I installed a gateway server on Windows server 2008 X64 this week. Here are some steps from what I did. I started with installing a new standalone root certificate authority on a Windows Server 2008 X64 domain controller (DC01) with the following steps.

1. Add role
2. Active Directory Certificate Services
3. Certification Authority and Certification Authority Web Enrollment
4. Standalone, this CA does not use Directory Service data to issue or manage certificates
5. Root CA
6. Create a new private key
7. Default values on cryptography, CA Name, validity period (5 years), certificate database, web server (IIS), Role services
8. Confirm and install, the close the wizard

After that installed the root CA certificate and a certificate on both my management server (corp-R2) and on the gateway server (DMZ01).

1. From both the gateway server and the management server, browse to http://dc01/certsrv

2. Add http://dc01 to your trusted sites in IE
3. Download a CA certificate, certificate chain, or CRL
4. Download CA Certificate chain
5. Once the cert is downloaded, open a MMC with the Certificates (Local Computer) snap-in and import the certificate under Trusted Root Certification Authorities

There is a tool, certificate generation wizard, that you can download here, it can make gateway scenarios easier.

CertGenWizard.exe is a wizard tool which will take your CA information as input (it isn’t required if you are running the wizard on the box with the CA), take in the computer names (has to be FQDNs), and send out a request for the certificates you need. Now, you no longer have to fill out the Certificate Request form or enter parameters or connect to the web enrollment service. Once the certificates are approved, there is a Retrieve button in the CertGenWizard which will allow you to retrieve the certificates that you have requested. On top of the personal certificates, the wizard will retrieve the root CA certificate.

The next step is to request and install the proper certificate from the root CA server, this needs to be done on both the gateway and the management server.

1. From both the gateway server and the management server, browse to http://dc01/certsrv
2. Request a certificate
3. Advanced certificate request
4. Create and submit a request to this CA

5. If you get a error saying that the CA must be configured to use HTTPS authentication, change the security settings for trusted sites zone, enable Initialize and script ActiveX controls not marked as safe for scripting. Then reload the page
6. Input
Name, needs to be FQDN of the machine, for example dc01.corp.contoso.local
Type of certificate needed: Other
OID: 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
CSP: Microsoft Enhanced Cryptographic Provider v1.0
Check Mark keys as exportable
Name: needs to be FQDN of the machine, for example dc01.corp.contoso.local
7. Submit the request
8. On your root CA, open the Certification Authority console, issue the certificate under pending requests
9. On the machine that request a certificate, browse to http://dc01/certsrv
10. View the status of a pending certificate request
11. Install the certificate by clicking on it
12. Open a MMC with the Certificates snap-in, for “my user account”. Under Personal certificates, export the certificate including the private key.
13. Open a MMC with the Certificates snap-in, for “local computer”. Import the certificate under personal certificates.

When both your gateway machine and your management server has each two certificates, the next step will be to run the MOMCertImport.exe tool on your management server. This tool will import the certificate into Operations Manager, writes the serial number of the certificate to use to the registry so Operations Manager components can determine which certificate to use for authentication. Run the tool and select the certificate to use. Then restart the System Center Management service on the management server.

Now it is time to approve the new gateway server. This is done with the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe. This tool depends on a dll file in the Operations Manager installation folder, copy the approval tool to that folder. Run the tool and approve your gateway, for example

Microsoft.EnterpriseManagement.GatewayApprovalTool.exe /ManagementServerName=corp-r2.corp.contoso.local /GatewayName=DMZ01 /SiteName=DMZ /Action=Create

Next step is to install the gateway server. You need to copy the MOMCertImport.exe and the suitable gateway folder (for example AMD64) from the installation source to your gateway server. You need the whole gateway folder, including MOMGateway.msi and tree cabinet files named OMGW, SCXAGTS and OMAGTMGT). The run the MOMGateway.msi as administrator. It will fail if you not run it as administrator. Input the FQDN of the management server and the name of the management group. Select a action account, if you unsure, select local system and click next. When the installation of the gateway server is complete, run MOMCertImport.exe and import the certificate. Then restart the System Center Management service (HealthService).

Open the Operations Manager console and verify that your new gateway server is green and healthy. You can now move on and start install agents.

Late yesterday the RTM of Operations Manager 2007 R2 was approved, which immediately initiated the next stage of the process … getting this latest version of Microsoft’s end-to-end monitoring product for IT environments and datacenters out to YOU! Read more in our overview whitepaper, What’s New datasheet, or download the trial, and see customer stories and more information on our pages on Microsoft.com and TechNet.

The trial version of Operations Manager 2007 R2 RTM (build 7221) is now available via the Microsoft Download Center. General Availability of the product will be 1st July 2009, at which point new and existing customers will be able to obtain the bits from their respective customer download centers, such as MVLS.

