Cumulative Update 7 for SCOM 2007 R2 Released

     

Download Link

KB Link

Issues that are fixed in Cumulative Update 7

  • Console performs poorly when User Roles are used to scope object access.
  • Availability data is not shown for the current day when daily aggregation is used.
  • Behavior is inconsistent between some views on web console and console.
  • Log files do not roll over when the Unicode log file is monitored.
  • Several security issues are fixed.

 

Cross-platform issues that are fixed in Cumulative Update 7

  • Logical disk performance statistics are not collected for some volume types on Solaris computers.
  • Some Network Adapters on HP-UX computers may not be discovered.
  • Network adapter performance statistics are not collected for HP-UX network adapters.
  • The Solaris 8 and 9 agent may not restart after an ungraceful shutdown.
Continue Reading

Installing the SCOM 2012 SP1 and R2 Web Console prerequisites on Server 2012 “the easy way”

 

I need the Web Server (IIS) role with the follow server role services:  According to http://technet.microsoft.com/en-us/library/jj656654.aspx#BKMK_RBF_WebConsole

  • Static Content
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • HTTP Logging
  • Request Monitor
  • Request Filtering
  • Static Content Compression
  • Web Server (IIS) Support
  • IIS 6 Metabase Compatibility
  • ASP.NET
  • Windows Authentication

I could go to Server Manager and add the individual roles and features, but I am running Server 2012 so lets make it super simple with PowerShell.

1. Launch the PowerShell command prompt

image

2. Run this command

Import-Module ServerManager

3. Run this command

Add-WindowsFeature NET-Framework-Core,AS-HTTP-Activation,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,AS-Web-Support,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –restart

4. Press Enter

image

I then see

image

And that’s it!  Its much easier than installing on Server 2008 R2..

Continue Reading

What’s New in Operations Manager in System Center 2012 SP1

 

Daniele Muscetta has created this great webcast to teach you about all the new features in SCOM 2012 SP1 RTM.

 

The video covers:

  • How System Center 2012 Service Pack 1 (SP1) Operations Manager (SCOM) has added support for Windows Server 2012 and SQL Server 2012 which provides enhanced network & storage monitoring, including virtual fabric monitoring.
  • How the topology has been simplified while monitoring on-premise and in the Windows Azure public cloud using new features like the Global Service Monitoring extensible dashboards.
  • Azure SDK support, Linux/Unix authoring & new supported distributions including CentOS, Debian and Ubuntu
  • Application Performance Monitoring (APM) for improved application insight with WCF, MVC, .NET Windows services, IIS8 & JEE.
  • Developer and operations (DevOps) integration by extending SCOM data to Visual Studio 2012 and Team Foundation Server 2012.

 

The official link to the video and more videos such as Orchestrator in System Center 2012 SP1  (by Justin Incarnato) can be found here at the Microsoft Virtual Academy website.

LINK

All System Center Videos

Continue Reading

New Print Server Management Pack Supports Windows Server 2008 R2 and Windows Server 2012

Many customers have asked me when the print server MP is going to be available for Server 2008 R2.  I would often point them at Kevin Holman’s post here.  But now we have an official MP for 2008 R2 and 2012.

Download: Link

 

Changes in current version

 

Print Server Library:

  • Disabled and set visible to false for dashboard and performance views.

Print Server 2003:

  • Fixed rule for collecting “jobs spooling”

Print Server 2008:

  • Added support for monitoring the Print Server Role on Windows Server 2008 R2.

Print Server 2012:

  • Added support for monitoring the Print Server Role on Windows Server 2012.

 

Continue Reading

SCOM 2012 Web Console Configuration “NO LONGER Required!”

 

I have worked with a few customers that are annoyed with the user configuration required to use the new Silverlight SCOM web console.  The web console is often used for one-off application owners or IT staff that are not regularly using SCOM.  It was is a great way to give these users quick access to view the SCOM console so they can get more information about an alert they have received.

SCOM 2012 has extra steps that an end user has to take to get the web console to work.  Users see the “Web Console Configuration Required” screen and are often confused as to what do to. 

To fix this we can automate the configuration process.  This will remove the configuration screens and the end user can access the SCOM web console easily.

 

Here are my sample GPOs with instructions on how to install them. 
Download: https://www.scom2k7.com/downloads/SCOM_Web_Console.zip

 

The instructions below will walk you through creating your own GPOs to automate the process.

