System Center Operations Manager 2016 Step by Step– Part 17 – Cannot create a connection to data source “DB_Audit”

Let assume that you installed Audit Collection and gave some users Report Operators role. After they run some reports from Audit Report folders they get error

An error has occurred during report processing. (rsProccesingAborted).
Cannot create a connection to data source ‘DB_Audit’. (rsErrorOpeningConnection)

image

What is the problem? When you are running other reports (not AC Reports)  from SCOM console they are run in context of Operations Manager Data Reader you created. Because ACS is not part of SCOM reporting role it does not share same security context. Account you use to run Audit reports will not have any rights to read from SCOM audit database. The best explanation (old one but good one) I read is written on this blog .

To solve this we need to give account access to OperationsManagerAC database. Just log in to you SQL instance and give it db_datareader access. Best practice would be to create group with name for example ACReports users, and give this group db_datareader access. All users inside group will have access to Audit reports, regardless of they SCOM Reports Operator role.

image

This is also very specific written on SCOM 2016 documentation link

The installation procedures for ACS Reporting do not differ, but the application of access control is different. By deploying ACS Reporting on the same SQL Server Reporting Services instance as your Operations Manager Reporting, the same role-based security applies to all reports. This means that ACS Reporting users need to be assigned to the Operations Manager Report Operator Role to access the ACS reports.

In addition to membership in the Operations Manager Reporting Role, ACS report users must also be assigned db_datareader role on the ACS database (OperationsManagerAC) to run ACS reports. This requirement is independent of the presence of Operations Manager Reporting

I hope this helped you in getting your Reports utilized, because it is very important part of SCOM software.  

Advertisements

System Center Operations Manager 2016 Step by Step– Part 16 – Installing Reporting role on remote SQL installation? Missing SQL instance!?

The other day I was trying to install test SCOM 1801 environment and when I wanted to do reporting role installation I was stuck at this page. SQL Server instance for Reporting Services had empty SQL Server instance list. I scratched my had a little bit, but finally come to solution that is very obvious but somehow hidden and not enough explained. That is why some people doesn’t like SCOM because they can not get answers when they need it. Please if you have some piece of blog or Microsoft article that explain this comment. (I would like to have some reference) Closest one is article from Cameron Fuller. Even he had the same problem there.

 

image

 

So let me explain. When people are starting with SCOM or making test environments they take one big server and put everything there. SCOM installation, SQL database, SSRS and everything else needed for SCOM to work. IT works fine if you have enough resources. When it comes to production you usually take one server for SCOM roles and another one for SQL workloads. You start with installation and suddenly you come to this screen and there is no SQL Server instance available, even you know that everything is setup fine on SQL Server. You can even get remotely http://server/reports and http://server/reportserver pages. So what is the catch. 

YOU INSTALL SCOM REPORTING ROLE ON THE SERVER WHERE SSRS SERVICES ARE INSTALLED!

There is no other way. You can try but it doesn’t work and you will always get the same problem. You can manage to use remote SQL Reports database for examle, but SSRS service and Reporting role SCOM installation need to be on the same computer. There is also a catch for using reporting in web console but you can read it on another one of my  blogs https://igorpuhalo.wordpress.com/2017/03/16/system-center-operations-manager-2016-step-by-step-part-6/ 

In any case to repeat

YOU INSTALL SCOM REPORTING ROLE ON THE SERVER WHERE SSRS SERVICES ARE INSTALLED!

Like addition I will give you link to short Reporting book from Savision team “SCOM Reporting Guide – Tips and best practices”.

HP ILO2 2.31 released?! :-)

Hi

Yesterday I needed to do some update and I was trying to get ILO running on one server (DL 360 G5). I checked latest firmware version I had in my repository and saw it was not updated. Ok I said let go check if there is something newer on HP (sorry HPE) site. I was surprised. They released by the end of 2017 new firmware for ILO2 that is deprecated. They addressed some Java and SSL issues that probably everybody has these days . So upgrade you repository and download latest firmware for old stuff

https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_7b812185e8e84018a53456c209#tab-history

System Center Operations Manager Ignite Announcements

 

