Loading

Twitter

I just became the mayor of Il Vulcano on @foursquare! 4sq.com/t7UqbG 6 hours ago
I just unlocked the "Pizzaiolo" badge on @foursquare for checking in at pizza joints! Pies all around! 4sq.com/JYtchI 6 hours ago
#OpsMgr / #SCOM : NetApp Management pack 3.0 – Installation scug.be/blogs/christop… #Netapp #SCUGBE #SysCtr 1 day ago
Clarification on SQL Server Collation Requirements for System Center 2012 - System Center: bit.ly/LMALNo #sysctr 3 days ago
New blog post #SCOM / #OpsMgr 2007 R2 : There are no more endpoints available from the endpoint mapper scug.be/blogs/christop… #SCUGBE #SysCtr 6 days ago
I just ousted @dellatino as the mayor of UCB on @foursquare! 4sq.com/aiNi4a 6 days ago
I just ousted Julien V. as the mayor of Arcadia on @foursquare! 4sq.com/nnt5fa 1 week ago
I will have the honor to do a session at the Community Day 2012 scug.be/blogs/christop… #ComDaybe #SCUGBE #SysCtr 1 week ago
I just ousted Marie S. as the mayor of Equistal on @foursquare! 4sq.com/wpwbsy 1 week ago
I just reached Level 2 of the "Fixer Upper" badge on @foursquare. I’ve checked in at 5 different hardware stores! 4sq.com/J4vR7P 1 week ago

TAG | ms

Jan/11

9

SCOM / OpsMgr: Promote a MS as new RMS

No comments · Posted by Christopher Keyaert in OpsMgr / Scom

Promoting a new server as the new RMS of your SCOM infrastructure could be very useful when you want to upgrade your OS from Windows Server 2003 to Windows Server 2008.
The information below are coming directly from Microsoft TechNet, I just add some print screen for simplifying the procedure.

In the example, CENMOMRMS701 is my current RMS and CENMOMMS701 is the MS that I want to promote as RMS.

Pre-requisites

Make sure that you have a backup of the databases and all servers.
Backup the Key from the RMS by using SecureStorageBackup.exe
and copy it to the MS that you want to promote.
Be sure to have all the services accounts passwords available.
Be sure that no agent, no Linux servers, no website, no network devices that are currently monitored by the RMS.

To promote a management server to a root management server role

On the management server that you want to promote, copy the ManagementServerConfigTool.exe tool from the SupportTools folder of the installation media to the installation folder (by default, C:\Program Files\System Center Operations Manager 2007), called installdir in this example.
Open a command prompt window using the Run as Administrator option, and then change the folder to the installdir folder.
Type the following command:

SecureStorageBackup.exe Restore < filename >

Here, filename is the root management server encryption key backup file.
Provide a password as required.
On the management server, open a command prompt window using the Run as Administrator option, and then type the following command:

ManagementServerConfigTool.exe PromoteRMS
You will see two warnings come up. The first warns you to backup your OperationsManager database, the second warns you to take the System Center Management, System Center Management Configuration and System Center Data Access services offline if your RMS is on a cluster. Type in Y for both.
Demote the original root management server to a management server by doing the following on the original root management server:
- Type the following command: ManagementServerConfigTool.exe UpdateDemotedRMS. Type in Y to the backup database warning.
- Stop System Center Management service
- Delete the existing subfolders of the Health Service State folder in the installdir.
- Start System Center Management service

To configure the reporting server with the name of the new root management server

Log on to the reporting server.
Navigate to the installation folder of Reporting Services for example, %ProgramFiles%\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer if you are using SQL Server 2005 or %ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer if you are using SQL Server 2008.
Open the rsreportserver.config file in Notepad, and locate the two instances of <ServerName>ServerName</ServerName>, where ServerName is the name of the original root management server. Change ServerName to be the name of the new root management server.
Save the file, and then close Notepad.
Open the registry and locate the key HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Manager\3.0\Reporting.
Change the DefaultSDKServiceMachine value to be the name of the new root management server.

