Ops Mgr R2 and multiple gateway servers

Some time ago I posted an article about gateway servers, Ops Mgr R2 and Server 2008. This week I have extended that scenario by adding two more management servers and one more gateway server.

To make this scenario work I had to configure both my gateway servers to use corp-MS03 and corp-MS02 as primary and secondary management servers. You can do that with operations manager command shell.

Log on to a machine with command shell installed, for example a workstation. Run the following script (save it as a .ps1 script file)

$primaryMS = Get-ManagementServer | where {$_.Name -eq 'corp-ms02.corp.contoso.local'}
$failoverMS = Get-ManagementServer | where {$_.Name -eq 'corp-r2.corp.contoso.local'}
$gatewayMS = Get-GatewayManagementServer | where {$_.Name -eq 'dmz01'}
Set-ManagementServer -GatewayManagementServer: $gatewayMS -primarymanagementserver: $primaryMS -FailoverServer: $failoverMS

That script configure the gateway server, DMZ01, to use corp-MS02 as primary management server and corp-R2 as failover management server. When you run this command you have to be aware that when the current management server gets this update it will stop accepting connections from your gateway server (if it is not primary or failover management server in the new configuration). That could result in a orphaned gateway server, the gateway server is not allowed to communicate with any management server. If this happends you will have to logon to your gateway server, check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Server Management Group\<Management Group Name>\Parent Health Services\0 and look for the authenticationName string. You must then run the set-managementserver cmdlet again and change the management server back to the one in the register. To make sure you don´t end up with orphaned gateway servers use your current management server as failover server in your script, then the gateway server can receive new configuration from the new failover server (current management server) and when you have confirm the configuration change, you can update the failover server for the gateway server.

To verify that your gateway server has received the new configuration you can look in the OpsMgrConnector.Config.XML file on your Gateway server, search for Parents in the file. Default location is C:\Program Files\System Center operations Manager 2007\Health Service State\Connector Configuration Cache\.

You can also run the following command shell commands to see he primary and failover server for a gateway server

Get-GatewayManagementServer | where {$_.Name -like 'DMZ01'} | Get-PrimaryManagementServer
Get-GatewayManagementServer | where {$_.Name -like 'DMZ01'} | Get-FailoverManagementServer

If everything looks ok, you could now run the power shell script again, and update the failoverMS to the correct failover management server.

To configure the agent to communicate with the two gateway servers I ran the following two scripts. corp-r2 was the primary/only management server for the agent when I started.

$primaryMS = Get-GatewayManagementServer | where {$_.Name -eq 'dmz01'}
$failoverMS = Get-ManagementServer | where {$_.Name -eq 'corp-r2.corp.contoso.local'}
$agent = Get-agent | where {$_.Name -eq 'DMZ-A01'}
Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

after I verified that the agent had recived the new configuration I ran

$primaryMS = Get-GatewayManagementServer | where {$_.Name -eq 'dmz01'}
$failoverMS = Get-gatewayManagementServer | where {$_.Name -eq 'dmz-02'}
$agent = Get-agent | where {$_.Name -eq 'DMZ-A01'}
Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS

The result of these commands is that my agent (DMZ-A01) can communicate with both gateway servers. Both my gateway servers can communicate with both my management servers. If I shutdown DMZ01 my agent, DMZ-A01, failover to DMZ-02. If I start DMZ01 again the agent will automatic return to DMZ01. If I shutdown corp-MS02 my gateway server will automatic failover to corp-ms03. If I shutdown one gateway server and one management server the agent will still communicate with the management group.

About

Microsoft

11 thoughts on “Ops Mgr R2 and multiple gateway servers

  1. Hi, it was years since I configured this last time 🙂 But I don’t think you should put management servers or gateway servers between NLB as authentication with Kerberos or certificate will not work then. Explain a bit more about your scenario and I will see if I can help more.

  2. Hello , Thanks for all your help
    please if we have 2 Gateway servers as your scenario and we need the 2 gateway refering to our scom Management server with Windows NLB( 2 management servers) , how we can do this ??

