I just arrived to Paris for the Best of MMS2011, I’ll update this post with the content of the conference. Stay tune

2:00pm : Conference is starting with a quick overview of Microsoft Management over the past years.

2:15pm : Claire Henry presents the challenge of application experience between home and work. Productivity, Device …

Sccm2012 presentation : empower users, unify
infrastructure, simplify administration

2:16pm : Forefront Endpoint 2010, Intune présentation

2:24pm : Microsoft cloud advantage

2:50pm : how to build a private cloud ?

3:15pm : Adam demantrates how to do a sql migration with System Center Orchestrator 2012

3:17pm : System Center 2012 Community Evaluation Program

3:20pm : System center 2012 roadmap

3:35pm : Sccm2012 live demo

3:56pm : System center service manager introduction

4:40pm : same presentation than earlier but with French speakers now… Quite strange…

content · microsoft · MMS · post · Stay

Sometime you want to monitor a server, a workstation or a network device, but you don’t need to have all the monitors provided by your management packs installation in Operations Manager 2007 R2, and a ping will be enough.

OpsLogix has released already sometimes ago the OpsLogix Ping Management Pack. This management pack has the advantage to have a fully integration, an easy configuration and it’s free.

OpsLogix Web site: http://www.opslogix.com/ping
Datasheet: http://www.opslogix.com/images/filebase/opslogix_-_ping_management_pack.pdf

Installation

Step 1: Run the management pack installer

• Run OpsLogix.Ping.ManagementPacks.msi
• Accept the license agreement
• Unpack the files to a folder on disk

Step 2: Import the management packs

• Open the SCOM console
• Goto Administration
• Select “Import Management Packs”
• Import these three management packs from the folder on disk:
  • OpsLogix.BaseLibrary.mp
  • OpsLogix.PingMP.mp
  • OpsLogix.PingMP.Overrides.xml

Step 3: Run the console extension installer

On one computer that has the Operations Manager 2007 console installed:

• For Operations Manager 2007 SP1 installations:
  • Run OpsLogix.Console.Extension.SP1.msi
• For Operations Manager 2007 R2 RTM installations:
  • Run OpsLogix.Console.Extension.R2RTM.msi

That will extract the file OpsLogix.IMP.Base.UI.dll and you have to copy that file on every computer that has the Operations Manager 2007 Console installed in “%ProgramFiles%\System Center Operations Manager 2007″

If you don’t copy the dll, you will have the following message in the configuration part:

Configuration

Select your watcher node(s)

Select your watcher node, add the Target Display Name and Target Ip Address

You could also directly import a csv file with all your targets.

Overview

In Host, you have the general health of your watcher node(s)

In Status, you could see the state of all your targets, if the devices are answering to the ping.

In Response Times, you have a view about the answer times of your targets

In Alerts, you could see the targets that are not answering to ping

By default, the targets are pinged every 60 seconds, if you want to change that value, just create an override on the monitor: Target Host Ping Check.

Christopher KEYAERT

management pack · mp · opslogix · opsmgr · ping · Scom

• System Center Advisor announced: Azure service previously code-named “Project Atlanta” uses the OpsMgr Agent to return configuration and make recommendations for changes to the configuration. This application was demonstrated during the keynote showing how a hotfix would be relevant for the servers and what has changed in the environment. Licensing – if you have software assurance on Windows Server you are licensed to use this on the server (or Exchange software assurance for Exchange servers). Beta currently available.
• The next version of Opalis Integration Server is officially named System Center Orchestrator 2012.
• SCVMM 2012 beta announced.
• System Center 2012 officially announcement: Every product in the (System Center) portfolio will have new revisions in the next year.

Credits : http://opsmgrunleashed.wordpress.com/2011/03/22/mms-2011-keynote-322-summary-for-geeks/

code-named · Licensing · Orchestrator · software assurance · year

Dear All,

If you have just installed the Lync Server 2010 Management Pack and then you have also Linux / UNIX servers monitored by your System Center Operations Manager 2007 R2 environment, it’s possible that you will be flooded by “Secure Reference Override Failure” alerts in the console and Event ID 1107 in the event viewer of all the management servers that are currently monitoring Linux / UNIX servers.

The Health Service on computer bramomms001.xxxx.com failed to resolve SecureReference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.4.Process.Syslog.Restart”, running for instance “Red Hat Enterprise Linux ES release 4 (Nahant Update 8)” with id:”{FBAA7FEC-9E05-6981-C6A6-97BA710C9111}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “xxx”

The Health Service on computer bramomms001.xxxx.com failed to resolve SecureReference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.4.Process.Udev.Diagnostic”, running for instance “Red Hat Enterprise Linux ES release 4 (Nahant Update 8)” with id:”{FBAA7FEC-9E05-6981-C6A6-97BA710C9111}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “xxxxx”

This is caused by a problem with the “Microsoft Lync Server 2010 Profile” and the Linux / UNIX profile. The cause is not really clear, but this is related with the Run As Accounts used by Lync Server 2010 management pack that is targeted to “All targeted objects” and not to “Windows Computer” class only.

