Tuesday, February 14, 2017
SCOM agent less monitoring access denied
Today I was facing and error with monitoring agentless servers. The
agent proxy was getting access denied to event logs. In my environment
the health services run under the local system account.
I added the server account to administrators on the agentless server but it did not help.
I had to change the default action account profile in console for the server to run under another action account instead of the local system action account.
Then everything was peachy…
I added the server account to administrators on the agentless server but it did not help.
I had to change the default action account profile in console for the server to run under another action account instead of the local system action account.
Then everything was peachy…
Scom Maintenance mode scheduler
#SCOM Maintenance mode scheduler. The assemblies can be found in this
folder on your management servers C:\Program Files\Microsoft System
Center 2012 R2\Operations Manager\Server\SDK Binaries
$scriptdir = Get-location
$ScriptDir = split-path -parent $MyInvocation.MyCommand.Path
$void = [System.Reflection.Assembly]::LoadFile(“$scriptdir\Microsoft.EnterpriseManagement.OperationsManager.dll”)
$void3 = [System.Reflection.Assembly]::LoadFile(“$scriptdir\Microsoft.EnterpriseManagement.Runtime.dll”)
$void1 = [System.Reflection.Assembly]::LoadFile(“$scriptdir\Microsoft.EnterpriseManagement.Core.dll”)
$server = “testsql”
$RootMS = “testdc01”
$Minutes = 60
$Comment = “Scheduled Maintenance Request”
$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($RootMS)
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)
$Admin = $MG.GetAdministration()
$Agents = $admin.GetAllAgentManagedComputers()
$agent = $Agents | ?{$_.Computername -match $server}
$monitoring =$MG.Monitoring
$AllClasses = $MG.GetMonitoringClasses()
$MyClass = $AllClasses | ?{$_.name -eq “Microsoft.Windows.Computer”}
$Objects = $Mg.GetMonitoringObjects($Myclass)
$Object = $Objects | ?{$_.name -match $server}
$Object.schedulemaintenancemode
$startTime = [Datetime]’12/21/2016 04:26:00′
$StartTimeUTC = $startTime.ToUniversalTime()
$EndTime = $startTimeUTC.AddMinutes(’10’)
$Object.ScheduleMaintenanceMode($startTimeUTC,$EndTime,”PlannedOther”,$Comment)
$scriptdir = Get-location
$ScriptDir = split-path -parent $MyInvocation.MyCommand.Path
$void = [System.Reflection.Assembly]::LoadFile(“$scriptdir\Microsoft.EnterpriseManagement.OperationsManager.dll”)
$void3 = [System.Reflection.Assembly]::LoadFile(“$scriptdir\Microsoft.EnterpriseManagement.Runtime.dll”)
$void1 = [System.Reflection.Assembly]::LoadFile(“$scriptdir\Microsoft.EnterpriseManagement.Core.dll”)
$server = “testsql”
$RootMS = “testdc01”
$Minutes = 60
$Comment = “Scheduled Maintenance Request”
$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($RootMS)
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)
$Admin = $MG.GetAdministration()
$Agents = $admin.GetAllAgentManagedComputers()
$agent = $Agents | ?{$_.Computername -match $server}
$monitoring =$MG.Monitoring
$AllClasses = $MG.GetMonitoringClasses()
$MyClass = $AllClasses | ?{$_.name -eq “Microsoft.Windows.Computer”}
$Objects = $Mg.GetMonitoringObjects($Myclass)
$Object = $Objects | ?{$_.name -match $server}
$Object.schedulemaintenancemode
$startTime = [Datetime]’12/21/2016 04:26:00′
$StartTimeUTC = $startTime.ToUniversalTime()
$EndTime = $startTimeUTC.AddMinutes(’10’)
$Object.ScheduleMaintenanceMode($startTimeUTC,$EndTime,”PlannedOther”,$Comment)
Labels:
Maintenance,
Maintenance mode,
Powershell,
scheduler,
scom,
script
Microsoft Azure mp configuration for Azure Government cloud
The Microsoft Azure Management pack for SCOM 2012 R2 requires a
little different configuration than the commercial cloud. I am going to
write down some of the configurations that have to be done.
Link to download the mp:
Install the management pack and import the
mp’s in your scom environment.
