SCOM SSRS ReportExtensions

For a smooth install, everything comes down to SCOM SSRS prerequisites.  The SCOM Reporting role install really comes down to three (3) things – permissions, latest SSRS EXE downloaded (for install 2019, 2022), and ReportExtensions configuration.  The go-to reference is Holman’s QuickStart deployment guides for SCOM2019 forward list the how-to starting point.  This post focuses on ReportExtensions configuration, where more ‘how to’ details are needed.

Quick Start links:

SCOM 2022 – QuickStart Deployment Guide

SCOM 2019 – QuickStart Deployment Guide

SSRS learn.microsoft.com site article https://learn.microsoft.com/en-us/troubleshoot/system-center/scom/cannot-deploy-operations-manager-reports

 

Configure Report Extensions via SSMS (GUI)

RDP to server with enabled account

Open SSMS that has connectivity to SSRS install/server

Change ‘Server type’ drop-down to Reporting Service

Change SSMS Server Type from Database Engine to Reporting Service
Change SSMS Server Type from Database Engine to Reporting Service

Click Connect

Right click on Server > Properties

In the Server Properties window, select the Advanced Tab

Click on the AllowedResourceExtensionsForUpload, and add *.*

Click OK

Screenshot of SSMS Connected to Reporting Service, expanding SSRS Properties > Advanced Tab > showing AllowedResourceExtensionsForUpload
Screenshot of SSMS Connected to Reporting Service, expanding SSRS Properties > Advanced Tab > showing AllowedResourceExtensionsForUpload

Don’t forget to restart SSRS to make changes take effect!

Once restarted, verify SVC/MSA account permissions, and begin SCOM Reporting role!

 

Configure Report Extensions via PowerShell

Testing learn article PowerShell for SSRS Defaults (pre-requisite for SCOM Reporting role with SSRS2017+ versus SSMS).   > Reporting Services

SSRS Note for ServiceAddress (SSRS URL) is other than localhost

On respective server, open PowerShell as Admin

Paste the following:

$ServiceAddress = ‘http://localhost

$ExtensionAdd = @(

                ‘*’

                ‘CustomConfiguration’

                ‘Report’

                ‘AvailabilityMonitor’

                ‘TopNApplications’

                ‘Settings’

                ‘License’

                ‘ServiceLevelTrackingSummary’

                ‘CustomPerformance’

                ‘MostCommonEvents’

                ‘PerformanceTop’

                ‘Detail’

                ‘DatabaseSettings’

                ‘ServiceLevelObjectiveDetail’

                ‘PerformanceDetail’

                ‘ConfigurationChange’

                ‘TopNErrorGroupsGrowth’

                ‘AvailabilityTime’

                ‘rpdl’

                ‘mp’

                ‘TopNErrorGroups’

                ‘Downtime’

                ‘TopNApplicationsGrowth’

                ‘DisplayStrings’

                ‘Space’

                ‘Override’

                ‘Performance’

                ‘AlertDetail’

                ‘ManagementPackODR’

                ‘AlertsPerDay’

                ‘EventTemplate’

                ‘ManagementGroup’

                ‘Alert’

                ‘EventAnalysis’

                ‘MostCommonAlerts’

                ‘Availability’

                ‘AlertLoggingLatency’

                ‘PerformanceTopInstance’

                ‘rdl’

                ‘PerformanceBySystem’

                ‘InstallUpdateScript’

                ‘PerformanceByUtilization’

                ‘DropScript’

)

Write-Output ‘Setting Allowed Resource Extensions for Upload’

$error.clear()

try

{

                $Uri = [System.Uri]”$ServiceAddress/ReportServer/ReportService2010.asmx”

                $Proxy = New-WebServiceProxy -Uri $Uri -UseDefaultCredential

                $Type = $Proxy.GetType().Namespace + ‘.Property’

                $Property = New-Object -TypeName $Type

                $Property.Name = ‘AllowedResourceExtensionsForUpload’

$ValueAdd = $ExtensionAdd | ForEach-Object -Process {

                                “*.$psItem”

                }

$Current = $Proxy.GetSystemProperties($Property)

                if ($Current)

    {

                $ValueCurrent = $Current.Value -split ‘,’

                $ValueSet = $ValueCurrent + $ValueAdd | Sort-Object -Unique

                }

                else

    {

        $ValueSet = $ValueAdd | Sort-Object -Unique

    }

$Property.Value = $ValueSet -join ‘,’

                $Proxy.SetSystemProperties($Property)

    Write-Output ‘  Successfully set property to: *.*’

}

catch

{

                Write-Warning “Failure occurred: $error”

}

Write-Output ‘Script completed!’