In addition to the updated product documentation, our overview whitepaper, and what’s new datasheet, newly released collateral includes a number of new datasheets that include:

Reducing the cost of data center management with Operations Manager 2007 R2
Monitoring UNIX/Linux with Operations Manager 2007 R2
Tracking Service Levels with Operations Manager 2007 R2
Interoperability Connectors for Operations Manager 2007 R2
Some of you have also have the opportunity to try our new hands on labs at our MMS and TechEd events this year, which cover topics such as installation, introduction, management pack authoring, and more. We’re busily upgrading these with the RTM bits, and they will be available for you to use via the TechNet Online virtual labs next month (June).

In addition to downloading the trial (or if you’re waiting for the upgrade or full product bits to arrive in your customer portal):

Check out our TechNet Webcast Series on Operations Manager 2007 R2:
Introducing Operations Manager 2007 R2 (Level 300)
Monitoring .NET and Web Applications with System Center Operations Manager 2007 R2
Operations Manager 2007 R2 Deployment and Upgrade Best Practices
Operations Manager 2007 R2 Agentless Client Monitoring
Successfully Monitor UNIX and Linux Alongside Your Windows Infrastructure with Operations Manager 2007 R2 (Level 300)
Developing Custom Reports and Operational Dashboards with Operations Manager 2007 R2 (Level 400)
Monitoring .NET and Web Applications with System Center Operations Manager 2007 R2
System Center Operations Manager 2007 R2 Interoperability Connectors

Watch our TechNet EDGE Video Blogs (more on their way!):
Introduction to Operations Manager R2
Visio Integration with Operations Manager 2007 R2
Microsoft Management Summit 2009 Day 1 Keynote Recap with Brad Anderson

Learn about v2.0 of the Service Level Dashboard from our Solution Accelerators team, which lets you measure and report application or system performance & availability in near real time across your organization through Microsoft SharePoint. Download the Service Level Dashboard from the System Center Catalog (available shortly).

Check out our new community portal, System Center Central for downloads, discussions with our MVPs, and much, much more!

Source: the system center team blog

By default Exchange 2007 only log logons to the server, not to which mailbox. With the following cmdlet we can enable mailbox access auditing on our mailbox servers.

Set-EventLogLevel “MSExchangeIS\9000 Private\Logons” –level low

Note that there might be times, special with older Outlook clients) when other users will access other mailboxes to see details about for example calendar appointments. So a login event can be a simple check in the calendar. When I booked a meeting between two users, with Outlook 2007, I did not notice a extra security extra.
When we have enable audit of mailbox access we can use a collection rule in Operations Manager to collect them and store them in the data warehouse. I will use event IT 1009 in this example, event ID 1009 is an indication that the specified user account logged into the specified mailbox.

Event ID 1016

Start by creating a new rule, authoring/rules/create a rule/collection rule/NT event log. The collection rule will only collect, not generate any alerts. In my example I used Windows Server 2008 Computer as target. I created the rule disable as default. Then override and enable it for a group including a couple of Exchange mailbox server computer objects.

Event ID 1016 is also interesting. When a user access a mailbox another mailbox, then its primary mailbox, you will see a event with ID 1016.
The next step is to create a report. You can use the generic Custom Event report to create a linked report showing all the events. Run the Custom Event report and select your windows server 2008 computers as objects, filter the report for example in my example Event ID equals 1009. Note that you have to check its checkbox for every report field you want to include. If you check any checkboxes you will get a empty report.

If you don’t like the default event report you can author a new in Visual Studio. You can read my guide about that here and use the following query when building the data set in Visual Studio. In this query I have two parameters, keyword01 and keyword02. That is two parameters that the report operator can input as words to search for in the event description, for example a username and a mailbox name.

SELECT Event.vEvent.DateTime, vEventPublisher.EventPublisherName AS 'EventSource', vEventLoggingComputer.ComputerName AS 'Computer',
Event.vEvent.EventDisplayNumber AS 'EventID', vEventChannel.EventChannelTitle, Event.vEventDetail.RenderedDescription AS 'EventDescription'
FROM Event.vEvent LEFT OUTER JOIN
vEventCategory ON Event.vEvent.EventCategoryRowId = vEventCategory.EventCategoryRowId LEFT OUTER JOIN
vEventPublisher ON Event.vEvent.EventPublisherRowId = vEventPublisher.EventPublisherRowId LEFT OUTER JOIN
vEventLoggingComputer ON Event.vEvent.LoggingComputerRowId = vEventLoggingComputer.EventLoggingComputerRowId LEFT OUTER JOIN
vEventLevel ON Event.vEvent.EventLevelId = vEventLevel.EventLevelId LEFT OUTER JOIN
vEventChannel ON Event.vEvent.EventChannelRowId = vEventChannel.EventChannelRowId LEFT OUTER JOIN
Event.vEventDetail ON Event.vEvent.EventOriginId = Event.vEventDetail.EventOriginId
WHERE (Event.vEvent.EventDisplayNumber = '1009' OR
Event.vEvent.EventDisplayNumber = '1016') AND (Event.vEventDetail.RenderedDescription LIKE '%' + @keyword01 + '%') AND
(Event.vEventDetail.RenderedDescription LIKE '%' + @keyword02 + '%')
ORDER BY Event.vEvent.DateTime DESC

When running a performance report against a group you get a average value for all the members of the group. Often you need the report to specify each member of the group in the report. You can of course add each member of the group as object to the report. Another solution is to build a report where you can input a group. That will save you some time if you already have updated groups you want to run reports against. The following query can be run against a group that contains computer objects, it will then find the members of the group and run the report against each of them.


