Importing SCOM management packs after update rollup installation

So you installed new SCOM Update rollup. As you know procedure is to install new versions of management packs from folder “Management Packs for Update Rollups”. You can check procedure on this post. This is usually repeating task and sometimes we install management packs we don’t need. to make it easier I wrote script that will firstly check for installed MPs on local server and than look for new versions in  “Management Packs for Update Rollups” folders. If there is a new version it will install management packs. You can modify script easily and change to make it more suitable for you. It is maybe not SCOM friendly script but usually there is no much changes in management packs for update rollup besides new versions of files.

To download it visit TechNet Gallery link

Enjoy time you gain and use it wisely

Advertisements

System Center Operations Manager 2016 Step by Step– Part 14 – Installing ACS reports

Hi it was long time ago I wrote something so lets continue. you installed and configured ACS but you want to see reports. How to do it.

Log in to your SSRS server where you already have deployed SCOM reports and make sure that everything is working properly first.

image

After that copy ACS folder from installation media in ReportsModel folder to you server for example to C:\ drive

image

Run PowerShell or cmd and run next command

.\UploadAuditReports "myAuditDbServer\Instance1" "http://myReportServer/ReportServer$instance1" "C:\acs"

Result will look something like this. Ignore warnings

image

After that open Reports web page. Usually http://server:80/reports and open Audit Reports folder

image

Select show hidden items if it is not already checked

image

Click DBAudit source. Setting should be looking like this

image

Open one report in console and try to test it

image

It should be working Smile

image

System Center Operations Manager 2016 Step by Step– Part 13 – Manually installing agents on server

Recently I had problem with SCOM agent. Shortly it crushed totally SharePoint 2010 frontend server. To find out more you can read about it on this post APM feature in SCOM 2016 Agent may cause a crash for the IIS Application Pool running under .NET 2.0 runtime.

One of the solutions was to install agent manually without installing  APM feature. Before you do anything first copy installation of MOM agent or complete SCOM installation locally on PC. I copied everything in C:\SC 2016 RTM SCOM  folder. This is the short description of command use to do it. It is used when you don’t have AD integration enabled and you use Local system account as Action account

 


%WinDir%\System32\msiexec.exe /i "C:\SC 2016 RTM SCOM\agent\AMD64\MOMAgent.msi" /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 MANAGEMENT_GROUP=scom-hteronet MANAGEMENT_SERVER_DNS=scom2016.domain.com SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1

Stay happy

System Center Operations Manager 2016 Step by Step– Part 12 – Installing agents on DC servers

In process of migration or installation of SCOM agents you will come across DC servers eventually. There is one catch there. You installed agent and for some reason it is grayed out, and it is not working. You use SYSTEM account for SCOM agent. Additionally you will get errors in SCOM shown on  picture, and some errors on client itself

 

image

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:33:19
Event ID:      7017
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com

Description:
The health service blocked access to the windows credential NT AUTHORITY\SYSTEM because it is not authorized on management group scom-hteronet.  You can run the HSLockdown tool to change which credentials are authorized.

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:48:49
Event ID:      1102
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com
Description:
Rule/Monitor “Microsoft.SystemCenter.ManagementServicePool.AvailabilityMonitor” running for instance “grdc2.contoso.com” with id:”{20408967-8F5C-F9C4-836A-6BCE494F61DD}” cannot be initialized and will not be loaded. Management group “scom-hteronet”

So what is the problem? Go directly on DC server and open command prompt like admin.  Navigate to C:\Program Files\Microsoft Monitoring Agent\Agent. Run command hslockdown /L. You will  see that NT AUTHORITY\System account is denied for usage on SCOM agent.

image

To solve this problem you will remove SYSTEM account from denied with next command

HSLockdown.exe <YouManagementGroupName> /R “NT AUTHORITY\SYSTEM”

image

Restart agent and it should start working!

image

System Center Operations Manager 2016 Step by Step– Part 11 – Installing management packs

For some specific service or application to be monitored by SCOM we need management packs. It discovers, define elements of application or service and have monitoring data/knowledge that is written inside. For distributed application, like for example Active Directory , it contain health model that will tell us that AD is in bad condition and pinpoint component not functioning properly. Enough theory.

