Tag: scom 2012r2

Configure MMA agent via PowerShell

A car mechanic uses battery jumper cables to charge a dead battery.

 

Do you feel like a mechanic having to jump start the agent configuration like a dead car battery?   Assuming the Agent is already installed, you can configure the SCOM agent via PowerShell.  Even better when you can PowerShell remote to multiple systems.  I hope the PowerShell commands below help you master PowerShell to configure the SCOM side of the MMA agent (house).

 

powershell

/*
# Find/replace variables to your environment like Kevin Holman’s fragments!
##SCOMMGMTGROUP1##
##SCOMMGMTGROUP2##
##SCOMMGMTSERVER1##
##SCOMMGMTSERVER2##
#
*/

$SCOMAgent = New-Object -ComObject AgentConfigManager.MgmtSvcCfg
$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP1##”);$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP2##”)

# If mgmt groups are incorrectly set
$SCOMAgent.RemoveManagementGroup(“##SCOMMGMTGROUP1##”)
$SCOMAgent.RemoveManagementGroup(“##SCOMMGMTGROUP2##”)

restart-service healthservice

# Domain
$SCOMAgent.AddManagementGroup(“##SCOMMGMTGROUP1##”,”##SCOMMGMTSERVER1##”,5723)

# Verify agent config
$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP1##”)
# If you have a second management group

$SCOMAgent.GetManagementGroup(“##SCOMMGMTGROUP2##”)

# Restart and test connectivity
restart-service healthservice

# Check connectivity
test-netconnection -port 5723 -computername ##SCOMMGMTSERVER1##

 

 

Installing and configuring the MMA agent via Command line

Command prompt

 

GUI install option, see blog

PowerShell Agent configuration, see blog

Updated 1 Feb 2023

Pre-reqs to build out an install script/package

MMA agent executable

ALA Workspace ID

ALA Workspace Primary Key

 

 

Download MMA agent

Click on Windows Servers from Connected Sources to download Windows Agent

Click on Linux Servers from Connected Sources to download Linux Agent

 

 

 

 

Obtain WorkspaceID

From the Azure Portal (https://portal.azure.com)

Click on Log Analytics, <your subscription >

Click on Advanced Settings

My view defaulted to Connected Sources > Windows Servers

 

Save the workspace ID and workspace key to notepad/OneNote for later

 

 

 

 

 

Build out command line for setup file

(optionally to include in Application Deployment package)

 

Grab pre-reqs above: (saved from above to build the command line)

Exe/msi file

Workspace ID

Workspace key

 

Craft out your command line (MECM super installer code updated by Neal Smith

SCOM MECM Agent Package Installer Command Line

The setup.exe or MSI command line parameters to pass are:

MMA-specific optionsNotes
NOAPM=1Optional parameter. Installs the agent without .NET Application Performance Monitoring.
ADD_OPINSIGHTS_WORKSPACE1 = Configure the agent to report to a workspace
OPINSIGHTS_WORKSPACE_IDWorkspace Id (guid) for the workspace to add
OPINSIGHTS_WORKSPACE_KEYWorkspace key used to initially authenticate with the workspace
OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPESpecify the cloud environment where the workspace is located

0 = Azure commercial cloud (default)

1 = Azure Government

OPINSIGHTS_PROXY_URLURI for the proxy to use
OPINSIGHTS_PROXY_USERNAMEUsername to access an authenticated proxy
OPINSIGHTS_PROXY_PASSWORDPassword to access an authenticated proxy

Example:

setup.exe /qn NOAPM=1 ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_AZURE_CLOUD_TYPE=0 OPINSIGHTS_WORKSPACE_ID=<your workspace id> OPINSIGHTS_WORKSPACE_KEY=<your workspace key> AcceptEndUserLicenseAgreement=1

 

 

 

Other helpful links

Docs site https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-collect-windows-computer

Daniel Orneling Blog https://blog.orneling.se/2017/01/installing-oms-agent-with-powershell/

TechNet gallery https://gallery.technet.microsoft.com/scriptcenter/Install-OMS-Agent-with-2c9c99ab

Installing and configuring the MMA agent

 

Maybe the MMA agent is like Venom?
Proof I’ve watched too many a Marvel movie…

 

An existential moment perhaps, but the MMA agent can be a bunch of strings stuck from one place to another, monitoring whatever its told to do.

