Home » 2009 » July

Monthly Archives: July 2009

Configure Command Notification in R2

July 30, 2009 / 26 Comments on Configure Command Notification in R2

There has been a number of questions about the command notification channel in Technet forums. Here is a example how to configure a command notification channel, a subscriber for the channel and a subscription. This example configure a command notification channel to run a vbscript. The vbscript echo a time stamp and the alertname to a local file.

1. Go to Administration/Notification/Channels and create a new command notification channel. For example
Channel name: Contoso Command Notification Channel
Full path of the command file: C:\windows\system32\cmd.exe
Command line paramters: /c C:\logfile.vbs $Data/Context/DataItem/AlertName$
Startup folder for the command line: C:\

2. Go to Subscribers and create a new subscriber
Subscriber name: Contoso Command Line Subscriber (note that you do not need to select a AD user)
Schedule: Always send notification
Addresses: Added a new address
-Address name: Contoso Command Address
-Channel type: Command
-Command Channel: Contoso Command Notification Channel
-Delivery address for the selected channel: I just left this with default, something about sip: but it resultet in a blank field, so just leave it
-Schedule: Always send notification

3. Goto Subscriptions and add a new subscription, for example
Name: Contoso Command Line Subscription
Criteria: with a specific resolution state: new(0) and closed (255)
Subscribers: Contoso Command Line Subscriber
Channel: Contoso Command Notification Channel
Summary: Make sure the channel is enabled

Thats it, and the logfile.vbs looks like:

' ******************************************
' GET PARAMETERS INTO SCRIPT
' ******************************************
strAlert = Wscript.Arguments.Item(0)

‘ ******************************************
‘ LOG TO FILE (DATE,TIME,TO,ALERT NAME,STATE
‘ ******************************************
Dim Stuff, myFSO, WriteStuff, dateStamp
strdateStamp = Date()
strTimeStamp = Time()
‘Write information to Text File
Stuff = strDateStamp & “,” & strTimeStamp & “,” & strAlert
Set myFSO = CreateObject(“Scripting.FileSystemObject”)
Set WriteStuff = myFSO.OpenTextFile(“opsmgr_notification_logfile.txt”, 8, True)
WriteStuff.WriteLine(Stuff)
WriteStuff.Close

More info about command notification channel here.

Ops Mgr R2 and multiple gateway servers

July 24, 2009 / 12 Comments on Ops Mgr R2 and multiple gateway servers

Some time ago I posted an article about gateway servers, Ops Mgr R2 and Server 2008. This week I have extended that scenario by adding two more management servers and one more gateway server.

To make this scenario work I had to configure both my gateway servers to use corp-MS03 and corp-MS02 as primary and secondary management servers. You can do that with operations manager command shell.

Log on to a machine with command shell installed, for example a workstation. Run the following script (save it as a .ps1 script file)

$primaryMS = Get-ManagementServer | where {$_.Name -eq 'corp-ms02.corp.contoso.local'}
$failoverMS = Get-ManagementServer | where {$_.Name -eq 'corp-r2.corp.contoso.local'}
$gatewayMS = Get-GatewayManagementServer | where {$_.Name -eq 'dmz01'}
Set-ManagementServer -GatewayManagementServer: $gatewayMS -primarymanagementserver: $primaryMS -FailoverServer: $failoverMS

That script configure the gateway server, DMZ01, to use corp-MS02 as primary management server and corp-R2 as failover management server. When you run this command you have to be aware that when the current management server gets this update it will stop accepting connections from your gateway server (if it is not primary or failover management server in the new configuration). That could result in a orphaned gateway server, the gateway server is not allowed to communicate with any management server. If this happends you will have to logon to your gateway server, check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Group\<Management Group Name>\Parent Health Services\0 and look for the authenticationName string. You must then run the set-managementserver cmdlet again and change the management server back to the one in the register. To make sure you don´t end up with orphaned gateway servers use your current management server as failover server in your script, then the gateway server can receive new configuration from the new failover server (current management server) and when you have confirm the configuration change, you can update the failover server for the gateway server.

To verify that your gateway server has received the new configuration you can look in the OpsMgrConnector.Config.XML file on your Gateway server, search for Parents in the file. Default location is C:\Program Files\System Center operations Manager 2007\Health Service State\Connector Configuration Cache\.

You can also run the following command shell commands to see he primary and failover server for a gateway server

Get-GatewayManagementServer | where {$_.Name -like 'DMZ01'} | Get-PrimaryManagementServer
Get-GatewayManagementServer | where {$_.Name -like 'DMZ01'} | Get-FailoverManagementServer

If everything looks ok, you could now run the power shell script again, and update the failoverMS to the correct failover management server.

To configure the agent to communicate with the two gateway servers I ran the following two scripts. corp-r2 was the primary/only management server for the agent when I started.