  3. I did a little script for adding a failover server to a gateway

    ########################################
    # Gateway Server : Primary / Failover
    # Autor : Christopher Keyaert
    # Email : christopher@vnext.be
    # Website : http://www.vnext.be
    # Date : 8 DEC 2010
    # Version : 0.1
    #
    # Inspired by : http://contoso.se/blog/?p=831
    ########################################
    # PARAM
    ########################################

    #FQN NAME
    $RMS = “xxx.CONTOSO.COM”
    $Gateway = “xxx.CONTOSO.COM”
    $PrimaryMS = “xxx.CONTOSO.COM”
    $failoverMS = “xxx.CONTOSO.COM”

    #Waiting time
    $WaitingTime = 3 # Minutes

    ########################################
    # SNAP-IN + RMS Conenction
    ########################################
    if(-not (Get-pssnapin | Where-Object {$_.Name -eq “Microsoft.EnterpriseManagement.OperationsManager.Client”}))
    {
    Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
    }

    new-managementGroupConnection -ConnectionString:$RMS
    Set-Location “OperationsManagerMonitoring::” -ErrorVariable errSnapin ;
    Set-Location $RMS -ErrorVariable errSnapin ;

    ########################################
    # SCRIPT
    ########################################

    Write-Host “#######################”
    Write-Host “# Gateway Failover #”
    Write-Host “#######################”
    Write-Host “”
    Write-Host “Gateway : “$Gateway
    Write-Host “Primary : “$PrimaryMS
    Write-Host “Failover : “$FailoverMS
    Write-Host “”

    #Get server details
    $primaryMS = Get-ManagementServer | where {$_.Name -eq $PrimaryMS}
    $failoverMS = Get-ManagementServer | where {$_.Name -eq $failoverMS}
    $gatewayMS = Get-GatewayManagementServer | where {$_.Name -eq $Gateway}

    #Get current primary
    $CurrentPrimary = $gatewayMS | Get-PrimaryManagementServer

    #Set Primary as failover for configuration transfert
    Set-ManagementServer -GatewayManagementServer: $gatewayMS -primarymanagementserver: $primaryMS -FailoverServer: $CurrentPrimary

    #Wait for config change
    For($i = $WaitingTime; $i -gt 0; $i–)
    {
    Write-Host “Waiting $i minutes for configuration changes”
    Start-Sleep 60
    }

    #Set the real configuration
    Set-ManagementServer -GatewayManagementServer: $gatewayMS -primarymanagementserver: $primaryMS -FailoverServer: $failoverMS

    #You can also run the following command shell commands to see he primary and failover server for a gateway server

    $CheckPrimary = Get-GatewayManagementServer | where {$_.Name -like $Gateway} | Get-PrimaryManagementServer
    If($CheckPrimary.Name -eq $PrimaryMS)
    {Write-Host “Primary server OK : $PrimaryMS”}
    else{Write-Host “Primary server Failed : “$CheckPrimary.Name}

    $CheckFailover = Get-GatewayManagementServer | where {$_.Name -like $Gateway} | Get-FailoverManagementServer
    If($CheckFailover.Name -eq $failoverMS)
    {Write-Host “FailOver server OK : “$failoverMS}
    else{Write-Host “FailOver server Failed : “$CheckFailover.Name}

    Write-Host “”
    Write-Host “END.”

  4. Thanks for the info, a quick question. In order to set up agent failover between two gateway servers, how are your agent computers set up? Are they in a domain or a workgroup config? I suppose you need to install x.509 certs to enable communication between agent and Gateway servers in a workgroup environment as no Kerberos boundry is there. How do you set up two gateway servers in this scenario?

  5. You could also do like this:

    $primaryMS = Get-ManagementServer | where {$_.Name -eq ‘corp-ms02.corp.contoso.local’}
    $failoverMS = Get-ManagementServer | where {$_.Name -eq ‘corp-r2.corp.contoso.local’}
    $failoverMS2 = Get-ManagementServer | where {$_.Name -eq ‘corp-ms03.corp.contoso.local’}
    $gatewayMS = Get-GatewayManagementServer | where {$_.Name -eq ‘dmz01’}
    Set-ManagementServer -GatewayManagementServer: $gatewayMS -primarymanagementserver: $primaryMS -FailoverServer: $failoverMS,$failoverMS2

    This will give you both CORP-R2 and CORP-MS03 as failover hosts.

  6. great comment! Thanks. I did not post that command, but

    “To make sure you don´t end up with orphaned gateway servers use your current management server as failover server in your script, then the gateway server can receive new configuration from the new failover server (current management server) and when you have confirm the configuration change, you can update the failover server for the gateway server.”

    So after I ran the first command (that I have in the post) I ran it again to configure the failover management server.

  7. Great topic to blog about and it covers some much needed info…

    One quick question – you mention the following: “If I shutdown corp-MS02 my gateway server will automatic failover to corp-ms03.”

    How does the ‘corp-ms03’ come into play if in your PS script you determine the following:

    Primary MS = corp-ms02.corp.contoso.local
    and
    Failover MS = corp-r2.corp.contoso.local

    Did I mis-read something in your post?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.