As this management pack is sealed, we will not be able to do any modification to the existing entry. If you try, you will receive the following error message:

Currently, there is no official fix about this problem. I personally opened one thread on TechNet Forums:

http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/3e56d173-fff7-443d-8821-894194cc8418/

And also a bug report on Connect Portal:

https://connect.microsoft.com/OpsMgr/feedback/details/649914/lync-2010-mp-linux-secure-reference-override-alerts-appear-just-after-mp-import

With the help of Microsoft Premier Support, we found a workaround for fixing that issue. Remember, tried this workaround at your own risks and this is not supported by Microsoft.

As this management pack is sealed, we need to export it with Microsoft PowerShell by using the following command:

Get-managementpack | Where-object {$_.DisplayName -eq “Microsoft Lync Server 2010 Management Pack”} | export-managementpack -path D:\MpExtract\

Now, from the SCOM console, in the Administration pane, Management Packs, you have to delete the installed “Microsoft Lync Server 2010 Management Pack”.

Import the management pack that you just exported (xml file) with the PowerShell command:

After the import of the management pack, you have the possibility to modify the “Microsoft Lync Server 2010 Profile” and change the “This Run As Account will be used to manage the following Objects” from “All targeted objects” to Class “Windows Computer”.

Technically, that will change the following line in the management, from

<SecureReferenceOverride ID=”Microsoft.LS.2010.Override.RunAsAccount.NetworkService” Context=”System!System.Entity” Enforced=”false” SecureReference=”Microsoft.LS.2010.RunAsAccount”> <Value>01010101010101010101010101010101010101010100000000000000000000000000000000000000</Value></SecureReferenceOverride>

To

<SecureReferenceOverride ID=”SecureOverride2f91f0bb_03e8_9dbf_09c9_ca1673e1cb05″ Context=”Windows!Microsoft.Windows.Computer” Enforced=”false” SecureReference=”Microsoft.LS.2010.RunAsAccount”><Value>01010101010101010101010101010101010101010100000000000000000000000000000000000000</Value></SecureReferenceOverride>

This work around will fix the problem of “Secure Reference Override Failure” alerts caused on Linux / UNIX servers and from my own tests, that will not affect your Lync and Linux / Unix monitoring.

You could download below the management pack directly modified, but it’s at your own risks to use it.
http://www.vnext.be/wp-content/uploads/2011/03/Microsoft.LS_.2010.Monitoring.zip

Now we are waiting for an official fix from Microsoft, in the meantime if you have any further information, please contact me.

Christopher KEYAERT

bug · lync · opsmgr · Scom · script · system center

Introduction

Lync Server 2010 Monitoring Management Pack is a comprehensive End-to-End monitoring management pack for System Center Operations Manager 2007 R2. Extensive component event and performance monitoring is available, and new in this release is full support for Synthetic Transactions against a distributed Lync Server 2010 deployment.

The most part of the next lines are directly coming from the Microsoft Documentation available on pinpoint portal: http://pinpoint.microsoft.com/en-US/applications/Lync-Server-2010-Monitoring-Management-Pack-12884908254

But as I found that the “Synthetic Transaction” part a little bit complicated for non Lync 2010 Administrator, I added my comments, advises and screenshots below. I hope this will help in your Lync 2010 management pack deployment.

Setting up Synthetic transaction watcher node

Synthetic transactions are Lync Server 2010 cmdlets that are automatically triggered by the management pack on a preset interval. These are executed on a synthetic transaction watcher node which is an administrator designated server responsible for discovery and execution of STs for each pool.

It is not recommended to use an existing Lync Server 2010 server as a synthetic transaction watcher node. This is due to the high CPU/memory utilization requirements for running STs. It’s recommended to use a new server machine (or a virtual machine) for the synthetic transaction watcher node. (Recommended configuration is available in Microsoft documentation).

Add ST Watcher Node as a trusted Microsoft Lync Server 2010 Application pool

The following actions must be executed from any of your existing Lync servers.

• Create external application pool with synthetic transaction watcher node machine as a member. While creating use machine FQDN as pool FQDN. To create the pool you can run the following cmdlet from the Lync Server Management Shell on any of your existing Lync server:

  New-CsTrustedApplicationPool -Identity <PoolFQDN> -Site <SiteID> -Registrar <RegistrarPoolFQDN> -Verbose
  

  Where
  

  <PoolFQDN>: Is the FQDN of the external application pool to be created. Use watcher node machine FQDN (the fresh installed server) as Pool FQDN
  

  <SiteID>: The ID of the site where the application pool belongs to
  

  <RegistrarPoolFQDN>: The FQDN of the registrar pool that the external application pool depends on
  

  Example:
  

  New-CsTrustedApplicationPool -Identity bramomlyc001.dir.ucb-group.com -Site 1 -Registrar hqpool.dir.ucb-group.com -Verbose
  

• Verify that external application pool has been added by running Get-CsPool
  
• Create an external application service entry in topology by using following cmdlet from the Lync Server Management Shell:

  New-CsTrustedApplication -ApplicationId <AppID> -TrustedApplicationPoolFqdn <externalAppPoolFQDN> -Port <PortNumber> -Verbose
  

Where

<AppID>: Is an ID for the application. For example, you can use “STWatcherNode”

<externalAppPoolFQDN>: Is the FQDN of the external application pool that you created in step 1

<PortNumber>: Any unused port number.

