Home » 2007 » July

Monthly Archives: July 2007

Monitor Scheduled Tasks with Operations Manager 2007

July 30, 2007 / 1 Comment on Monitor Scheduled Tasks with Operations Manager 2007

I saw a question today about monitoring scheduled tasks with Operations Manager 2007. If you open the scheduled task window (start menu > all programs > accessories > system tools > scheduled tasks) you can open a logfile for your scheduled jobs, from the Advanced drop down menu, the default file is C:\Windows\SchedLgU. You can monitor this file from Ops Mgr 2007, and search for words like WARNING and ERROR. In this post you can read how to setup monitoring of a logfile like that.

Links During July

July 28, 2007

  • If you want to monitor SNMP v1 devices you can call to Microsoft and ask for the KB939364 fix. They will give it to you for free.
  • Collection 3386: Implementing Microsoft System Center Operations Manager 2007, here
  • Systems Center Operations Manager 2007 Documentation seems to have been updated, here
  • Remote Operations Manager 2007 Deployment Guide, here
  • OpsMgr 2007 MOM 2005 Backward Compatibility MP Update, here
  • A updated version of Microsoft Windows Base Operating System MOM 2005 MP (7/11/2007), here
  • A updated version of the Microsoft Web Sites and Services Management Pack for MOM 2005, here
  • New MOM KB article, “You receive an error message when you try to deploy an agent update to a managed computer in Microsoft Operations Manager 2005“, here
  • Keep an Eye on Your Servers with Operations Manager 2007, a article by Pete Zerger, read it here
  • Disaster Recovery: OpsMgr 2007 Root Management Server on a Cluster, guide, read it here
  • New KB “System Center Operations Manager 2007 cannot find some network devices by using the network device discovery process”, here
  • New KB “You cannot deploy an agent by using the Discovery and Installation Wizard in System Center Operations Manager 2007”, here

Operations Manager 2007 and Data Protection Manager in collaboration

July 24, 2007

This document is a first look at System Center Data Protection Manager, how to use the product to backup Operations Manager and how to use Operations Manager 2007 to monitor Data Protection Manager.

Download the article here

Active Directory and Exchange Management Pack Shared Script Mappings

July 24, 2007

I want to inform you about some great information that was recently uploaded to Systemcenterforum.org.

This download contains two Excel spreadsheets containing the shared script mappings for the Active Directory and Exchange management packs, including script name, monitors and rules using the script, as well as object type targeted. Tables list only scripts used by more than one workflow.

Download the file here

RMS Disaster Recovery – part II

July 22, 2007 / 1 Comment on RMS Disaster Recovery – part II

In my last post I was doing some test with recovery of the root management server, where I restored a RMS without the encryption key. In this lab I will promote my second management server to RMS and then I will switch back the RMS role again. I have a root management server (RMS) named CO-OPSMGR-RMS and my other management server CO-OPSMGR-ACS.  

First I need to do a backup of the RMS encryption key

  1. Copy SecureStorageBackup.exe from the installation CD (X:\SupportTools) to the Ops Mgr installation directory (C:\Program Files\System Center Operations Manager 2007\)
  2. Open a command prompt and go to the installation directory
  3. Run the following commando: SecureStorageBackup.exe Backup C:\BackupOfKey.bin
  4. You will be asked to input a password to protect the file

Now I have a backup of my RMS, C:\BackupOfKey.bin. The next step is to import the excryption key to the other management server, and then promote the server to RMS. On your management server (non RMS): 

  1. Copy SecureStorageBackup.exe from the installation CD (X:\SupportTools) to the Ops Mgr installation directory (C:\Program Files\System Center Operations Manager 2007\)
  2. Copy ManagementServerConfigTool.exe from the installation CD (X:\SupportTools) to the Ops Mgr installation directory (C:\Program Files\System Center Operations Manager 2007\)
  3. Copy the encryption key backup from the RMS to the other management server Ops Mgr installation directory
  4. Open a command prompt and go to the installation directory
  5. Run the following command: SecureStorageBackup.exe Restore BackupOfKey.bin
  6. You will be asked to input a password
  7. Verify that the key was successfully restored
  8. Run the flollowing command: ManagementServerConfigTool.exe promoteRMS
  9. You will see a warning, read it and then press Y and enter
  10. Make sure you get a “PromoteRMS performed successfully” (also look for any information about additional commands that needs to be run on the orginal RMS)

If you new management server cant contact your orginal RMS you will have to run the following command on the orginal RMS, “ManagementServerConfigTool.exe UpdateDemotedRMS”, but dont worry, the ManagementServerConfigTool.exe will tell you to run it if necessary.