$primaryMS = Get-GatewayManagementServer | where {$_.Name -eq 'dmz01'}
$failoverMS = Get-ManagementServer | where {$_.Name -eq 'corp-r2.corp.contoso.local'}
$agent = Get-agent | where {$_.Name -eq 'DMZ-A01'}
Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

after I verified that the agent had recived the new configuration I ran

$primaryMS = Get-GatewayManagementServer | where {$_.Name -eq 'dmz01'}
$failoverMS = Get-gatewayManagementServer | where {$_.Name -eq 'dmz-02'}
$agent = Get-agent | where {$_.Name -eq 'DMZ-A01'}
Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

The result of these commands is that my agent (DMZ-A01) can communicate with both gateway servers. Both my gateway servers can communicate with both my management servers. If I shutdown DMZ01 my agent, DMZ-A01, failover to DMZ-02. If I start DMZ01 again the agent will automatic return to DMZ01. If I shutdown corp-MS02 my gateway server will automatic failover to corp-ms03. If I shutdown one gateway server and one management server the agent will still communicate with the management group.

List Status for Resource Groups

July 17, 2009 / Leave a comment

If you want to see the active node for a cluster group you can do that with a task. Create a task target to “Cluster Node”, then add the following command line configuration

Full path to file: %WINDIR%\system32\cluster.exe
Parameters: $Target/Property[Type="MicrosoftWindowsClusterManagementLibrary6065680!Microsoft.Windows.Cluster.Node"]/ClusterName$ group

You can then run the task from the Cluster Node State view in the cluster MP. The task will list status for all available resource groups.

Detect all SQL Server cluster resources

July 17, 2009 / 4 Comments on Detect all SQL Server cluster resources

A couple of days I ago when I was working with a SQL cluster I found something interesting. I had problem with a SQL cluster, Operations Manager 2007 R2 only found the first network name in my cluster group, not the one for my SQL cluster. After some time I found the following text in the SQL management pack guide:

Having a SQL Server cluster resource group that contains more than one network name resource might mean that the clustered SQL Server resource is not monitored. For more information, see Knowledge Base article 919594.

…and KB 919594 tells you

To resolve this issue, configure existing resources in the cluster group so that System Center Operations Manager or MOM detects the virtual server, or create and configure the necessary resources. For example, you may have to create a generic application resource that does nothing. This generic application resource will enable System Center Operations Manager or MOM to discover the virtual server on which the resource is hosted.

Note If more than one Network Name resource is configured in a group, System Center Operations Manager or MOM uses the first network name that it detects as the name of the virtual server..

As soon as I had re-organized my cluster resources for SQL into a new cluster group Operations Manager 2007 R2 found the other cluster resource group and the SQL running on it. It also discovered all the SQL components for example databases and logical disks.

There is a KB article about this, KB959865, that shows you another solution, where you can do a override and enable “Multiple Servers Discovery” within the cluster MP.

Cluster

50216 Operations Manager 2007: Advanced Configuration and Administration

July 9, 2009 / 11 Comments on 50216 Operations Manager 2007: Advanced Configuration and Administration

This week Microsoft Learning released a new Operations Manager 2007 R2 instructor-led (classroom) course for IT Professionals. It is a 3-days course that will cover the following topics in deep, level 400.

 This course was written by myself and Maarten Goet. Maarten is also a Microsoft MVP within Operations Manager. We have tried to add as much “real world scenarios” and field experience as possible into this course and hope you will learn a lot!

Module 1: Architecture and Troubleshooting
This module will explain how the ‘internals’ of Operations Manager work and how to troubleshoot

Module 2: Management Packs
This module will explain management pack architecture and how to author a management pack.

Module 3: Reporting
This module will explain how to develop custom reports.

Module 4: Connectors
This module will explain how to connect Operations Manager to remote systems, like a ticketing system.

Module 5: Advanced Scripting and PowerShell
This module will explain how to build and work with Operations Manager scripting and PowerShell.

For more info about the course, please take a look here. If you want to attend this course in the the Nordic countries, please take a look here.

Changing Passwords with Operations Manager

July 3, 2009 / 5 Comments on Changing Passwords with Operations Manager

Yesterday when I was going to do some tests in one of my labs I could not remember the password. Fortunately the Operations Manager R2 RMS machine was unlocked so I could use it. I then created a rule that ran a modification of the following script on each machine, and swish! I could logon again 🙂

Set WshNetwork = WScript.CreateObject("WScript.Network")
strComputer = WshNetwork.ComputerName
strComputer = "."
Set objUser = GetObject("WinNT://" & strComputer & "/Administrator,user")
objUser.SetPassword "NewPasswordHere"
objUser.SetInfo

With that in mind it is funny how some organization look at security and accounts. It is not unusual that a consultant or co-worker get Administrator permissions or Author permissions in Operations Manager, but they would never get full exchange administrator or domain administrator permissions in the environment.

Some interesting link regarding the subject, Ops Mgr security guide and Ops Mgr Security Hardening Guide.