Example:

New-CsTrustedApplication -ApplicationId “StWatcherNode” -TrustedApplicationPoolFqdn bramomlyc001.dir.ucb-group.com -Port 9999 –Verbose

Configure ST Watcher Node machine

The following actions must be executed from the new installed server.

• Install Lync Server 2010 core MSI, after that launch the Deployment Wizard and install the “Local Configuration Store”

  

• Skip the Step and go directly to the Step 3: Request, Install and Assign Certificates.

   

• From the Lync Server Management Shell, run Enable-CsComputer –verbose. This will assign group memberships and resource permissions to support Lync Server services running on the host computer.

• In your Active Directory, create two domain users that will be used by the Synthetic transaction monitoring scripts. Don’t forget to fill the email field in the user configuration screen. (Just the Email field, a real mailbox is not necessary)

   

• In your Lync configuration panel, enable the two users that you just created as Enterprise Voice. Verify that these two users have well received the Conferencing Policy and the External Access Policy but executing the following command :

  Get-CSUser username
  

  

   

• Assign Test Users to registrar and user service clusters by using Health Monitoring Configuration cmdlet

  New-CsHealthMonitoringConfiguration -TargetFQDN <PoolFQDN> -FirstTestUserSipUri <FirstUserSipUri> -SecondTestUserSipUri <SecondUserSipUri> -Verbose
  

Where

<PoolFQDN>: Is the Pool FQDN you wish to run STs against (where users are hosted).

<FirstUserSipUri>: Sip Uri of first test user to be used for synthetic transaction.

<SecondUserSipUri>: Sip Uri of second test user to be used for synthetic transaction.

Example:

New-CsHealthMonitoringConfiguration hqpool.dir.ucb-group.com -FirstTestUserSipUri “sip:gbl.gmso.lyc1@ucb.com” -SecondTestUserSipUri “sip: gbl.gmso.lyc2@ucb.com ” –Verbose

• Make sure synthetic transactions are working by running the following cmdlet from in the Lync Server Management Shell.

  Test-CsRegistration <RegistrarPoolFQDN> -verbose
  

• Set registry key for watcher node discovery and optionally for enabling logging by executing the following cmdlets from Lync Server Management Shell:

   

  New-Item -Path “HKLM:\Software\Microsoft\Real-Time Communications\Health”
  

  New-ItemProperty -Path “HKLM:\Software\Microsoft\Real-Time Communications\Health” -Name “IsSTWatcherNode” -Value true | Out-Null
  

  New-ItemProperty -Path “HKLM:\Software\Microsoft\Real-Time Communications\Health” -Name “LogOpsMgr” -PropertyType DWord -value 2
  

Configuring Active directory

• Add the synthetic transaction watcher node machine as a member of RTCUniversalReadOnlyAdmins group.
• From Lync Server Management Shell on watcher node run Enable-CsComputer –Verbose

• Restart Machine (this is required after machine is added to RtcUniversalReadOnlyAdmins)

Configure Operations Manager Agent settings on ST Watcher Node

• Increase the thread pool count for synthetic transaction watcher node by modifying the value for the below registry key.
  • HKLM:\System\CurrentControlSet\Services\HealthService\Parameters

    [DWORD]    Thread Pool CLR Max Thread Count Min        200 decimal

Note: Spaces between the words should be reserved as shown above.

If the registry key does not exist you can create it by running the following PS cmdlet

New-ItemProperty -Path “HKLM:\System\CurrentControlSet\Services\HealthService\Parameters” -Name “Thread Pool CLR Max Thread Count Min” -propertytype DWord -value 200

• Restart health service:
  Net stop healthservice & Net start healthservice

Other Settings for Synthetic Transactions

Web (HTTP) Synthetic Transactions required the folder %SystemRoot%\temp to have write access by the Network Service identity. Please make sure that the ACL on %SystemRoot%\temp include write access for Network Service.

Testing the Synthetic Transaction with PowerShell

Execute the following command to ensure that the Synthetic Transaction are working well

Now, I invite you to continue the configuration of your Lync 2010 management pack with the official Microsoft documentation. http://pinpoint.microsoft.com/en-US/applications/Lync-Server-2010-Monitoring-Management-Pack-12884908254

Christopher KEYAERT

lync 2010 · microsoft · OperationsManager · opsmgr · PowerShell · Scom · Synthetic transactions