 

Successfully set property to: *.*
PS C:\Windows\system32> Write-Output ‘Script completed!’
Script completed!
PS C:\Windows\system32>

 

Don’t forget to restart SSRS.

Verify SVC/MSA account permissions, then begin SCOM Reporting role!

Enjoy!

DNS Scavenging alerts

DNS Scavenging how it works

Need DNS Scavenging alerts, to see what’s cleaned up, or that scavenging failed?  Download the DNS Addendum pack from my GitHub repo https://github.com/theKevinJustin/DNSAddendumAgnostic

Latest revision first includes a EventID 2502 monitor for scavenging failed.  Second, the monitor has count logic (setup to alert with 2 events in 30 minutes).  Third, EventID 2501 rule details scavenging totals.  Lastly, built a weekly report to summarize the scavenging alerts (cliff notes!).

 

 

Some quick ‘how-to’ setup DNS scavenging

Example of RegKey showing that Scavenging is setup – note Scavenging Interval key

 

Example of AD integrated DNS setup with 21 day scavenging interval, and prompts to configure (click OK twice)

DNS Scavenging setup on AD integrated DNS server

 

Import management pack, and run DNS scavenging.

 

Verify scavenging alerts

SCOM Monitoring Tab > Active Alerts > ‘Look for:’ scavenging

Example output

 

Additional SCOM PowerShell commands

Run PowerShell commands from the SCOM management server (MS)

$DNSAlerts = get-scomalert -name "*Scavenging*"
$DNSAlerts
$DNSAlerts | format-table PrincipalName,TimeRaised,Description -auto -wrap

 

Example Output

PS C:\Users\scomadmin> $DNSAlerts = get-scomalert -name “*Scavenging*”

PS C:\Users\scomadmin> $DNSAlerts

 

Severity     Priority   Name                                                                        TimeRaised

——–     ——–   —-                                                                        ———-

Warning      Normal     Windows DNS Event 2502 Scavenging Failed monitor addendum alert             8/19/2024 2:02:3…

Warning      Normal     Windows DNS Event 2502 Scavenging Failed monitor addendum alert             8/19/2024 1:07:0…

Information  Normal     Proactive DailyTasks DNSAlerts Scavenging Summary Report Alert              8/19/2024 10:11:…

 

 

DNS alerts formatted

PS C:\Users\scomadmin> $DNSAlerts | format-table PrincipalName,TimeRaised,Description -auto -wrap

 

PrincipalName    TimeRaised            Description

————-    ———-            ———–

DC02.testlab.net 8/19/2024 2:02:32 PM  Windows DNS Event 2502 Scavenging Failed monitor alert 1 alert in 15 minutes

Event Description:

The DNS server has completed a scavenging cycle but no nodes were visited.

Possible causes of this condition include:

The next scavenging cycle is scheduled to run in 168 hours.

 

Learn articles for more details https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-scavenging-setup

SCOM Agent Maintenance

Wrench for SCOM agent maintenance
Wrench for SCOM agent maintenance

When we talk about best practices for monitoring, this will typically include (SLA) Service Level Availability.  SLA is an important piece in your environment, as uptime and happy customers come with a high SLA.  There are some cases where IT Teams do work on demand.  On-demand work is outside of a standard change window, a scheduled change.  Typically this is outside configuration management tools, responsible to update software (applications/packages), machines, drivers, compliance settings, and more.  In the one-off, non-scheduled maintenance or recovery, try leveraging ‘SCOM Agent Maintenance’ PowerShell commands on SCOM agents.

