Friday, April 28, 2017

System Center management health service credentials not found Alert


The SCOM run as profiles is a collection of run as accounts and objects that they are targeted to.

You select to add a run as account and distribute it to either a Class, Group or Object.

This all works fine and well until you choose to make the distribution for the account more secure and do not select the computers where you want this account to be distributed.

I have seen customers choosing to distribute the account to all targeted objects and then not adding those in the distribution to the run as account.

This the runas profile configuration which you see when you click on the runas profiles.


This is the runas account distribution you see when you click on the run as accounts.


This particular alert will give you the account ssid which is causing the alerts.

If you do not want this account do be distributed you can close the alert and it wont appear until there is  restart for the health service on the agent.

But if you don't want this, use the following script to find the account and then add the computer to it for distribution.



$SSID = "Enter the ssid from the alert here"





Get-RunAsAccount | Sort Name | % {$string = $null;$_.SecureStorageId | % {   $string = $string + "{0:X2}" -f $_}



 $RunAsAccountName = $_.Name

 [string]$RunAsAccountSSID = $string

 if ($SSID -match $RunAsAccountSSID) {write-host "The Run As Account is .. $RunAsAccountName"}

 }




Thursday, April 27, 2017

Putting a SCOM agent (non clustered) in maintenance mode using powershell

## Putting scom agent in maintenance mode. This does not yet put agents which are part ## of a cluster in maintenance mode.




$rootMS = "rootms"

$agentName = "agentname"

$minutes= 10

$comment= "Planned Reboot"

$reason="PlannedOther"

$startTime = [System.DateTime]::Now

$endTime = $startTime.AddMinutes($minutes)

Add-PSSnapin "Microsoft.EnterpriseManagement.OperationsManager.Client" -ErrorVariable errSnapin;

New-ManagementGroupConnection -ConnectionString:$rootMS

set-location "OperationsManagerMonitoring::";

$agent = Get-Agent | ?{$_.computername -match $agentName}

$agent

New-MaintenanceWindow -StartTime $startTime -EndTime $endTime -MonitoringObject $agent.HostComputer -Reason PlannedOther -Comment $Comment

Tuesday, April 25, 2017

How to test if a port is open using powershell


Use this Powershell command to to test if a port is open on a server and if you are able to connect to it remotely.

$tcp = New-Object System.Net.Sockets.TcpClient
$tcp.connect('servername or ip address', portnumber)

Or you can use this single line of code
(New-Object System.Net.Sockets.TcpClient).Connect('servername or ip address', portnumber)

There is also an in built powershell cmdlet that lets you test a port connection which only works with powershell 4.0

Test-NetConnection -Port portnumber -Computername 'Servername or ip address'

The first commands are much faster compared to the second one but does not give you any output.
The powershell cmdlet does give you a good output that you can use in another script but is much slower.