To configure the data warehouse server with permissions for the new root management server

On the server hosting the data warehouse, open Microsoft SQL Server Management Studio, and in the Object Explorer pane, navigate to Security and then expand Logins.
Locate the account that corresponds to the new root management server and on which the System Center Data Access Service is running (if it’s running under LocalSystem, the format is <domain\computername$>).
Right-click the account and select Properties.
In the Login Properties dialog box, in the Select a page pane, select User Mapping.
In the Users mapped to this login list, in the Map column, select the box that corresponds to the OperationsManagerDW database.
In the Database role membership for: OperationsManagerDW list, ensure that the following items are selected: configsvc_users, db_datareader, db_datawriter, db_ddladmin, and sdk_users.
Click OK to save your changes and to close the Login Properties dialog box.

cluster type · ms · opsmgr · rms · Scom

Jun/10

2

Secondary Management Server install fails if Reporting is already installed when DW action account and RMS action account are the same

No comments · Posted by Christopher Keyaert in OpsMgr / Scom

Issue:
If you try to install a secondary Management Server (MS) in a scenario with Root Management Server(RMS) and Reporting installed with Data Warehouse(DW) action account and Root Management Server action account (default action account) is the same, the secondary Management Server setup rolls back with an error (value 3) in the setup log:

Error from log file:

**********************

AddRunAsProfilesCA: Error: Index was out of range. Must be non-negative and less than the size of the collection.

Parameter name: index,

Stack: at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)

at System.ThrowHelper.ThrowArgumentOutOfRangeException()

at System.Collections.Generic.List`1.get_Item(Int32 index)

at Microsoft.MOMv3.Setup.MOMv3ManagedCAs.AddRunAsProfile(String profleGuid,

MonitoringObject hostedHealthService, ManagementGroup managementGroup, String currentActionUserDomain, String currentActionUserName)

at Microsoft.MOMv3.Setup.MOMv3ManagedCAs.AddRunAsProfiles(Session session)

Cause:

In OpsMgr Service Pack 1 setup if DW Action account is same as RMS action account we do not configure DW RunAs profile. So, when you attempt to install second MS we try to configure its DW RunAs profile with DW Action account by looking at RMS DW RunAs profile which is empty. (This happens when default action account is same as DW action account and installation scenario is: RMS and Reporting is installed and then second MS is attempted to install).

Workaround:

Create a ‘Windows’ Run As Account with same domain user as that of RMS Action Account.

Associate this account to ‘Data Warehouse Account’ RunAs profile

Associate this account to ‘DW Configuration and Synchronization Reader Account’ profile (in SP1 this is called as ‘Reserved’, there would be three Reserved profiles in SP1, this one is third in the list). Re-run Management Server setup.

Note that this workaround is only applicable to SP1 release, if you’ve SCOM R2, you have to contact Microsoft Support.
A KB already exists for that issue : http://support.microsoft.com/kb/957566/en-us

Edit : The script provided by Microsoft (No Warranty, please do a backup before apply it)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

######################################################
# This script is provided "AS IS" with no warranties,
# and confers no rights. Use of included script
# samples are subject to the terms specified at
# http://www.microsoft.com/info/cpyright.htm
#
# Nathan Davenport Dec2009
#####################################################

############### PROCESS CMD LINE ARGS ###############
# Usage:
# PS> CreateHealthServiceReferences.ps1 "dw action account"
#
#####################################################
$usage = "PS> CreateHealthServiceReferences.ps1 <dw action account>"
$accountname = ""
if([String]::IsNullOrEmpty($args[0]))
{
write-output ""
write-output "Error: DW Action Account Not Specified."
write-output "Usage: $($usage)"
write-output ""
exit
}
else
{
$accountname = $args[0]
}

#################### LOAD DLLS #####################
$SCOMRootDir = $env:ProgramFiles + "\System Center Operations Manager 2007"
[System.Reflection.Assembly]::LoadFile("$SCOMRootDir\SDK Binaries\Microsoft.EnterpriseManagement.OperationsManager.dll")

############### DW RUNAS PROFILES GUIDS ##############
# GUIDS SIGNED
# DW Action Account
# 5D09EF12-F56A-002E-3A80-A6602F86DD21
# DW Configuration and Synchronization Reader Account
# 7E81C844-04F6-94D1-D6A2-4EA0B726F175
# DW Reporting Deployment Action Account
# DB7B5DC1-3016-7043-9F63-48A3E89B2764
#
# GUIDS DEBUG
# DW Action Account
# B032E10C-614B-7723-C785-EA51C2456524
# DW Configuration and Synchronization Reader Account
# 696F1382-F1F9-B7AC-87F4-B7604EE38C9F
# DW Reporting Deployment Action Account
# F483770B-F112-44C6-EF30-0B012B623ECF
#####################################################

