I finally found out the issue why this script was not working for everybody. It was because of the different versions of PowerShell. Now it should also work on PowerShell v2.
Another possible fix to the empty ComputerGroupsMembernames issue.
Last week I saw a request for a PowerShell script which would put all the members of a OM2012 Computer Group in Maintenance Mode, so this could be used with the Task Scheduler.
I know there are quite some alternative when it comes to putting instances in Maintenance Mode, but I thought it would be cool to create the mother-of-all maintenance mode PowerShell scripts for OM2012 :-)
This PowerShell script can be run standalone or scheduled with the Task Scheduler and has the following cool features:
Ok enough about the features, here is the script:
####################################################################################################################### # Puts a OM2012 Computer Group in Maintenance Mode using PowerShell # Author: Stefan Stranger (Microsoft) # Example usage: Run Get-Help Get-SCOMMaintenanceModeForGroups.ps1 -Examples # Disclamer: This program source code is provided "AS IS" without warranty representation or condition of any kind # either express or implied, including but not limited to conditions or other terms of merchantability and/or # fitness for a particular purpose. The user assumes the entire risk as to the accuracy and the use of this # program code. # Tested on PowerShell v3 and OM2012 environment # Date: 03-07-2012 # Name: Get-SCOMMaintenanceModeForGroups.ps1 # v1.000 - 03-07-2012 - Stefan Stranger - initial sstranger's release # v1.001 - 06-07-2012 - Stefan Stranger - Added Eventlog and WhatIf Switch # v1.003 - 07-11-2012 - Stefan Stranger - Fixed issue on PowerShell v2, Now works on v2 and v3 # v1.004 - 16-11-2012 - Stefan Stranger - Fixed issue with empty GroupMembershipNames issue######################################################################################################################## <# .SYNOPSIS Places all members of a SCOM Computer Group in into maintenance mode, and creates new active maintenance mode entries. .DESCRIPTION The Start-MaintenanceModeForGroups script places all members of a SCOM Computer Group into maintenance mode, and creates new active maintenance mode entries. When in maintenance mode, alerts, notifications, rules, monitors, automatic responses, state changes, and new alerts are suppressed for the class instance. .EXAMPLE Start-SCOMMaintenanceModeForGroup.ps1 -ComputerGroup "All Windows Computers" -EndTime 10 -Reason "UnplannedOther" -Comment "Testing Maintenance Mode" -Verbose Puts all Members of the "All Windows Computer" Group in Maintenance Mode for 10 minutes, with Reason "UnplannedOther" and with Comment "Testing Maintenance Mode". Adding Verbose information. .EXAMPLE Start-SCOMMaintenanceModeForGroup.ps1 -ComputerGroup "All Windows Computers" -EndTime 10 -Reason "UnplannedOther" -Comment "Testing Maintenance Mode" -Eventlog Puts all Members of the "All Windows Computer" Group in Maintenance Mode for 10 minutes, with Reason "UnplannedOther" and with Comment "Testing Maintenance Mode". Writing Eventlog information to the "Operations Manager" Eventlog (eventid 998 and eventid 999). Can be used for tracking and debugging when Task Scheduler is being used. .EXAMPLE Start-SCOMMaintenanceModeForGroup.ps1 -ComputerGroup "All Windows Computers" -EndTime 10 -Reason "UnplannedOther" -Comment "Testing Maintenance Mode" -WhatIf Using the WhatIf switch shows which Members of the "All Windows Computer" Group would be put in Maintenance Mode if you had run the script. So the members are not really put into maintenance mode. For testing purposes. .PARAMETER ComputerGroup The SCOM Computer Group name for which members you want to put in Maintenance Mode. .PARAMETER EndTime Specifies the time the maintenance will end. The minimum amount of time a resource can be in maintenance mode is 5 minutes. .PARAMETER Reason Specifies the reason for placing the resource into maintenance mode. Valid values are: UnplannedOther, PlannedHardwareMaintenance, UnplannedHardwareMaintenance, PlannedHardwareInstallation, UnplannedHardwareInstallation, PlannedOperatingSystemReconfiguration, UnplannedOperatingSystemReconfiguration, PlannedApplicationMaintenance, ApplicationInstallation, ApplicationUnresponsive, ApplicationUnstable, SecurityIssue, LossOfNetworkConnectivity .Parameter Comment Allows you to type a comment about the maintenance activity. .Parameter EventLog Writes information to the "Operations Manager" Eventlog to track what is happening. .Link http://blogs.technet.com/stefan_stranger#> #requires -version 2.0 [CmdletBinding(SupportsShouldProcess=$true)] param ( [Parameter(Mandatory=$True, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='What is the ComputerGroup you want to put in Maintenance Mode?')] [Alias("Group")] [string[]]$ComputerGroup, [Parameter(Mandatory=$True, ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$True, HelpMessage='Specifies the time the maintenance will end. The minimum amount of time a resource can be in maintenance mode is 5 minutes. This is a required parameter')] [int]$EndTime, [Parameter(Mandatory=$False, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='UnplannedOther, PlannedHardwareMaintenance, UnplannedHardwareMaintenance, PlannedHardwareInstallation, UnplannedHardwareInstallation, PlannedOperatingSystemReconfiguration, UnplannedOperatingSystemReconfiguration, PlannedApplicationMaintenance, ApplicationInstallation, ApplicationUnresponsive, ApplicationUnstable, SecurityIssue, LossOfNetworkConnectivity')] [string]$Reason, [Parameter(Mandatory=$False, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='Allows you to type a comment about the maintenance activity.')] [string]$Comment, [switch]$EventLog ) set-strictmode -version latest $start=Get-Date $currentlog = $start.ToString() Write-Verbose "Starting $($myinvocation.mycommand)" Write-Verbose "Ready to put ComputerGroup $ComputerGroup in Maintenance Mode" Function Start-SCOMMaintenanceModeForGroup { <# .SYNOPSIS Sets a SCOM Group in Maintenance Mode .DESCRIPTION Sets the members of a SCOM Group in Maintenance Mode .EXAMPLE Start-SCOMMaintenanceModeForGroup -ComputerGroup "All Windows Computers" -EndTime 10 -Reason "UnplannedOther" -Comment "Testing Maintenance Mode" -Verbose .PARAMETER ComputerGroup The SCOM Computer Group name for which members you want to put in Maintenance Mode. .PARAMETER EndTime Specifies the time the maintenance will end. The minimum amount of time a resource can be in maintenance mode is 5 minutes. .PARAMETER Reason Specifies the reason for placing the resource into maintenance mode. Valid values are: UnplannedOther, PlannedHardwareMaintenance, UnplannedHardwareMaintenance, PlannedHardwareInstallation, UnplannedHardwareInstallation, PlannedOperatingSystemReconfiguration, UnplannedOperatingSystemReconfiguration, PlannedApplicationMaintenance, ApplicationInstallation, ApplicationUnresponsive, ApplicationUnstable, SecurityIssue, LossOfNetworkConnectivity .Parameter Comment Allows you to type a comment about the maintenance activity. .Link http://blogs.technet.com/stefan_stranger #> [CmdletBinding(SupportsShouldProcess=$true)] param ( [Parameter(Mandatory=$True, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='What is the ComputerGroup you want to put in Maintenance Mode?')] [Alias("Group")] [string[]]$ComputerGroup, [Parameter(Mandatory=$True, ValueFromPipeline=$false, ValueFromPipelineByPropertyName=$True, HelpMessage='Specifies the time the maintenance will end. The minimum amount of time a resource can be in maintenance mode is 5 minutes. This is a required parameter')] [int]$EndTime, [Parameter(Mandatory=$False, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='UnplannedOther, PlannedHardwareMaintenance, UnplannedHardwareMaintenance, PlannedHardwareInstallation, UnplannedHardwareInstallation, PlannedOperatingSystemReconfiguration, UnplannedOperatingSystemReconfiguration, PlannedApplicationMaintenance, ApplicationInstallation, ApplicationUnresponsive, ApplicationUnstable, SecurityIssue, LossOfNetworkConnectivity')] [string]$Reason, [Parameter(Mandatory=$False, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True, HelpMessage='Allows you to type a comment about the maintenance activity.')] [string]$Comment, [switch]$EventLog ) Begin { Write-Verbose "Starting Function Start-SCOMMaintenanceModeForGroup Function" #Check for minumum Maintenance mode period of 5 mins. if($endtime -lt 5) { Write-Error "The time span for the maintenance mode should be at least 5 minutes." -ErrorAction Stop } Write-Verbose "Following Group Members will be put in Maintenance Mode:" $ComputerGroupMembers = Get-SCOMMonitoringObject -DisplayName $ComputerGroup if($ComputerGroupMembers) { #$ComputerGroupMemberNames = ($ComputerGroupMembers.getrelatedMonitoringObjects() | select DisplayName).DisplayName $ComputerGroupMemberNames = ($ComputerGroupMembers.getrelatedMonitoringObjects() | select DisplayName) Write-Verbose "$ComputerGroupMemberNames" #Retrieve Management Servers so we can check if we don't put Management Servers in MM. $MSs = Get-SCOMManagementServer } else { Write-Error "No Members of ComputerGroup $ComputerGroup found" -ErrorAction Stop } } #End Begin Process { #Put Agents in Maintenance Mode foreach ($agent in $ComputerGroupMembers.getrelatedMonitoringObjects()) { Write-Verbose "Checking if ComputerGroup Member $agent is not a Management Server" if(($MSs | Select DisplayName) -eq $agent) { Write-Verbose "We don't want to put a Management Server in MM. Skipping" } else { Write-Verbose "Let's put Agent $Agent in Maintenance Mode" $Instance = Get-SCOMClassInstance -Name $Agent if ($PSCmdlet.ShouldProcess("Putting $Agent in Maintenande Mode for $($Endtime) minutes") ) { #Added 5 seconds to EndTime to prevent failing the Start-SCOMMaintenanceMode cmdlet. Min. 5 mins is needed. Start-SCOMMaintenanceMode -Instance $Instance -EndTime ([System.DateTime]::Now).AddSeconds(5).addMinutes($EndTime) -Reason $Reason -Comment $Comment }#End of whatif }#End of else }#End Foreach if ($PSBoundParameters['EventLog']) { write-eventlog -LogName "Operations Manager" -Source "OpsMgr SDK Service" -EventID 999 -message "The following Objects are put into in Maintenance Mode for $($EndTime) minutes: $($ComputerGroupMembers.getrelatedMonitoringObjects())" }#End if } #End Process End { Write-Verbose "Finished Function Start-SCOMMaintenanceModeForGroup Function" } } #Main try { if ($PSBoundParameters['EventLog']) { write-eventlog -LogName "Operations Manager" -Source "OpsMgr SDK Service" -EventID 998 -message "The $($myinvocation.mycommand) is used to put Objects in Maintenance Mode" } Write-Verbose "Checking if OperationsManager Module is loaded" #Check if OperationsManager Module is loaded. if(!(Get-Module OperationsManager)) { Write-Verbose "Importing OperationsManager Module" Import-Module OperationsManager -ErrorAction Stop } Write-Verbose "Checking for OM2012 environment" #Check if OM2012 is being used. if(!(Get-Module OperationsManager).Description -eq "Operations Manager OperationsManagerV10 Module") { Write-Error "This script is only for OM2012" } #Call Function if ($PSBoundParameters['EventLog']) { Start-SCOMMaintenanceModeForGroup -ComputerGroup $ComputerGroup -EndTime $EndTime -Reason $Reason -Comment $Comment -EventLog } else { Start-SCOMMaintenanceModeForGroup -ComputerGroup $ComputerGroup -EndTime $EndTime -Reason $Reason -Comment $Comment } } #End Try catch [System.IO.FileNotFoundException] { "OperationsManager Module not found" $_.Exception.Message } catch { Write-Warning "Oops something went wrong" $_.Exception.Message } $end=Get-Date Write-Debug ("Total processing time {0}" -f ($end-$start).ToString()) Write-Verbose "Ending $($myinvocation.mycommand)"
You can use the Get-Help Get-SCOMMaintenanceModeForGroups.ps1 –full command in PowerShell to see the complete help for this script.
