Unified physical and virtual IT management for midsized businesses
The monitoring capability within Essentials comes from Management Packs, and the majority Management Packs that work with Operations Manager also work with Essentials. This is great, because it means there is a wealth of deep monitoring that is available for Essentials.
During the Beta and RC period we’ve had lots of great feedback (please keep it coming), and some of this feedback has focused on the monitoring capabilities provided by Management Packs. This post covers the common feedback, and configuration changes to improve the monitoring experience for the following management packs:
There is an issue with the Windows 7 Client OS MP that will generate errors after the initial import of the management pack. You are likely to see 4 alerts that are very similar. You can dismiss the alerts and they should not reappear. The 4 alerts you are likely to see will all start with:
OleDb Module encountered a failure 0x80040e37 during execution and will post it as output data item. : Invalid object name
and then have one of the following:
These issues may be fixed in a future release of the Windows 7 Client Operating System Management Pack. When an updated version of a management pack is available you will see a yellow notification bar at the top of the Computers workspace in the Essentials console.
By default, if you attempt to view CPU Performance, Processor Queue Length or Memory in the Computers workspace for computers running XP, Vista or Windows 7 the graphs will be empty.
To show information for Client Computers you will need to enable the following rules for each OS:
To enable collection of these performance counters:
More information is in the Management Pack Guide.
By default, the Microsoft Exchange 2007 Management Pack will not automatically discover any Exchange 2007 Server roles, and no monitoring is distributed to Exchange 2007 servers.
Initially, the only discovery that runs automatically is called the Exchange 2007 Discovery Helper Discovery. It is a lightweight registry discovery that runs on all Windows servers. Its only purpose is to discover Exchange 2007 servers in your environment without actually starting monitoring.
To verify that Discovery Helper has discovered your Exchange 2007 servers
If no Exchange 2007 servers are discovered, you might want to make the discovery run more frequently than the default. You can change the frequency of the Exchange 2007 Discovery Helper Discovery in Object Discoveries located under Authoring in the Operations console.
To enable Exchange 2007 Server Role Discovery
Exchange 2007 CCR Clustered Mailbox Server Role Discovery
Discovers CCR and SCC clustered Mailbox servers
Exchange 2007 CCR Node Role Discovery
Discovers CCR node servers in a CCR cluster (the physical nodes)
Exchange 2007 Standalone CCR Node Discovery
Discovers standalone CCR node roles (nodes that are participating in log shipping but are not part of an active Mailbox server) and standalone mailbox roles
Exchange 2007 CAS Role Discovery
Discovers Client Access server roles
Exchange 2007 Hub Transport Role Discovery
Discovers Hub Transport server roles
Exchange 2007 Edge Role Discovery
Discovers Edge Transport server roles
Exchange 2007 UM Role Discovery
Discovers Unified Messaging (UM) roles
For example, to enable discovery of all Hub Transport servers, right-click the Exchange 2007 Hub Transport Role Discovery and select Overrides\Enable the Object Discovery\for all objects of type Exchange 2007 Discovery Helper. If you want, you can choose to discover servers using a group (containing Exchange 2007 Discovery Helper instances) or a single instance of Exchange 2007 Discovery Helper. It is also possible to use a group containing the computer objects of the Exchange servers.
More information is in the Management Pack Guide and also on the Operations Manager blog.
Importing the Exchange 2010 Management Pack on the Release Candidate of Essentials 2010 will cause the following alert to be generated:
Critical hotfixes required for reliable operation of the Exchange Server 2010 and other management packs are not installed on this server. Please see the appropriate KB article for more information, and to download the required hotfix.
The hotfixes referred to by this alert are included in the released version of Essentials 2010.
These updates resolve issues affecting state rollup using dependency monitors. These updates allow the Exchange Server 2010 Management Pack to accurately monitor whether Exchange databases are mounted. Without these updates you are also likely to see inaccurate availability reporting.
If desired, you can disable this alert:
This is only a temporary workaround for use with the RC and should be reverted when upgrading to the RTM version of Essentials 2010.