 

 

 

If you are running SCOM2016 or above, the MMA agent is built-in with Log Analytics, just configure your workspace

 

 

 

 

Download and Install MMA agent

SCOM 2012R2 agent does not have MMA, so download MMA agent from Log Analytics workspace

Azure Portal > Log Analytics > Subscription > Advanced Settings

Click on Windows Servers from Connected Sources to download Windows Agent

Click on Linux Servers from Connected Sources to download Linux Agent

 

 

From the Azure Portal (https://ms.portal.azure.com)

Click on Log Analytics, <your subscription >

Click on Advanced Settings

My view defaulted to Connected Sources > Windows Servers

 

Save the workspace ID and workspace key to notepad/OneNote for later

 

 

 

< Assuming the MMA agent is installed with Log Analytics capability >

 

 

Update MMA Agent with Workspace ID and Key

From MMA agent, update the OMS Workspace with the GUID copied to notepad

 

Click on Start > Control Panel, System and Security > Microsoft Monitoring Agent

Click on Azure Log Analytics (OMS) tab on MMA agent

Click Add

 

Add Workspace ID and Key to agent

Click OK

Click OK again on MMA properties

 

Look for the healthy green checkbox’d circle

 

Troubleshooting Errors in the Operations Manager Event Logs

Blog posts – Verify, 55002

 

 

 

 

 

 

 

 

Azure Log Analytics Service Map Planning and Pre-reqs

My grandfather said two things:

An ounce of prevention is worth a pound of manure

Death and taxes are part of life

 

Planning out a deployment is a good thing.

My best friend would say “No one plans to fail, they just fail to plan”

 

 

This will be a multi-part blog – breaking out the high level steps, and my experience getting the solution set up.

 

What do we need for Service Map?

  • Azure connectivity
    • Setup Log Analytics workspace on MMA/SCOM agent article
    • Troubleshooting onboarding issues KB,
      • Check for Events in Operations Manager event logs blog
  • Computers in scope for visualization
    • What computers (Windows or Linux)
    • Pricing FAQ
  • Dependency agent installed on computers
  • Azure Service Principal
    • (think of it as an SSH shared key ID/password for Azure Apps to communicate)
    • Docs article

 

High level steps

  1. Overview blog
  2. Install the MMA agent blog
  3. Install the dependency agent blog
  4. Configure Azure Service Principal blog
  5. Configure Service Map on SCOM blog

 

What ID’s is SCOM using

Ever need to audit what ID’s SCOM is using?

Maybe you have to figure out how someone else setup SCOM.

Did they set up SCOM as recommended for best practices with different AD accounts per role?

 

If the ID’s are not logged during install, it’s a little more difficult to figure out what ID was used.

  • Domain Account for ALL services,
  • Enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, DOMAIN\OMWRITE

 

Try these PowerShell commands to find what SCOM is using.

 

ON MS (from PowerShell (don’t need admin unless you’re restarting services)

$Services = ( Get-WmiObject -Class Win32_Service )

$Services | ? { $_.Name -eq “OMSDK” -OR $_.Name -eq “cshost” -OR $_.Name -eq “HealthService” } |

ft name,Startname,StartMode

 

 

 

ON SCOM DB’s, Reporting (from PowerShell (don’t need admin unless you’re restarting services)

$Services = ( Get-WmiObject -Class Win32_Service )

$Services | ? { $_.DisplayName -like “*SQL*” } | ft name,Startname,StartMode

 

 

Source https://blogs.technet.microsoft.com/heyscriptingguy/2012/02/15/the-scripting-wife-uses-powershell-to-find-service-accounts/

 

 

Windows Server Dashboards

These are some cool Dashboards brought to the community by Satya Vel a few years ago.