For our new SCOM installation we will start with Windows Server Management packs. It is most easier to configure. Things is that every MP has it specific setting that should be configured to enable proper MP functioning. That’s why you need to read thru MP User Guide like proper SCOM Admin should do Smile

Because we don’t have Windows Server MP installed we will not see any usual performance data for Windows  server (CPU, memory, disk utilization etc.)

image

Let install it. Like in Part 9  go to import management pack in Administration pane but this time chose Import from Catalog instead from disk. MP Catalog is Microsoft repository of all MP’s for Microsoft or other vendor products. You can Search or browse. I typed in operating system , and click on Search button. Result is shown on next picture. You probably already know that you need internet connection for SCOM  to have access to MP Catalog.

image

If you expand all groups for CoreOS and Core OS 2016  you will get next list of available MPs. You can see the name, status of MP (Installed/Not Installed), version and release date. You can notice that version of MP for Windows Server 2016 starts with number 10 and recent Windows Server OS with number 6. There was some changes in MP lately so we have new start numbers for new things. You can see from names of MP that some are for discovery of operating system elements, some for monitoring and reporting ones are also there.

image

Let Select and add all not installed MP’s from Core OS group. I don’t have 2016 servers yet in environment so I will not choose Core OS 2016 MP’s. If you have choose it.  After adding list will look like this.

image

Click OK and you will get back to first screen with your selected MP’s. Sometimes this windows will give you warning if there is some dependencies for selected MP. About that some other time. Click Install

image

After it downloads MP importing will start and finished successfully I hope

image

image

Now lets wait some time to see what happens in our monitoring pane . Read that Windows Server MP User Guide in meantime!

System Center Operations Manager 2016 Step by Step– Part 10 – Installing agent

So lets install our first agent. In my case I will install first agent on SQL server that is hosting my SCOM databases. Go to administration pane and right click on any item in Administration pane. Click on  discovery wizard.

image

Discovery Wizard is used to install agent on Linux/Unix and Windows  computers for monitoring, or add network devices to SCOM network monitoring. In this example we are installing Windows computer.

image

On this windows you can choose to discover all computer from your domain, or use advanced search to pinpoint servers you want agents to be installed.

image

If you choosed advanced discovery you have two options to search for computers. One is to query AD, and second one is to browse and computer manually.

I choose browse and entered computer name.

image

image

On Administrator account page you will select SCOM Action Account or enter specific domain account  that has admin privileges to install agent on selected computer. You can use local admin account of computer, but be shure to select check box under account data.

image

Click Discover and after some time list will be populated with your computer or computers. Select check box next to computer you want agent to be installed. Go Next

image

On summary page you can choose account agent will use to run service, and installation path of agent. I use Local System like agent service account. It has some advantages and disadvantages, like everything else.

image

Click finish and agent installation will begin. After some time success message will appear.

 

imageimage

If you go back to Monitoring pane, under Discovered Inventory computer will show up. It is still not monitored because discovery need time to discover all elements installed on computer.

image

System Center Operations Manager 2016 Step by Step– Part 9 – Installing UR2

Hi. So we came long way. If you spend a lot of time dealing with SCOM you will probably encounter some bug or problems in software. From time to time Microsoft release Update Rollups. They are usually fixing noticed problems, or sometimes create new one Smile. Developers! Installation is not so straight forward. Like with management packs you need to read installation manual. UR2 is current version.  You can follow instructions on this KB article, or follow next lines.

I assume that you downloaded all needed files. You will need to extract msp files to one folder. There is a separate file of UR for every SCOM role. Sometimes some UR doesn’t have UR file for specific role

image

There is specific order of installing UR-s. You will install it in next order on all server that host specific role.