More information is in the Management Pack Guide
A number of workflows in the SQL Server 2008 Management Pack run scripts, which rely on SQL Data Management Objects (SQL-DMO) to query information from the SQL Server. SQL-DMO is now deprecated and is not shipped as a part of SQL Server 2008. Every system with SQL Server 2008 that will be monitored must have SQL-DMO installed from the Microsoft SQL Server 2005 Backward Compatibility Components.
To install SQL-DMO on computers running SQL Server 2008:
These issues may be fixed in a future release of the SQL Server 2008 Management Pack. When an updated version of a management pack is available you will see a yellow notification bar at the top of the Computers workspace in the Essentials console.
If you are using the Express edition of SQL (installed by Essentials) you will see the following errors:
Warning Service Check Data Source Module Failed Execution
Warning Service Check Probe Module Failed Execution
Both errors will mention the following workflow:
Workflow name: Microsoft.SQLServer.2008.DBEngine.FullTextSearchServiceMonitor or
Workflow name: Microsoft.SQLServer.2005.DBEngine.FullTextSearchServiceMonitor
This will happen on any system that has SQL installed without the Full Text Search Engine. You can apply an override on that monitor to disable it for the systems that don't have that service installed.
To disable these monitors, perform the following steps:
Configure System Center Essentials to use BranchCache operating in Distributed Cache mode:
Document Owner: Anshu Agrawal
Why BranchCache Integration? BranchCache is a new feature in both the Windows 7 client operating system and the Windows Server 2008 R2 operating system that significantly improves end user experience at branch locations or remote offices. BranchCache enables peer sharing of applicable content between Branch Cache-Cache enabled computers. System Center Essentials uses BranchCache to provide Essentials managed computers with limited connectivity to a Distribution Point (WAN) to obtain content locally rather than over a slower, less reliable, or more expensive link.
BranchCache seeks to reduce network strain by downloading and locally caching content on the first BranchCache client. Subsequent requests for the same content by its peers will result in the first client sharing its content over the LAN instead of requiring the peer computers to download the content over the WAN. This “peer-transferred” content is also cached for later sharing, and multiple peer computers can transfer content simultaneously, further improving performance.
Enabling BranchCache to your environment
BranchCache is not installed by default on Windows Server 2008 R2. To configure the Essentials management server when it is using the Background Intelligent Transfer Service (BITS) protocol, you must install the BranchCache feature using Server Manager. Use the Add Features Wizard of Server Manager in Windows Server 2008 R2 to enable BranchCache.
Following are the steps:
To install the BranchCache feature
(Note: You can verify the installation from serverManager.log of windows directory or from features summary of Server Manager).
If you see any warning in the Installation Results dialog box, you can see the resolution and try to fix it. Examples of few warning messages:
1. Windows Automatic updating is not enabled. To ensure that your newly-installed role or features are automatically updated, turn on Windows Update in Control Panel.
You can resolve this manually, or Essentials installation will automatically turn on Windows Update.
2. Firewall setting exceptions
You can resolve this by opening firewall.cpl from a command prompt, and change the settings.
How to enable Distributed Cache mode and verify if server and client computers are using BranchCache:
1. To enable BranchCache in Distributed Cache mode (Figure1):
a. Click the Start button.
b. Type command in the Start Search box.
c. Right-click Command Prompt, and then click Run as administrator.
d. At the command prompt, run the following command: netsh branchcache set service mode=DISTRIBUTED
Figure1: Enable BranchCache in Distributed cache mode
2. To verify the Status (Figure2), at the command prompt,
3. type netsh branchcache show status all. The following figure demonstrates a correctly configured Distributed Cache:
Configuring Essentials to use BranchCache:
In addition to enabling BranchCache in your environment, Essentials must be configured to store update files locally, and also Essentials must be configured to use domain-level Group Policy objects (GPOs). On all BranchCache enabled computers, Essentials downloads the applicable contents to peers using cached content for non-Microsoft update packages, catalogs, and Microsoft updates.
