System Center Operations Manager 2016 Step by Step–Part 7

After SCOM installation there will always be some hiccups to solve. Lets start with two. First one is long time friend of SCOM and second one is related to SCOM 2016 installation. If you open SCOM console most likely you will see this error:

Data Access Service SPN Not Registered

The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/scom2016 and MSOMSdkSvc/scom2016.contoso.com to the servicePrincipalName of CN=SCOM2016,OU=servers,DC=contoso,DC=com

 

image

From times of SCOM 2012 management servers can run on multiple computers for redundancy and workload offload. Before there was only one management server  and usual place were SPN  (Service Principal Name) was added was its computer account. Today we use domain user account for running this service on multiple servers and SPN should be placed there. So lets list SPN for account we use. We use setspn command.

C:\Windows\system32>setspn -l contoso\scomcdas
Registered ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com:

We see there is no SPN registered for this account because this account does not have rights to do that

If you run this on computer account we get next result

C:\Windows\system32>setspn –l contoso\scom2016
Registered ServicePrincipalNames for CN=SCOM2016,OU=servers,DC=contoso,DC=com:

MSOMHSvc/SCOM2016
MSOMHSvc/scom2016.contoso.com
WSMAN/scom2016
WSMAN/scom2016.contoso.com
TERMSRV/SCOM2016
TERMSRV/scom2016.contoso.com
RestrictedKrbHost/SCOM2016
HOST/SCOM2016
RestrictedKrbHost/scom2016.contoso.com
HOST/scom2016.contoso.com

So lets add SPN for our account. You do this with commands

setspn -A  MSOMSdkSvc/SERVERNAME DOMAIN\USERNAME
setspn -A  MSOMSdkSvc/SERVERNAME.fqdn.name DOMAIN\USERNAME

C:\Windows\system32>setspn -s MSOMSdkSvc/scom2016.contoso.com contoso\scomcdas

Checking domain DC=contoso,DC=com

Registering ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com
MSOMSdkSvc/scom2016.contoso.com
Updated object

Repeat the same with NETBIOS name  setspn -s MSOMSdkSvc/scom2016 contoso\scomcdas

If you list you SPN on domain account it should look like this:

C:\Windows\system32>setspn -l contoso\scomcdas
Registered ServicePrincipalNames for CN=scomcdas,DC=contoso,DC=com:

MSOMSdkSvc/scom2016
MSOMSdkSvc/scom2016.contoso.com

SDK will be healthy now

image

The EXECUTE permission was denied on the object ‘sp_help_jobactivity’, database ‘msdb’, schema ‘dbo’.

New features, new problems. This is second error you will receive on SCOM 2016 installation only. If you did all by the book and you click Maintenance Schedule you will get this error.

image

You will see it also in Operations Manager event log even if you didn’t try to use Meintenence schedule.

image

What to do? This is purely missing permissions of SCOM sdk account on SQL server. so to solve this one install SQL Management Studio if you didn’t already and give you SCOM SDK account next permissions on msdb database.

image

Error is fixed now and you will not see it in the future.

Advertisements

System Center Operations Manager 2016 Step by Step–Part 6

Lets install Reporting server now. I needed to change my design because I read note below on TechNet. It means if you use web console and want to access Reporting, you will not be able to access it if you installed this role on server different than web console role server. So I needed to install reporting services on management server and not on SQL server like I planed.

On the same TechNet link you can find all steps required to check if your Reporting services are configured correctly. Still, if you pass next steps, you are good to install SCOM Reporting server.

 

Although SQL Server Reporting Services is installed on the stand-alone server, Operations Manager reports are not accessed on this server; instead, they are accessed in the Reporting workspace in the Operations console. If you want to access published reports via the web console, you must install the Operations Manager web console on the same computer as Operations Manager Reporting server.

 

I installed Reporting Services (in Native mode) on server. Open Reporting Services Configuration Manager and connect to you Reporting instance to configure it.

image

Check that you Reporting Services are running.

image

Go to Service accounts. You need to enter here you Data warehouse reader account. When you enter it it will ask you for backup encryption key location and password. It is used to encrypt all communication of Reporting service. Store it on safe place together with password. image

image

Open Web Service URL and click apply.

image

When you click on URL and open it in browser you should get next data. It means Reporting Services are available.

image

Go to Database page. We need to create Reporting database on SQL server.

image

Click on change database and choose Create new database

image

Choose SQL server you will create database on and select account which has enough rights to create database on this server

image

Give some name to database

image

Enter service credentials from service account page (Data Warehouse reader account)  that will grant that account access to reporting database

image

Click next on summary page and if everything went successful go finish

image

Check Web portal URL page

image

Click Apply and check url in browser. You should get this web page if everything is fine. This is SSRS 2016 so page may look different if you use another SQL version

image

On Execution account  page enter DWH reader account again. One more thing to check. Go to Scale-out Deployment. Your Reporting Services server should be joined.