  • Management server or servers
  • Web console server role computers
  • Gateway
  • Operations console role computers

First of all open command prompt as Administrator and navigate to you extracted files. First we install management server UR on all servers with that role.

image

When you start installation it finish fast, so don’t worry if you think nothing happened

image

After that repeat the same process for web console, getaway and operations console role.Second step includes connecting to SQL server that hosts SCOM databases, and running Update_rollup_mom_db.sql  sql script on OperationsManager database. Script is located in %SystemDrive%\Program Files\System Center 2016\Operations Manager\Server\SQL Script for Update Rollups. Script can take some time if you have big database. Be patient.

image

After you run script standard procedure is to import new versions of management packs related to UR. You go to Administration pane> Management packs > Import Management packs. Like on next picture

image

Choose Add from disk and navigate to %SystemDrive%\Program Files\System Center 2016\Operations Manager\Server\Management Packs for Update Rollups

image

Usually I choose everything and then delete unnecessary MPs. Full list after selecting all MPs  is presented on next picture. First thing you will remove from the list is all language resources other then ENU. If you use some specific language listed choose it accordingly.

SNAGHTML27470208

After removing unnecessary MPs this s what its left. Import MPs

image

After that we check up on agent installed on monitoring servers. (We will installed agents on monitored computers in later blogs)  All server that need update will be in Pending Management. Select servers in your preferred manner and install updates to agent. 

image

Last thing but not least is to update your consoles on all computers that have one installed.

There is more detailed about installing SCOM UR, especially if you monitor Linux/Unix computers. For all of it you can reference to more detailed blog post of Kevin Holman about installing UR for SCOM

System Center Operations Manager 2016 Step by Step–Part 8

Lets do one simple thing before weekend. Lets activate SCOM license.  If you open SCOM console in Help > About section you can notice that this version is Evaluation copy. Evaluation copy can work 6 months.  

image

To find your license key, you will need to go to Microsoft Licensing Service Center and under downloads for System Center copy you license key.

image

To activate license you will need to enter it using PowerShell command Set-SCOMLicense. To do it, open PowerShell console in Administrator mode, and enter commands written below. You may need to restart your computer. Last command will show you license status. As you can see it still Evaluation license. It is entered in registry and it takes restart to load it Smile

import-module OperationsManager
Set-SCOMLicense -ProductId "<yourlicensekey>“ 
Get-SCOMManagementGroup | ft skuforlicense, version, timeofexpiration -a

image

After restart if you enter this command again you will get activated license and also Retail text  in console Help > About

image

image

System Center Operations Manager 2016 Step by Step–Part 7

After SCOM installation there will always be some hiccups to solve. Lets start with two. First one is long time friend of SCOM and second one is related to SCOM 2016 installation. If you open SCOM console most likely you will see this error:

Data Access Service SPN Not Registered

The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/scom2016 and MSOMSdkSvc/scom2016.contoso.com to the servicePrincipalName of CN=SCOM2016,OU=servers,DC=contoso,DC=com

 

image

From times of SCOM 2012 management servers can run on multiple computers for redundancy and workload offload. Before there was only one management server  and usual place were SPN  (Service Principal Name) was added was its computer account. Today we use domain user account for running this service on multiple servers and SPN should be placed there. So lets list SPN for account we use. We use setspn command.

C:\Windows\system32>setspn -l contoso\scomcdas
Registered ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com:

We see there is no SPN registered for this account because this account does not have rights to do that

If you run this on computer account we get next result

C:\Windows\system32>setspn –l contoso\scom2016
Registered ServicePrincipalNames for CN=SCOM2016,OU=servers,DC=contoso,DC=com:

MSOMHSvc/SCOM2016
MSOMHSvc/scom2016.contoso.com
WSMAN/scom2016
WSMAN/scom2016.contoso.com
TERMSRV/SCOM2016
TERMSRV/scom2016.contoso.com
RestrictedKrbHost/SCOM2016
HOST/SCOM2016
RestrictedKrbHost/scom2016.contoso.com
HOST/scom2016.contoso.com