The following steps verify that Essentials is correctly configured to use BranchCache:
1. Open Essentials console.
2. Click the Administration navigation button to Administration workspace.
3. In the Administration pane of the Essentials console. click Settings.
4. In the Tasks pane, click Update Files and Languages.
5. Click the Update Files tab.
6. Select the Store update files locally on this server option (Figure3)
7. Select the Download update files to this server only when updates are approved check box (Figure3).
Figure3: Update files and languages to enable BranchCache
Verifying branchCache from Essentials (Figure4):
1. Open the Essentials console
2. Click the Updates navigation button to open the Updates workspace.
3. Right-click an update, and click Update Deployment Status Report.
4. Select the computer where you have enabled Branch Cache.
5. View the detailed status (Figure4).
Figure4: Deployment Status from BranchCache
Calculating BranchCache efficiency with performance counters
Please Refer: http://technet.microsoft.com/en-us/library/dd637782(WS.10).aspx
Some of the information in this article has been taken directly or paraphrased from the following references.
We've heard it from you! You've been using WSUS for years and you have been using different Windows Update settings for your clients and servers. Maybe you want your clients to automatically download and install approved updates, but your servers should only download and notify the administrator. Now you can with System Center Essentials 2010 using the same approach you used with WSUS! Check out this excerpt from the Essentials 2010 Operations Guide.
How to Create Custom Update Settings for Client and Server Computers in Essentials
System Center Essentials 2010 uses Group Policy to configure the Windows Update agent to receive updates from the Essentials management server. These settings apply to all computers managed by Essentials unless you create a new Group Policy object (GPO) to customize the update settings. This section provides information about the default Windows Update agent settings and instructions on creating a GPO to apply to a specific group of computers, such as clients or servers, with customized Windows Update settings.
Default Windows Update Agent Settings in Essentials 2010
The default Windows Update settings used by Essentials are shown in the following table.
Windows Update Setting
Configure automatic updates
Configure automatic updating
4 (auto-download and schedule the install)
Scheduled install day
0 (every day)
Scheduled install time
Specify intranet Microsoft Update Service location
Intranet update server
Intranet statistics server
Allow signed content from intranet Microsoft Update service locations
No auto-restart for scheduled Automatic Updates installations
These settings are included in the SCE Managed Computers <management groupname> group policy object.
To customize Windows Update settings using a Group Policy Object
1. Create an Active Directory Group Policy object (GPO) in the same domain as the computers to which you want to apply customized settings. For more information, see “Create a Group Policy Object” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161344).
2. Change the security filtering of the GPO from Authenticated Users to the SCE Managed Computers <management group name> security group. For more information, see “Assign Security Group Filters to the GPO” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161346).
3. Link the Group Policy object to the organization units (OU) containing the computers to which you want to apply the customized Windows Update Agent settings. For more information, see “Link the GPO to the Domain” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161347).
4. Edit the Windows Update Agent settings in the GPO.
5. After the group policy refresh interval has elapsed (every 90 minutes by default, with a random offset of 0 to 30 minutes) the computers with customized Windows Update Agent settings will be configured.
6. If you want to revert back to the original Windows Update settings configured by Essentials 2010, you can delete the customized GPO you created in step 1.
7. If you uninstall Essentials 2010, be sure to delete any customized GPOs you have created.
Supported Customizations to Windows Update Agent Settings in Essentials 2010
The supported customizations to Windows Update settings used by Essentials 2010 are shown in the following table. For more information, see “Configure Automatic Updates by Using Group Policy” in the Microsoft TechNet Library (http://go.microsoft.com/fwlink/?LinkId=161349).
Supported Customizable Value
Configure Automatic Updates
Configure Automatic Updating
Scheduled Install Day
Scheduled Install Time
Intranet Update Server
Intranet Statistics Server
Enable client-side targeting
Reschedule Automatic Update scheduled installation
Automatic Update detection frequency
Must be less than 24 hours
Allow Automatic Update Immediate Installation
Delay Restart for Scheduled Installations
Re-prompt for Restart with Scheduled Installations
Allow non-Administrators to Receive Update Notifications
Remove Links and Access to Windows Update
Tell us what you think! Please give us feedback in our managed forums on configuring different update settings for managed computer.