image

That all regarding configuring  SSRS for SCOM Reporting server. Now lets install SCOM Reporting server. Before setup check Remote registry service. It should be started and startup need to be automatic on SCOM Reporting server. Run setup and choose this role to install

image_thumb65

All prerequisites should be clear

image

Your SQL Reporting Service instance should be automatically shown on this page, or if there is more then one?! choose yours.

image

You will enter here you SCOM DWH Data reader account.

image

Go thru three next pages and start installation. If everything is green, you have SCOM Reporting server installed.

image

System Center Operations Manager 2016 Step by Step–Part 5

And now lets do easy part clicking next buttons. Just to remind you. We are installing SCOM 2016 on one server that will be management, web console and reporting server and another server that will host SQL workloads.

  1. Start setup.exe and click on Install.image
  2. Choose roles you will install image
  3. Select Installation locationimage
  4. On Prerequisites page you will have nothing to do if you already done all things from Part 4 of seriesimage
  5. Name Management group. It should be unique if you have more then one in your System Center ecosystemimage
  6. Skip configuration page and enter all data needed for Operational Database and Data Warehouse database on next pageimage
  7. Set all needed for SCOM Web console. Use SSL if you want securityimage
  8. This page is self-explanatoryimage
  9. If you already prepared SCOM accounts for different roles please fill them inimage
  10. Read or don’t read this one and click nextimage
  11. Choose carefully what you wish forimage
  12. Check all settings you put for installation and go Installimage
  13. After everything went successful setup is complete. There is a warning to enter license because you installed Evaluation copyimage
  14. Console will open and everything is set to go. image
  15. One thing remains. If you remember, we created AD group that will be SCOM administrator. Please go to administration pane > User Roles > Operations Manager Administrators. As you can see BUILTIN\Administrators is default administrators in you SCOM environment. Delete it and add your SCOM administrators group.imageimage

This conclude our first par of installation because we need to do Reporting server installation also. I will explain it right away in next blog just because I don’t want to have blog more than 100 pages long Smile

System Center Operations Manager 2016 Step by Step–Part 4

I saw today  that I wrote last post almost a month ago. It took me almost a month to go back to what I started to do. Installing SCOM 2016. In last blog post we prepared SQL server for installation. Yesterday I was checking on event logs for SQL, and there was some errors. So please install CU 4 for SQL 2016 RTM to suppress these errors.

Lets continue. I want to prepare for SCOM installation. What I need to install beforehand? All prerequisites you can find on TechNet System Center guide page but I will simple it up.

First thing is Management server. You will install SCOM console there and you need to  install the Report Viewer controls to any server that will receive a SCOM console.  There is a prereq for the Report View controls which is the “Microsoft System CLR Types for SQL Server 2014” (ENU\x64\SQLSysClrTypes.msi) available here:   https://www.microsoft.com/en-us/download/details.aspx?id=42295.

Install that first and after that install Report Viewer.

image

So we finish prereq one. Lets go prereq two. To install web console on any server you will need to install IIS with all of this options.

Internet Information Services: IIS 7.5 and later versions, with the IIS Management Console and the following role services installed:

  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Logging
  • Request Monitor
  • Request Filtering
  • Static Content Compression
  • Web Server (IIS) Support
  • IIS 6 Metabase Compatibility
  • ASP.NET (both the 2.0 and 4.0 versions of ASP.NET are required.)
  • Windows Authentication

Just run this PowerShell command any it is done.You put you path in source parameter for Windows Server OS installation source or if your computer has access to Internet you don’t need it. It is required for asp.net 2.0 activation (correct me if I am wrong)

Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth -Restart -Source D:\sources\sxs

image

Restart computer after this. Recommended by Kevin Holman. After that you will probably get new updates so update computer before continuing.

Lets prepare service accounts. You need next accounts

  • Local System                      SCOM Server Action Account (you can create domain one, I use local system)
  • DOMAIN\scomcdas            SCOM Config and Data Access Account
  • DOMAIN\scomdwreader    SCOM Data warehouse Reader Account
  • DOMAIN\scomdwriter     SCOM Data warehouse Write Account
  • DOMAIN\scomsql              SQL Service Account
  • DOMAIN\ScomAdmins       SCOM Administrators security group

Add scomcdas, scomdwreader,scomdwriter and Scom server action account if you created domain one to ScomAdmins group. Add the “SCOMAdmins” domain global group to the Local Administrators group on each server.

This is basic prerequisites for running setup of SCOM. See you tomorrow I hope.