Example using the –WhatIf switch
Let’s do the real deal and put some members of my “Stefan – OM2012 Maintenance Computer Group” in Maintenance Mode for 5 minutes.
Result:
How do use this cool PowerShell script to schedule Maintenance Mode using the Task Scheduler?
Steps:
Save script as: D:\Scripts\OM2012\Start-SCOMMaintenanceModeForGroups.ps1
Open TaskScheduler (on OM2012 Management Server or where you have installed the Operations Manager Console)
Create a new Task
Enter Name and make sure the user account under which the Scheduled Task is running is having enough permissions in SCOM. Select Run with Highest privileges.
Configure Trigger
Add action
Program/script: powershell.exe
Add argument (optional): D:\Scripts\OM2012\Start-SCOMMaintenanceModeForGroups.ps1 -ComputerGroup 'Stefan - OM2012 Maintenance Computer Group' -EndTime 5 -Reason "UnplannedOther" –Comment 'Testing MM' -Eventlog
Remark: Make sure you use single quotes of ComputerGroup, Reason or Comment Parameters if space are being used in the name.
Enter Credentials
If you have scheduled to script using the EventLog Switch toy can look in the Operations Manager Eventlog for auditing info.
You can download the script from the Script Center Repository: http://gallery.technet.microsoft.com/scriptcenter/Put-OM2012-Computer-Group-43902672
Have fun!
How often do you get the question: “What Monitors, Rules and Discoveries are running on an OpsMgr Agent?” from your co-workers? Especially when they don’t have a clue what is being monitored for their servers.
Most of the time you just use the EffectiveConfigurationViewer from the OpsMgr Resource Kit. It let’s you pick different objects, besides the Agents you are monitoring with OpsMgr.
It’s shows quite some interesting information and let’s you export the result to an XML file. But that’s not always your co-workers want’s to see. IMO they often want to have an Excel sheet with all the Monitors and Rules running on a specific Agent. That’s what they understand and can easily read.
What options do you have now?
Let’s look at the options.
Build some wrapper around the exported XML file
This is possible, but would not give us all the information we would like to see. It can only give us the Monitor/Rule or Discovery Name and it’s state. We are interested in much more, like: Name, Description, Type, Management Pack, Overrides, etc.
So let’s skip this option.
Use a third-party tool
In the next version of MP Studio a new feature called Silect’s Agent Explorer will be added. I’m lucky to be able to test the latest evaluation version of MP Studio and it will be able to give you almost all the information you probably need.
If you want to see what Monitors, Rules and Discoveries are running on an Agent, you can use the Explore workflow tasks feature (Agent Explorer) to view all workflows running on all agents or a specific server.
It will give you an overview of all Workflows running on a specified Agent and you can export the result to Excel.
This is almost what I want to see. The only thing I’m missing in the current Agent Explorer feature is if there are overrides configured for a Monitor, Rule or Discovery. I talked with Randy Roffey from Silect about this, and he told me that would be challenge, because there can be be multiple override settings for the same workflow. Good point, but it would be nice to see if there are any overrides for a workflow, than you can always manually check the configured overrides later.
PowerShell script that does the magic
The last option we have is to create a PowerShell script that does all we want. And what do we want? We want an Excel sheet with all Monitors, Rules and Discoveries running on an Agent, with their Type, DisplayName, Description, possible Override and ManagementPack.
Here you can see again 768 workflows running on the OpsMgr Agent (just like in MP Studio) but it also shows if there is an Override* being configured for the Monitor, Rule or Discovery. This still does not mean that the override is applicable for the Agent though.
* Retrieving the Override information can be a time (CPU and Memory) consuming exercise, so I commented that part of the PowerShell script.
Drawback I found using this script is the impact on the CPU and Memory when running this script and the time it takes before this script finishes. So you may take that into consideration when you run this script. First it retrieves all the Monitors, Rules and Discoveries and saves that in Memory and loops through this data in memory for finding the workflow information.
When I tested this script in my small OpsMgr 2007 R2 environment it took 1:47 seconds to run.
But it can also take much longer , like 27 minutes in another larger OpsMgr 2007 R2 environment.
If you are still interested to give the script a try, here it is:
############################################################################### # Get OpsMgr 2007 Running Workflows using PowerShell # This script retrieves the workflows running on an OpsMgr Agent # Authors: Jeremy Pavleck & Stefan Stranger (Microsoft) # Example usage (run from OpsMgr Command Shell): Get-OpsMgrWorkflows_v1.ps1 -agentname "myagent.contoso.com" | export-csv -path c:\temp\workflows.csv # Date: 30-11-2010 # Name: Get-AgentWorkflows_v1.ps1 # Remarks: Warning: Script is CPU and Memory intensive!! # Retrieving the overrides for the Monitors, Rules and Discoveries turned out to be a time, CPU and Memory consuming exercise and I disabled it. # You can enable it by Uncommenting that part of the script if you want to. # Script needs to run in PowerShell version 2. # v1.000 - 30/11/2010 - stefstr - initial sstranger's release ############################################################################### param ([string]$agentname = $(read-host "Please enter OpsMgr Agent Name")) function Get-AgentWorkflow($agentname) { #Original Script from Jeremy Pavleck. #http://www.pavleck.net/2008/06/sp1-gem-finding-rules-running-on-remote-agents/ #Use the OpsMgr Task Show Running Rules and Monitors. $taskobj = Get-Task | Where-Object {$_.Name -eq "Microsoft.SystemCenter.GetAllRunningWorkflows"} # Grab HealthService class object $hsobj = Get-MonitoringClass -name "Microsoft.SystemCenter.HealthService" # Find HealthService object defined for named server $monobj = Get-MonitoringObject -MonitoringClass $hsobj | Where-Object {$_.DisplayName -match $agentname} #Start Task GetAllRunningWorkflows $taskOut = Start-Task -Task $taskobj -TargetMonitoringObject $monobj [xml]$taskXML = $taskOut.OutPut #Get Workflows $workflows=$taskXML.selectnodes("/DataItem/Details/Instance/Workflow") #Retrieve Monitors $monitors = get-monitor #Retrieve Rules $rules = get-rule #Retrieve Discoveries" #Used the Group-object because there are some discovery rules with the same DisplayName $discoveries = get-discovery | select-object -Unique #Get Overrides" #monitoroverrides = foreach ($monitor in Get-ManagementPack | get-override | where {$_.monitor}) {get-monitor | where {$_.Id -eq $monitor.monitor.id}} #$rulesoverrides = foreach ($rule in Get-ManagementPack | get-override | where {$_.rule}) {get-rule | where {$_.Id -eq $rule.rule.id}} #$discoveryoverrides = foreach ($discovery in Get-ManagementPack | get-override | where {$_.discovery}) {get-discovery | where {$_.Id -eq $discovery.discovery.id}} #Check for each workflow if it's a Rule or Monitor or Discovery. foreach ($workflow in $workflows) { #Check for Monitor $monitor = $monitors | where-object {$_.Name -eq $workflow."#text"} if ($monitor -eq $null) { #Check for Rule $rule = $rules | where-object {$_.Name -eq $workflow."#text"} if ($rule -eq $null) { #Check for Discovery $discovery = $discoveries | where-object {$_.Name -eq $workflow."#text"} if ($discovery -eq $null) { } else { #Get ManagementPack $mp = $discovery.getmanagementpack() #Check if Discovery has an override #$flag = $discoveryoverrides | Where-Object {$_.DisplayName -eq $discovery.DisplayName} #if ($flag -eq $null) #{ # $override = "false" #} #else #{ # $override = "true" #} $discobject = new-object System.Management.Automation.PSObject $discobject = $discobject | add-member -membertype NoteProperty -name Type -value "Discovery" -passthru $discobject = $discobject | add-member -membertype NoteProperty -name DisplayName -value $discovery.DisplayName -passthru $discobject = $discobject | add-member -membertype NoteProperty -name Description -value $discovery.Description -passthru #$discobject = $discobject | add-member -membertype NoteProperty -name Override -value $override -passthru $discobject = $discobject | add-member -membertype NoteProperty -name ManagementPack -value $mp.DisplayName -passthru $discobject } } else { $mp = $rule.getmanagementpack() #Check if Rule has an override #$flag = $ruleoverrides | Where-Object {$_.DisplayName -eq $rule.DisplayName} #if ($flag -eq $null) #{ # $override = "false" #} #else #{ # $override = "true" #} $ruleobject = new-object System.Management.Automation.PSObject $ruleobject = $ruleobject | add-member -membertype NoteProperty -name Type -value "Rule" -passthru $ruleobject = $ruleobject | add-member -membertype NoteProperty -name DisplayName -value $rule.DisplayName -passthru $ruleobject = $ruleobject | add-member -membertype NoteProperty -name Description -value $rule.Description -passthru #$ruleobject = $ruleobject | add-member -membertype NoteProperty -name Override -value $override -passthru $ruleobject = $ruleobject | add-member -membertype NoteProperty -name ManagementPack -value $mp.DisplayName -passthru $ruleobject } } else { #Get ManagementPack for Monitor $mp = $monitor.getmanagementpack() #Check if Monitor has an override #$flag = $monitoroverrides | Where-Object {$_.DisplayName -eq $monitor.DisplayName} #if ($flag -eq $null) #{ # $override = "false" #} #else #{ # $override = "true" #} $monitorobject = new-object System.Management.Automation.PSObject $monitorobject = $monitorobject | add-member -membertype NoteProperty -name Type -value "Monitor" -passthru $monitorobject = $monitorobject | add-member -membertype NoteProperty -name DisplayName -value $monitor.DisplayName -passthru $monitorobject = $monitorobject | add-member -membertype NoteProperty -name Description -value $monitor.Description -passthru #$monitorobject = $monitorobject | add-member -membertype NoteProperty -name Override -value $override -passthru $monitorobject = $monitorobject | add-member -membertype NoteProperty -name ManagementPack -value $mp.DisplayName -passthru $monitorobject } } } Get-AgentWorkflow $agentname
Disclaimer
This sample is not supported under any Microsoft standard support program or service. This sample is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of this sample and documentation
remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of this sample be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use this sample or documentation, even if Microsoft has been advised of the possibility of such damages.