Here are the high level steps.

  1. Automate Install of Microsoft Silverlight
  2. Export Client Certificate
  3. Export Registry Key(s)
  4. Automate Install of Client Certificate
  5. Automate Install of Registry Key(s)
  6. Verify it works on Windows XP, Vista, 7, and 8

1.  Automate Install of Microsoft Silverlight

The first page users are presented with is to install Microsoft Silverlight
 image

 

There are multiple ways to automate this install.  I recommend creating a SCCM package or login script to push the install out to the clients that need it. 

To do an unattended installed, the command(s) you need.

Silverlight_x64.exe /q  or Silverlight.exe /q

Download Silverlight -  http://go.microsoft.com/fwlink/?LinkID=149156&v=5.0.61118.0

My next challenge is the Web Console Configuration Required screen.  This is the screen that throws off end users as they think the web console is not working and something need to be configured on the backend.

image

 

2.  Export Client Certificate

First I  click configure and download the SilverlightClientConfiguration.exe.

I run the tool once.
image

The tool does two things.  Creates a certificate and creates a registry key.

Now I need to export the client certificate.

I run MMC
image

Click Add/Remove Snap-in
image

Add the Certificates
image

I select Computer account, Local computer, Finish, OK
image

Then I expand down to Trusted Publishers, Certificates
image

I right click on the Microsoft Code Signing PCA certificate and export it.

I save it as a DER encoded binary 
image

I pick a location to save the file and Finish.
image

3.  Export Registry Key(s)

I open the registry editor

image

I go to “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight” and export the Key
image

I open the file in notepad and remove everything but

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight]
"AllowElevatedTrustAppsInBrowser"=dword:00000001

image

I also create the same key but for 32-bit systems by removing the Wow6432Node

image

You can download my copy here. Link

If you know how to add the cert and registry key into AD you can stop reading here.  I will go though the process for anyone who doesn’t know how.

4.  Automate Install of Client Certificate

To automate the install of the client certificate and registry keys I will use Active Directory Group Policy Objects. 

I log into my domain controller and launch the Group Policy Management Console
image

I right click on my domain and create a OU called SCOM Web Console. (If you already have a OU that contains the computers want to deploy to you can skip this step)
image

 

I right click on the OU I created and choose Create a GPO in this domain, and link it here..
image

I call the GPO SCOM Web Console Components x64.  I will need two GPOs.  One for 32-bit machines and one for 64-bit machines.
image

I then right click on the GPO and edit it.
image

In the navigation pane, I open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers

I right click and Import
image

I click next and browse to the certificate I exported earlier
image

I leave the default Trusted Publishers
image

I click next, and Finish

I use repeat the process to create a GPO for 32-bit systems
image

Now I have two GPOs with the same certs and configuration
image

5.  Automate Install of Registry Key(s)

I go back to the same policies I created earlier and edit them.

I start with the 64-Bit policy and go to Computer Configuration\Preferences\Windows Settings\Registry
image64-

I create a New, Registry Item.
image

In the Key Path for the 64-bit GPO I add

SOFTWARE\Wow6432Node\Microsoft\Silverlight

For the Value name I type

AllowElevatedTrustAppsInBrowser

I change the Value type to Reg_DWORD

Then I change the Base to Decimal and for Value data I type in 1
image

I click ok.

I repeat the process for the 32-bit one but I add this registry key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight

image

Now I need to create some WMI filters to filter if it’s a 32-bit or 64-bit system.  (Wow this more work then I thought!)

I go back into my Group Policy Management console.

Under WMI Filters I right click and select New..
image

I call the first one 64-Bit Systems.  For the Description I use the same.

I click add.  Then I Add this query.

Select * from Win32_Processor where AddressWidth = ’64’

image

I click OK and it looks like this.
image

I click Save and I repeat the process for the 32-Bit Filter.

But I use this query

Select * from Win32_Processor where AddressWidth = ’32’

image

I have two WMI filters
image

I next attach the filters to the GPOs I created earlier.