System Center Operations Manager 2016 Step by Step–Part 3

Hi again

after some work problems I get back to new SCOM 2016 installation. I mentioned last time that we will today install SQL server. There were some questions about which version to use. I wanted to install SQL 2016 SP1 but I get notice it is not yet supported (see comments on this post by Kevin Holman.  You can get the list of last supported databases with SCOM 2016 UR1 on this TechNet link

image

You can use version you choose, because if you remember SQL license is free for System Center products. With only one rule, just use it for System Center products databases and nothing else.

Did you create SQL service account. If you didn’t, do it now. I created only two. One for SQL service account and one for SQL Reporting services account. So lets start. Choose new SQL server installation

image

After entering product key, accept license terms of use. I skipped Microsoft updates because I don’t want to end up with SP1 I don’t need for this SCOM installation.

image

If everything is green you are good even windows firewall scream for attention here. You choose next features needed for SCOM SQL installation

image

Choose default instance if you don’t need better that that

image

Enter you domain service accounts for SQL services and give services automatic startup. Also check Volume Maintenance Task privilege to use this new SQL feature.

image

You need to use this SQL collation. In any case it is by default in SQL installation sou you will not miss it

image

Specify Windows authentication mode (do not use Mixed mode)

image

You setup your database and log files as you can, but rule of the thumb is to format those drives with 64K allocation unit sizes, and if you have possibility put your tempdb database and log on SSD drive. It is best to leave that volumes only for databases.

image

On Reporting Services page choose Install and Configure

image

Click next on Feature Configuration Page if everything is green  and then Install on Ready to Install page.

After everything is done, we are free to go further. Until next time

image

SQL Server Broker for the Operations Manager database is disabled

I was moving Operations Manager database today, but after everything went smooth, I get this error  “SQL Server Broker for the Operations Manager database is disabled” How  to fix it?

First of all stop all SCOM services in this order

  1. System Center Management Configuration
  2. Microsoft Monitoring Agent
  3. System Center Data Access Service

After that Open SQL Management Studio and do this SQL queries (run one by one)

ALTER DATABASE OperationsManager SET SINGLE_USER WITH ROLLBACK IMMEDIATE
 ALTER DATABASE OperationsManager SET ENABLE_BROKER
 ALTER DATABASE OperationsManager SET MULTI_USER

SELECT is_broker_enabled FROM sys.databases WHERE name='OperationsManager'

If everything is successful last query will give you result 1, so it means that SQL broker service is enabled.

Start Services in opposite order then stopping. Have a nice weekend

System Center Operations Manager 2016 Step by Step– Part II

I promised last time I will give my example of SCOM environment (experience based)  so you can compare it with your requirements, to see if that may work for you. Right know lets start with number of current SCOM agents on my SCOM server. I recently deleted some because we changed Exchange environment and some other things. To get exact number of agent installed around we will use PowerShell and simply do next

image

As you can see I have 35 agents installed. If you are unfamiliar with the term, it is every computer that have SCOM agent installed (MMA – Microsoft Monitoring Agent).  It is not some representative number. Still I think it is more common then people think. But still there is much more hidden workload that is not accounted in this number.

You will probably want to monitor some network devices too. Or maybe even storage or some other SNMP enabled devices. Lets count them with PowerShell. As you can see there is some IP addresses there. They are some optical switches, tape library, storage etc.

image

That is not all but lets stop there. Where is it running now? You will be surprised!  All of this is running on just one physical HP DL380 G5 server fully populated with disks and 32 GB of RAM with SCOM environment installed including databases (I mean DWH&ACS database too). But please don’t go there. This server was installed in time of SCOM 2007 R2 version when that was enough for that workload. I needed to tweak a lot of things to get it running on current SCOM 2012 R2 version. It survived couple of SCOM upgrades in between . Console was slower but it worked. I am now more clever and I will do fresh start. So what configuration can easily chew this environment. I found some servers in our warehouse with next configuration.

image

It doesn’t seems some round numbers but people from supply have some strange configurations in their heads Smile

What is important here. First of all, please separate SQL workload from management server. Two reasons.

  1. SQL workload can be very hard on performance and will stand in the way of normal SCOM functioning. It will take RAM, processors, everything it needs to work.
  2. SQL Server license is free for System Center use only. So please don’t put it on some big SQL server where you have a ton of other databases. In my case I will put also SCCM database here because it is small enough. If you need SQL workload for some other System Center product consider more RAM memory and enough space to accommodate database sizes

I don’t have anything against virtual servers. Management server can be virtualized in this configuration without to much fuss. SQL virtualization? Maybe, but that is you decision to make. So what we need for next time.

We will start with SQL installation. Because I want to run SCCM database here too, I need to consider what SQL version are compatible for both System Center products. As I understood somewhere Configuration Manager is going on its own path besides System Center product. I still didn’t chew on that one, but it was always separate product for me. From times of SMS 2003.

image

If you look at the SQL compatibility for ConfigMgr 2016 (I need to stop using SCCM) you will see that SQL 2016 SP1 is supported. I will try to install SP1 version and see if that goes. I didn’t found any documentation is SP1 supported for SCOM but I will look for it.