The management pack documentation does a
fairly good job in explaining the configuration. If you have an user who
has read permissions to your Azure active directory and subscription
then you can add your Azure subscription using the credentials for the
user. But if you have an environment where dual authentication is
“enforced” you can use the steps given below. Because apps may not be able receive calls or enter the code in the messages :D
Login to the new portal using your credentials. https://portal.azure.us/
Creating the App for login:
Click Azure Active Directory–App Registrations
Click Add in the top pane and fill up the following parameters for your app.
Name: AnyName [Make a note of this name.]
Application Type: Web App/API
Sign-on URL: http://anyurl This url does not have to be a working url.
Then click create.
Now select your app under App Registration and in the next blade that opens select Keys.
There is no add button here. If you enter a description for your key then the next values are populated.
Select the expiry duration. As of now the values are 1 year,2 years and Never expires.
Once you hit save then the key value will be displayed.
Important Note:
This will be shown only once so make sure that you copy this key value somewhere safe.
If you have exited then go back to Active directory–App registrations
select your app and copy the Application ID from the portal.
Click Active Directory–Domain Names and copy the Name of your domain if you don’t already know it.
These three values App id,domain name,Key will be required when you add your subscription in SCOM.
Now in the portal click on subscriptions.
Select the subscription you wish to monitor.
Click Access Control in the next blade.
Click Add,select role
Reader,Click add users if not already populated.
In the search under Add
users your app would not show up as it shows only users.
Enter the name
of your app and click select.Click ok and your app should have reader
permissions on your subscription.
Next open the SCOM Operations Console and create a new resource pool in
Administration– -Resource Pools called “Azure monitoring resource pool”.
Add the server that you want to be a member of this pool.
This is recommended because the operations are very resource
intensive and if you have a dedicated management server for this pool
you will not load the management group.
Navigate to Administration-Microsoft Azure.
Click Add subscription and click the radio button for Service Principal Name.
Remember the three values that i had asked your to copy. You will need them here.
Enter your domain name
Enter the Application ID in the Client ID field.
Enter the key in the password.
Click the advanced box and enter the following values. The forward slash “/” is also required in the ARM Management URI.
Management Service URI: https://management.core.windows.net
Storage Service DNS Suffix: core.usgovcloudapi.net
ARM Management URI: https://management.usgovcloudapi.net/
Your subscription should be populated in the next screen. Select the Azure monitoring server pool.
Next is self explanatory.
After this is done you should be able to see the subscription in
Monitoring–Microsoft Azure–Subscription State.
Now click Authoring and select Microsoft Azure Monitoring Template to configure the resources that you want to monitor.
More about that next time….
Labels:
App,
Azure,
cloud,
Government,
management pack,
managementpack,
pool,
resource,
resource pool,
scom,
SCOM 2012,
SCOM 2012 R2
Users cannot view ACS reports
For the ACS reports the permissions have to be configured in SCOM.
Click Administration–User Roles
If you do not have a role created. Create a new role called “ACS report viewers”
In the tab that opens add the groups in your AD or users in your AD that you would like to have permissions to view reports.
Click Administration–User Roles
If you do not have a role created. Create a new role called “ACS report viewers”
In the tab that opens add the groups in your AD or users in your AD that you would like to have permissions to view reports.
Scom discovery override using powershell
This is script that can be used to modify scom overrides in bulk.
An override management pack must be created first for this to work.
Add this mp name in the $overridemp variable.
Enter the mp that you would like to override in the $mps variable.