There are so many tools currently developed that it is hard to know where to find them. Here is a list that I know of maybe it’s helpful to you.
Please let me know if I’m missing one.
Sitting at the McCarran International Airport waiting for my flight to Amsterdam (the Netherlands) I had some time to kill so I wrote a simpel PowerShell script which helps to easily download the MMS 2013 sessions from the Channel 9 RSS feed.
Using the Out-GridView Cmdlet you can easily select the sessions you are interested in. Click on Ok when finished selecting the sessions you are interested in downloading.
After creating my initial version I got some feedback that sometimes the script did not work and with the help of Jamie Moyer (also a Senior PFE like me) we made the script more robust and added extra features like a HTML Report overview.
You can even use the –verbose switch and other parameters to tweak the download folder. We hope you like the improvements.
####################################################################################################################### # Description: Download MMS 2013 Channel 9 videos # PowerShell version: 3 # Author(s): Stefan Stranger (Microsoft) # Jamie Moyer (Microsoft # Example usage: Run Get-MMS2013Channel9Videos.ps1 -path c:\temp -verbose # Select using the Out-Gridview the videos you want to download and they are stored in your myvideos folder. # You can multiple select videos, holding the ctrl key. # Disclamer: This program source code is provided "AS IS" without warranty representation or condition of any kind # either express or implied, including but not limited to conditions or other terms of merchantability and/or # fitness for a particular purpose. The user assumes the entire risk as to the accuracy and the use of this # program code. # Date: 04-13-2012 # Name: Get-MMS2013Channel9Videos.ps1 # Version: v1.001 - 04-14-2012 - Stefan Stranger - initial release # Version: v1.005 - 04-29-2013 - Jamie Moyer, Stefan Stranger - added more robustness and HTML Report ######################################################################################################################## #requires -version 3.0 [CmdletBinding()] Param ( # Path where to store video's locally [Parameter(Mandatory=$false, Position=0)] $Path = [environment]::getfolderpath("myvideos") + "\MMS2013", [Parameter(Mandatory=$false, Position=1)] $rssfeed = "http://channel9.msdn.com/Events/MMS/2013/RSS" ) function Get-NewFileName($name) { Write-Verbose "Calling Get-NewFileName Function" $r=$Path+"\"+(($name -replace "[^\w\s\-]*") -replace "\s+") + ".wmv";$r } Write-Verbose "Remove last slash if added using the downloaddirectory Parameter" if ($path.EndsWith("\")){$path = $path.Substring(0,$path.Length-1)} write-verbose "Path is: $path" Write-Verbose "Checking if Download directory $Path exists" if(!(test-path $Path -PathType Container)) { Write-Verbose "Creating $Path" New-Item -ItemType Directory $Path | Out-Null } Write-Verbose "Downloading RSS Feed Items from $rssfeed" $feeditems = Invoke-RestMethod $rssfeed [array]$feeditemsWithDetails = $feeditems | select Title, Summary, Duration, Enclosure,creator | Add-Member -MemberType ScriptProperty -Name AlreadyDownloaded -Value {(test-path("$Path\$($this.enclosure.url.split('/')[6])"))} -PassThru -Force | Add-Member -MemberType ScriptProperty -Name Destination -Value {("$Path\$($this.enclosure.url.split('/')[6])")} -PassThru -Force | Add-Member -MemberType ScriptProperty -Name Source -Value {$this.enclosure.url} -PassThru -Force | select AlreadyDownloaded,Title, Summary, Duration, Enclosure,Source,Destination,creator | sort Title Write-Verbose "Add all already downloaded items back to the list" $duplicateVideoNames = $feeditemsWithDetails |sort name| group destination | where-object {$_.Name -ne "" -and $_.Count -gt 1} | ForEach-Object {$_.Group} Write-Verbose "Remove the posts with duplicate file names from the feeditemsSelected array" $feeditemsSelected = @($feeditemsSelected | Where-Object {$duplicateVideoNames -notcontains $_}) Write-Verbose "Change video names to filenames, check to see if they are downloaded already and added them back to the array with updated details" $duplicateVideoNames | foreach-object { $newDestination = Get-NewFileName $_.Title $_.Destination = $newDestination $_.AlreadyDownloaded = (Test-Path $newDestination) $feeditemsWithDetails += $_ } Write-Verbose "Open Out-GridView to select vidoes to download" [array]$feeditemsSelected = $feeditemsWithDetails| Out-GridView -PassThru | select AlreadyDownloaded,Title, Summary, Duration, Enclosure,Source,Destination Write-Verbose "Downloading videos" $feeditemsSelected |Where-Object{!(Test-Path $_.Destination)} | select Source,Destination | Start-BitsTransfer -Priority Normal | Out-Null Write-Verbose "Add all already downloaded items back to the list" $feeditemsWithDetails | where-object {$_.AlreadyDownloaded} | foreach-object { if(-not [bool]($feeditemsSelected | Select-String $_.Title -Quiet)) { $feeditemsSelected += $_ } } Write-Verbose "Create HTML Report" $feeditemsSelected | sort Name | Out-Null $html = $feeditemsSelected |?{Test-Path "$($_.Destination)"} | % {@" <H4><a href="$($_.Destination)">$($_.Title)</a></H4> <H5>Speaker(s): $($_.creator)</H5> <H5>$($_.Summary)</H5> "@} Write-Verbose "Open HTML Report" ConvertTo-Html -Head "<h1>My Downloaded MMS Videos - $($feeditemsSelected.Count) Downloaded</h1>" -Body $html | Out-File $Path\MyMMSContent.html;start "$Path\MyMMSContent.html"
In between my PowerShell activities, I’ll visiting the Microsoft Management Summit in Las Vegas next week. This week I’m delivering a PowerShell workshop in the Netherlands, and when returning from MMS I’ll again be teaching a PowerShell workshop before going to the PowerShell Summit in Redmond. So it’s going to be a busy month traveling to the US and back.
While preparing my PowerShell workshop this week I wanted to have a look at the sessions for MMS 2013 and went to the Sessions catalog on the www.2013mms.com website.
Because I could not find an option to export all sessions to a Excel sheet, I created a PowerShell script which retrieves all sessions and makes it possible to export the result to a csv file using the Export-CSV cmdlet.
If you want you can do many more fun things with the results, let me know what you created.
Remarks:
####################################################################################################################### # Description: Get-MMS2013 Sessions. This script retrieves the sessions from the http://www.2013mms.com website # You need to have access to the website to retrieve the sessions. # Example usage: Export all sessions to cvs file using the export-csv cmdlet. # Get-MMS2013Session.ps1 | export-csv -path c:\temp\mms2013sessions.csv -NoTypeInformation # Author: Stefan Stranger (Microsoft) # Example usage: Run Get-MMS2013Session.ps1 # Disclamer: This program source code is provided "AS IS" without warranty representation or condition of any kind # either express or implied, including but not limited to conditions or other terms of merchantability and/or # fitness for a particular purpose. The user assumes the entire risk as to the accuracy and the use of this # program code. # Date: 04-02-2013 # Name: Get-MMS2013Session.ps1 # Version: v1.000 - 04-02-2013 - Stefan Stranger - initial release ######################################################################################################################## $mms = Invoke-WebRequest -Uri "http://www.2013mms.com/Topic/List?format=html&Keyword=&Categories=&Timeslot=&Speaker=&Day=&Start=&Finish=&oc=&take=-1&skip=0&_=1364899913083" $sessions = $mms.ParsedHtml.getElementsByTagName("div") | Where "classname" -match "^topic" | Select -ExpandProperty InnerText foreach ($session in $sessions) { #$count++; $count; $session; $session = $session.split("`n",6); #Check Sessiontype. Switch -Wildcard ($session[0]) { '*-B*' {#Check for missing products if ($session[4] -like "Product(s)*"){ $session | &{ [pscustomobject]@{ Session = $session[0] Speaker = $session[1] Track = $session[2] SessionType = $session[3] Product= $session[4] Description = $session[5] } #End pscustomobject } #end call } #end if else { $session | &{ [pscustomobject]@{ Session = $session[0] Speaker = $session[1] Track = $session[2] SessionType = $session[3] Product= "" Description = $session[4] } #End pscustomobject } #end call } #end else } '*-L*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = "" Track = $session[1] SessionType = $session[2] Product = "" Description = $session[3] } #End pscustomobject } #end call } '*-IL*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = "" Track = $session[1] SessionType = $session[2] Product = "" Description = $session[3] } #End pscustomobject } #end call } 'BO*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = "" Track = "" SessionType = $session[1] Product = "" Description = $session[2] } #End pscustomobject } #end call } 'EXM*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = $session[1] Track = "" SessionType = $session[2] Product = $session[3] Description = $session[4] } #End pscustomobject } #end call } 'MMS*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = $session[1] Track = "" SessionType = $session[2] Product = "" Description = $session[3] } #End pscustomobject } #end call } 'KEY*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = $session[1] Track = "" SessionType = $session[2] Product = "" Description = $session[3] } #End pscustomobject } #end call } 'MSP*' {$session | &{ [pscustomobject]@{ Session = $session[0] Speaker = "" Track = "" SessionType = $session[1] Product = "" Description = $session[2] } #End pscustomobject } #end call } Default {#Write-Host "$($session[0]) session id not specified in script" -ForegroundColor Red; $session | &{ [pscustomobject]@{ Session = $session[0] Speaker = $session[1] Track = "" SessionType = $session[2] Product = "" Description = "$($session[0]) session id not specified in script" } #End pscustomobject } #end cal } } }
Do you want to contact me during MMS or the PowerShell summit just send me a message on Twitter and who knows we can talk about Operations Manager or PowerShell or some other great topic!
After posting some years ago a blog post with all the OpsMgr 2007 tools I thought it would be time for a new OM2012 Toolbox blog post.
The previous version 1.7 (that works with OpsMgr 2007 and 2007 R2) was released here. Version 2.1.2 has been updated to work with OpsMgr 2012, and now includes support for MPB files (MP Bundles) as well as the ability to Unseal and Unpack MP Bundles. Warning: only MP Bundles that contain a single ManagementPack are supported; there are some Service Manager MPBs that contain multiple ManagementPacks in a single bundle, and this tool currently cannot deal correctly with those.