So lets add SPN for our account. You do this with commands

setspn -A  MSOMSdkSvc/SERVERNAME DOMAIN\USERNAME
setspn -A  MSOMSdkSvc/SERVERNAME.fqdn.name DOMAIN\USERNAME

C:\Windows\system32>setspn -s MSOMSdkSvc/scom2016.contoso.com contoso\scomcdas

Checking domain DC=contoso,DC=com

Registering ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com
        MSOMSdkSvc/scom2016.contoso.com
Updated object

Repeat the same with NETBIOS name  setspn -s MSOMSdkSvc/scom2016 contoso\scomcdas

If you list you SPN on domain account it should look like this:

C:\Windows\system32>setspn -l contoso\scomcdas
Registered ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com:

MSOMSdkSvc/scom2016
MSOMSdkSvc/scom2016.contoso.com

SDK will be healthy now

image

The EXECUTE permission was denied on the object ‘sp_help_jobactivity’, database ‘msdb’, schema ‘dbo’.

New features, new problems. This is second error you will receive on SCOM 2016 installation only. If you did all by the book and you click Maintenance Schedule you will get this error.

image

You will see it also in Operations Manager event log even if you didn’t try to use Meintenence schedule.

image

What to do? This is purely missing permissions of SCOM sdk account on SQL server. so to solve this one install SQL Management Studio if you didn’t already and give you SCOM SDK account next permissions on msdb database.

image

Error is fixed now and you will not see it in the future.

System Center Operations Manager 2016 Step by Step–Part 6

Lets install Reporting server now. I needed to change my design because I read note below on TechNet. It means if you use web console and want to access Reporting, you will not be able to access it if you installed this role on server different than web console role server. So I needed to install reporting services on management server and not on SQL server like I planed.

On the same TechNet link you can find all steps required to check if your Reporting services are configured correctly. Still, if you pass next steps, you are good to install SCOM Reporting server.

 

Although SQL Server Reporting Services is installed on the stand-alone server, Operations Manager reports are not accessed on this server; instead, they are accessed in the Reporting workspace in the Operations console. If you want to access published reports via the web console, you must install the Operations Manager web console on the same computer as Operations Manager Reporting server.

 

I installed Reporting Services (in Native mode) on server. Open Reporting Services Configuration Manager and connect to you Reporting instance to configure it.

image

Check that you Reporting Services are running.

image

Go to Service accounts. You need to enter here you Data warehouse reader account. When you enter it it will ask you for backup encryption key location and password. It is used to encrypt all communication of Reporting service. Store it on safe place together with password. image

image

Open Web Service URL and click apply.

image

When you click on URL and open it in browser you should get next data. It means Reporting Services are available.

image

Go to Database page. We need to create Reporting database on SQL server.

image

Click on change database and choose Create new database

image

Choose SQL server you will create database on and select account which has enough rights to create database on this server

image

Give some name to database

image

Enter service credentials from service account page (Data Warehouse reader account)  that will grant that account access to reporting database

image

Click next on summary page and if everything went successful go finish

image

Check Web portal URL page

image

Click Apply and check url in browser. You should get this web page if everything is fine. This is SSRS 2016 so page may look different if you use another SQL version

image

On Execution account  page enter DWH reader account again. One more thing to check. Go to Scale-out Deployment. Your Reporting Services server should be joined.

image

That all regarding configuring  SSRS for SCOM Reporting server. Now lets install SCOM Reporting server. Before setup check Remote registry service. It should be started and startup need to be automatic on SCOM Reporting server. Run setup and choose this role to install

image_thumb65

All prerequisites should be clear

image

Your SQL Reporting Service instance should be automatically shown on this page, or if there is more then one?! choose yours.

image

You will enter here you SCOM DWH Data reader account.

image

Go thru three next pages and start installation. If everything is green, you have SCOM Reporting server installed.

image