What ID’s is SCOM using

Ever need to audit what ID’s SCOM is using?

Maybe you have to figure out how someone else setup SCOM.

Did they set up SCOM as recommended for best practices with different AD accounts per role?

 

If the ID’s are not logged during install, it’s a little more difficult to figure out what ID was used.

  • Domain Account for ALL services,
  • Enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, DOMAIN\OMWRITE

 

Try these PowerShell commands to find what SCOM is using.

 

ON MS (from PowerShell (don’t need admin unless you’re restarting services)

$Services = ( Get-WmiObject -Class Win32_Service )

$Services | ? { $_.Name -eq “OMSDK” -OR $_.Name -eq “cshost” -OR $_.Name -eq “HealthService” } |

ft name,Startname,StartMode

 

 

 

ON SCOM DB’s, Reporting (from PowerShell (don’t need admin unless you’re restarting services)

$Services = ( Get-WmiObject -Class Win32_Service )

$Services | ? { $_.DisplayName -like “*SQL*” } | ft name,Startname,StartMode

 

 

Source https://blogs.technet.microsoft.com/heyscriptingguy/2012/02/15/the-scripting-wife-uses-powershell-to-find-service-accounts/

 

 

Have a lot of SCOM subscriptions?

You logged into SCOM because someone said they didn’t get a notification

Looked at subscriptions and it’s blank

 

Do you know if you backed up your subscriptions?

 

Hopefully, you read this and back up your management packs

Hope you read this blog, and it saved your life!

 

For those who love the Console UI

You can manually back up the MP

From the SCOM console

Click on the Administration Tab

Click on Management Packs (2012), or Installed Management Packs (2016)

Type ‘notification’ in the ‘Look for:’ bar

Hit Enter

Highlight the ‘Notifications Internal Library’ pack

Click on Export Management Pack

Name your path

Hit OK

 

For simple PowerShell

 

# Backup Management packs to C drive

# Set up your path, this example is monadmin\backup

$date = Get-Date -UFormat “%Y-%m-%d”

c:

cd monadmin\backup

new-item -itemtype directory -path c:\monadmin\backup\$date

cd $date

Get-SCOMManagementPack -Name *Notification* | Export-SCOMManagementPack -Path “C:\monadmin\backup\$date”

 

Verify OMS Managed Computers

Ever wondered what objects are setup for OMS?

 

Maybe you’ve seen lots of errors on servers you don’t expect ?

It’s possible someone chose a group or nearly all managed computers in your SCOM environment.

 

How do we verify, or change what computers send data to OMS from SCOM?

1) Look for a group
In SCOM console, monitoring tab

Look for the ‘advisor’ group
Maybe someone put a group in there

2) Verify OMS members

In the SCOM console, Administration tab
Click on Managed Computers
See middle pane for what is currently set up

 

Update OMS Managed computers

In the SCOM console, Administration tab
Click on Managed Computers
See middle pane for what is currently set up

Click the ‘Add a computer/group’ link on the tasks pane (right side)

Add computers or groups

Add keyword, click search, highlight and click Add

Click OK when done updating members

 

Optionally, highlight the member, click delete

 

Verify the Advisor MP’s on computer

Go to server (added or removed)

If added, look for 1201 events in the Operations Manager Log

If removed, look for 1204 events in the Operations Manager Log

 

Enjoy!!

SQL Engineering Blog

hmmmm

Ever wonder when a SQL MP is published?

Wonder no longer, look for the SQL Engineering Blog!

 

New https://techcommunity.microsoft.com/t5/SQL-Server/bg-p/SQLServer/label-name/SQLReleases

Old – redirect in effect https://blogs.msdn.microsoft.com/sqlreleaseservices/

 

 

Verifying Custom MP overrides are valid when updating sealed MP’s

kidraisedhand

I will raise my hand when asked if I prefer Notepad++ for looking at XML (because I can shrink the sections I’m not concerned about).

 

Using Notepad++ (works best for color and concatenation of XML or quotes in case of syntax errors when editing)

 

Open Overrides management pack (XML)

Click on the (-) for Manifest

Click on the dash (-) for RelationshipTypes

Click on the dash (-) for each Discovery (if it exists)

simplifyingdiscoveryview

 

Verify targets exist in MP’s to be updated

Scroll to the right to view the Targets of your Override management pack

simplifyingview

 

If changes were overrides, look at the Monitor or Rule and verify this is in the pack to be updated

overridesmonitor

 

To understand which MP is being referenced, look at the example – Windows3!

Scroll to the top of your MP and click on the (+) plus sign to expand manifest

mpreference1

 

NOTE Windows3 is the server 2016 Monitoring MP

decodingmpreference

 

Verify your monitor/rule name still exists, and your Override should still apply

In Server Overrides MP, look at the Monitor= section for the Monitor name

verifyoverridemonitorhighlight

 

Go to the Windows Server 2008 Monitoring MP and look for that monitor

There is no monitor for 2008

notepadmonitortypes

 

Alternatively, you can look at the SCOM console as well (if MP is installed)

There is NO 2008 Memory Pages per second monitor

 scomconsolemonitorverify

 

Now to remove the override in our MP

In Notepad++, highlight the MonitorConfigurationOverride section, and delete

monitoroverridehighlight

Rinse and Repeat

Increment the version number and import MP when finished validating overrides.

 

 

Troubleshoot Office 365 SCOM MP Run As account

Run As Account

The Office 365 Run As account is used for Proxy access for an HTTPS connection from SCOM MS to Office 365 portal endpoint.

