Tuesday, December 8, 2020

Scom console error when reconfiguring log analytics connection

 

Error in scom console when you click on Azure Log Analytics -> Connection-> Re-Configure Log Analytics. This happens due to SSL settings for using a strong encryption being enforced by Microsoft. SCOM applies the same settings as Internet explorer settings for the console.

 

 

You may also see the following text when you click on details for the error:

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://usbn1.service.oms.microsoft.us/Config/SettingService.svc/ServiceSettings. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://service.systemcenteradvisor.com/Config/SettingService.svc/ServiceSettings. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

 

Solution:

Add the following registry key to your console computer.

Copy the following text into a notepad and save the file as ".reg " instead of "txt". Relaunch the console and complete the log analytics reconfiguration.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Monday, September 28, 2020

Making a web request using powershell and reading response

## Sending a web request to a url and getting a response back.
$urlresponse = $null
$response = $null
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$strURI = "https://www.bing.com"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$req = [Net.WebRequest]::CreateHttp($strURI)
$response = $req.GetResponse() ;
[System.IO.Stream]$datastream = $response.GetResponseStream()
$streamreader = New-Object  System.IO.StreamReader($datastream)
$urlresponse = $streamreader.ReadToEnd();
Write-Host $response.ProtocolVersion  -ForegroundColor Yellow
Write-Host $req.servicepoint.certificate.GetExpirationDateString()  -ForegroundColor Yellow
Write-host $req.ServicePoint.Certificate.GetIssuerName()  -ForegroundColor Yellow
## Write-Host $urlresponse -ForegroundColor Yellow ## Should be commented if you expect the response to be too large
$response.Close() | Out-Null;


Friday, July 17, 2020

SCOM agent not connecting. Events 20000,21016,20070



The OpsMgr Connector connected to MS.contoso.com, but the connection was closed immediately after authentication occurred.  The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration.  Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect

OpsMgr was unable to set up a communications channel to MS.contoso.com and there are no failover hosts.  Communication will resume when MS.contoso.com is available and communication from this computer is allowed.

After all actions have failed like repair, reinstall, delete,approve again etc. The following steps should work. Use at you own risk and don't forget to backup your database.

Uninstall the agent from the computer completely first. Then do the following actions in sequence.

1. Delete pending agent if any

exec p_AgentPendingActionDeleteByAgentName ‘agentname.domain.com’

2. Delete
USE [OperationsManager]
UPDATE dbo.[BaseManagedEntity]
SET
[IsManaged] = 0,
[IsDeleted] = 1,
[LastModified] = getutcdate()
WHERE FullName like ‘%computername%’

3. Grooming

DECLARE @GroomingThresholdUTC datetime

SET @GroomingThresholdUTC = DATEADD(d,-2,GETUTCDATE())
UPDATE BaseManagedEntity
SET LastModified = @GroomingThresholdUTC
WHERE [IsDeleted] = 1
UPDATE Relationship
SET LastModified = @GroomingThresholdUTC
WHERE [IsDeleted] = 1
UPDATE TypedManagedEntity
SET LastModified = @GroomingThresholdUTC
WHERE [IsDeleted] = 1

EXEC p_DataPurging

4.  Groom all partition tables.

/*-------------------------------*/

declare @counter int  set @counter = 0  while @counter < 122

begin

exec p_PartitioningAndGrooming

set @counter = @counter + 1

print 'The counter is ' + cast(@counter as char)

end

/*-----------------------------*/

Thursday, July 9, 2020

SQL connection failing SSPI Error


Error:

The target principal name is incorrect. Cannot generate SSPI context. (Microsoft SQL Server)

Steps to resolve this error.

Check if the spn' are registered properly. Lots of information out there on how to create and spn.

Check if kerberos is not blocked by a group policy.

Check if kerberos encryption being used in allowed.

Local security policy: "Network Security: Configure encryption types allowed for Kerberos"


Friday, April 17, 2020

Allowing users who are not part of Azure AD to access Azure SQL managed instance.

Here are the concise steps to achieve this.

1. Login to Azure portal and open Active Directory.
2. Create a guest user and invite to your organization.
3. Once the user has accepted this invitation he/she will show up in the Azure AD users blade.
4. Create a group in the Azure AD and add that user to that group.
5. Connect to the managed instance using SSMS and create the user group with name as same as in Azure AD

Using the following query.
USE master
GO
CREATE LOGIN [TestGroup] FROM EXTERNAL PROVIDER
GO
6. Give permissions to that group on the SQL managed instance using SQL as you would in SSMS.

Link is below.

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-aad-security-tutorial