If you start the Ops Mgr console on your orgnal RMS you will have to choose to connect to your new RMS, as the SDK service is no longer running local.

I read somewhere that reporting will not work on the new RMS, and I can confirm that. If I start the console on the new RMS and click reporting a get a “Loading reporting hierarchy failed” message. But if the orginal RMS is online, even as a normal management server, the reporting part is working from the new RMS.

To restore the RMS role back to your orginal RMS

  1. Open a command prompt on your orginal RMS and go to the Ops Mgr installation directory
  2. Run the following command: ManagementServerConfigTool.exe promoteRMS
  3. You will see a warning, read it and then press Y and enter
  4. Make sure you get a “PromoteRMS performed successfully” (also look for any information about additional commands that needs to be run on the orginal RMS)

If you new RMS can´t contact your current RMS you will have to run the following command on the current RMS, “ManagementServerConfigTool.exe UpdateDemotedRMS”, but dont worry, the ManagementServerConfigTool.exe will tell you to run it if necessary.

That should do it, now your orginal RMS is the RMS again.

System Center Service Manager Beta 1

July 14, 2007

I would like to tip you about a article from Pete Zerger (reviewed by me and Neale Brown) about Service Manager. It is a intresting article, as always when Pete is involved. You will find it here. You can read more about Service Manager here, and also download the beta from Microsoft Connect here.

I have written a general installation guide. It is not a complete step by step guide. You can download it here.

Script: Check Account Status

July 14, 2007 / 1 Comment on Script: Check Account Status

This is two simple script to check if a account is enable or disable. If enable, a local event will be created. In this example I check if the Guest account is enable, if it is a local event will be generated. You can then pickup that event with a event rule.

strUser = "LDAP://cn=Guest,cn=Users,dc=contoso,dc=internal"Set objUser = GetObject _
  (strUser)
 
If objUser.AccountDisabled = FALSE Then
 Const EVENT_WARNING = 2
 Set objShell = Wscript.CreateObject("Wscript.Shell")
 objShell.LogEvent EVENT_WARNING, _
        "The account " & strUser & " is no longer disable. Please investigate."
End If

If you want to check all accounts in a OU you can use the this script. It will check a OU named Service_accounts
set objOU = GetObject _
    ("LDAP://OU=Service_Accounts,DC=contoso,DC=internal")
 
ObjOU.Filter= Array("user")For Each objUser in ObjOU
 
 strUser = "LDAP://" + objUser.distinguishedName
 Set objUser = GetObject _
   (strUser)
 
 If objUser.AccountDisabled = FALSE Then
 Const EVENT_WARNING = 2
 Set objShell = Wscript.CreateObject("Wscript.Shell")
 objShell.LogEvent EVENT_WARNING, _
        "The account " & strUser & " is no longer disable. Please investigate."
End If
Next

Audit Collection Services (ACS)

July 12, 2007 / 1 Comment on Audit Collection Services (ACS)

Microsoft Audit Connection Service (ACS) is a new function in SCOM 2007 that can collect logs from machines. All logs are saved in a special Audit Collection database. You can then run reports against the database to see trends and do security analyzes. You can also for example trace a user activity over many systems. This is a general guide how to deploy ACS. The ACS collector is your management server that collects audit events from your agents, ACS forwarders.

COOPSMGR is my ACS server, you should replace that with your ACS server hostname.

The first step is to install Audit Collection Server. This can be done from the Ops Mgr 2007 Setup. On the last page of the wizard, before you click “Finish”, verify that the setup has been successfully.

The next step is to enable audit collection on an agent.  

  1. Start the console, click monitoring and then state view
  2. Right-click Monitoring and create a new state view, name ACS, choose to show data related to Agent. Then leave all default settings and click OK
  3. Click on you new state view, right-click on a agent and choose Health Service Tasks, Enable Audit Collection
  4. In the Run Task – Enable Audit Collection, verify your settings and click Run
  5. In the Task Status – Enable Audit Collection, verify that the task output is successfully and then click Close

Now you have enable audit collection on that machine, audit events are forwarded to your collector in realtime. You need to verify that the Operations Manager Audit Collection Service is running on your collector. Look in the services console to verify that.

The next set is to setup ACS reporting. It is in ACS reporting you will see the result of the collected data.