Until next time

How to license WORKGROUP server in DOMAIN !

You probably had task to license some server or client PC that is not domain member and besides that it is not using your domain DNS server. As you already know, KMS server is usually installed on domain joined server. So what to do? First open hosts file (%windir%\system32\drivers\etc) on computer you want to license, and add host record for your KMS server (vmo-aaa in my case).

image

After that you need to run two command. You need to know on which port your KMS service is working. Default port is 1688. With first command you tell client which server and port to use for licensing, and in second you activate your license. That is all you need to activate your Windows license.

Slmgr /slms vmo-aaa:1688
Slmgr -ato

System Center Operations Manager 2016 Step by Step– Part I

As you know SCOM 2016 is published last year. Like many others I also have a task to upgrade my SCOM environment to new version. That’s why I get idea to document my path and maybe help other on all problems that can occur. Probably there is some people that are installing this product  for the first time. I will not write to much about theory of how SCOM works but focus mainly on all steps required to have functional and working SCOM environment. Especially I will take some time to explain configuration of some different management packs both Microsoft, vendor and community published.

So lets start. For all of you newbies, I will recommend first some reading you can do besides this blog. There is not so much books about SCOM 2016 but there is no much change when you compare it to 2012 R2 version. You can use 2012 R2 books and articles if you have it already. This is the list of latest books, new and old links you can use:

There is more, but lets stop here. It is more then enough to start with. So what is the first step. PLANNING!

To have functional SCOM environment you need to carefully plan your workloads. How to size your environment? You can do it by experience from your previous deployments, but if you are new then you use System Center 2012 Operations Manager Sizing Helper Tool Excel sheet. It is made for SCOM 2012 version, but it is usable for SCOM 2016. Only thing I saw is wrong in excel sheet is number of Linux/Unix computers you can manage with one management server. If I am not wrong number is doubled in SCOM 2016 so take that in account.

image

I will not walk you on Excel sheet. You will need to go for yourself to discover your needs. Please be extra careful with designing database server. It is crucial in SCOM design. If you have some good SQL admin ask his advise. If you don’t know how to calculate IOPS requirements you can test them on you server. For that best thing to use lately (besides IOmeter) is using DiskSpeed Powershell script together with  Diskspd Utility: A Robust Storage Testing Tool (superseding SQLIO). Be careful to put script into right folder with diskspd.exe file to get it running. When you succeed you get something like this.

image

I need to run to other task that are waiting for me, but we will see each other very soon. Go thru this subjects and next time I will show you my imagined future configuration on almost purely experience basis.

See you

How to remove OMS from SCOM

I am sometimes so annoyed that once you connect your SCOM to OMS it is hard to get rid of it. You even delete workspace, but only thing you get is some errors in SCOM console. Ok how to get it out if you temporary doesn’t want it there?

I started with Kevin Holman post about it but I had some trouble doing it so here is full  story. Lets first copy paste some things.

First of all we need to stop download of intelligence  management packs from OMS and all others related. To do that,  create override with name “override OMS temporary disable” , and disable two rules. Go to Authoring > Rules, and set your scope only to “Operations Manager Management Group”

Disable the following two rules:

image

It will disable automatic download of OMS MPs.

Now lets delete some MP

Open PowerShell and do next commands

Get-SCOMManagementPack -name “*advisor*” | Remove-SCOMManagementPack

Get-SCOMManagementPack -name “*IntelligencePack*” | Remove-SCOMManagementPack

get-SCOMManagementPack -name “Microsoft.EnterpriseManagement.Mom.Modules.AggregationModuleLibrary” | Remove-SCOMManagementPack

First command will probably fail. you will delete only one management pack but rest of it will not be possible because of dependency. This two you will have problems with

image

They have dependency on this management pack and you can not delete them. So what to do?

image

If you added run as account for System Center Advisor Run As Profile Proxy, and probably you did,  remove it from there. After that we need to edit this management pack. Go to PowerShell again and do this (don’t run it read first).

$MP = Get-SCOMManagementpack -Name Microsoft.SystemCenter.SecureReferenceOverride
$MP.References
$MP.References.Remove(“SystemCenter6“)
$MP.References.Remove(“SystemCenter5“)
$MP.Verify()
$MP.AcceptChanges()

To explain.

  1. With $MP.References you will show all reference inside this MP including Advisor ones.image
  2. After that you will remove references using right Key names listed for Advisor MPs
  3. With MP.Verify() you check everything to ensure there are no orphaned overrides, etc.
  4. If everything is OK do $MP.AcceptChanges() to save everything

After that you can easily delete first override mp “override oms temporary disable”  and both  left over Advisor MPs.

image

If I missed some step please comment