Ignite is behind us, and lots of new things are happening in and around Microsoft. Things change, and SCOM also. If you are SCOM user and follow SCOM team blog, you will see that they announced survey regarding changes they implement in System Center products. One of them is new release cadence that will resemble Windows. It means that update for System  Center will be aligned with Windows updates. On November 8th Microsoft will release preview version of System Center 1801. If you don’t understand the numbers of version, first two numbers are the year of release, and two last ones are the month. System Center will be released semi-annual with new future addressing issues and new feature. you will be able to update you system if you have eligible Software Assurance for that product.

systemcentercadence

When we talk about what is coming for SCOM 2016 here it is

  • System Center 1801 prieview early November. Release Q1 2018
  • Service Map integration is now in public preview but it will relased probably with new version. you can download MP here
  • Windows Server 2016 SDDC monitoring

Improved Unix/Linux support

    • “setup improvements” hopefully a better way to deploy “manually”
    • Kerberos support
    • Log file monitoring with FluentD. Essentially this enables us to create monitors etc. based on logfiles as we can with Windows (This is huge)

image

SCOM 2016 HTML5 console

  • Improved diagnostics and drill down – this is huge for those who haven’t invested in third-party software
  • Custom widget support. Display other charts on your dashboard.

image

  • MP updates and recommendations (introduced in 2016) now supports 3rd party MPs. 56 partners with certified MPs are available.
  • Visual Studio Authoring Extension for VS 2017

If you want to find out more details about all of this please watch Ignite session System Center for the modern datacenter: First look at advancements coming this year

System Center Operations Manager 2016 Step by Step– Part 15 – Installing inbox MP hotfix for WMI health monitor issue and more

After almost 2 months I remembered that I have blog to write.Lot of things happened in between, but couple of days ago Microsoft released fix for WMI health monitoring issues. I will not go to much in detail what happened there, but symptoms you have look like on the picture below and error you see in alerts is WMI is unhealthy. Error can be true in some cases! Bu if you have installed this fix and error is still there something is for sure wrong. There was discussion about this error already on Technet forum and colleague from SquaredUp company wrote new management pack you can download that was removing this issue until Microsoft relase fix. If you don’t know SquaredUp has nice community page where you can found post about it and lot of other SCOM related things.

image

Microsoft released fixed MPs and announced it on SCOM Team blog here.  New feature in SCOM 2016 for Nano servers caused trouble.  Fix is called Microsoft System Center Operations Manager 2016 inbox MP hotfix for WMI health monitor issue and you can download it here . It is just simple new management pack. Lets deploy it.

Run installation you downloaded

image

 

image

image

image

In Windows Explorer you will se two new MPs

image

Go to Import Management pack and navigate to folder you “installed” MPs. Chose them and you should see next windows. Version of currently installed System Center Core Monitoring MP is 7.2.11878.0 (fixed 7.2.11907.0) and version of System Center Internal Library is 7.0.8437.7 (fixed 7.0.8437.10).

image

Click Yes on Security risk question. and that is it. You fixed problem your boss was nagging you for. Easy.-)

image

Importing SCOM management packs after update rollup installation

So you installed new SCOM Update rollup. As you know procedure is to install new versions of management packs from folder “Management Packs for Update Rollups”. You can check procedure on this post. This is usually repeating task and sometimes we install management packs we don’t need. to make it easier I wrote script that will firstly check for installed MPs on local server and than look for new versions in  “Management Packs for Update Rollups” folders. If there is a new version it will install management packs. You can modify script easily and change to make it more suitable for you. It is maybe not SCOM friendly script but usually there is no much changes in management packs for update rollup besides new versions of files.

To download it visit TechNet Gallery link

Enjoy time you gain and use it wisely

System Center Operations Manager 2016 Step by Step– Part 14 – Installing ACS reports

Hi it was long time ago I wrote something so lets continue. you installed and configured ACS but you want to see reports. How to do it.

Log in to your SSRS server where you already have deployed SCOM reports and make sure that everything is working properly first.

image

After that copy ACS folder from installation media in ReportsModel folder to you server for example to C:\ drive

image

Run PowerShell or cmd and run next command

.\UploadAuditReports "myAuditDbServer\Instance1" "http://myReportServer/ReportServer$instance1" "C:\acs"

Result will look something like this. Ignore warnings

image

After that open Reports web page. Usually http://server:80/reports and open Audit Reports folder

image

Select show hidden items if it is not already checked

image

Click DBAudit source. Setting should be looking like this

image

Open one report in console and try to test it

image

It should be working Smile

image

System Center Operations Manager 2016 Step by Step– Part 13 – Manually installing agents on server

Recently I had problem with SCOM agent. Shortly it crushed totally SharePoint 2010 frontend server. To find out more you can read about it on this post APM feature in SCOM 2016 Agent may cause a crash for the IIS Application Pool running under .NET 2.0 runtime.

