System Center Advisor (formerly Microsoft codename “Atlanta”) is a cloud service that enables IT professionals to assess their server configuration and proactively avoid problems. With System Center Advisor, support staff is able to resolve issues faster by accessing current and historical configuration data, all with the security features that meet their needs. Additionally, System Center Advisor helps reduce downtime by providing suggestions for improvement, and notifying customers of key updates specific to their configuration.

The basic idea is to have your servers monitored in a Microsoft Cloud, with a web interface for the management part. Technically, you will need to have a gateway server in your enterprise (A gateway is just a server which has an internet access and all your monitored servers will contact to that gateway for updating informations to the cloud and not directly to internet).

Attention, currently System Center Advisor only supports the monitor of Windows Server 2008, Sql Server 2008 and some AD part.

System Requirements

The System Center Advisor agent and gateway require either 32-bit or 64-bit versions of:
Windows Server 2008 or later

The System Center Advisor agent analyzes both 32-bit and 64-bit versions of:

Microsoft SQL Server 2008 or later
Windows Server 2008 or later

To access the System Center Advisor web portal you will need a browser that supports Silverlight 4.0, such as Internet Explorer 7.0 or later.

Let’s starting:

Microsoft just published the RC of Advisor, and as it’s free for the moment, it’s the right time to test it. Just go on https://www.systemcenteradvisor.com/ and create an account thanks to you Windows Live ID.

Once your account created, you have to download the Certificate and the setup program. This certificate will be used for authentication between the Microsoft Advisor Cloud and your Gateway server. You don’t need to add this certificate in your certificate store, the setup will ask for it during the installation process, nothing more.

Once your gateway ready, the process will install the Operations Manager Agent. You don’t need to have a Microsoft System Center Operations Manager 2007 infrastructure in place, System Center Advisor will just installed the agent and configured it for working with the Microsoft Advisor Cloud.

When everything, we will have to wait some times for having data retrieved in your web console

Overview

The web console has 5 min parts:

• Alerts: in that view, we could see all your servers’ alerts and manage it. Changing the status, disabling not needed alert…

• Configuration : In that part, we have a global snapshot of the current configuration of your servers

  

• Change History : History of your configuration changes

• Servers : View of all your monitored servers and gateways

  

   

• Account: In that part we could manage your user access (base on Windows Live Id), the name of your company and closing your company account.

Conclusion

Microsoft System Center Advisor could be really a great product for small companies that don’t have the money and the resources for the implementation of Microsoft System Center Operations Manager 2007 R2. The setup is really quick and the entire configuration is saved in the Microsoft Cloud.

Currently Advisor has only a few monitoring rules for AD, Windows Server 2008 and SQL Server 2008. I hope that Microsoft will soon add all the rules/monitors available in the different OpsMgr Management packs.

I invite you to read the comment of Paul Mestemaker / Sr. Program Manager / Microsoft / System Center Advisor below.

Below, all the alerts that could you have with Microsoft System Center Advisor RC:

I invite you to read the comment of Paul Mestemaker / Sr. Program Manager / Microsoft / System Center Advisor below.

advisor · cloud · microsoft · monitoring · system center

• System Center Advisor announced: Azure service previously code-named “Project Atlanta” uses the OpsMgr Agent to return configuration and make recommendations for changes to the configuration. This application was demonstrated during the keynote showing how a hotfix would be relevant for the servers and what has changed in the environment. Licensing – if you have software assurance on Windows Server you are licensed to use this on the server (or Exchange software assurance for Exchange servers). Beta currently available.
• The next version of Opalis Integration Server is officially named System Center Orchestrator 2012.
• SCVMM 2012 beta announced.
• System Center 2012 officially announcement: Every product in the (System Center) portfolio will have new revisions in the next year.

Credits : http://opsmgrunleashed.wordpress.com/2011/03/22/mms-2011-keynote-322-summary-for-geeks/

code-named · Licensing · Orchestrator · software assurance · year

Dear All,

If you have just installed the Lync Server 2010 Management Pack and then you have also Linux / UNIX servers monitored by your System Center Operations Manager 2007 R2 environment, it’s possible that you will be flooded by “Secure Reference Override Failure” alerts in the console and Event ID 1107 in the event viewer of all the management servers that are currently monitoring Linux / UNIX servers.

The Health Service on computer bramomms001.xxxx.com failed to resolve SecureReference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.4.Process.Syslog.Restart”, running for instance “Red Hat Enterprise Linux ES release 4 (Nahant Update 8)” with id:”{FBAA7FEC-9E05-6981-C6A6-97BA710C9111}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “xxx”

The Health Service on computer bramomms001.xxxx.com failed to resolve SecureReference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.4.Process.Udev.Diagnostic”, running for instance “Red Hat Enterprise Linux ES release 4 (Nahant Update 8)” with id:”{FBAA7FEC-9E05-6981-C6A6-97BA710C9111}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “xxxxx”

This is caused by a problem with the “Microsoft Lync Server 2010 Profile” and the Linux / UNIX profile. The cause is not really clear, but this is related with the Run As Accounts used by Lync Server 2010 management pack that is targeted to “All targeted objects” and not to “Windows Computer” class only.

