System Center Operations Manager Ignite Announcements

 

Ignite is behind us, and lots of new things are happening in and around Microsoft. Things change, and SCOM also. If you are SCOM user and follow SCOM team blog, you will see that they announced survey regarding changes they implement in System Center products. One of them is new release cadence that will resemble Windows. It means that update for System  Center will be aligned with Windows updates. On November 8th Microsoft will release preview version of System Center 1801. If you don’t understand the numbers of version, first two numbers are the year of release, and two last ones are the month. System Center will be released semi-annual with new future addressing issues and new feature. you will be able to update you system if you have eligible Software Assurance for that product.

systemcentercadence

When we talk about what is coming for SCOM 2016 here it is

  • System Center 1801 prieview early November. Release Q1 2018
  • Service Map integration is now in public preview but it will relased probably with new version. you can download MP here
  • Windows Server 2016 SDDC monitoring

Improved Unix/Linux support

    • “setup improvements” hopefully a better way to deploy “manually”
    • Kerberos support
    • Log file monitoring with FluentD. Essentially this enables us to create monitors etc. based on logfiles as we can with Windows (This is huge)

image

SCOM 2016 HTML5 console

  • Improved diagnostics and drill down – this is huge for those who haven’t invested in third-party software
  • Custom widget support. Display other charts on your dashboard.

image

  • MP updates and recommendations (introduced in 2016) now supports 3rd party MPs. 56 partners with certified MPs are available.
  • Visual Studio Authoring Extension for VS 2017

If you want to find out more details about all of this please watch Ignite session System Center for the modern datacenter: First look at advancements coming this year

Advertisements

Importing SCOM management packs after update rollup installation

So you installed new SCOM Update rollup. As you know procedure is to install new versions of management packs from folder “Management Packs for Update Rollups”. You can check procedure on this post. This is usually repeating task and sometimes we install management packs we don’t need. to make it easier I wrote script that will firstly check for installed MPs on local server and than look for new versions in  “Management Packs for Update Rollups” folders. If there is a new version it will install management packs. You can modify script easily and change to make it more suitable for you. It is maybe not SCOM friendly script but usually there is no much changes in management packs for update rollup besides new versions of files.

To download it visit TechNet Gallery link

Enjoy time you gain and use it wisely

System Center Operations Manager 2016 Step by Step– Part 14 – Installing ACS reports

Hi it was long time ago I wrote something so lets continue. you installed and configured ACS but you want to see reports. How to do it.

Log in to your SSRS server where you already have deployed SCOM reports and make sure that everything is working properly first.

image

After that copy ACS folder from installation media in ReportsModel folder to you server for example to C:\ drive

image

Run PowerShell or cmd and run next command

.\UploadAuditReports "myAuditDbServer\Instance1" "http://myReportServer/ReportServer$instance1" "C:\acs"

Result will look something like this. Ignore warnings

image

After that open Reports web page. Usually http://server:80/reports and open Audit Reports folder

image

Select show hidden items if it is not already checked

image

Click DBAudit source. Setting should be looking like this

image

Open one report in console and try to test it

image

It should be working Smile

image

System Center Operations Manager 2016 Step by Step– Part 13 – Manually installing agents on server

Recently I had problem with SCOM agent. Shortly it crushed totally SharePoint 2010 frontend server. To find out more you can read about it on this post APM feature in SCOM 2016 Agent may cause a crash for the IIS Application Pool running under .NET 2.0 runtime.

One of the solutions was to install agent manually without installing  APM feature. Before you do anything first copy installation of MOM agent or complete SCOM installation locally on PC. I copied everything in C:\SC 2016 RTM SCOM  folder. This is the short description of command use to do it. It is used when you don’t have AD integration enabled and you use Local system account as Action account

 


%WinDir%\System32\msiexec.exe /i "C:\SC 2016 RTM SCOM\agent\AMD64\MOMAgent.msi" /qn USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 MANAGEMENT_GROUP=scom-hteronet MANAGEMENT_SERVER_DNS=scom2016.domain.com SECURE_PORT=5723 ACTIONS_USE_COMPUTER_ACCOUNT=1 NOAPM=1 AcceptEndUserLicenseAgreement=1

Stay happy

System Center Operations Manager 2016 Step by Step– Part 12 – Installing agents on DC servers

In process of migration or installation of SCOM agents you will come across DC servers eventually. There is one catch there. You installed agent and for some reason it is grayed out, and it is not working. You use SYSTEM account for SCOM agent. Additionally you will get errors in SCOM shown on  picture, and some errors on client itself

 

image

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:33:19
Event ID:      7017
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com

Description:
The health service blocked access to the windows credential NT AUTHORITY\SYSTEM because it is not authorized on management group scom-hteronet.  You can run the HSLockdown tool to change which credentials are authorized.