  1. Copy the X:\ReportModels\ACS directory from your installation source to a directory on your server, for example C:\ACS
  2. Copy the X:\SupportTools\ReportingConfig.exe from your installation source to the same directory
  3. Open a commando prompt and change to the C:\ACS directory
  4. Run the following commando: UploadAuditReports.cmd COOpsMgr http://coopsmgr/reportserver C:\ACS .COOpsMgr is my ACS db server and http://coopsmgr/reportserver is the URL to my reporting service and C:\ is where is saved the files. (There might be a couple of warnings… but you can verify the commando in the next step if you find all objects)
  5. Start Internet Explorer and open http://opsmgr/reports , click Audit Reports and then show details
  6. Click Db Audit
  7. Change “Connect using” to “Windows Integrated security”
  8. Verify that the connection string is pointing at your database after catalog and data source is pointing to your servername
  9. Click Apply and then go back to the Audit Reports folder (there is a link at the top of the page)
  10. Close Internet Explorer

You can now, or at least after a while, open ACS report in the Console and see collected data the ACS reports. The prefered way is to look at reports in the Console, not as in MOM 2005 where you used Internet Explorer and SQL Reporting Console (http://coopsmgr/Reports)

 

 

RMS Disaster Recovery

July 11, 2007 / 2 Comments on RMS Disaster Recovery

I saw a question about disaster recovery, how to deploy a new root management server (RMS) if the first goes down. In this post I will tell about a test I did regarding this topic.

The RMS is the first management server installed in the management group. The RMS hold some special roles, if these roles are offline, the management group will not work. One of the steps during deployment are to backup the root management server key. This key will be used when promote another server to RMS, if the first RMS goes down. This means that you must have the key to recover, do not forget to backup it. If you don´t have the key there is no way to promote another server to become root management server. The root management server support cluster, so there don´t need to be a single point of failure, remember this when you design your Operations Manager 2007 environment. 

First I took a backup of the key on my RMS.

  1. Copy SecureStorageBackup.exe from the installation CD (X:\SupportTools) to the Ops Mgr installation directory (C:\Program Files\System Center Operations Manager 2007\)
  2. Open a command prompt and go to the installation directory
  3. Run the following commando: SecureStorageBackup.exe Backup C:\BackupOfKey.bin
  4. You will be asked to input a password to protect the file

Now I have a backup of my RMS, C:\BackupOfKey.bin. I took a copy of this file to another machine.
The next step was to shutdown my RMS server. After that I could see that my agents had lost connection to the management server. A member server with Ops Mgr console could not start the console anymore, “Failed to connect to server COOPSMGR02, The sdk service is either not running or not yet initialized”.

I installed a new 2003 Server (with the same IP and hostname), ran all updates, joined the domain and install Ops Mgr 2007 again. Choose to install all the components that the RMS had before for example web console, console, server and power shell.
After the installation the console started on the new server. All agents was connected again and could receive new rules, if I looked in the services console I could see that the SDK Service and Config Service was running, I could verify that the servers was RMS by looking in the console. I had a new RMS, and I didn’t needed the key.

I read that all run-as accounts are lost if the key is not restored, but I tried uninstall a agent with the management action account and it was successfully. But that account could also be saved somewhere else and therefore work. To test that I did some more operations.
I setup a simple task to do something at a machine. I configure the task to run with a new run as profile. I ran the task and verified that the task was using the new run as account. The next step was to do everything one more time to see if my new run-as account disappear during the reinstallation of the RMS, at least if the password disappear.

  1. I shut down my RMS
  2. My member server could no longer start the console, my agents could no longer connect to a management server
  3. I installed a new server with the same OS, IP and hostname
  4. I installed Ops Mgr 2007 with all components that I had before on my RMS

I started the console on my new RMS, everything seems fine and the machine is root management server according to the console. I run my special task and I could see in the output that it was running with my run as account. In other words, the password or account information had not disappear during the restore, and I had not restore the key from the first RMS.

 

Heartbeat Failure Notification

July 7, 2007

In this post I will short show you how to setup a notification only for health service heartbeat failure. I have seen a number of questions in the groups about this. If you haven´t configure notification channels yet, you can follow my other guide about that, here.

  1. Start the console, click Administration, expand notifications and right-click subscriptions, choose to create a new notification subscription
  2. Create Notification Subscription Wizard – General: Input a name and add recipients, click Next
  3. Create Notification Subscription Wizard – User Role Filter: Click Next
  4. Create Notification Subscription Wizard – Groups: Leave default settings, all groups. We want notification from all machines, click Next
  5. Create Notification Subscription Wizard – Classes: Choose only “Health Service Watcher”, click Next
  6. Create Notification Subscription Wizard – Alert Criteria: Choose, Only Errors, with high priority, both new and closed resolution state and all category. Click Next
  7. Create Notification Subscription Wizard – Alert Aging: Leave default setting, do not… , click Next
  8. Create Notification Subscription Wizard – Formats: Coose to use the default e-mail format, click Finish

If you want to narrow down category too, you can choose only “StateCollection” as category.

Post navigation

Older posts