 

This was brought to my attention for Dashboard functionality from SCOM 2012R2 to provide visibility for Windows Computer Health state

After a history lesson, I had to find the source!

256 cores increased the limit in Windows Server 2008R2

Prior it was 64 cores (look how far we’ve come!)

 

The Processor perfmon object is potentially limited since.  The Windows Team built the ‘Processor Information’ counter to handle above 64 cores (256 as of the below article)

 

Windows 2008 R2 Performance Monitor – Processor Information Counters have replaced Processor Counters

 

 

 

Beyond the history lesson, let’s get to the dashboards!

Why do you ask?     The Windows Server MP’s as far back as I have (MP version 7230) use ‘Processor Information’ instead of ‘Processor’

 

Flash forward to the Momteam blog in 2012

Blog https://blogs.technet.microsoft.com/momteam/2012/06/12/free-windows-server-2008-dashboards-for-opsmgr-2012-and-tool-to-help-create-your-own-customized-dashboards/

 

 

Windows Server Summary Dashboard

 

 

Task Pane Dashboard

 

From the Monitoring Tab

Click on the Windows Computer view

Highlight the computer you want to see performance information on

Click the ‘Windows Server Task Pane Dashboard’ in Tasks pane

 

What happened to CPU!

 

 

Using with SCOM 2012R2, 2016, and even TP1801 the Dashboard happened to work on my DC’s.  Processor is gathered from the AD Directory Services management packs.

 

With some help, the Task Pane Dashboard was corrected to target Processor Information versus Processor

 

 

If you use the console to troubleshoot issues, it’s simple to do.

Save the packs from the Gallery, and import the two MP’s

Go use the dashboards!

 

Gallery https://gallery.technet.microsoft.com/Updated-Windows-Server-ff45737d

 

Adding UNIX agents via PowerShell

First, a shout out to Vanessa Bruwer @VanessaBruwer and Tyson Paul for their help!

 

Feel like I was pounding rocks, and had a great find! 🙂

…How to add UNIX agents manually via command line

 

 

 

Required

1. Unix Agent action account and agent maintenance account ID and passwords
2. Unix Resource Pool name (use get-SCOMResourcePool)

Don’t confuse the WSMAN login and use your MSAA ID

BTW, cmdlets exist with 2012R2 and 2016

 

 

From MS running PowerShell as admin

$MyPool = Get-SCOMResourcePool “UNIX/Linux Monitoring Resource Pool”
$SSHCredential = Get-SCXSSHCredential -UserName scom -ElevationType sudo
$WSCredential = Get-Credential scom

# Using MSAA account this fails

$DiscResult = Invoke-SCXDiscovery -Name “ubuntu.testlab.net” -ResourcePool $MyPool -WSManCredential $WSCredential -SSHCredential $SSHCredential

# Alternative Discovery for Network IP range
$DiscResult = Invoke-SCXDiscovery -IPRange 192.168.1.50,192.168.1.75  -ResourcePool $MyPool -WSManCredential $WSCredential -SSHCredential $SSHCredential

 

$DiscResult |fl -property *

 

$installResult = Install-SCXAgent -DiscoveryResult $DiscResult -Verbose
$installResult | fl -property *

 

 

Using MSAA account this fails

 

Using SCOM Agent Maintenance Account

 

Console verified

 

Resources
Old https://blogs.msdn.microsoft.com/scxplat/2009/12/11/cross-platform-powershell-scripts-released/
2012R2 (tested on my 2016 lab) https://operatingquadrant.com/2012/12/06/using-powershell-for-automated-unixlinux-agent-discovery/
PoSH cmdlet reference https://docs.microsoft.com/en-us/previous-versions/system-center/powershell/system-center-2012-r2/hh545212(v=sc.20)

 

 

 

 

Sealing SCOM MP’s

 

Sealing MP’s

This is an updated version of Kevin Holman’s blog, and Jonathan Almquist’s blog for SCOM2012R2 and 2016

 

First why seal?