This utility allows you to compare Management Packs between your Operations Manager and/or Service Manager environments.
Online catalog check is also available.
Changes in this version:
SCOMTypeView is a tool help MPAuthor visualize ManagementPackClass, ManagementPackRelationship, showing them in treeview. The most important, you can see how the specific MonitoringObject is connected with other MonitoringObject. This tool connect to your local ManagementGroup, showing real data in time.
Coretech XML Connector for SCOM 2012
The Alert Update Connector can modify alert custom fields with additional information useful for situations like controlling alert forwarding to incident management systems and help reduce noise in the incident creation process.
In OpsMgr 2012, we provided users the ability to create customized dashboards using the OpsMgr 2012 console. The GTM.exe tool provided in this blog allows you to build off these dashboard investments, in particular we allow you to accomplish three specific tasks that you cannot do via the console.
1. Turn IT Pro Console created dashboards into shippable MPs by stripping out management group specific parameters (removes MG GUIDs from dashboard MPs)
2. Provides the ability to have a custom dashboard show up under any Management Pack folder in the Monitoring view.
3. Have a custom dashboard be launched from the task pane when you pick a specific computer or object.
Let me please know if I’m missing some other great OM2012 tools.
Some time ago I showed you can use PowerShell to create Events for OpsMgr 2007. And according to the comments quite some people have questions about Event parameters. After creating the first version of the PowerShell Create Events for OpsMgr 2007 script, Ken added some functionality and one was modifying the question to not only add a EventLog Description but also a EventLog Parameter.
I found some info on MOM 2005 parameters on Rory McCaw’s weblog, but except that article I could not find much info on Event Log parameters. So hopefully this will explain what parameters are and how they can be used in OpsMgr 2007.
Every Windows event has description text that is filled in by the values of different parameters. You can find the Eventlog parameters of an event by using the Log Parser. (if you know an easier way on Windows 2003 Servers let me know). Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.
Example of EventLog Parameters in an Eventlog:
C:\Program Files\Log Parser 2.2>LogParser.exe "SELECT Top1 Strings AS Parameters FROM Application WHERE EventID=301"
So in this example you can use four parameters in your OpsMgr Rules or Monitor.
Eventlog Parameters can be used in OpsMgr Rules and Monitors. An example where you can find EventLog Parameters used is the Windows Activation State Monitor in the Windows Server 2003 MP. This is a 3 State Event Log Monitor and this monitor looks for EventLog Parameters and the values found in the Eventlog change the state of the monitor.
Healthy: Look for EventId 1006 in Application Log of Source Windows Product Activation Warning: Look for EventId 1005 in Application Log of Source Windows Product Activation and Params/Param[1] > 6 =< 15 Critical: Look for EventId 1005 in Application Log of Source Windows Product Activation and Params/Param[1] =< 6
You can use the PowerShell Create Events script from Ken to test your monitors or rules with with one EventLog parameter. So it won’t work if you need to test a Rule or Monitor which uses more than one parameter in the Eventlog.
So if you want to test the Windows Activation State Monitor and want to Change the State to Critical, you need to create an Event with the next values:
More info about this event can be found on EventID.Net
I helped a customer creating a OpsMgr Monitor for checking if the there has been a SQL Full or Differential Backup within a specified number of hours. David Scheltens created the SQL query.
Remark: Please read information on System Center Central for more info on this article.
This is how you could create this kind of monitor in your own environment.
<SimpleExpression>
<ValueExpression>
<XPathQueryType="Integer">Property[@Name='NumHours'] </XPathQuery>
</ValueExpression>
<Operator>Greater</Operator>
<ValueType="Integer">20</Value>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<Operator>LessEqual</Operator>
</SuccessExpression>
15. Enable the Monitor via an Override.
Remark: You may need to Use a Run As Account with the right permission for this Monitor.
In Operations Manager 2007, Run As Profiles and Run As Accounts are used to select users with the privileges needed for running rules, tasks, and monitors. Management Pack authors create a rule, task, or monitor, and then associate it with a Run As Profile. The named Run As Profile is imported along with the Management Pack into Operations Manager 2007.
The Operations Manager 2007 administrator creates a named Run As Account and specifies users and groups. The administrator then adds the Run As Account to the Run As Profile and specifies the target computers that the account should run on.
The goal in this short tutorial is to create a Timed Script Two State Monitor and associate a run as account to this monitor and save it all in a Management Pack. The Timed Script Two State Monitor is a vbscript that uses WMI to check if BizTalk orchestrations are not started.
I’ve got some great help from Jakub Oleksy (http://blogs.msdn.com/jakuboleksy/default.aspx) and Steve Wilson (http://www.authormps.com/dnn/)
You can download the tutorial here.
Source: Bink.nu
Last month we released our Remote Desktop Connection Manager on MS Download. I’v been using this great tool for quite some time now and I would recommend taking a look.
This is really a great Remote Desktop Connection tool.
It has been some time ago I posted my last blogpost, because the last couple of week have been quite emotional. My mother has been diagnosed with Lymphoma and had her first chemo last week. I tried to support my mum as much as possible and we got some great help from friends and relatives in these difficult times.
We all hope the chemo will help cure my mum, but for now we can only hope for the best. So if you wondered why it has been so quiet on this blog and on twitter this is the reason.
Stefan
Today I did my Microsoft System Center Operations Manager Configuring Exam and passed with a score of 980 points. Still room for improvement…
http://twitpic.com/1lc8
I thought it was easy, but I work with the product every day and I still love it ;-)
Because Kevin Holman has not published a blog article on the latest release of the Update Rollup 3 for System Center 2012 for Operations Manager 2012 I thought why should not I do it this time
And to be honest this time was a little different then I’ve implemented updates in years. Why?
Because this UR3 is automatically installed via Windows Update if you have enabled Windows Updates on all your OpsMgr 2012 machines off course.
Let’s first have a look at what has been fixed in this UR3 for System Center Operations Manager 2012 (KB2750631)
Not that much has been fixed in the UR3 but we still want to check if our machines have these fixes installed and if we need to do some steps our selves.
How do I check if these fixes have been installed via Windows Update?
That’s pretty easy, just go to your OpsMgr 2012 servers and open Windows Update and have a look at the Update History
Let’s have a look at one of my Management Servers:
You can also use PowerShell if you want using the following commands:
Get-Content $env:windir\windowsupdate.log | Where-Object { $_ -like '*successfully installed*Update Rollup 3 for System Center 2012*'} | Foreach-Object { $_ | select @{L="InstallDate";E={$_.Split("`t")[0]}}, @{L="Description";E={$_.Split("`t")[16]}} } | Format-Table * -Wrap
And this is the result on my other Management Server:
You can also look at the file version for some of the updated files, just like Kevin showed you in his previous posts on Update Rollups.
Checking the updated files for the Management Server Role:
Get-ItemProperty -Path "c:\Program Files\System Center 2012\Operations Manager\Server\*.dll" | select -ExpandProperty VersionInfo | where {$_.FileVersion -eq "7.0.8560.1036"} | Format-List FileName, FileVersion
You should see files with a File Version of 7.0.8560.1036
This means that the Management Server UR3 update has been installed on this Management Server.
Checking the updated files for the Web Console Role:
Checking the updated files for the Console Role:
Checking if the following Management Packs are updated:
The Management Packs for UR3 can be found in the following folder:
C:\Program Files\System Center 2012\Operations Manager\Server\Management Packs for Update Rollups
In this folder you find the following Management Pack files:
Microsoft.SystemCenter.DataWarehouse.Library.mp (version 7.0.8427.1)
Microsoft.SystemCenter.Visualization.Library.mpb (version 7.0.8560.1036)
When you check if these Management Packs are already installed this does not seem the case.
So we need to install the latest Management Packs Microsoft.SystemCenter.Visualization.Library and Microsoft.SystemCenter.WebApplicationSolutions.Library from the UR3 update manually using PowerShell.
Remark: During one the previous Update Rollups my Microsoft.SystemCenter.DataWarehouse.Library.mp (version 7.0.8427.1) was already updated to version 7.0.8427.1.
PS C:\Program Files\System Center 2012\Operations Manager\Server\Management Packs for Update Rollups> Get-ChildItem -Filter *.mpb | Import-SCOMManagementPack -PassThru
Latest MPs have been installed.
Checking if the Agents are updated with the latest updates:
Check the Pending Management Pane for Agents that need an update.
Approve Agent using PowerShell
Now I only need to install manually the UR3 update on my Agent in my DMZ.
Have fun with UR3!
Links:
While the rest of the System Center community is in Vegas for MMS2012 I’m helping customers with their questions about System Center Operations Manager 2012. To be honest I’m little jealous on all the people who are in Vegas right now.
So I created some more detailed documentation on how to start monitoring your non-domain members (workgroup servers in your DMZ) in OM2012.
It are still the same steps as in OM 2007 so if you already familiar with those steps it would be easy for you.
I created a simple Diagram to have a high-level overview on which steps are being executed on which machines.
Environment:
Some important notes:
Guide info: http://technet.microsoft.com/en-us/library/dd362655.aspx
Pre-reqs:
It is assumed that you have AD CS installed, an HTTPS binding is being used, and its associated certificate has been installed. Information about creating an HTTPS binding is available in the topic How to Configure an HTTPS Binding for a Windows Server 2008 CA.
High-Level steps:
Step 1. Download the Trusted Root (CA) certificate
[OM12MS02.demo.stranger]
Download a CA Certificate, certificate chain, or CRL
Step 2. Import the Trusted Root (CA) Certificate
Open Certificates Local Computer account MMC:
Import Certificate TrustedCA.p7b
Step 3. Create a setup information file to use with the CertReq command-line utility.
Step 4. Create a request file to use with a stand-alone CA
Step 5. Submit a request to a stand-alone CA
Request a certificate
Advanced
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Step 6. approve the pending certificate request
[W2K8R2DC1.demo.stranger]
Click Pending Request in Certificate Authority
Click on Issue
Step 7. retrieve the certificate
View status of pending certificate request
Save certificate
Download certificate
Step 8. import the certificate into the certificate store
Step 9. import the certificate into Operations Manager using MOMCertImport
Note
On 64-bit computers, type cd\SupportTools\amd64
MOMCertImport /SubjectName OM12MS02.demo.stranger
Check if everything is ok
Open the certificate that you installed on management/gateway server. Click on Details Tab and check the Serial Number.
Now navigate to HKLM\Software\Microsoft\Microsoft Operations Manager\3.0\Machine Settings and check the value of ChannelCertificateSerialNumber. Serial number of certificate should be listed backwards here in registry.
Open registry
Tada!
Pre-reqs on DMZ server:
Make sure you have installed the OM12 Agent first before starting.