Log Name:      Operations Manager
Source:        HealthService
Date:          29.3.2017. 9:48:49
Event ID:      1102
Task Category: Health Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      grdc2.contoso.com
Description:
Rule/Monitor “Microsoft.SystemCenter.ManagementServicePool.AvailabilityMonitor” running for instance “grdc2.contoso.com” with id:”{20408967-8F5C-F9C4-836A-6BCE494F61DD}” cannot be initialized and will not be loaded. Management group “scom-hteronet”

So what is the problem? Go directly on DC server and open command prompt like admin.  Navigate to C:\Program Files\Microsoft Monitoring Agent\Agent. Run command hslockdown /L. You will  see that NT AUTHORITY\System account is denied for usage on SCOM agent.

image

To solve this problem you will remove SYSTEM account from denied with next command

HSLockdown.exe <YouManagementGroupName> /R “NT AUTHORITY\SYSTEM”

image

Restart agent and it should start working!

image

System Center Operations Manager 2016 Step by Step– Part 11 – Installing management packs

For some specific service or application to be monitored by SCOM we need management packs. It discovers, define elements of application or service and have monitoring data/knowledge that is written inside. For distributed application, like for example Active Directory , it contain health model that will tell us that AD is in bad condition and pinpoint component not functioning properly. Enough theory.

For our new SCOM installation we will start with Windows Server Management packs. It is most easier to configure. Things is that every MP has it specific setting that should be configured to enable proper MP functioning. That’s why you need to read thru MP User Guide like proper SCOM Admin should do Smile

Because we don’t have Windows Server MP installed we will not see any usual performance data for Windows  server (CPU, memory, disk utilization etc.)

image

Let install it. Like in Part 9  go to import management pack in Administration pane but this time chose Import from Catalog instead from disk. MP Catalog is Microsoft repository of all MP’s for Microsoft or other vendor products. You can Search or browse. I typed in operating system , and click on Search button. Result is shown on next picture. You probably already know that you need internet connection for SCOM  to have access to MP Catalog.

image

If you expand all groups for CoreOS and Core OS 2016  you will get next list of available MPs. You can see the name, status of MP (Installed/Not Installed), version and release date. You can notice that version of MP for Windows Server 2016 starts with number 10 and recent Windows Server OS with number 6. There was some changes in MP lately so we have new start numbers for new things. You can see from names of MP that some are for discovery of operating system elements, some for monitoring and reporting ones are also there.

image

Let Select and add all not installed MP’s from Core OS group. I don’t have 2016 servers yet in environment so I will not choose Core OS 2016 MP’s. If you have choose it.  After adding list will look like this.

image

Click OK and you will get back to first screen with your selected MP’s. Sometimes this windows will give you warning if there is some dependencies for selected MP. About that some other time. Click Install

image

After it downloads MP importing will start and finished successfully I hope

image

image

Now lets wait some time to see what happens in our monitoring pane . Read that Windows Server MP User Guide in meantime!

System Center Operations Manager 2016 Step by Step– Part 10 – Installing agent

So lets install our first agent. In my case I will install first agent on SQL server that is hosting my SCOM databases. Go to administration pane and right click on any item in Administration pane. Click on  discovery wizard.

image

Discovery Wizard is used to install agent on Linux/Unix and Windows  computers for monitoring, or add network devices to SCOM network monitoring. In this example we are installing Windows computer.

image

On this windows you can choose to discover all computer from your domain, or use advanced search to pinpoint servers you want agents to be installed.

image

If you choosed advanced discovery you have two options to search for computers. One is to query AD, and second one is to browse and computer manually.

I choose browse and entered computer name.

image

image

On Administrator account page you will select SCOM Action Account or enter specific domain account  that has admin privileges to install agent on selected computer. You can use local admin account of computer, but be shure to select check box under account data.

image

Click Discover and after some time list will be populated with your computer or computers. Select check box next to computer you want agent to be installed. Go Next

image

On summary page you can choose account agent will use to run service, and installation path of agent. I use Local System like agent service account. It has some advantages and disadvantages, like everything else.

image

Click finish and agent installation will begin. After some time success message will appear.

 

imageimage

If you go back to Monitoring pane, under Discovered Inventory computer will show up. It is still not monitored because discovery need time to discover all elements installed on computer.

image

System Center Operations Manager 2016 Step by Step– Part 9 – Installing UR2

Hi. So we came long way. If you spend a lot of time dealing with SCOM you will probably encounter some bug or problems in software. From time to time Microsoft release Update Rollups. They are usually fixing noticed problems, or sometimes create new one Smile. Developers! Installation is not so straight forward. Like with management packs you need to read installation manual. UR2 is current version.  You can follow instructions on this KB article, or follow next lines.

I assume that you downloaded all needed files. You will need to extract msp files to one folder. There is a separate file of UR for every SCOM role. Sometimes some UR doesn’t have UR file for specific role

image

There is specific order of installing UR-s. You will install it in next order on all server that host specific role.

