16/windows-antivirus-exclusion-recommendations-servers-clients-and-role-specific/

Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008    = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012    = 11.00.xxxx
120 = SQL Server 2014    = 12.00.xxxx
130 = SQL Server 2016    = 13.00.xxxx