Let's check the eventlog
Repeat steps for OM12DWZ01 server in workgroup
[OM12DWZ01.demo.dmz]
Step 1. Download the Trusted Root (CA) certificate.
Step 2. Import the Trusted Root (CA) certificate
CertReq –New –f RequestConfig.inf CertRequest.req
[OM12DMZ01.demo.dmz]
MOMCertImport /SubjectName OM12DMZ01.demo.dmz
Final step is approving agent
Check Security Settings in Operations Console.
Wait for Agent to turn up in Pending Approval folder
End result:
Have fun at MMS for those who are in Vegas, and for those who are not, well…
First some background info on my network at home.
So I looked for a software router which could be installed as a guest on my Hyper-V host. I started with BrazilFW, but I had trouble to get the Gateway and DNS running (failed) although a colleague was able to get BrazilFW running on Hyper-V by upgrading the SYSLINUX (bootloader for Linux). Then I tried Freesco and m0n0wall, but both would not start on Hyper-V. So I finally found Vyatta via SourceForge.
Vyatta is a Linux-based, open network operating system that integrates advanced enterprise-class routing, security, bandwidth management and more. Vyatta runs on standard x86 hardware, VMWare & Xen and offers config via Linux-shell, CLI and web GUI.
It runs on VMWare & Xen so why would not it run on Hyper-V? And I was correct it runs great on Hyper-V ;-) These are steps I’ve taken to get it running on Hyper-V.
vyatta@vyatta> configure [edit] vyatta@vyatta# set interfaces ethernet eth0 address 192.168.1.254/24 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta# exit exit vyatta@vyatta>
vyatta@vyatta> configure [edit] vyatta@vyatta# set interfaces ethernet eth1 address 192.168.2.254/24 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta# exit exit vyatta@vyatta>
vyatta@vyatta> configure [edit] vyatta@vyatta# set interfaces ethernet eth2 address 192.168.3.254/24 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta# exit exit vyatta@vyatta>
vyatta@vyatta:~$ configure [edit] vyatta@vyatta# show interfaces ethernet eth0 { address 192.168.1.254/24 description Internet hw-id 00:15:5d:00:01:22 } eth1 { address 192.168.2.254/24 description "subnet1:MOM 2005" hw-id 00:15:5d:00:01:23 } eth2 { address 192.168.3.254/24 description "subnet2:OPSMGR 2007" }
vyatta@vyatta# save Saving configuration to '/opt/vyatta/etc/config/config.boot'... Done [edit]
vyatta@vyatta# set system name-server 192.168.1.1 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta#
vyatta@vyatta# set system gateway-address 192.168.1.1 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta#
vyatta@vyatta# set firewall name block-subnet1 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 1 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 1 source address 192.168.2.0/24 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 1 action drop [edit] vyatta@vyatta# set firewall name block-subnet1 rule 2 [edit] vyatta@vyatta# set firewall name block-subnet1 rule 2 action accept vyatta@vyatta# commit [edit] vyatta@vyatta#
vyatta@vyatta# set firewall name block-subnet2 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 1 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 1 source address 192.168.3.0/24 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 1 action drop [edit] vyatta@vyatta# set firewall name block-subnet2 rule 2 [edit] vyatta@vyatta# set firewall name block-subnet2 rule 2 action accept vyatta@vyatta# commit [edit] vyatta@vyatta#
vyatta@vyatta# set interfaces ethernet eth1 firewall out name block-subnet2 [edit] vyatta@vyatta# set interfaces ethernet eth2 firewall out name block-subnet1 [edit] vyatta@vyatta# commit [edit] vyatta@vyatta#
Final configuration:
vyatta@vyatta:~$ show configuration firewall { name block-subnet1 { rule 1 { action drop source { address 192.168.2.0/24 } } rule 2 { action accept } } name block-subnet2 { rule 1 { action drop source { address 192.168.3.0/24 } } rule 2 { action accept } } name block-subnet3 { rule 1 { action drop source { address 192.168.2.0/24 } } rule 2 { action accept } rule 3 { action drop source { address 192.168.3.0/24 } } } } interfaces { ethernet eth0 { address 192.168.1.254/24 description Internet hw-id 00:15:5d:00:01:22 } ethernet eth1 { address 192.168.2.254/24 description "subnet1:MOM 2005" firewall { out { name block-subnet2 } } hw-id 00:15:5d:00:01:23 } ethernet eth2 { address 192.168.3.254/24 description "subnet2:OPSMGR 2007" firewall { out { name block-subnet1 } } hw-id 00:15:5d:00:01:24 } loopback lo { } } service { nat { rule 1 { outbound-interface eth0 source { address 192.168.2.0/24 } type masquerade } rule 2 { outbound-interface eth0 source { address 192.168.3.0/24 } type masquerade } } ssh { } } system { gateway-address 192.168.1.1 login { user root { authentication { encrypted-password **************** } } user vyatta { authentication { encrypted-password **************** } } } name-server 192.168.1.1 ntp-server 69.59.150.135 package { repository community { components main distribution stable url http://packages.vyatta.com/vyatta } } } vyatta@vyatta:~$
Don’t forget to save your configuration!
Now you are done! Check out the documentation for Vyatta before starting. I used the QuickStart and the Command Reference.
Source: internal
A colleague of mine (André) likes to have simple clean Desktop Wallpapers and he just found a System Center Desktop Wallpaper. And I like it.
Maybe you like it too. You can download it from my SkyDrive.
Some month ago I created a PowerShell Event Creator and quite some people liked what I did ;-) Now Ken has made some great additions to this PS script. How cool is that?
This are the additions he made:
I've tested it and and I like it.
You can download the new PowerShell Event Creator here.
Thanks Ken for making this PowerShell Event Creator script better!
Some weeks ago I saw a question about how to use PowerShell for the ApproveCredentialForDistribution method. This Method Approves a secure credential for distribution to a list of MonitoringObject objects or PartialMonitoringObject objects. Calling this method adds the specified list to the already existing approved list in the system.
You use this method when you add a computer to the Run As Account.
But what if you want to add not one but much more Computers to a Distribution List? In the OpsMgr Console you need to select each computer one-by-one and add the computer to the list. Would not it be cool if we could use PowerShell or some commandtool to create a script to do it automatically for us?
On the Technet System Center Forum website there is also a discussion about this topic. So I looked at the method on MSDN and tried to get this working in PowerShell. But till now I’ve not been able to get this working in PowerShell So I created a Console App in Visual Studio 2010 which seems to work ok. I’ll add the source code so you can have a look how I created the Console App. I also used nConsoler, which helped with the parsing of arguments in the console application. And finally I used ILMerge to merge the nConsoler dll in a single .NET assembly.
Program.cs:
using System; using System.Text; using Microsoft.EnterpriseManagement; using Microsoft.EnterpriseManagement.Configuration; using Microsoft.EnterpriseManagement.ConnectorFramework; using Microsoft.EnterpriseManagement.Monitoring; using Microsoft.EnterpriseManagement.Monitoring.Security; using System.Collections.Generic; using System.Collections.ObjectModel; using System.Diagnostics; using System.Xml; using System.Security; using Microsoft.EnterpriseManagement.Administration; using NConsoler; //http://nconsoler.csharpus.com/ namespace OpsMgrApproveCredentialForDistribution { class Program { static void Main(string[] args) { //NConsoler Consolery.Run(typeof(Program), args); } [Action] public static void DoWork( [Required(Description="Enter RMS Server name")] string RMS, [Required(Description="Enter RunAs Account Name")] string RunAsAccount, [Required(Description = "Enter FQDN OpsMgr Agent\n" + "\nExample: AddToDistList.exe opsmgrrms.contoso.com om_sql_mon opsmgragent.contoso.com" + "\nAdding a computer to the Distribution list on a RunAs Account application for OpsMgr 2007" + "\nemailname@hotmail.com\n" + "\nProvided 'AS IS' without warranty of any kind")] string OpsMgrAgent) { Console.WriteLine("OpsMgrApproveCredentialForDistribution - Version 1.3 - Compiled March 5, 2011"); Console.WriteLine("http://blogs.technet.com/stefan_stranger"); // Connect to the sdk service on the RMS //ManagementGroup localManagementGroup = new ManagementGroup(strRMS); ManagementGroup localManagementGroup = ConnectMG(RMS); if (localManagementGroup == null) { Console.WriteLine("Failed to connect to Root Management Server " + RMS); } else { MonitoringSecureDataCriteria runAsAccountCriteria; ReadOnlyCollection<MonitoringSecureData> runAsAccounts; Console.WriteLine("RunAs Account Username:" + RunAsAccount); runAsAccountCriteria = new MonitoringSecureDataCriteria("UserName LIKE " + "'" + RunAsAccount + "'"); runAsAccounts = localManagementGroup.GetMonitoringSecureData(runAsAccountCriteria); if (runAsAccounts.Count == 0) throw new InvalidOperationException("Error! RunAs Account not found: " + RunAsAccount); MonitoringSecureData account = runAsAccounts[0]; List<MonitoringObject> list = new List<MonitoringObject>(); // Fully qualified name of the agent-managed computer. ManagementGroupAdministration admin = localManagementGroup.GetAdministration(); string query = "Name = '" + OpsMgrAgent + "'"; AgentManagedComputerCriteria agentCriteria = new AgentManagedComputerCriteria(query); ReadOnlyCollection<AgentManagedComputer> agents = admin.GetAgentManagedComputers(agentCriteria); if (agents.Count != 1) throw new InvalidOperationException("Error! OpsMgr Agent not found: " + OpsMgrAgent); //Add OpsMgr Agent to list list.Add(agents[0].HostedHealthService); localManagementGroup.ApproveCredentialForDistribution((ISecuredData)account, list); Console.WriteLine("OpsMgr Agent " + OpsMgrAgent + " added to distribution list"); } } private static ManagementGroup ConnectMG() { throw new NotImplementedException(); } //Connect to SDK Service on Root Management Server private static ManagementGroup ConnectMG(String RMS) { Console.WriteLine("Connect to Root Management Server:" + RMS); try { ManagementGroupConnectionSettings connectionSettings = new ManagementGroupConnectionSettings(RMS); ManagementGroup localManagementGroup = ManagementGroup.Connect(connectionSettings); if (!localManagementGroup.IsConnected) { throw new InvalidOperationException("Not connected to an SDK Service."); } Console.WriteLine("Connected to Management Group {0}", localManagementGroup.Name); return localManagementGroup; } catch (Exception exception) { Console.WriteLine("\nConnection failed. " + exception.Message); if (exception.InnerException != null) { Console.WriteLine(exception.InnerException.Message); return null; } } return null; } } }
Ok let’s have a look how it works.
Scenario:
We will be adding the OpsMgr Agent OpsMgrDC01.stranger.local to the SQL MP Monitoring Account Run As Account. (yes this is just an example there is no SQL running on my Domain Controller)
Current Config SQL MP Monitoring Run As Account:
Step 1: Install AddToDistList console application on machine where OpsConsole is installed.