As we move from the Release Candidate to the final SCE product, we want to make sure that Microsoft Partners are ready to help our customers with the latest in systems management from Microsoft.
SCE 2010 is one of two System Center products that will be released next quarter, so we are running a “Partner Readiness Week”. Customers, don’t worry – we have readiness activities planned for you as well. Over the week of February 22-26, we will be providing 5 online training sessions to prepare Microsoft Partners to be successful with the next generation of System Center, including:
System Center Essentials (SCE) 2010 offers enterprise-class management to midsized organizations with between 50-500 PCs and up to 50 servers, including physical and virtual machine management.
System Center Data Protection Manager (DPM) 2010 provides continuous data protection for Windows application and file servers, desktops, laptops and Microsoft Virtualization hosts to unified disk-, tape- and cloud-based storage.
We will offer the courses a few times in the upcoming weeks – optimized for different time zones and geographies. Feb 22-26 are being delivered during the European business day.
For access to the 5 courses associated with SCE and DPM – please go to the Microsoft Partner Learning Center and search for keyword SCELMITLLC.
For questions and follow-up, you can also email RAHULJ@microsoft.com
Essentials 2010 uses up to three agents to manage computers:
I'll focus this article on troubleshooting the deployment of the Operations Manager agent using the Computer and Device Management Wizard (aka Discovery Wizard), the most common agent deployment mechansim, explain how the Windows Update agent is configured once the Operations Manager agent has been installed, and close with an explanation of the backup agent deployment mechanism we introduced in Essentials 2010 RC.
Before the Operations Manager agent can be deployed to a computer, it first must be discovered. This is accomplished using a LDAP search against Active Directory. Check out this OpsMgr blog article for a deep dive into the discovery process: http://blogs.technet.com/momteam/archive/2007/12/10/how-does-computer-discovery-work-in-opsmgr-2007.aspx
Essentials also includes scheduled 'Computer Discovery' which performs the LDAP scan on a daily schedule, discovering new un-managed computers, and attempting to deploy the OpsMgr agent to these newly discovered computers.
Once a computer has been discovered, Essentials deploys the agent by copying over the agent installation files and starting the momagentinstaller process.
You can view the agent deployment status in the task window that is displayed from the Discovery Wizard, by looking through the Task Status view in the Monitoring space, or by checking to see if the computer is in the Managed Agents or Pending Actions view in the Administration space.
Agent Deployment Failures
If deployment of the OpsMgr agent has failed, you will see the failure messages in the Task Status window or Pending Actions view. Check ou this great resource from OpsMgr MVP Cameron Fuller which contains many of the agent installation failure reasons and how to resolve them: http://cameronfuller.spaces.live.com/blog/cns!A231E4EB0417CB76!928.entry
Windows Update Agent configuration
Once the Operations Manager agent has been deployed to the computer and has succcessfully contacted the Essentials server, the Windows Update agent is configured to be controlled by the Essentials server. If Essentials has been configured to use domain group policy, this occurs by adding the AD computer account for the computer into the 'SCE Managed Computers <management group>' security group in AD, which grants the computer the 'Apply GPO' privilege to 'SCE Managed Computers <management group>' GPO which includes the configuration settings that will cause the agent to be configured. If Essentials has been configured to use local group policy, a runtime task will use the SCECertPolicyConfigUtil.exe (installed with the OpsMgr agent installation files) to configure the local GPO on the managed computers, again applying settings that will configure the Windows Update agent.
Backup Agent Deployment
New in Essentials 2010 RC is a backup agent deployment process that kicks in if Essentials is configured to use domain group policy and OpsMgr agent deployment has failed. The process uses both Group Policy and the ability of Essentials to distribute software to install the Operations Manager agent after first configuring the Windows Update agent on the computer for which agent deployment has failed. This process happens in the background; you'll know that its working when a few hours have passed after agents failed to deploy and they have 'automagically' been installed on the same computers.
We hope that you experience a trouble-free agent deployment experience in Essentials 2010 and start to get a ton of manageability from it very shortly after installation!