############# GET THE MANAGEMENT GROUP #############
$mg = new-object Microsoft.EnterpriseManagement.ManagementGroup("localhost")

################ GET RUNAS PROFILES ################
# DW Action Account RunAs Profile GUID
$DWActionAccountProfile = "5D09EF12-F56A-002E-3A80-A6602F86DD21"

# DW Configuration and Synchronization Reader Account
$DWReaderAccountProfile = "7E81C844-04F6-94D1-D6A2-4EA0B726F175"

# DW Reporting Deployment Action Account
$DWRepDeployProfile = "DB7B5DC1-3016-7043-9F63-48A3E89B2764"

# Get RunAs Profile
write-output "Getting DW RunAs Profiles..."
$profile1 = $mg.GetMonitoringSecureReference($DWActionAccountProfile)
write-output $profile1.Name

$profile2 = $mg.GetMonitoringSecureReference($DWReaderAccountProfile)
write-output $profile2.Name

$profile3 = $mg.GetMonitoringSecureReference($DWRepDeployProfile)
write-output $profile3.Name
write-output ""

################ GET RUNAS ACCOUNTS ################
$accounts = $mg.GetMonitoringSecureData()
$account = ""
write-output "Getting the specified DW RunAs Account..."
foreach($acct in $accounts)
{
if($acct.Name.ToLowerInvariant().Equals($accountname.ToLowerInvariant()))
{
$account = $acct
}
}

if([String]::IsNullOrEmpty($account))
{
write-output ""
write-output "Error: RunAs Account '$($accountname)' not found"
exit
}
else
{
write-output $account.Name
write-output ""
}

############# GET RMS HEALTHSERVICE ID #############
write-output "Getting RMS and Hosted Health Service..."
$admin = $mg.GetAdministration()
$hostname = $env:computername + "." + $env:userdnsdomain
$criteria = new-object Microsoft.EnterpriseManagement.Administration.ManagementServerCriteria("Name = '" + $hostname + "'")
$ms = $admin.GetManagementServers($criteria)
$healthservice = $ms[0].HostedHealthService
write-output "RMS is hosting health service '$($healthservice.Id)'"
write-output ""

##### CREATE SECUREDATAHEALTHSERVICEREFERENCES #####
# Create a new SecureDataHealthServiceReference
write-output "Creating MonitoringSecureDataHealthServiceReferences..."
$newref1 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile1.Id, $healthservice.Id)
write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile1.Name)'"
write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created."
write-output ""

$newref2 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile2.Id, $healthservice.Id)
write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile2.Name)'"
write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created."
write-output ""

$newref3 = new-object Microsoft.EnterpriseManagement.Monitoring.Security.MonitoringSecureDataHealthServiceReference($account.Id, $profile3.Id, $healthservice.Id)
write-output "MonitoringSecureDataHealthServiceReference created for RunAs Profile '$($profile3.Name)'"
write-output "Link between Health Service '$($healthservice.Id)' and RunAs Account '$($account.Name)' created."
write-output ""

### INSERT NEW SECUREDATAHEALTHSERVICEREFERENCES ###
write-output "Inserting MonitoringSecureDataHealthServiceReferences..."
$mg.InsertMonitoringSecureDataHealthServiceReference($newref1)
$mg.InsertMonitoringSecureDataHealthServiceReference($newref2)
$mg.InsertMonitoringSecureDataHealthServiceReference($newref3)

trap [Microsoft.EnterpriseManagement.Common.UnknownDatabaseException]
{
write-debug "Microsoft.EnterpriseManagement.Common.UnknownDatabaseException: MonitoringSecureDataHealthServiceReferences may already exist."
# write-error $($_.Exception.GetType().Name);
# write-error $($_.Exception.Message);
continue;
}

deployment · hotfix · kb · management server · microsoft · ms · rms · run as acocount · Scom · support

vNext.be | Operations Manager, Opalis, PowerShell, …

Twitter

Recent Posts

Blogroll

Contributors

Archives