 

SCOM Agent maintenance PowerShell commands

cd “C:\Program Files\Microsoft Monitoring Agent\Agent”

Import-module .\MaintenanceMode.dll

Start-SCOMAgentMaintenanceMode -Duration 10 -Reason PlannedOther

 

# Verify

# If messages show with current timestamp, Agent objects are in maintenance.

 

get-eventlog -LogName “Operations Manager” -newest 50 | ? { $_.Message -like “Suspending monitoring*”  } | ft TimeGenerated,Message -autosize

 

TimeGenerated        Message

————-        ——-

6/25/2020 8:37:57 AM Suspending monitoring for instance “modeldev” with id:”{F9E45AA4-7DF7-C1F1-70C9-5D76C9F2725C}” …

6/25/2020 8:37:57 AM Suspending monitoring for instance “C:” with id:”{ED00048A-7DDC-D4BE-901D-D64DA281B7C6}” as the…

6/25/2020 8:37:57 AM Suspending monitoring for instance “central_log” with id:”{EA619D69-D1CC-3B19-D93C-2E3FCD1409AE…

 

PS C:\Program Files\Microsoft Monitoring Agent\Agent> get-eventlog -LogName “Operations Manager” -newest 25 | ? { $_.Message -like “Resuming monitoring*”  } | ft TimeGenerated,Message -autosize

 

343998 Jun 25 08:50  Information HealthService          1073743040 Resuming monitoring for instance “modeldev” wit…

343997 Jun 25 08:50  Information HealthService          1073743040 Resuming monitoring for instance “C:” with id:”…

343996 Jun 25 08:50  Information HealthService          1073743040 Resuming monitoring for instance “central_log” …

343995 Jun 25 08:50  Information HealthService          1073743040 Resuming monitoring for instance “dnmll05s1.UNE…

New SQL management pack

SQL Server Blog – New SQL Management pack released!

 

The blog posting the pack release fell through the cracks.  Released on 10 July, I’ve had some issues getting the updated MSI’s, but they’re live now.   I normally use the SQL Tech Community SQL releases site https://techcommunity.microsoft.com/t5/sql-server-blog/bg-p/SQLServer/label-name/SQLReleases

 

Don’t forget to look for SQL Security updates, (CU) Cumulative Updates, or (SP) Service Pack updates at the SQL releases link!  https://techcommunity.microsoft.com/t5/sql-server-blog/bg-p/SQLServer/label-name/SQLReleases

 

 

New SQL pack released

Microsoft System Center Management Pack for SQL Server enables the discovery and monitoring of SQL Server 2012, 2014, 2016, 2017, 2019, 2022, and upcoming versions.

Download link https://www.microsoft.com/en-us/download/details.aspx/?id=56203

Version:
7.6.5

File Name:
SQLServerMP.Windows.msi

SQLServerMP.CustomMonitoring.msi

SQLServerMP.Linux.msi

SQLServerMPWorkflowList.pdf <missing as of today>

Date Published:
7/10/2024

Functionality https://learn.microsoft.com/en-us/system-center/scom/sql-server-management-pack-changes-history?view=sc-om-2022

https://www.microsoft.com/en-us/download/details.aspx/?id=56203

June 2024 – 7.5.19.0 CTP

What’s New

  • Added new “Table Clustered Index Fragmentation” monitor that targets databases and checks for high fragmentation of clustered indexes
  • Added new “Property Bag” step in the custom monitor setup to extend the alert context with a property from the query result
  • Updated the “Product Version Compliance” monitor with the most recent version of public updates for the SQL Server
  • Reworked the “Long Running Queries” alert rule to improve security
  • Improved accessibility for the Summary Dashboard view and Monitoring Wizard template, including the following major changes:
    • implemented Keyboard Navigation using the A and D buttons on the tiles in the dashboard
    • added the ability for the screen reader to announce buttons and errors in the SQL Server wizard
    • redesigned dashboard list controls for greater accessibility

 

Pretty simple steps

Download and save to your SCOM server, or SCOM console connected machine

Navigate to the Administration tab

Expand Management Packs

Click on Installed Management packs

Click the Add drop-down, select the packs

Verify selections, and click Install button

Importing new SQL v7.6.5.0 packs into the SCOM Console

Click Close after import

v7.6.5.0 management packs are imported into the SCOM console

 

Enjoy!