## Usage:
## Check the overridable paramters for your discoveries first and then change the parameter you would like to set in $override.Parameter. The format of the parameter may be like
## Selector : $Config/PeriodInSeconds$. You should only add the “PeriodInSeconds” part
#$disc = Get-SCOMDiscovery -DisplayName “Windows Internet Information Services Web Applications 76-100 Discovery Rule”
## $discovery.GetOverrideableParameters()
Import-module operationsmanager
New-SCOMManagementGroupConnection -ComputerName MyRMS
$mps = Get-SCOMManagementPack |?{$_.name -match “Microsoft.Windows.InternetInformationServices.2003”}
$overridemp = Get-SCOMManagementPack -Name “IIS.Management.Pack.Discovery.Overrides”
$discoveries = Get-SCOMDiscovery -ManagementPack $mps
foreach($discovery in $discoveries)
{
if($discovery.Enabled -ne “false”)
{
$override = $null
$overridemp = Get-SCOMManagementPack -Name “IIS.Management.Pack.Discovery.Overrides”
$Target= Get-SCOMClass -id $discovery.Target.Id
$overridename = $discovery.name + “.Override”
$override = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackDiscoveryConfigurationOverride($overridemp,$overridename)
$override.Discovery = $discovery
$override.Module = $discovery.DataSource
$override.Parameter = “PeriodInSeconds”
$override.value = 86400
$override.DisplayName = $overridename
$override.Context = $Target
}
}
$overridemp.Verify() ## This may fail sometimes with a validation error on 2012 R2. So just remove this line and check if your mp imports.
$overridemp.AcceptChanges()
An override management pack must be created first for this to work.
Add this mp name in the $overridemp variable.
Enter the mp that you would like to override in the $mps variable.
## Usage:
## Check the overridable paramters for your discoveries first and then change the parameter you would like to set in $override.Parameter. The format of the parameter may be like
## Selector : $Config/PeriodInSeconds$. You should only add the “PeriodInSeconds” part
#$disc = Get-SCOMDiscovery -DisplayName “Windows Internet Information Services Web Applications 76-100 Discovery Rule”
## $discovery.GetOverrideableParameters()
Import-module operationsmanager
New-SCOMManagementGroupConnection -ComputerName MyRMS
$mps = Get-SCOMManagementPack |?{$_.name -match “Microsoft.Windows.InternetInformationServices.2003”}
$overridemp = Get-SCOMManagementPack -Name “IIS.Management.Pack.Discovery.Overrides”
$discoveries = Get-SCOMDiscovery -ManagementPack $mps
foreach($discovery in $discoveries)
{
if($discovery.Enabled -ne “false”)
{
$override = $null
$overridemp = Get-SCOMManagementPack -Name “IIS.Management.Pack.Discovery.Overrides”
$Target= Get-SCOMClass -id $discovery.Target.Id
$overridename = $discovery.name + “.Override”
$override = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackDiscoveryConfigurationOverride($overridemp,$overridename)
$override.Discovery = $discovery
$override.Module = $discovery.DataSource
$override.Parameter = “PeriodInSeconds”
$override.value = 86400
$override.DisplayName = $overridename
$override.Context = $Target
}
}
$overridemp.Verify() ## This may fail sometimes with a validation error on 2012 R2. So just remove this line and check if your mp imports.
$overridemp.AcceptChanges()
How to create a SCOM discovery override using powershell
This is script that can be used to create a scom discovery override using powershell.
## Usage:
## Check the overridable paramters for your discoveries first and then change the parameter you would like to set in $override.Parameter. The format of the parameter may be like
## Selector : $Config/PeriodInSeconds$. You should only add the "PeriodInSeconds" part
#$disc = Get-SCOMDiscovery -DisplayName "Windows Internet Information Services Web Applications 76-100 Discovery Rule"
## $discovery.GetOverrideableParameters()
Import-module operationsmanager
New-SCOMManagementGroupConnection -ComputerName MyRMS
$mps = Get-SCOMManagementPack |?{$_.name -match "Microsoft.Windows.InternetInformationServices.2003"}
$overridemp = Get-SCOMManagementPack -Name "IIS.Management.Pack.Discovery.Overrides"
$discoveries = Get-SCOMDiscovery -ManagementPack $mps
foreach($discovery in $discoveries)
{
if($discovery.Enabled -ne "false")
{
$override = $null
$overridemp = Get-SCOMManagementPack -Name "IIS.Management.Pack.Discovery.Overrides"
$Target= Get-SCOMClass -id $discovery.Target.Id
$overridename = $discovery.name + ".Override"
$override = New-Object Microsoft.EnterpriseManagement.Configuration.ManagementPackDiscoveryConfigurationOverride($overridemp,$overridename)
$override.Discovery = $discovery
$override.Module = $discovery.DataSource
$override.Parameter = "PeriodInSeconds"
$override.value = 86400
$override.DisplayName = $overridename
$override.Context = $Target
}
}
$overridemp.Verify() ## This may fail sometimes with a validation error on 2012 R2. So just remove this line and check if your mp imports.