If you seal the MP – we will be able to use the classes/groups created for overrides in any other override MP.

Unsealed MP – any overrides you use for classes/groups will be forced into this same MP.

 

 

If you don’t have Visual Studio 2013 and above with VSAE, or have other requirements, you will need to download the SDK to get the SN.exe utility

 

Download SDK

Win2008 & R2 SDK No longer available for Download

Win2012 & R2 SDK Download

Win10 SDK Download https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk

Release blog https://blogs.windows.com/buildingapps/2017/05/11/windows-10-sdk-preview-build-16190-released/

NOTE Install path to go grab the sn.exe file

 

 

Install SDK

Copy file to the local machine

Open PowerShell window as administrator

cd $HOME/desktop

.\sdksetup.exe          # .\winsdksetup.exe for Server 2016/win10

 

 

Verify SN.exe is found after SDK install completes

Server 2008 – sn.exe located in C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin\x64

Server 2012 – sn.exe located in C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools

Server 2016 and Win 10 – sn.exe located in C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools

 

 

 

Create the MPSeal folders

Repository where you want to keep the MPSeal.exe, SNK files, and related sealed packs for any MP sealed
C:\monadmin\MPSeal
C:\monadmin\MPSeal\unsealed
C:\monadmin\MPSeal\sealed # Reference sealed MP’s
C:\monadmin\MPSeal\key
C:\monadmin\MPSeal\output

PowerShell as Admin commands to create repository

new-item -itemtype directory -path c:\monadmin\
new-item -itemtype directory -path c:\monadmin\MPSeal
new-item -itemtype directory -path c:\monadmin\MPSeal\unsealed
new-item -itemtype directory -path c:\monadmin\MPSeal\sealed
new-item -itemtype directory -path c:\monadmin\MPSeal\key
new-item -itemtype directory -path c:\monadmin\MPSeal\output

 

 

Copy MPSeal utility from Support directory on SCOM ISO

On ISO, copy mpseal* from ISO SupportTools\AMD64 directory to c:\monadmin\MPSeal

 

 

 

Let’s get the Key file generated and start sealing MP’s!

 

Create SNK files
Note SN.exe only needs to be run once to create the SNK file
***Critical note – you need to keep a backup of this key… because it will be required for making updates to this MP in the future, re-sealing, and keeping the ability to upgrade the existing MP in production.

 

sn -k <yourDomainNameHere>.snk

Sample syntax from win2k8 server

Copy this SNK file to c:\monadmin\MPSeal\key

 

 

Copy Referenced MP’s
This is a good opportunity to add the MP’s referenced in the ISO, UR updates, and/or RTM folder when installing SCOM, Unix MP’s, etc.

Copy sealed MP’s to c:\monadmin\MPSeal\sealed

 

 

Seal MP

MPSeal.exe c:\monadmin\mpseal\unsealed\<mpNameHere>.xml /I “c:\monadmin\mpseal\sealed” /Keyfile “c:\monadmin\mpseal\key\PairKey.snk” /Company “CompanyName” /Outdir “c:\monadmin\mpseal\output”

 

 

References
How to Seal MP https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/hh457550(v=sc.12)

 

 

Update MP’s for SCOM with VMM2012 R2

The fun starts here.

 

VMM is like more 3rd party management packs that require an app update, then push updates to SCOM.

 

The initial VMM MS configuration will upload the VMM UR packs to SCOM, but what do you do the next time you update VMM how do you upgrade SCOM to the latest UR?

