Archive for June 2010
15
Active Directory Federation Services 2.0 Management Pack
No comments · Posted by Christopher Keyaert in OpsMgr / Scom
Microsoft has just realease a new management pack for SCOM2007 : Active Directory Federation Services 2.0 Management Pack
Overview
- Events that indicate service outages and operational errors or warnings
- Alerts that indicate configuration issues and background tasks failures or warnings
- Whether auditing is occurring successfully
- Communication between the federation server and the federation server proxy
- Notification of malformed access requests
- Website availability
- The health of the Secure Sockets Layer (SSL) certificate of the federation passive website in Internet Information Services (IIS)
ad · adfs · federation services · mp · Scom
9
Possible memory leak with SCOM agent on Windows 2008 R2
No comments · Posted by admin in OpsMgr / Scom
Kevin holman noticed that WMI on some of their Server 2008R2 monitored agents was consuming a large amount of memory – and continually increasing.
It turns out there is a hotfix for Windows 2008 R2 – which addresses a possible leak when an application queries the Win32_Service class frequently. A monitoring tool would do this – and therefore SCOM can accelerate this leak.
This hotfix addresses this issue :
http://support.microsoft.com/kb/981314
For more information : http://blogs.technet.com/b/kevinholman/archive/2010/06/09/wmi-leaks-memory-on-server-2008-r2-monitored-agents.aspx
2008 · agent · hotfix · memory leak · Scom · sever · windows
8
SCOM : Create a Rule and Monitor from a PowerShell Script
No comments · Posted by Christopher Keyaert in OpsMgr / Scom, PowerShell
In this video, Brian Wren demonstrates how to create a management pack containing a monitor and rule sharing a Windows PowerShell script. The demonstration includes modifying an existing script to be included in a management pack and then creating custom modules and monitor types to run the script and make its collected data available to workflows. Finally, a rule and monitor are created to collect data from the script for reporting and to set the health state of a managed object. The concept of the solution and each step are discussed prior to a detailed walkthrough of their creation and configuration.
http://technet.microsoft.com/en-us/ff723797.aspx
monitor · PowerShell · rules · Scom · state
2
Secondary Management Server install fails if Reporting is already installed when DW action account and RMS action account are the same
No comments · Posted by Christopher Keyaert in OpsMgr / Scom
Issue:
If you try to install a secondary Management Server (MS) in a scenario with Root Management Server(RMS) and Reporting installed with Data Warehouse(DW) action account and Root Management Server action account (default action account) is the same, the secondary Management Server setup rolls back with an error (value 3) in the setup log:
Associate this account to ‘DW Configuration and Synchronization Reader Account’ profile (in SP1 this is called as ‘Reserved’, there would be three Reserved profiles in SP1, this one is third in the list). Re-run Management Server setup.
Note that this workaround is only applicable to SP1 release, if you’ve SCOM R2, you have to contact Microsoft Support.