Must be a domain account, not an Azure account (particularly if they ‘re not the same tenant or AAD associated

Service Accounts are recommended to prevent impact should an employee leave

 

SCOM uses a domain account (example scom_action ID)

Verify that ID is in Azure tenant (contact your Azure Administrator if you don’t have access )

o365applicationazureidverify

To follow best practice, update the Run As account with the service account

o365applicationscomrunascredential

 

Verify Run As account

On SCOM console that there are no Operations Manager event log 7000 events for the ‘run as’ configured ID

Remote Desktop to SCOM MS Server

Verify if the ‘run as’ ID has a valid password

Look in the Operations Manager Event Log for Event ID 7000

Click on Find

Type in the user’s ID from the ‘run as’ account in SCOM

If no entries found, then ID is successfully authenticating against the domain

If errors found, correct ID/Password

Create a new subscription in SCOM to use the auto credentials option

NOTE New subscription may take 5-10 minutes to populate health data

From SCOM console

Click on Administration

Click on the Office 365 wizard

Click Add Subscription

o365applicationscomaddsubscription

 

Add Subscription Name

Click Next

o365applicationscomaddsubscriptionname

SCOM UI will prompt for Azure login

o365applicationscomazureauth

Enter ID and password

Click Sign in to authenticate

 

Click on Monitoring Tab

Click on Office 365 folder

Click on Office 365 Monitoring Dashboard

Verify state on the subscription in question

o365applicationscomnewsubscriptiondashboard

Verify SCOM ID used in O365 Subscription in Azure Portal

Verify SCOM ID used in O365 Subscription in Azure Portal

In Azure Portal

Verify the Application exists ( Azure tenant shows as SCOM O365MP )

o365applicationpermissions

NOTE In the right hand pane the Office 365 Management API’s has Application Permissions, and cannot be selected

o365application-requestpermissionsclean

Click Back to the Settings window

Click on Owners

o365applicationnoownersclean

NOTE NO owners show in this view

Click Add +

In the Add owner window, type the ID

Hit Select to add the user account (This example is the SCOM Service account)

o365application-scomidadded

Have user test

Office 365 subscription not monitored in SCOM

haiku-education-perplexed-bewildered-bemused-mystified-stumped-clipart

Yes this can leave you stumped, and wondering “why?”

 

This can be many parts, so choose carefully

Verify SCOM ID used in o365 subscription in Azure portal

Create a new subscription in SCOM to use the auto credentials option

Office 365 SCOM Run As Account

 

Verify O365 Subscription state in SCOM Console

In the SCOM console

Click on Monitoring Tab

Click on the O365 dashboard

Look at the health state

Error showed ‘endpoint not found’

Working with Azure Admin, we found the SCOM O365MP application did NOT have a service account assigned.

Verify SCOM ‘Run as’ account

Verify ‘run as’ ID (originally employee ID, not service account )

Remote Desktop to SCOM MS Server

Verify if the ‘run as’ ID has a valid password

Look in the Operations Manager Event Log for Event ID 7000

Click on Find

Type in the user’s ID from the ‘run as’ account in SCOM

If no entries found, then ID is successfully authenticating against the domain

If errors found, correct ID/Password in SCOM Console

 

Verify SCOM O365 Azure account

 

In the SCOM console

Click on Administration

Click on the O365 Wizard

Highlight the subscription

Choose Edit Subscription

 

Test ID (tested the Service Account)

With the radio button selected at ‘Use auto-created Azure Service Principal’

NOTE Name here is for SCOM purposes and does not have to match Azure Portal Application Name

o365applicationscomaddsubscriptionname

Click Next

SCOM UI will prompt for Azure login

o365applicationscomazureauth

Enter ID and password

Click Sign in to authenticate

 

If error is ‘Authentication Fails’, contact your Azure Administrator for assistance

References

Verify SCOM ID used in o365 subscription in Azure portal

Create a new subscription in SCOM to use the auto credentials option

Office 365 SCOM Run As Account

Uncommon Custom MP Fragments

new_icon_shiny_badge_svg

Building on Kevin Holman’s MP Fragment Library are additional Uncommon Custom MP Fragments

 

This is the SCOM Management Pack Fragment Library which includes VSAE Fragments you can use to make SCOM management packs quickly and easily.

V1.0 has two Event Monitors with two state, two or three criteria monitors

 

Assumptions

Visual Studio, and the VSAE Fragments are installed

Visual Studio has a powerful plugin called VSAE (Visual Studio Authoring Extensions)
https://www.microsoft.com/en-us/download/details.aspx?id=30169

If you aren’t familar with MP fragments for authoring, see instructions at:  https://blogs.technet.microsoft.com/kevinholman/2016/06/04/authoring-management-packs-the-fast-and-easy-way-using-visual-studio/

 

Background
A Management Pack fragment is simply a bit of XML, that contains all the “working parts” for a specific workflow….

Several authors have written about the power of fragments since VSAE launched, but the biggest gap I saw can be broken up into two major issues:
•Nobody provided a good “library” of workable MP fragments
•Nobody came up with a VERY simple method to reuse fragments quickly and easily

If you can do a FIND and REPLACE in notepad, you can use this.

Kevin Holman’s MP Fragments here

Gallery download for the uncommon MP fragments https://gallery.technet.microsoft.com/Uncommon-Custom-MP-c5a12a86