$overridemp.AcceptChanges()
Tuesday, January 17, 2017
Users cannot view ACS reports.
For the ACS reports the permissions have to be configured in SCOM.
Click Administration--User Roles
If you do not have a role created. Create a new role called "ACS report viewers"
In the tab that opens add the groups in your AD or users in your AD that you would like to have permissions to view reports.
Click Administration--User Roles
If you do not have a role created. Create a new role called "ACS report viewers"
In the tab that opens add the groups in your AD or users in your AD that you would like to have permissions to view reports.
Tuesday, December 20, 2016
Scom Maintenance mode scheduler
#SCOM Maintenance mode scheduler. The assemblies can be found in this folder on your management servers C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\SDK Binaries
$scriptdir = Get-location
$ScriptDir = split-path -parent $MyInvocation.MyCommand.Path
$void = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.OperationsManager.dll")
$void3 = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.Runtime.dll")
$void1 = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.Core.dll")
$server = "testsql"
$RootMS = "testdc01"
$Minutes = 60
$Comment = "Scheduled Maintenance Request"
$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($RootMS)
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)
$Admin = $MG.GetAdministration()
$Agents = $admin.GetAllAgentManagedComputers()
$agent = $Agents | ?{$_.Computername -match $server}
$monitoring =$MG.Monitoring
$AllClasses = $MG.GetMonitoringClasses()
$MyClass = $AllClasses | ?{$_.name -eq "Microsoft.Windows.Computer"}
$Objects = $Mg.GetMonitoringObjects($Myclass)
$Object = $Objects | ?{$_.name -match $server}
$Object.schedulemaintenancemode
$startTime = [Datetime]'12/21/2016 04:26:00'
$StartTimeUTC = $startTime.ToUniversalTime()
$EndTime = $startTimeUTC.AddMinutes('10')
$Object.ScheduleMaintenanceMode($startTimeUTC,$EndTime,"PlannedOther",$Comment)
$scriptdir = Get-location
$ScriptDir = split-path -parent $MyInvocation.MyCommand.Path
$void = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.OperationsManager.dll")
$void3 = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.Runtime.dll")
$void1 = [System.Reflection.Assembly]::LoadFile("$scriptdir\Microsoft.EnterpriseManagement.Core.dll")
$server = "testsql"
$RootMS = "testdc01"
$Minutes = 60
$Comment = "Scheduled Maintenance Request"
$MGConnSetting = New-Object Microsoft.EnterpriseManagement.ManagementGroupConnectionSettings($RootMS)
$MG = New-Object Microsoft.EnterpriseManagement.ManagementGroup($MGConnSetting)
$Admin = $MG.GetAdministration()
$Agents = $admin.GetAllAgentManagedComputers()
$agent = $Agents | ?{$_.Computername -match $server}
$monitoring =$MG.Monitoring
$AllClasses = $MG.GetMonitoringClasses()
$MyClass = $AllClasses | ?{$_.name -eq "Microsoft.Windows.Computer"}
$Objects = $Mg.GetMonitoringObjects($Myclass)
$Object = $Objects | ?{$_.name -match $server}
$Object.schedulemaintenancemode
$startTime = [Datetime]'12/21/2016 04:26:00'
$StartTimeUTC = $startTime.ToUniversalTime()
$EndTime = $startTimeUTC.AddMinutes('10')
$Object.ScheduleMaintenanceMode($startTimeUTC,$EndTime,"PlannedOther",$Comment)
Wednesday, December 14, 2016
Friday, December 9, 2016
SCOM agent less monitoring access denied
Today I was facing and error with monitoring agentless servers. The agent proxy was getting access denied to event logs. In my environment the health services run under the local system account.
I added the server account to administrators on the agentless server but it did not help.
Then I made changes in the default action account profile for the server and and specified another action account instead of the local system action account to run the healthservices under.
Then everything was peachy...
I added the server account to administrators on the agentless server but it did not help.
Then I made changes in the default action account profile for the server and and specified another action account instead of the local system action account to run the healthservices under.
Then everything was peachy...
Subscribe to:
Posts (Atom)