 

SNOW REST connectivity

SNOW REST connectivity network icon
SNOW REST connectivity network icon

 

Verify ServiceNow test/production  environment connectivity.  Are you ready to begin the checks for ‘SNOW REST connectivity’?

 

Verify the following pre-requisites are met before proceeding:

Proxy

TEST/PROD ServiceNow (SNow) URL(s)

ID

Password

 

High level outline:

Verify network connectivity via proxy, using SNOW URL’s, ID, password

Verify CredentialManager Snapin installed

Setup credentials in CredentialManager

 

 

Verify network connectivity via proxy, using SNOW URL’s, ID, password

Determine the SCOM notification account being used, see blog for details.

RDP to SCOM MS using notification account.

Open PowerShell as administrator

Verify network connectivity pasting command into PowerShell window

Example SNOW URL JustinTime.servicenowservices.com

Test-NetConnection -ComputerName JustinTime.servicenowservices.com -port 443

Test-NetConnection -ComputerName JustinTime.servicenowservices.com -port 443 -proxy ##PROXY##

 

Successful connectivity

PS C:\MonAdmin\SCRIPTS> Test-NetConnection -ComputerName servicenowservices.com -port 443

ComputerName     : servicenowservices.com

RemoteAddress    : 199.91.136.115

RemotePort       : 443

InterfaceAlias   : Ethernet 2

SourceAddress    : 10.0.0.30

TcpTestSucceeded : True

 

 

Verify CredentialManager Snapin is installed

Best practice – Encrypt credentials on SCOM MS to prevent cleartext in scripts.  To begin, this includes details to verify SnapIn, verify credentials stored, store credentials.

 

Verify CredentialManager Snapin is installed

RDP to SCOM MS server(s) as SCOM Notifications SVC account with SA access

Open PowerShell as administrator

Paste command(s) into PowerShell window to test network connectivity to SNOW environments

# Verify Credential Manager snap in installed

$CredMgrModuleBase = Get-Module -Name CredentialManager

if ( $Null -ne $CredMgrModuleBase.ModuleBase )

{ write-host -f yellow “CredentialManager PoSH Module Installed, ModuleBase = $($CredMgrModuleBase.ModuleBase)” }

if ( $Null -eq $CredMgrModuleBase.ModuleBase )

{ write-host -f red “CredentialManager PoSH Module NOT Installed” }

 

CredentialManager snapin PowerShell output
CredentialManager snapin PowerShell output

 

Verify Stored Credentials on server

First, verify any credentials stored on server, specific to ServiceNow or not.  Second, we begin to use the Get-StoredCredential command. Third, we will setup the credential for REST integration, lastly verifying credential.

Setup Credentials for SNOW RESTAPI

RDP to SCOM MS server(s) as SCOM Notifications SVC account with SA access

Open PowerShell as administrator

Paste command(s) into PowerShell window to test network connectivity to SNOW environments

 

If no output, there are no credentials stored under the RDP login.

Get-StoredCredential

Commands specific to ServiceNow to verify credentials exist

$Credential = Get-StoredCredential -Target “ServiceNowCredential”

$Credential = Get-StoredCredential -Target “svc_rest_scom”

CredentialManager Get-StoredCredential Output
CredentialManager Get-StoredCredential Output

Alternate command to verify stored credential

Get-StoredCredential -Target “ServiceNowCredential”

CredentialManager Get-StoredCredential -Target "ServiceNowCredential"
CredentialManager Get-StoredCredential -Target “ServiceNowCredential”

 

 

Setup Credentials for SNOW RESTAPI

RDP to SCOM MS server(s) as SCOM Notifications SVC account with SA access

Open PowerShell as administrator

Paste the following commands to create stored credential:

New-StoredCredential -Target “ServiceNowCredential” -UserName “svc_rest_scom” -Password “##Password##” -Persist ‘LocalMachine’

 

New-StoredCredential output example
New-StoredCredential output example

 

Verify credential being used by SCOM

$Credential = Get-StoredCredential -Target “ServiceNowCredential”

New-S

 

Therefore, network connectivity verified.  Lastly, encrypted credentials are stored in the SCOM notifications SVC account.  Continue the integration!