A KB already exists for that issue : http://support.microsoft.com/kb/957566/en-us
Edit : The script provided by Microsoft (No Warranty, please do a backup before apply it)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | ###################################################### # This script is provided "AS IS" with no warranties, # and confers no rights. Use of included script # samples are subject to the terms specified at # http://www.microsoft.com/info/cpyright.htm # # Nathan Davenport Dec2009 ##################################################### ############### PROCESS CMD LINE ARGS ############### # Usage: # PS> CreateHealthServiceReferences.ps1 "dw action account" # ##################################################### $usage = "PS> CreateHealthServiceReferences.ps1 <dw action account>" $accountname = "" if([String]::IsNullOrEmpty($args[0])) { write-output "" write-output "Error: DW Action Account Not Specified." write-output "Usage: $($usage)" write-output "" exit } else { $accountname = $args[0] } #################### LOAD DLLS ##################### $SCOMRootDir = $env:ProgramFiles + "\System Center Operations Manager 2007" [System.Reflection.Assembly]::LoadFile("$SCOMRootDir\SDK Binaries\Microsoft.EnterpriseManagement.OperationsManager.dll") ############### DW RUNAS PROFILES GUIDS ############## # GUIDS SIGNED # DW Action Account # 5D09EF12-F56A-002E-3A80-A6602F86DD21 # DW Configuration and Synchronization Reader Account # 7E81C844-04F6-94D1-D6A2-4EA0B726F175 # DW Reporting Deployment Action Account # DB7B5DC1-3016-7043-9F63-48A3E89B2764 # # GUIDS DEBUG # DW Action Account # B032E10C-614B-7723-C785-EA51C2456524 # DW Configuration and Synchronization Reader Account # 696F1382-F1F9-B7AC-87F4-B7604EE38C9F # DW Reporting Deployment Action Account # F483770B-F112-44C6-EF30-0B012B623ECF ##################################################### ############# GET THE MANAGEMENT GROUP ############# $mg = new-object Microsoft.EnterpriseManagement.ManagementGroup("localhost") ################ GET RUNAS PROFILES ################ # DW Action Account RunAs Profile GUID $DWActionAccountProfile = "5D09EF12-F56A-002E-3A80-A6602F86DD21" # DW Configuration and Synchronization Reader Account $DWReaderAccountProfile = "7E81C844-04F6-94D1-D6A2-4EA0B726F175" # DW Reporting Deployment Action Account $DWRepDeployProfile = "DB7B5DC1-3016-7043-9F63-48A3E89B2764" # Get RunAs Profile write-output "Getting DW RunAs Profiles..." $profile1 = $mg.GetMonitoringSecureReference($DWActionAccountProfile) write-output $profile1.Name $profile2 = $mg.GetMonitoringSecureReference($DWReaderAccountProfile) write-output $profile2.Name $profile3 = $mg.GetMonitoringSecureReference($DWRepDeployProfile) write-output $profile3.Name write-output "" ################ GET RUNAS ACCOUNTS ################ $accounts = $mg.GetMonitoringSecureData() $account = "" write-output "Getting the specified DW RunAs Account..." foreach($acct in $accounts) { if($acct.Name.ToLowerInvariant().Equals($accountname.ToLowerInvariant())) { $account = $acct } } if([String]::IsNullOrEmpty($account)) { write-output "" write-output "Error: RunAs Account '$($accountname)' not found" exit } else { write-output $account.Name write-output "" } ############# GET RMS HEALTHSERVICE ID ############# write-output "Getting RMS and Hosted Health Service..." $admin = $mg.GetAdministration() $hostname = $env:computername + "." + $env:userdnsdomain $criteria = new-object Microsoft.EnterpriseManagement.Administration.ManagementServerCriteria("Name = '" + $hostname + "'") $ms = $admin.GetManagementServers($criteria) $healthservice = $ms[0].HostedHealthService write-output "RMS is hosting health service '$($healthservice.Id)'" write-output "" ##### CREATE SECUREDATAHEALTHSERVICEREFERENCES ##### # Create a new SecureDataHealthServiceReference write-output "Creating MonitoringSecureDataHealthServiceReferences..." $newref1 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile1.Id, $healthservice.Id) write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile1.Name)'" write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created." write-output "" $newref2 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile2.Id, $healthservice.Id) write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile2.Name)'" write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created." write-output "" $newref3 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile3.Id, $healthservice.Id) write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile3.Name)'" write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created." write-output "" ### INSERT NEW SECUREDATAHEALTHSERVICEREFERENCES ### write-output "Inserting MonitoringSecureDataHealthServiceReferences..." $mg.InsertMonitoringSecureDataHealthServiceReference($newref1) $mg.InsertMonitoringSecureDataHealthServiceReference($newref2) $mg.InsertMonitoringSecureDataHealthServiceReference($newref3) trap [Microsoft.EnterpriseManagement.Common.UnknownDatabaseException] { write-debug "Microsoft.EnterpriseManagement.Common.UnknownDatabaseException: MonitoringSecureDataHealthServiceReferences may already exist." # write-error $($_.Exception.GetType().Name); # write-error $($_.Exception.Message); continue; } |
deployment · hotfix · kb · management server · microsoft · ms · rms · run as acocount · Scom · support