I go back to the SCOM Web Console Components x64 GPO and click on it
image

At the bottom of the screen I go to WMI Filtering
image

I select 64-Bit Systems and click Yes
image

I repeat the process to attach the 32-Bit filter to the 32-Bit GPO

I now have the filters set and I am done.
image

Now I just add my clients to OU and they will get the new policy.
image

5.  Verify it works on Windows XP, Vista, 7, and 8

I log into one of my clients, open a command prompt and type gpupdate /force to force the group policy down.
image

I type in the address of the SCOM 2012 web console and it works without any prompts!
image

 

I have tested this on Win8, Win7 SP1 (64-Bit), Win7 SP1(32-Bit), Vista SP2(32-Bit), and XP SP3 (32-bit)

*Note with Windows XP SP3 I had to install the Group Policy Preference Client Side Extensions for Windows XP – http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=3628.  In SP3 these are supposed to be already installed but I couldn’t get the registry group policies to work without reinstalling the GPO extensions.

Continue Reading

Error installing SCOM 2012 “OMServer.msi returned error 1603”

 

I ran across this issue when installing SCOM 2012.  This issue was occurring when it got to the step where it was trying to install the management server and would cause the install to roll back.

Looking in the event logs I seen these two errors

Log Name:      Application
Source:        MsiInstaller
Event ID:      11330
Level:         Error

Description:
Product: System Center Operations Manager 2012 Server — Error 1330.A file that is required cannot be installed because the cabinet file C:\SCOM 2012\Setup\AMD64\Server\OMCore.Cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 270 was returned by WinVerifyTrust.

 

and this error

 

Log Name:      Application
Source:        MsiInstaller
Event ID:      10005
Level:         Error

Description:
Product: System Center Operations Manager 2012 Server — Error 25211.Failed to install performance counters.. Error Code: -2147024809 (The parameter is incorrect.).

In the OpsMgrSetupWizard setup log found in (C:\Users\<installaccount>\AppData\Local\SCOM\LOGS)

 

Error:    :LaunchMSI: MSI C:\SCOM 2012\Setup\AMD64\Server\OMServer.msi returned error 1603
Error:    :ProcessInstalls: Install Item Management Server failed to install.  We did not launch the post process delegate.
Always:    :SetErrorType: Setting VitalFailure. currentInstallItem: Management Server
Info:    :SetProgressScreen: FinishMinorStep.
Always:    :!***** Installing: OMDATAWAREHOUSE ***
Info:    :ProcessInstalls: Rollback is set and we are not doing an uninstall so we will stop processing installs
Always:    :****************************************************************
Always:    :****Starting*RollBack*******************************************

 

After trying a bunch of different fixes I came across this one that worked.

Looking at these two registry values

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

 

They had been modified from the default value of 146432  (I believe group policy was automatically modifying these)

 

I changed the value back to the default 146432 and installed completed successfully.

 

  Name:           State
  Type:            REG_DWORD
  Data:            0x23c00

Continue Reading

Windows Server Base OS MP 6.0.6972.0 Update Released

 

Download: http://www.microsoft.com/en-us/download/details.aspx?id=9296

Changes in This Update
Unless explicitly noted, these updates apply to all operating system versions supported by this Monitoring Pack:

  • Updated the Cluster shared volume disk monitors so that alert severity corresponds to the monitor state.
  • Fixed an issue where the performance by utilization report would fail to deploy with the message “too many arguments specified”.
  • Updated the knowledge for the available MB monitor to refer to the Available MB counter.
  • Added discovery and monitoring of clustered disks for Windows Server 2008 and above clusters.
  • Added views for clustered disks.
  • Aligned disk monitoring so that all disks (Logical Disks, Cluster Shared Volumes, Clustered disks) now have the same basic set of monitors.
    • There are now separate monitors that measure available MB and %Free disk space for any disk (Logical Disk, Cluster Shared Volume, or Clustered disk).
      • These monitors are disabled by default for Logical Disks, so you will need to enable them.
    • Updated display strings for all disks to be consistent, regardless of the disk type.
    • The monitors generate alerts when they are in an error state. A warning state does not create an alert.
    • The monitors have a roll-up monitor that also reflects disk state. This monitor does not alert by default. If you want to alert on both warning and error states, you can have the unit monitors alert on warning state and the roll-up monitor alert on error state.
  • Fixed an issue where network adapter monitoring caused high CPU utilization on servers with multiple NICs.
  • Updated the Total CPU Utilization Percentage monitor to run every 5 minutes and alert if it is three consecutive samples above the threshold.
  • Updated the properties of the Operating System instances so that the path includes the server name it applies to so that this name will show up in alerts.
  • Disabled the network bandwidth utilization monitors for Windows Server 2003.
  • Updated the Cluster Shared Volume monitoring scripts so they do not log informational events.
  • Quorum disks are now discovered by default.
  • Mount point discovery is now disabled by default.