Just copy the AddToDistList.exe to a folder of your choice.
Step 2. Open the AddToDistList.exe from command prompt.
As you see it needs 3 parameters:
When we want to add the OpsMgrDC01.stranger.local OpsMgr Agent to the SQL MP Monitoring Account Run As Account we need to run the following:
AddToDistList.exe opsmgrrms.stranger.local om_sql_mon opsmgrdc01.stranger.local
Let’s check if the opsmgrdc01 agent is added to the distribution list.
Yes! It worked
Now you could create a script that pull’s the names of the computers that need to be added to the Distribution List from a text file and call’s the AddToDistList console application.
Download AddToDistList.exe
Download SourceCode
Disclamer:
This is provided as a sample, no support is implied. Provided 'AS IS' without warranty of any kind. I wrote it for me initially.I'm not a developer, and don't profess to be either; just to set your expectations
Tested on OpsMgr 2007 R2.
One of the great advantages of OpsMgr 2007 against MOM 2005 is that you can easily test OpsMgr 2007 scripts from the command prompt.
Just go to the C:\Program Files\System Center Operations Manager 2007\Health Service State and open a command prompt.
Type DIR /B /S *.vbs and you find all the scripts that are used on that specific agent. And if you have found your script to debug you can easily run it with cscript and see what happens.
But what if a scripts needs some parameters? Most of the time these are GUIDS and how do you find the right parameters?
A colleague of mine Dirk van Coeverden found an easy way to find these parameters.
Let’s Look at the Operational Database Space Free (%) Monitor.
This Monitor uses a vbscript GetOpsMgrDBPercentageFreeSpace.vbs which needs two parameters to work
So if we want to debug this script we need two parameters; DatabaseServerName and DatabaseName.
How do we find those parameters?
First we need to go to the Authoring Pane in the Opsmgr Console and find the monitor which runs this script.
Then we change the default timeout of the script to something smaller then the default with an override. Say 1 second.
Now we have to wait for this monitor to run again and hopefully see that the script timeouts because of the lower timeout settings. And if the script runs longer than the timeout period an event 21402 – Script ran longer than the timeout period will be created.
Now you can debug the script from the commandprompt with the correct parameters. Don’t forget to remove the overrides.
Today I’m rebuilding some of my demo servers in my demo environment and before I can install the software, some pre-requisites need to be checked. You need to check if some Windows Server Roles are installed before starting the installation.
Off course you can just use the Server Manager to check the Roles and if necessary install the missing server roles.
c
But it’s much cooler to use PowerShell to check if you have installed the needed server roles
Just open Windows PowerShell, load the ServerManager Module and run the Get-WindowsFeature Cmdlet. That’s all to it.
And if you want to can also add the missing roles using the Add-WindowsFeature Cmdlet.
Have fun learning PowerShell!
Source: http://beta.microsoftatlanta.com
What is Microsoft Codename Atlanta?
Microsoft Codename Atlanta (http://beta.microsoftatlanta.com) is an online service that analyzes installations of Microsoft SQL Server 2008 (and later versions) and provides proactive alerts to help you avoid system downtime and follow best practices with regard to configuration and usage. Atlanta is developed by the Microsoft Atlanta product group in partnership with Microsoft Support engineers to ensure that the issues customers report to Microsoft are detected before they affect your environment. Atlanta is regularly updated to reflect the most recent experiences of these engineers, who support SQL Server customers around the world.
The Atlanta environment
The Atlanta environment is made up of the Atlanta web service, hosted in the cloud, and the on-premise software, installed in your local environment. The on-premise software consists of one gateway and at least one agent. The agent collects data from your server and analyzes it using a set of rules (similar to a management pack in System Center Operations Manager) known collectively as Atlanta knowledge. The analyzed data is regularly sent from the agent to the gateway for upload to the Atlanta web service. If the data indicates an issue or a deviation from best practices, an alert is generated. By connecting a web browser to the Atlanta portal, you can view the alerts and the associated remediation guidance.
Agent
The Atlanta agent is a software component that you install on each server being monitored by Atlanta and relies on Atlanta Management Packs (MPs). These MPs define the types of data the agent monitors and collects. The monitored data is collected periodically (daily by default) and sent to the gateway for subsequent transport to the cloud. The agent obtains its desired set of MPs from the gateway.
Gateway
The gateway is another software component that you install and acts as a proxy between the agents and Atlanta and is responsible for communication with the Atlanta service from your monitored servers. It aggregates data collected from one or more agents, uploads the collected data packages to Atlanta, and downloads the desired configuration and required MPs from the cloud for each of its agents and makes it available for those agents to consume.
Screenshot of the MPs on the Gateway server
If you open the Atlanta SQL 2008 Discovery MP with the OpsMgr SQL 2008 Discovery MP you see that the are completely the same. (left Atlanta and right OpsMgr)
Co-existence with Operations Manager 2007 R2
Atlanta uses the System Center Health Service to collect and analyze data. The version that is used by Atlanta is the same as the System Center Operations Manager 2007 R2 agent. Because of this, when you view the programs installed on your server, you will see System Center Operations Manager 2007 R2 agent software, particularly in Add/Remove Programs. Do not remove these as Atlanta is dependent on them. If you remove the Operations Manager agent software, Atlanta will no longer function.
When you install an Atlanta agent on a computer that has a System Center Operations Manager 2007 R2 agent installed, the Health Service will be configured to run in multi-homing mode so that existing Operations Manager management groups are not impacted. For more information on multi-homing configurations, see Configure an Agent to Report to Multiple Management Groups, available in the System Ceenter Operations Manager 2007 R2 library, at http://go.microsoft.com/fwlink/?LinkID=204945.
When you uninstall Atlanta, be sure to use the Uninstall.exe program located in the directory where you installed Atlanta (and not Add/Remove Programs). The uninstall program will uninstall Atlanta and update the System Center Operations Manager agent to remove Atlanta-specific configurations while ensuring that the Operations Manager agent continues to work. On computers with only Atlanta installed (and no Operations Manager), the agent is completely uninstalled.
Atlanta is only supported with the System Center Operations Manager 2007 R2 agent and not with previous versions of System Center Operations Manager.
Screenshots of installation of Agent and Gateway on the same server.
First you need create an Account for Atlanta.
Follow the next steps to deploy the Atlanta Agent and Gateway
Run AtlantaSetup.exe
Choose installation option. (I choose to install the agent and gateway on the same server)
Browse to downloaded Registration certificate.
Open de Altanta Dashboard and check if your server is added.
Help on Atlanta: http://onlinehelp.microsoft.com/en-us/atlanta/default.aspx
So why should you use MPViewer if you have all the features and more in Silect MP Studio Lite? You can easily install and use the MPViewer, it’s only one executable ;-) For some of the missing features you can use other tools (like the Module Explorer and Override Explorer). One thing I’m really missing is the ability (from both) to export the MP to Excel. Export to Excel is available in latest version.
This should not be that difficult I would think if you use some PowerShell commands. Here an example to export the monitors for the Windows Server 2003 ManagementPack.
Did you know you can easily create your own Windows Phone Push Notifications using the Notify My Windows Phone app?
NMWP is a platform that helps you push information to virtually any Windows Phone 7 (and 8) device you own.
What do you need to get started?
First we need to install the The NMWP app from the Microsoft Store on our Windows Phone. Open the Windows Store app on your Windows Phone and install the app.
Next we need to Sign up at http://www.nmwp7.com/user/register and create a username and password.
After registering you need to enter your username and password at the Notify my Windows Phone app on your Windows Phone.
And at last we need to request an API key on the http://www.nmwp7.com/user/apikeys website.
After requesting the API key you can test the key using the Send testmessage button.
Hopefully now everything is working as expected.
Testing Notify My Windows Phone from PowerShell
If you look at the API help it’s pretty simple to call the API. With PowerShell v3 you can use the Invoke-WebRequest cmdlet to call the Web API.
A simple PowerShell script to call the Web API can look something like this:
#Requires -Version 3 ####################################################################################################################### # Using the Notify my Windows Phone API using PowerShell # Author: Stefan Stranger # Disclamer: This program source code is provided "AS IS" without warranty representation or condition of any kind # either express or implied, including but not limited to conditions or other terms of merchantability and/or # fitness for a particular purpose. The user assumes the entire risk as to the accuracy and the use of this # program code. # Date: 01-05-2012 # Name: NotifyMyWindowPhone.ps1 # v0.01 - 01-05-2012 - Stefan Stranger - sstranger's initial release ######################################################################################################################## # Enter your own API Key from http://www.nmwp7.com/user/apikeys $apikey = "[enter here your api key]" # Enter the name of the application the notification originates from. $application = "WindowsPowerShell" # Enter The event that occured. Depending on your application, this might be a summary, subject or a brief explanation. $event = "Push Message sent from PowerShell" # The full body of the notification. $description = "This message was sent as a test" # An optional value representing the priority of the notification. $priority = "-2" # Specifies the responsetype you want. You can currently choose between JSON or XML (default) $type = "json" $uri = "http://notifymywindowsphone.com/publicapi/notify?event=$event&priority=$priority&application=$application&description=$description&apikey=$apikey&type=$type" Invoke-WebRequest -Uri $uri
If you run above PowerShell script you will see the following result returned in your console.
Now you would see the push notification on your Windows Phone.
In my next blog post I’ll explain how you can use above to create Windows Phone Push Notifications for your OpsMgr Alerts using the Notification Command Channel.
Some days ago I read a blog post from Bjorn Houben called SCOM2012 – Quick test lab setup OpsMgr 2012 SP1 Beta using prepared VHD.
In that blog post he described how he had used the pre-configured System Center 2012 SP1 Beta downloadable evaluation VHDs to quickly install a test lab setup for OpsMgr 2012 SP1 beta.
And that’s exactly what I needed to do too, but I wanted to take it one step further also using the Windows Server 2012 Evaluation VHD for the needed Domain Controller in my test lab setup. And to top it off, use PowerShell as much as possible.
On the 24th of December I posted a tweet with a picture showing the installation of the Domain Controller using some PowerShell scripts to automate the installation.
And since I’ve been getting requests to publish the PowerShell script I used to install the roles needed on the Domain Controller for the OpsMgr 2012 SP1 Beta test lab environment. And because Mats Wigle told me that “Sharing is caring”, I decided to share my experiences setting up a test lab environment with PowerShell and the steps outlined by Bjorn Houben. He should get most credits for this article, because he got me inspired.
Pre-requisites:
* I used a PowerShell script to create these Hyper-V switches, but this is an internal script we use for our workshops, so I cannot share this script.
Now we have the Virtual Machines ready, we can start with the installation. First we need to start with the Domain Controller (OM2012SP1DC)
Installation of Domain Controller
For the Domain Controller we need to configure the following:
After starting the Virtual Machine you need to go through the walk-through of the setup.