 

Here’s a script to upgrade SCOM once VMM UR is updated on your VMM management server.

 

$UR=”UR11″

$VMMServer = “12VMM01”

 

# Set up your path, this example is monadmin\backup

$date = Get-Date -UFormat “%Y-%m-%d”

 

# Set up backup path

$backupPath = “C:\monadmin\backup”

$backupDrive = “C:”

 

####################################################################

# Functions

# Verify OperationsManager SnapIn Installed

 

Function VerifyOpsMgrSnapIn

{

If ( get-pssnapin -r | ? { $_.Description -contains “Operations Manager” } )

{

Write-host -f green “Operations Manager SnapIn already loaded!”

}

Else

{

add-pssnapin “Microsoft.EnterpriseManagement.OperationsManager.Client”;

Write-host -f green “Operations Manager SnapIn loaded”

}

}

 

function BackupMP

{

if ( test-path -pathtype Container $backuppath )

{

new-item -itemtype directory -path $backupPath

write-host -f green “Created $backupPath ”

}

else

{

write-host -f green “Backup Path already created $backupPath ”

}

 

# Get VMM management pack versions before

$before = ( get-scommanagementpack -name “*VirtualMachineManager*” )

 

# Set up Backup Path

$backupDrive

cd $backupPath

new-item -itemtype directory -path $backupPath\$date

cd $backupPath\$date

new-item -itemtype directory -path $backupPath\$date\SCVMM_MP$UR

cd $backupPath\$date\SCVMM_MP$UR

 

# Copy SCVMM MP’s to SCOM MS

#

copy-item “\\$VMMServer\d$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\ManagementPacks\*” -destination $backupPath\$date\SCVMM_MP$UR

 

# Backup existing MP’s on SCOM MS

#

# Backup SCOM Management packs to C drive

$backupDrive

cd $backupPath

new-item -itemtype directory -path c:\monadmin\backup\$date\SCVMM_MP$UR_OLD

cd $date

Get-SCOMManagementPack -Name *VirtualMachine* | Export-SCOMManagementPack -Path “$backupPath\$date”

Write-Host -f green “MP’s backed up to $backupDrive\$backupPath\$date\SCVMM_MP$UR_OLD”

 

# Verify copy

if ( test-path -pathtype leaf $backupPath\$date\SCVMM_MP$UR\*.mp )

{

Write-Host -f green “MP’s copied”

}

else

{

Write-Host -f yellow “Specify proper path for MP’s copy”

}

}

 

 

 

Function ImportMPIntoSCOM

{

# Import VMM MP’s into SCOM

# https://docs.microsoft.com/en-us/previous-versions/system-center/powershell/system-center-2012-r2/hh920193(v=sc.20)

# http://www.systemcentercentral.com/bulk-import-operations-manager-2012-management-packs/

 

$mpdir = “$backupPath\$date\SCVMM_MP$UR”

$mpfiles = (Get-item -path $backupPath\$date\SCVMM_MP$UR\*).Name

$mpcnt = $mpfiles.Count

Write-Host “Script is requesting to import $mpcnt management packs.”

 

If ($mpcnt -gt 0)

{

Write-Host “$Instcnt management packs were added to installation queue, installing now”

foreach ($ManagementPack in $mpfiles)

{

Set-Location $mpdir

Import-SCOMManagementPack -Fullname $ManagementPack -ErrorAction SilentlyContinue

Write-host -f green “Imported $ManagementPack into SCOM”

}

}

}

 

 

 

 

 

VerifyOpsMgrSnapIn

BackupMP

#UpdateRegistry

ImportMPIntoSCOM

 

 

# Verify SCOM Management packs loaded

 

Write-host -f Green “Before Management pack versions”

 

$before.Version

 

Write-host

 

$after = ( get-scommanagementpack -name “*VirtualMachineManager*” )

$after.version

 

Write-host -f yellow “Is After greater than Before?”

Write-host