Notes
This version of the Management Pack consolidates disk monitoring for all types of disks as mentioned above. However, for Logical Disks, the previous Logical Disk Free Space monitor, which uses a combination of Available MB and %Free space, is still enabled. If you prefer to use the new monitors (Disk Free Space (MB) Low Disk Free Space (%) Low), you must disable the Logical Disk Free Space monitor before enabling the new monitors.

The default thresholds for the Available MB monitor are not changed, the warning threshold (which will not alert) is 500MB and the error threshold (which will alert) is 300MB. This will cause alerts to be generated for small disk volumes. Before enabling the new monitors, it is recommended to create a group of these small disks (using the disk size properties as criteria for the group), and overriding the threshold for available MB.

Continue Reading

How to view SCOM 2012 Dashboards in SharePoint 2010 or SharePoint 2013

 

SCOM 2012 has some nice new dashboards.   The average IT user or application owner often doesn’t want to learn the SCOM console.  They just want to know that state of their application.  With 2012 we now have the ability to create dashboards for these users and show the state of their application in SharePoint.

I start by looking over the TechNet instructions here:

http://technet.microsoft.com/en-us/library/hh212924.aspx#bkmk_howtodeploytheoperationsmanagerwebpart

 

Then I create a basic dashboard that I want to show in my SharePoint site.

image

Next I copy the SharePoint folder from the installation media d:\Setup\amd64\SharePoint over to my SharePoint server c:\Temp.

The user I am logged on as is a Farm Administrator so I have all the SharePoint permissions I need.

On my SharePoint server I open the SharePoint 2010 or SharePoint 2013 Management Shell as an Administrator

image

I navigate over to the temp location where my files are located and type the following command.

.\INSTALL-OPERATIONSMANAGER-DASHBOARDVIEWER.PS1 “C:\Temp\SHAREPOINT”

*Note: If you get an error you may have to run “Set-ExecutionPolicy Unrestricted”

image

It prompts me for a Siteurl.  I just click enter so that it install into all my sites.

*Note: In a large environment I would put in a specific Siteurl.

It takes about a minute to install in my environment.

image

Now I need to configure SCOM in my SharePoint Environment.

First I open up a web browser from my SharePoint server to my Operations Manager environment.

http://scomms1/OperationsManager/default.aspx

It prompts me to install Silverlight so I go ahead and install it.

 

Now I open up the SharePoint 2010 Central Administration site.  Under Site Actions I select View All Site Content

image

Under Lists I select Operations Manager Web Console Environments.

image

Then I select Operations Manager on localhost.

image

A dialog box opens and then I select Edit Item

Where it says HostUri I type in the web address of my Operations Manager Web console but I leave off the default.aspx

http://scomms1/OperationsManager/

image

I click Save.

Now I browse to the actual SharePoint site where I want to display my dashboard.

Under Site Actions I click Edit Page

image

I Check Out the page

image

Under Insert I select Web Part.  Then I select Microsoft System Center, then Operations Manager Dashboard.  Then  I click Add

image

I see the web part is on the page.  Now I have to edit it.

I hover over the text and then select the down arrow on the right side.  I select Edit Web Part

image

 

Over on the right hand side I see Operations Manager Dashboard Viewer Web Part

image

 

I now need the URL for the Dashboard that I want to display. Leaving the SharePoint site open, I open up another web browser and type in the URL of my SCOM Console.

Then I browse to the dashboard I want to display.  I copy the URL of my dashboard.

http://scomms1/OperationsManager/default.aspx#/dashboard(type=Tim!UIGenerated_6658ef51239849e4ac681226c0522df4_Perf)

image

Back to my SharePoint site browser window I paste in the dashboard location and click OK

image

I now see the dashboard open in the SharePoint site.

image

I check in my changes and I am done.

Another thing to note is that I could also setup this site to used shared credentials.  What this means is that instead of controlling permissions from SCOM I can setup one user ID so that anyone who wants to see this dashboard can view it using a common ID.  Instructions are here http://technet.microsoft.com/en-us/library/hh212924.aspx#bkmk_howtodeploytheoperationsmanagerwebpart

Continue Reading