Enter Password for Administrator Account
Remark: If you want to convert the Eval version to a full version with a Product Key of your own, you need to run the DISM tool before installing the Domain Controller Role. Make sure you are connected to the internet!
DISM /online /Set-Edition:ServerDatacenter /ProductKey:[enter your key here] /AcceptEula
You can also continue to use the EVAL version till it expires if you want to.
To run a PowerShell script with the steps described below you need to configure the Execution Policy on the future Domain Controller.
Run the following PowerShell command from an elevated PowerShell console:
Set-ExecutionPolicy ByPass
In the following PowerShell script we are going to configure the following:
Pro-Tip: Store below script in an ISO so you can easily use the script from within your Virtual Machine.
#Configure a static IP address.$IPAddress="192.168.1.101"$SubnetMask="255.255.255.0"$DefaultGateway="192.168.1.1"$DNSServers="192.168.1.101"#enter here a DNS server which can resolve (exteral) addresses Get-WmiObject Win32_NetworkAdapterConfiguration -Filter"IPEnabled=TRUE"|ForEach-Object { $_.EnableStatic($IPAddress,$SubnetMask) $_.SetGateways($DefaultGateway) $_.SetDNSServerSearchOrder($DNSServers) } #Rename Computername$NewComputerName="OM2012SP1DC"$ComputerInfo= Get-WmiObject -Class Win32_ComputerSystem $ComputerInfo.rename($NewComputerName) #Reboot ComputerRestart-Computer -Force #Configure AD DS / domain controller role.Install-WindowsFeature AD-Domain-Services -IncludeManagementTools $Password= ConvertTo-SecureString "P@ssw0rd"-AsPlainText -Force #Enter the same password you used during the initial install of the server.Install-ADDSForest -DomainName "corp.contoso.com"-SafeModeAdministratorPassword $Password-Force #Install DHCP RoleInstall-WindowsFeature DHCP -IncludeManagementTools #Create ScopeAdd-DhcpServerv4Scope -ComputerName OM2012SP1DC -Name OM2012SP1Scope ` -StartRange 192.168.1.105-EndRange 192.168.1.110 ` -Description "Scope for OM2012SP1"-Type DHCP ` -State Active -SubnetMask 255.255.255.0 ` -LeaseDuration (New-TimeSpan -Days 1) #Set DNS Server Scope optionSet-DhcpServerv4OptionValue -OptionId 6-Value 192.168.1.101#Restart ComputerRestart-Computer -force #Authorize DHCP ServerAdd-DhcpServerInDC -DnsName OM2012SP1DC.CORP.CONTOSO.COM
We now have a Domain Controller ready for the test lab OM2012SP1 Beta Evalution VHD Virtual Machine.
Installation of the OM2012 SP1 Beta Management Server
Start the OM2012SP1 Beta Evalution VHD Virtual Machine from within Hyper-V and continue with the installation of OM2012 SP1 Beta Management Server.
When you connect with the OM2012SP1 Beta Evalution VHD Virtual Machine you need to use the Wizard to configure the Management Server.
After configuring the correct settings and clicking OK, you need to go get a cup of coffee, because the rest of the installation will take about 90 minutes to finish (on my Windows 8 Hyper-V machine).
You will see the following screens during the setup.
When finished you have your test lab OM2012 SP1 beta ready for testing. Now you only have to wait for the Public SP1 availability and upgrade to the latest version
And remember “Sharing is caring!”
Today I installed Audit Collection Services (ACS) in my demo environment and after installing the ACS Collector and ACS Forwarder I wanted to start the AdtAdmin.exe tool. But where is AdtAdmin.exe installed?
And how do I run it next time from any location I’m in my (PowerShell) Command prompt?
AdtAdmin.exe is installed in: C:\Windows\System32\Security\AdtServer folder.
Now I knew the path I just added the path the path environment variable using Powershell.
$env:path = $env:path + ";C:\Windows\System32\Security\AdtServer"
Have fun Auditing your security events!
But would not it be cool to have a PowerShell wrapper around AdtAdmin.exe? Anybody?
Last week I was asked to help a customer with the configuration of an OpsMgr 2007 R2 connector. Because I had not much hands on experience with the installation and configuration of the OpsMgr 2007 R2 Connectors I installed an configured the Universal Connector in my own test/demo environment.
And because I learned some new things during this exercise I thought it would be a good idea to share some of my experiences. Warning, this turned out to be become a long blogpost. Stop reading here if you can only read short (twitter) messages
Downloads:
I started downloading the free connectors from Microsoft Downloads. This release of the Operations Manager 2007 R2 Connectors includes the following Connectors:
Documentation:
If you extract the downloaded SCInterop_R2_RTM.zip file there is a Docs folder with 4 files of documentation you should be READING before installing the Connectors.
Tools:
I used the following tools to install and configure the Universal Provider on my SLES10 system:
You should start reading the Release Notes (OM2007_ConnectorsRn.htm) thoroughly before you install or upgrade any Operations Manager 2007 R2 Connectors. The next step is reading the Operations Manager 2007 R2 Connectors Deployment Guide (OM2007_Connectors.doc). Here you can check the System Requirements. In my test/demo environment I’ve installed the Connector Service and Configuration UI on a Windows Server 2008 R2 system without any issues. But be aware this is not supported (yet).
Other documentation I used to get ready for the installation is this blogpost from our famous Kevin Holman Installing the OpsMgr R2 Universal Connector.
Operations Manager 2007 Connectors Architecture:
High-Level Installation Steps:
For the detailed installation steps see the Operations Manager 2007 R2 Connectors Deployment Guide but I’ll show some tips and tricks I used to get the Universal Connector installed and configured.
Tips & Tricks:
Step 1. Check Pre-requisites on both systems.
How do you check if WSMan is installed on a Windows system?
You can check if WSMan is installed using the next command from the command prompt:
winrm identify
So on my Windows 2008 R2 RMS (where I’ll be installing the Universal Connector Service and UI) WSMan is running.
How can check if WSMan is running on the remote SLES10 machine?
Keep in mind that during the install of the SCX agent (Interop core) first the wsman components (Open Pegasus) will be installed and later the Univeral provider will be installed on top of the SCX agent.
So it would be “normal” not having wsman installed on the remote SLES10 machine. But in case you want to check anyway. You could check for the cimserver process on the SLES10 machine using the next command in Putty:
ps –eaf | grep cimserver
The winrm also has a remote parameter. winrm id –remote:nameofremoteserver.com
Let’s try to run this from the RMS server.
It seems we don’t have the correct permissions to do this. Let’s try to use the winrm’s INVOKE verb. More info on the use of the INVOKE verb can be found at Daniele Muscetta’s blogpost about winrm and invoke.
Run the following command from a Windows machine:
winrm invoke ExecuteCommand http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx @{command="ps -eaf";timeout="60"} -username:root -password:Password -auth:basic -r:https://suse10:1270/wsman -skipCACheck -encoding:UTF-8
There we have it, all running processes on the SLES10 machine using WSMan. Keep in mind this test was run AFTER I had installed the Interop core which also installs Open Pegasus.
Do I need to install the 32-bit version of the Microsoft Visual C++ 2008 Redistributable Package (x86) on a 64-bit Windows 2008 R2 server?
Yes you need to install the x86 version on a 64-bit OS.
Step 2. Install Universal Provider on SUSE10 server (always first start with the Provider)
How do I copy the Universal Provider files to my SLES10 server?
Use WinSCP to connect from your Windows server, where you have the installation files for the connectors to the SLES10 server. Copy the correct OS version files (in my case I copied the files from the Linux_SUSE_10.0_x86_32 folder) to a location (/tmp) on the remote SLES10 server.
How do I install the Universal Provider on my SLES10 server?
Use Putty to make a connection to the remote SLES10 machine. Logon with an account which has enough privileges to install the software (I used the root account for the installation of the Universal Provider).
The first part of the installation is the installation of the the SCX agent first (Interop core) the wsman components (Open Pegasus)
run the following command in your Putty session: rpm –i /tmp/Linux_SUSE_10.0_x86_32/scx-1.0.4-248.sles.10.x86.rpm
The second part of the installation is the installation of the Universal Provider.
Run the next command in your Putty session: Rpm -i MSFTscinteropUnv-6.17000-58.suse.10.x86.rpm
You can check the result of the installation in the /tmp/scinterop_install.out file using cat or WinSCP if you want.
Step 3. Install Universal Connector Service and Configuration on Windows Server 2008 R2 Server
Install the Universal Connector and UI using an elevated command prompt.
Which Features do I need to select during the installation of the Universal Connector and UI?
Select Entire feature will be installed on local harddrive.
Remark: You can change the location where the Universal Connector Service is installed if you want.
Which account be used for the Connector Service?
After the installation of the Universal Connector Service a new database SCInterop is created.
One step in the configuration is granting the Connector Service Account (SDK account) enough permissions for the SCInterop database. The SDK Config account need db_owner permissions.
Now it’s time to configure the Universal Connector.
Which User name do I use for the WS-Man server credentials?
Enter the next settings:
Instead of using the root account on the SLES10 server where I installed the Universal Provider I created a scxuser account.
The scxuser is member of the following groups on the SLES10 server:
The next step in the Configuration is testing the connection.
The first time I tested the connection I got an error message.
Before clicking on Yes to continue the configuration I opened a command prompt to test the connection using the scxuser account.
Run the following command from the command prompt: winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx -username:scxuser -password:Password -r:https://suse10:1270/wsman -auth:basic -skipCACheck -encoding:UTF-8
There seems something wrong with the SSL certificate.
The Connector requires the use of certificates to validate the authenticity of the server on which the Interop Provider is running. The Connector does not work until the certificate has been transferred and correctly imported to the server on which Connector is running (Windows 2008 R2 RMS Server) from the server on which the Interop Provider (SLES10 Server) is running. During the Interop Provider installation, a self-signed certificate is generated and stored in the Interop Provider installation directory. The Connector Certificate Retrieval and Installation wizard retrieves the certificate and automatically installs it on the server on which the Connector is running. Installing the Connector certificate at installation is optional. However, the Connector certificate must be installed on the server on which the Connector is running before the Connector service is started. If you do not install the Interop Provider certificate, the Connector cannot communicate with the server on which the Interop Provider is running.
Fixed it by following the next steps:
1. Copied the scx-host-suse10.pem file to the RMS server
2. Runned scxcertconfig -sign scx-host-suse10.pem scx_new.pem on RMS
3. Copied the scx_new.pem file to the SUSE10 box (Provider) and renamed it to scx-host-suse10.pem
4. Restarted scxadmin –restart (on the SLES10 server)
5. Tested WSMan connection to provider from RMS.
In the Universal Connector folder there is a tool called scicert.exe which can be used to test the connection.