As this management pack is sealed, we will not be able to do any modification to the existing entry. If you try, you will receive the following error message:

Currently, there is no official fix about this problem. I personally opened one thread on TechNet Forums:

http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/3e56d173-fff7-443d-8821-894194cc8418/

And also a bug report on Connect Portal:

https://connect.microsoft.com/OpsMgr/feedback/details/649914/lync-2010-mp-linux-secure-reference-override-alerts-appear-just-after-mp-import

With the help of Microsoft Premier Support, we found a workaround for fixing that issue. Remember, tried this workaround at your own risks and this is not supported by Microsoft.

As this management pack is sealed, we need to export it with Microsoft PowerShell by using the following command:

Get-managementpack | Where-object {$_.DisplayName -eq “Microsoft Lync Server 2010 Management Pack”} | export-managementpack -path D:\MpExtract\

Now, from the SCOM console, in the Administration pane, Management Packs, you have to delete the installed “Microsoft Lync Server 2010 Management Pack”.

Import the management pack that you just exported (xml file) with the PowerShell command:

After the import of the management pack, you have the possibility to modify the “Microsoft Lync Server 2010 Profile” and change the “This Run As Account will be used to manage the following Objects” from “All targeted objects” to Class “Windows Computer”.

Technically, that will change the following line in the management, from

<SecureReferenceOverride ID=”Microsoft.LS.2010.Override.RunAsAccount.NetworkService” Context=”System!System.Entity” Enforced=”false” SecureReference=”Microsoft.LS.2010.RunAsAccount”> <Value>01010101010101010101010101010101010101010100000000000000000000000000000000000000</Value></SecureReferenceOverride>

To

<SecureReferenceOverride ID=”SecureOverride2f91f0bb_03e8_9dbf_09c9_ca1673e1cb05″ Context=”Windows!Microsoft.Windows.Computer” Enforced=”false” SecureReference=”Microsoft.LS.2010.RunAsAccount”><Value>01010101010101010101010101010101010101010100000000000000000000000000000000000000</Value></SecureReferenceOverride>

This work around will fix the problem of “Secure Reference Override Failure” alerts caused on Linux / UNIX servers and from my own tests, that will not affect your Lync and Linux / Unix monitoring.

You could download below the management pack directly modified, but it’s at your own risks to use it.
http://www.vnext.be/wp-content/uploads/2011/03/Microsoft.LS_.2010.Monitoring.zip

Now we are waiting for an official fix from Microsoft, in the meantime if you have any further information, please contact me.

Christopher KEYAERT

bug · lync · opsmgr · Scom · script · system center

Introduction

Lync Server 2010 Monitoring Management Pack is a comprehensive End-to-End monitoring management pack for System Center Operations Manager 2007 R2. Extensive component event and performance monitoring is available, and new in this release is full support for Synthetic Transactions against a distributed Lync Server 2010 deployment.

The most part of the next lines are directly coming from the Microsoft Documentation available on pinpoint portal: http://pinpoint.microsoft.com/en-US/applications/Lync-Server-2010-Monitoring-Management-Pack-12884908254

But as I found that the “Synthetic Transaction” part a little bit complicated for non Lync 2010 Administrator, I added my comments, advises and screenshots below. I hope this will help in your Lync 2010 management pack deployment.

Setting up Synthetic transaction watcher node

Synthetic transactions are Lync Server 2010 cmdlets that are automatically triggered by the management pack on a preset interval. These are executed on a synthetic transaction watcher node which is an administrator designated server responsible for discovery and execution of STs for each pool.

It is not recommended to use an existing Lync Server 2010 server as a synthetic transaction watcher node. This is due to the high CPU/memory utilization requirements for running STs. It’s recommended to use a new server machine (or a virtual machine) for the synthetic transaction watcher node. (Recommended configuration is available in Microsoft documentation).

Add ST Watcher Node as a trusted Microsoft Lync Server 2010 Application pool

The following actions must be executed from any of your existing Lync servers.

• Create external application pool with synthetic transaction watcher node machine as a member. While creating use machine FQDN as pool FQDN. To create the pool you can run the following cmdlet from the Lync Server Management Shell on any of your existing Lync server:

  New-CsTrustedApplicationPool -Identity <PoolFQDN> -Site <SiteID> -Registrar <RegistrarPoolFQDN> -Verbose
  

  Where
  

  <PoolFQDN>: Is the FQDN of the external application pool to be created. Use watcher node machine FQDN (the fresh installed server) as Pool FQDN
  

  <SiteID>: The ID of the site where the application pool belongs to
  

  <RegistrarPoolFQDN>: The FQDN of the registrar pool that the external application pool depends on
  

  Example:
  

  New-CsTrustedApplicationPool -Identity bramomlyc001.dir.ucb-group.com -Site 1 -Registrar hqpool.dir.ucb-group.com -Verbose
  

• Verify that external application pool has been added by running Get-CsPool
  
• Create an external application service entry in topology by using following cmdlet from the Lync Server Management Shell:

  New-CsTrustedApplication -ApplicationId <AppID> -TrustedApplicationPoolFqdn <externalAppPoolFQDN> -Port <PortNumber> -Verbose
  

Where

<AppID>: Is an ID for the application. For example, you can use “STWatcherNode”

<externalAppPoolFQDN>: Is the FQDN of the external application pool that you created in step 1

<PortNumber>: Any unused port number.