SELECT vManagedEntity.ManagedEntityGuid, vManagedEntityTypeImage.Image, Perf.vPerfHourly.DateTime, Perf.vPerfHourly.SampleCount, Perf.vPerfHourly.AverageValue,
Perf.vPerfHourly.StandardDeviation, Perf.vPerfHourly.MaxValue, vManagedEntity.FullName, vManagedEntity.Path, vManagedEntity.Name,
vManagedEntity.DisplayName, vManagedEntity.ManagedEntityDefaultName, vPerformanceRuleInstance.InstanceName, vPerformanceRule.ObjectName,
vPerformanceRule.CounterName
FROM Perf.vPerfHourly INNER JOIN
vManagedEntity ON Perf.vPerfHourly.ManagedEntityRowId = vManagedEntity.ManagedEntityRowId INNER JOIN
vManagedEntityType ON vManagedEntity.ManagedEntityTypeRowId = vManagedEntityType.ManagedEntityTypeRowId LEFT OUTER JOIN
vManagedEntityTypeImage ON vManagedEntityType.ManagedEntityTypeRowId = vManagedEntityTypeImage.ManagedEntityTypeRowId INNER JOIN
vPerformanceRuleInstance ON vPerformanceRuleInstance.PerformanceRuleInstanceRowId = Perf.vPerfHourly.PerformanceRuleInstanceRowId INNER JOIN
vPerformanceRule ON vPerformanceRuleInstance.RuleRowId = vPerformanceRule.RuleRowId
WHERE (vPerformanceRule.CounterName LIKE N'%Available MBytes%') and (Perf.vPerfHourly.DateTime > @ReportParameter2 and Perf.vPerfHourly.DateTime < @ReportParameter3)

ORDER BY Perf.vPerfHourly.DateTime


In this example the report will show the “Available MBytes” performance counter for a group that you input as parameter @Group. It will show data between @ReportParameter2 and @ReportParameter3 (dates). I get all groups from the database by this query


Select DISTINCT BMESource.DisplayName as [Group Name]
From OperationsManager.dbo.BaseManagedEntity BMESource
Inner Join OperationsManager.dbo.Relationship R
On R.SourceEntityId = BMESource.BaseManagedEntityId
Inner Join OperationsManager.dbo.BaseManagedEntity BMETarget
On R.TargetEntityId = BMETarget.BaseManagedEntityId


The two date parameters, @ReportParameter2 and @ReportParameter3 I get from two queries that returns current data and current date minus seven days.

SELECT convert(date,getdate(),21)
SELECT convert(date,dateadd(day,-7,getdate()),21)

In my report I also added a matrix to show the values. I added the following line as BackgroundColor on the data value cell. This will give me a red background on every value below 100, in this example each time a machine had less than 100 Mb free memory. =iif(Fields!AverageValue.Value < 50, "Red", "White")
Big thanks to Mike Eisenstein for good ideas and SQL help.

You can use a basic service monitor to restart, but even if Ops Mgr restarts the service automatic you need to keep an eye on it. You don’t want Operations Manager to restart the service every two minute, if it does, you need to get notified and investigate the root cause. To keep an eye on this your can use a repeated event detection monitor, that will generate an alert if the service is restarted to often. In this example I will create a monitor to monitor the print spooler (spooler) service and restart it if needed. I will also create a monitor to look at “the print spooler service entered the running state” events. If there are more then four events within one hour Operations Manager will generate an alert.

1. Authoring > Monitors > New Monitor > Windows Services > Basic Service Monitor
2. General: Name, Description and target for example Windows Server 2008 Computer
3. Service Details: spooler
4. Configure Health: Next
5. Configure Alerts: Check generate alerts for this monitor, Create
6. Right-click the new monitor and select properties from the context menu
7. Click the Diagnostic and Recovery tab
8. Add a recovery task that (make sure to get the recovery target correct)
– Recalculate monitor state after recovery finishes
– Run a command
– Full path to file: C:\Windows\System32\cmd.exe
– Parameters: /C net start spooler
9. Create, Ok

… next step is create a monitor that will keep track service restarts

1. Authoring > Monitors > New Monitor > Windows Events > Repeated Event Detection
2. General: Name, Description and target for example Windows Server 2008 Computer
3. Event Log Name: System
-Event Expression:
-Event ID: 7036
-Event Level: Information
– EventDescription contains Spooler
- EventDescription contains running
4. Repeat Settings:
– Counting mode, trigger on count sliding, compare count 4
– based on items occurrence within a time interval, interval 1, hours
5. Configure Health: Next
6. Configure Alerts: Check generate alerts for this monitor, Create