Run the following command from the command prompt:
scicert suse10 scxuser Password "OpsMgr Universal Connector" test
Seems to be working ok, right now
You can also use the winrm enumerate command if you want to:
winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx -username:scxuser -password:Password -r:https://suse10:1270/wsman -auth:basic -skipCACheck -encoding:UTF-8
We now have the Universal Connector installed and configured, now we need to test if OpsMgr Alerts will be forwarded from OpsMgr to the Universal Provider on the SLES10 server.
High-Level Steps to test the Universal Connector.
Step 1. Add a new subscription for alerts that you want to send to the connector.
Go to Administration Pane and select Internal Connectors folder. Select the OpsMgr Universal Connector.
Double click on the OpsMgr Universal Connector. In the properties of the OpsMgr Universal Connector enter a Subscription Name and optionally a Description.
Click Next and configure the Groups criteria
Click Next and configure the Targets.
Click Next and configure the Alert Criteria
And in the last screen click OK to save your Subscription.
Step 2. Create a Test Event Rule.
Just follow the normal steps to create an Event Alert Rule which get’s triggered by eventid 999.
Every time an event 999 is created an Alert is generated.
Just use the EventCreate.exe tool to create an Event 999 from the command prompt:
eventcreate.exe /T ERROR /ID 999 /L APPLICATION /D "Testing Universal Connector"
Before we look at what happens on the Remote Universal Provider we need to have some background info on the New Alert Data workflow.
New Alert Data Flow in the Universal Connector:
Step 1 and 2. The Operations Manager alert is forwarded to remote system in either XML or Key=Value Pair(evt) file format and The universal provider on the remote system creates a file (xml or property file) in a specified directory
We can check if the OpsMgr Alert is forwarded to the remote Universal Provider, which I configured to be in XML format, by opening WinSCP and look in the following folder: /opt/microsoft/scx/UnvEvents/FromOpsMgr
Let’s create a new Alert by creating a new 999 EventID and check if there will created an XML file in the /opt/microsoft/scx/UnvEvents/FromOpsMgr folder
Now look at the remote folder and check if we see the xml file on the Universal Provider.
Let’s check the contents of the xml file.
<?xml version="1.0" encoding="utf-8"?> <UNVEvent> <AlertId>c16964d1-b01d-4e44-99c9-d892d28fe680</AlertId> <ComputerDomain>DEMO</ComputerDomain> <ComputerName>OPSMGRR2RMS</ComputerName> <Description>Event Description: Testing Universal Connector</Description> <EventType>0</EventType> <ManagementGroupName>DEMOMG</ManagementGroupName> <ManagementPack>Stefan.Test.Universal.Connector</ManagementPack> <ManagementServer>opsmgrr2rms</ManagementServer> <ModifiedBy>DEMO\OM_Admin</ModifiedBy> <MonitoringClassName>Microsoft.Windows.Computer</MonitoringClassName> <MonitoringObjectHealthState>Success</MonitoringObjectHealthState> <MonitoringObjectInMaintenanceMode>False</MonitoringObjectInMaintenanceMode> <MonitoringObjectName>OPSMGRR2RMS.DEMO.STRANGER</MonitoringObjectName> <Name>Stefan - Test Universal Connector Event Rule</Name> <Priority>Normal</Priority> <ProblemId>afcc789a-d227-37a2-79ff-70c6cf469eba</ProblemId> <RepeatCount>0</RepeatCount> <ResolutionState>255</ResolutionState> <RuleName>MomUIGeneratedRule75cfefecc3264771af35f117e44a64ff</RuleName> <RuleTarget>Microsoft.Windows.Computer</RuleTarget> <Severity>2</Severity> <TimeOfLastEvent>2011-08-15T16:48:43.557Z</TimeOfLastEvent> <WebConsoleUrl>http://OPSMGRR2RMS:51908/default.aspx?DisplayMode=Pivot&AlertID=c16964d1-b01d-4e44-99c9-d892d28fe680</WebConsoleUrl> </UNVEvent>
Let’s also check if something has changed on the OpsMgr side.
We don’t see a new Ticked ID or Owner change. The only indication we see is that the History has some info.
Step 3. The custom integration logic picks up file from specified directory and inserts data into the remote system application.
Now the Universal EMS should pick up the xml file from the /opt/microsoft/scx/UnvEvents/FromOpsMgr and change this data in the EMS (Enterprise Management System). We can do the same manually if we want to test this.
1. Create a new directory called "<Provider Install Directory>\UnvEvents\<MgmtGrpName>\ using WinSCP on the SLES10 server.
2. Create a directory called "<Provider Install Directory>\UnvEvents\<MgmtGrpName>\EMS". This directory will contain a evt/xml file with all the necessary information about the alert that is in sync with the connector. If you close the alert in OpsMgr this file will be deleted, acknowledging that the alert was closed.
3. You can manipulate the evt/xml file in the EMS directory then drop it into the "<Provider Install Directory>\UnvEvents\<MgmtGrpName>" directory to send updates back to the OpsMgr alert.
To send an update back to OpsMgr the EventType variable must always be set to 1 (e.g.; EventType=1 or <EventType>1</EventType>).
Fields that can be update on the OpsMgr alert from the EMS side:
Let's update the Alert:
Copy file c16964d1-b01d-4e44-99c9-d892d28fe680.1.xml from /opt/microsoft/scx/UnvEvents/FromOpsMgr to /opt/microsoft/scx/UnvEvents/DEMOMG/EMS folder
cp /opt/microsoft/scx/UnvEvents/FromOpsMgr/c16964d1-b01d-4e44-99c9-d892d28fe680.1.xml /opt/microsoft/scx/UnvEvents/DEMOMG/EMS
Edit c16964d1-b01d-4e44-99c9-d892d28fe680.1.xml
<?xml version="1.0" encoding="utf-8"?> <UNVEvent> <AlertId>c16964d1-b01d-4e44-99c9-d892d28fe680</AlertId> <ComputerDomain>DEMO</ComputerDomain> <ComputerName>OPSMGRR2RMS</ComputerName> <Description>Event Description: Testing Universal Connector</Description> <EventType>0</EventType> <ManagementGroupName>DEMOMG</ManagementGroupName> <ManagementPack>Stefan.Test.Universal.Connector</ManagementPack> <ManagementServer>opsmgrr2rms</ManagementServer> <ModifiedBy>DEMO\OM_Admin</ModifiedBy> <MonitoringClassName>Microsoft.Windows.Computer</MonitoringClassName> <MonitoringObjectHealthState>Success</MonitoringObjectHealthState> <MonitoringObjectInMaintenanceMode>False</MonitoringObjectInMaintenanceMode> <MonitoringObjectName>OPSMGRR2RMS.DEMO.STRANGER</MonitoringObjectName> <Name>Stefan - Test Universal Connector Event Rule</Name> <Priority>Normal</Priority> <ProblemId>afcc789a-d227-37a2-79ff-70c6cf469eba</ProblemId> <RepeatCount>0</RepeatCount> <ResolutionState>0</ResolutionState> <RuleName>MomUIGeneratedRule75cfefecc3264771af35f117e44a64ff</RuleName> <RuleTarget>Microsoft.Windows.Computer</RuleTarget> <Severity>2</Severity> <TimeOfLastEvent>2011-08-15T16:48:43.557Z</TimeOfLastEvent> <WebConsoleUrl>http://OPSMGRR2RMS:51908/default.aspx?DisplayMode=Pivot&AlertID=c16964d1-b01d-4e44-99c9-d892d28fe680</WebConsoleUrl> </UNVEvent>
<?xml version="1.0" encoding="utf-8"?> <UNVEvent> <AlertId>c16964d1-b01d-4e44-99c9-d892d28fe680</AlertId> <ComputerDomain>DEMO</ComputerDomain> <ComputerName>OPSMGRR2RMS</ComputerName> <Description>Event Description: Testing Universal Connector</Description> <EventType>1</EventType> <ManagementGroupName>DEMOMG</ManagementGroupName> <ManagementPack>Stefan.Test.Universal.Connector</ManagementPack> <ManagementServer>opsmgrr2rms</ManagementServer> <ModifiedBy>DEMO\OM_Admin</ModifiedBy> <MonitoringClassName>Microsoft.Windows.Computer</MonitoringClassName> <MonitoringObjectHealthState>Success</MonitoringObjectHealthState> <MonitoringObjectInMaintenanceMode>False</MonitoringObjectInMaintenanceMode> <MonitoringObjectName>OPSMGRR2RMS.DEMO.STRANGER</MonitoringObjectName> <Name>Stefan - Test Universal Connector Event Rule</Name> <Priority>Normal</Priority> <ProblemId>afcc789a-d227-37a2-79ff-70c6cf469eba</ProblemId> <RepeatCount>0</RepeatCount> <ResolutionState>255</ResolutionState> <RuleName>MomUIGeneratedRule75cfefecc3264771af35f117e44a64ff</RuleName> <RuleTarget>Microsoft.Windows.Computer</RuleTarget> <Severity>2</Severity> <TimeOfLastEvent>2011-08-16T10:44:19.830Z</TimeOfLastEvent> <WebConsoleUrl>http://OPSMGRR2RMS:51908/default.aspx?DisplayMode=Pivot&AlertID=1fbc6201-773f-4680-a120-e6e7e684cd8e</WebConsoleUrl> <OwnerName>EMS</OwnerName> <CustomField1>Manual Test of EMS</CustomField1> </UNVEvent>
Drop it into the "/opt/microsoft/scx/UnvEvents/DEMOMG
cp /opt/microsoft/scx/UnvEvents/DEMOMG/EMS/c16964d1-b01d-4e44-99c9-d892d28fe680.1.xml /opt/microsoft/scx/UnvEvents/DEMOMG
Is gone in seconds
Works ok :-)
I also created a PowerShell script which retrieves the remote xml file so you can check what has been forwarded from the Universal Connector to the Remote Universal Provider. But I need some more time to improve this script.
Here is a first example on how I started. If I’ve more time I’ll create a blogpost on how to create a PowerShell EMS tool.
#use winrm with invoke to retrieve the last xml file from the remote Universal Provider [string]$AlertFromUnvConn = cmd /c 'winrm invoke ExecuteShellCommand http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem?__cimnamespace=root/scx @{command="ls -1t /opt/microsoft/scx/UnvEvents/FromOpsMgr/*.xml | head -1 | xargs cat";timeout="60"} -username:root -password:Password -auth:basic -r:https://suse10:1270/wsman -skipCACheck -encoding:UTF-8' $subject = $AlertFromUnvConn
#Parse the result so we can use this fix the returned XML if ($subject -cmatch '(?si)<UNVEvent\b[^>]*>(.*?)</UNVEvent>') { $result = $matches[0] } else { $result = '' }
#Convert result to genuine xml [xml]$xml = $result
#Show Result $xml.UNVEvent | format-list