Connect Scom powershell using SDK

 The SDK binaries are stored in the following folder on the SCOM MS

C:\Program Files\Microsoft System Center\Operations Manager\Server\SDK Binaries

copy the three dll files to your script folder.

Sample script.

##########################################################################

$rms= "RMS.contoso.com"
$UserName = "domain\username"
$pwd = "password"

$scriptdir = "C:\Scripts"
[System.Reflection.Assembly]::LoadFrom("$scriptdir\Microsoft.EnterpriseManagement.OperationsManager.dll")
[System.Reflection.Assembly]::LoadFrom("$scriptdir\Microsoft.EnterpriseManagement.Core.dll")
[System.Reflection.Assembly]::LoadFrom("$scriptdir\Microsoft.EnterpriseManagement.Runtime.dll")
 $securePassword = ConvertTo-SecureString $pwd –AsPlainText -Force
$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($rms)
$MGConnSetting.UserName = $UserName
$MGConnSetting.Domain = $UserDomain
$MGConnSetting.Password = $SecurePassword
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)
if(!$MG) {Write-Host "Cannot work on $rms" -ForegroundColor Yellow;continue;}
#######################
Write-host "The Management group is " -nonewline; Write-Host "$MG" -ForegroundColor Yellow

$MG.Administration.GetAllAgentManagedComputers()

###################################################################################

 If you don't use Microsoft.EnterpriseManagement.Runtime.dll binary you will get this error.

New-Object : Exception calling ".ctor" with "1" argument(s): "The service type 'Microsoft.EnterpriseManagement.Runtime.ITaskRuntimeService, Microsoft.EnterpriseManagement.Runtime, Culture="", PublicKeyToken=31bf3856ad364e35,
Version=7.0.5000.0' for the component named 'TaskService' cannot be found."
At line:1 char:1
+ New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSett ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

 

Powershell Export-Csv for PSCustomobject which is a list of strings as property.

 example powershell customobject

$myObject = [PSCustomObject]@{
    Name     = 'Parag'
    Language = 'PowerShell'
    State    = 'Washington'
}

To export this object to csv we can use.

$myobject | Export-csv -path c:\temp\temp.csv -NoClobber -NoTypeInformation

The file will show up like this

 Name,Language,State

Parag,Powershell,Washington

But if the properties of the object are a list,i.e I know more than one languages then the file shows up as 

Name,Language,State

Parag,System.Collections.Generic.List`1[System.String],Washington

 That is because the command treats the property as an array. You can see the same behavior when you export an array.

To export this data properly we can do this.

$myobject | Select-Object Name,@{n='Language';e={$_.Language -join ' ' }},State

Now in the file we will see

 

 Name,Language,State

Parag,Powershell JavaScript,Washington

Use custom certificate for remote desktop.

 

Issue: Not able to remote desktop into a server.

Error: Internal error has occurred.

Investigation:

Event 1057 seen in the System Log.

Opened certificate snapin on a computer in the same network. Connected remotely to the problem server. Saw that certificate being used for remote desktop had expired. And it seems like the server was not able to renew it.

Connected remotely to the C Drive of the problem server to check if Network_Service had permissions on the folder \\SERVERNAME\c$\ProgramData\Microsoft\Crypto\RSA\MachineKeys

Someone had changed permissions on the folder and Network_Service was missing. Added it back on the folder but it failed to apply permissions to some keys.

 

Resolution:

Using a custom certificate for remote desktop.

Used certificate snapin to connect remotely to the problem server.

Exported the server certificate seen in the Personal store in .cer format. I used Base-64 encoded.

Imported that into the Remote Desktop store.

Right click certificate and click open to look at the thumbprint.

Copy the thumbprint. It will be in a string of alphanumeric characters.

Run this powershell command to add this certificate to registry after connecting using Enter-PsSession

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v 'SSLCertificateSHA1Hash' /t REG_BINARY /d '60935f20cc9a20d463a93158cb4df217a368e1afd'  

 

The process is outlined on the link below. But it does not give you the exact command like above.

https://learn.microsoft.com/en-US/troubleshoot/windows-server/remote/custom-server-authentication-certificate-for-tls

Restart (Remote Desktop Services) Termservice

 

 

Start menu and search not working on Windows

 On windows 2016 server start and search stopped working.

While researched and different issue with KMS not starting on the server, discovered that the computer DCOM object did not have SELF in it.

Added SELF in  component services. Start and search started working.

Open mmc and add component services snapin.

Navigate to Component Services-Computers. Right click My Computer and go to COM Security tab.

Click Edit default in Access permissions. Click ADD and look for SELF in domain.