One of the solutions was to install agent manually without installing  APM feature. Before you do anything first copy installation of MOM agent or complete SCOM installation locally on PC. I copied everything in C:\SC 2016 RTM SCOM  folder. This is the short description of command use to do it. It is used when you don’t have AD integration enabled and you use Local system account as Action account

 


%WinDir%\System32\msiexec.exe /i "C:\SC 2016 RTM SCOM\agent\AMD64\MOMAgent.msi" /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 MANAGEMENT_GROUP=scom-hteronet MANAGEMENT_SERVER_DNS=scom2016.domain.com SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1

Stay happy

System Center Operations Manager 2016 Step by Step– Part 12 – Installing agents on DC servers

In process of migration or installation of SCOM agents you will come across DC servers eventually. There is one catch there. You installed agent and for some reason it is grayed out, and it is not working. You use SYSTEM account for SCOM agent. Additionally you will get errors in SCOM shown on  picture, and some errors on client itself

 

image

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:33:19
Event ID:      7017
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com

Description:
The health service blocked access to the windows credential NT AUTHORITY\SYSTEM because it is not authorized on management group scom-hteronet.  You can run the HSLockdown tool to change which credentials are authorized.

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:48:49
Event ID:      1102
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com
Description:
Rule/Monitor “Microsoft.SystemCenter.ManagementServicePool.AvailabilityMonitor” running for instance “grdc2.contoso.com” with id:”{20408967-8F5C-F9C4-836A-6BCE494F61DD}” cannot be initialized and will not be loaded. Management group “scom-hteronet”

So what is the problem? Go directly on DC server and open command prompt like admin.  Navigate to C:\Program Files\Microsoft Monitoring Agent\Agent. Run command hslockdown /L. You will  see that NT AUTHORITY\System account is denied for usage on SCOM agent.

image

To solve this problem you will remove SYSTEM account from denied with next command

HSLockdown.exe <YouManagementGroupName> /R “NT AUTHORITY\SYSTEM”

image

Restart agent and it should start working!

image

System Center Operations Manager 2016 Step by Step– Part 11 – Installing management packs

For some specific service or application to be monitored by SCOM we need management packs. It discovers, define elements of application or service and have monitoring data/knowledge that is written inside. For distributed application, like for example Active Directory , it contain health model that will tell us that AD is in bad condition and pinpoint component not functioning properly. Enough theory.

For our new SCOM installation we will start with Windows Server Management packs. It is most easier to configure. Things is that every MP has it specific setting that should be configured to enable proper MP functioning. That’s why you need to read thru MP User Guide like proper SCOM Admin should do Smile

Because we don’t have Windows Server MP installed we will not see any usual performance data for Windows  server (CPU, memory, disk utilization etc.)

image

Let install it. Like in Part 9  go to import management pack in Administration pane but this time chose Import from Catalog instead from disk. MP Catalog is Microsoft repository of all MP’s for Microsoft or other vendor products. You can Search or browse. I typed in operating system , and click on Search button. Result is shown on next picture. You probably already know that you need internet connection for SCOM  to have access to MP Catalog.

image

If you expand all groups for CoreOS and Core OS 2016  you will get next list of available MPs. You can see the name, status of MP (Installed/Not Installed), version and release date. You can notice that version of MP for Windows Server 2016 starts with number 10 and recent Windows Server OS with number 6. There was some changes in MP lately so we have new start numbers for new things. You can see from names of MP that some are for discovery of operating system elements, some for monitoring and reporting ones are also there.

image

Let Select and add all not installed MP’s from Core OS group. I don’t have 2016 servers yet in environment so I will not choose Core OS 2016 MP’s. If you have choose it.  After adding list will look like this.

image

Click OK and you will get back to first screen with your selected MP’s. Sometimes this windows will give you warning if there is some dependencies for selected MP. About that some other time. Click Install

image

After it downloads MP importing will start and finished successfully I hope

image

image

Now lets wait some time to see what happens in our monitoring pane . Read that Windows Server MP User Guide in meantime!