Example:

New-CsTrustedApplication -ApplicationId “StWatcherNode” -TrustedApplicationPoolFqdn bramomlyc001.dir.ucb-group.com -Port 9999 –Verbose

Configure ST Watcher Node machine

The following actions must be executed from the new installed server.

• Install Lync Server 2010 core MSI, after that launch the Deployment Wizard and install the “Local Configuration Store”

  

• Skip the Step and go directly to the Step 3: Request, Install and Assign Certificates.

   

• From the Lync Server Management Shell, run Enable-CsComputer –verbose. This will assign group memberships and resource permissions to support Lync Server services running on the host computer.

• In your Active Directory, create two domain users that will be used by the Synthetic transaction monitoring scripts. Don’t forget to fill the email field in the user configuration screen. (Just the Email field, a real mailbox is not necessary)

   

• In your Lync configuration panel, enable the two users that you just created as Enterprise Voice. Verify that these two users have well received the Conferencing Policy and the External Access Policy but executing the following command :

  Get-CSUser username
  

  

   

• Assign Test Users to registrar and user service clusters by using Health Monitoring Configuration cmdlet

  New-CsHealthMonitoringConfiguration -TargetFQDN <PoolFQDN> -FirstTestUserSipUri <FirstUserSipUri> -SecondTestUserSipUri <SecondUserSipUri> -Verbose
  

Where

<PoolFQDN>: Is the Pool FQDN you wish to run STs against (where users are hosted).

<FirstUserSipUri>: Sip Uri of first test user to be used for synthetic transaction.

<SecondUserSipUri>: Sip Uri of second test user to be used for synthetic transaction.

Example:

New-CsHealthMonitoringConfiguration hqpool.dir.ucb-group.com -FirstTestUserSipUri “sip:gbl.gmso.lyc1@ucb.com” -SecondTestUserSipUri “sip: gbl.gmso.lyc2@ucb.com ” –Verbose

• Make sure synthetic transactions are working by running the following cmdlet from in the Lync Server Management Shell.

  Test-CsRegistration <RegistrarPoolFQDN> -verbose
  

• Set registry key for watcher node discovery and optionally for enabling logging by executing the following cmdlets from Lync Server Management Shell:

   

  New-Item -Path “HKLM:\Software\Microsoft\Real-Time Communications\Health”
  

  New-ItemProperty -Path “HKLM:\Software\Microsoft\Real-Time Communications\Health” -Name “IsSTWatcherNode” -Value true | Out-Null
  

  New-ItemProperty -Path “HKLM:\Software\Microsoft\Real-Time Communications\Health” -Name “LogOpsMgr” -PropertyType DWord -value 2
  

Configuring Active directory

• Add the synthetic transaction watcher node machine as a member of RTCUniversalReadOnlyAdmins group.
• From Lync Server Management Shell on watcher node run Enable-CsComputer –Verbose

• Restart Machine (this is required after machine is added to RtcUniversalReadOnlyAdmins)

Configure Operations Manager Agent settings on ST Watcher Node

• Increase the thread pool count for synthetic transaction watcher node by modifying the value for the below registry key.
  • HKLM:\System\CurrentControlSet\Services\HealthService\Parameters

    [DWORD]    Thread Pool CLR Max Thread Count Min        200 decimal

Note: Spaces between the words should be reserved as shown above.

If the registry key does not exist you can create it by running the following PS cmdlet

New-ItemProperty -Path “HKLM:\System\CurrentControlSet\Services\HealthService\Parameters” -Name “Thread Pool CLR Max Thread Count Min” -propertytype DWord -value 200

• Restart health service:
  Net stop healthservice & Net start healthservice

Other Settings for Synthetic Transactions

Web (HTTP) Synthetic Transactions required the folder %SystemRoot%\temp to have write access by the Network Service identity. Please make sure that the ACL on %SystemRoot%\temp include write access for Network Service.

Testing the Synthetic Transaction with PowerShell

Execute the following command to ensure that the Synthetic Transaction are working well

Now, I invite you to continue the configuration of your Lync 2010 management pack with the official Microsoft documentation. http://pinpoint.microsoft.com/en-US/applications/Lync-Server-2010-Monitoring-Management-Pack-12884908254

Christopher KEYAERT

lync 2010 · microsoft · OperationsManager · opsmgr · PowerShell · Scom · Synthetic transactions