  • Management server or servers
  • Web console server role computers
  • Gateway
  • Operations console role computers

First of all open command prompt as Administrator and navigate to you extracted files. First we install management server UR on all servers with that role.

image

When you start installation it finish fast, so don’t worry if you think nothing happened

image

After that repeat the same process for web console, getaway and operations console role.Second step includes connecting to SQL server that hosts SCOM databases, and running Update_rollup_mom_db.sql  sql script on OperationsManager database. Script is located in %SystemDrive%\Program Files\System Center 2016\Operations Manager\Server\SQL Script for Update Rollups. Script can take some time if you have big database. Be patient.

image

After you run script standard procedure is to import new versions of management packs related to UR. You go to Administration pane> Management packs > Import Management packs. Like on next picture

image

Choose Add from disk and navigate to %SystemDrive%\Program Files\System Center 2016\Operations Manager\Server\Management Packs for Update Rollups

image

Usually I choose everything and then delete unnecessary MPs. Full list after selecting all MPs  is presented on next picture. First thing you will remove from the list is all language resources other then ENU. If you use some specific language listed choose it accordingly.

SNAGHTML27470208

After removing unnecessary MPs this s what its left. Import MPs

image

After that we check up on agent installed on monitoring servers. (We will installed agents on monitored computers in later blogs)  All server that need update will be in Pending Management. Select servers in your preferred manner and install updates to agent.

image

Last thing but not least is to update your consoles on all computers that have one installed.

There is more detailed about installing SCOM UR, especially if you monitor Linux/Unix computers. For all of it you can reference to more detailed blog post of Kevin Holman about installing UR for SCOM

System Center Operations Manager 2016 Step by Step–Part 8

Lets do one simple thing before weekend. Lets activate SCOM license.  If you open SCOM console in Help > About section you can notice that this version is Evaluation copy. Evaluation copy can work 6 months.

image

To find your license key, you will need to go to Microsoft Licensing Service Center and under downloads for System Center copy you license key.

image

To activate license you will need to enter it using PowerShell command Set-SCOMLicense. To do it, open PowerShell console in Administrator mode, and enter commands written below. You may need to restart your computer. Last command will show you license status. As you can see it still Evaluation license. It is entered in registry and it takes restart to load it Smile

import-module OperationsManager
Set-SCOMLicense -ProductId "<yourlicensekey>“ 
Get-SCOMManagementGroup | ft skuforlicense, version, timeofexpiration -a

image

After restart if you enter this command again you will get activated license and also Retail text  in console Help > About

image

image

System Center Operations Manager 2016 Step by Step–Part 7

After SCOM installation there will always be some hiccups to solve. Lets start with two. First one is long time friend of SCOM and second one is related to SCOM 2016 installation. If you open SCOM console most likely you will see this error:

Data Access Service SPN Not Registered

The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/scom2016 and MSOMSdkSvc/scom2016.contoso.com to the servicePrincipalName of CN=SCOM2016,OU=servers,DC=contoso,DC=com

 

image

From times of SCOM 2012 management servers can run on multiple computers for redundancy and workload offload. Before there was only one management server  and usual place were SPN  (Service Principal Name) was added was its computer account. Today we use domain user account for running this service on multiple servers and SPN should be placed there. So lets list SPN for account we use. We use setspn command.

C:\Windows\system32>setspn -l contoso\scomcdas
Registered ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com:

We see there is no SPN registered for this account because this account does not have rights to do that

If you run this on computer account we get next result

C:\Windows\system32>setspn –l contoso\scom2016
Registered ServicePrincipalNames for CN=SCOM2016,OU=servers,DC=contoso,DC=com:

MSOMHSvc/SCOM2016
MSOMHSvc/scom2016.contoso.com
WSMAN/scom2016
WSMAN/scom2016.contoso.com
TERMSRV/SCOM2016
TERMSRV/scom2016.contoso.com
RestrictedKrbHost/SCOM2016
HOST/SCOM2016
RestrictedKrbHost/scom2016.contoso.com
HOST/scom2016.contoso.com

So lets add SPN for our account. You do this with commands

setspn -A  MSOMSdkSvc/SERVERNAME DOMAIN\USERNAME
setspn -A  MSOMSdkSvc/SERVERNAME.fqdn.name DOMAIN\USERNAME

C:\Windows\system32>setspn -s MSOMSdkSvc/scom2016.contoso.com contoso\scomcdas

Checking domain DC=contoso,DC=com

Registering ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com
MSOMSdkSvc/scom2016.contoso.com
Updated object

Repeat the same with NETBIOS name  setspn -s MSOMSdkSvc/scom2016 contoso\scomcdas

If you list you SPN on domain account it should look like this:

C:\Windows\system32>setspn -l contoso\scomcdas
Registered ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com:

MSOMSdkSvc/scom2016
MSOMSdkSvc/scom2016.contoso.com

SDK will be healthy now

image

The EXECUTE permission was denied on the object ‘sp_help_jobactivity’, database ‘msdb’, schema ‘dbo’.

New features, new problems. This is second error you will receive on SCOM 2016 installation only. If you did all by the book and you click Maintenance Schedule you will get this error.

image

You will see it also in Operations Manager event log even if you didn’t try to use Meintenence schedule.

image

What to do? This is purely missing permissions of SCOM sdk account on SQL server. so to solve this one install SQL Management Studio if you didn’t already and give you SCOM SDK account next permissions on msdb database.

image

Error is fixed now and you will not see it in the future.