vNext.be | Operations Manager, Opalis, PowerShell, …

TAG | script

Mar/11

8

Linux Secure Reference Override Alerts caused by Lync Server 2010 Management Pack

No comments · Posted by Christopher Keyaert in OpsMgr / Scom

Dear All,

If you have just installed the Lync Server 2010 Management Pack and then you have also Linux / UNIX servers monitored by your System Center Operations Manager 2007 R2 environment, it’s possible that you will be flooded by “Secure Reference Override Failure” alerts in the console and Event ID 1107 in the event viewer of all the management servers that are currently monitoring Linux / UNIX servers.

The Health Service on computer bramomms001.xxxx.com failed to resolve SecureReference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.4.Process.Syslog.Restart”, running for instance “Red Hat Enterprise Linux ES release 4 (Nahant Update 8)” with id:”{FBAA7FEC-9E05-6981-C6A6-97BA710C9111}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “xxx”

The Health Service on computer bramomms001.xxxx.com failed to resolve SecureReference override. This issue may affect multiple instances. Additional details: Account for RunAs profile in workflow “Microsoft.Linux.RHEL.4.Process.Udev.Diagnostic”, running for instance “Red Hat Enterprise Linux ES release 4 (Nahant Update 8)” with id:”{FBAA7FEC-9E05-6981-C6A6-97BA710C9111}” is not defined. Workflow will not be loaded. Please associate an account with the profile. Management group “xxxxx”

This is caused by a problem with the “Microsoft Lync Server 2010 Profile” and the Linux / UNIX profile. The cause is not really clear, but this is related with the Run As Accounts used by Lync Server 2010 management pack that is targeted to “All targeted objects” and not to “Windows Computer” class only.

As this management pack is sealed, we will not be able to do any modification to the existing entry. If you try, you will receive the following error message:

Currently, there is no official fix about this problem. I personally opened one thread on TechNet Forums:

http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/3e56d173-fff7-443d-8821-894194cc8418/

And also a bug report on Connect Portal:

https://connect.microsoft.com/OpsMgr/feedback/details/649914/lync-2010-mp-linux-secure-reference-override-alerts-appear-just-after-mp-import

With the help of Microsoft Premier Support, we found a workaround for fixing that issue. Remember, tried this workaround at your own risks and this is not supported by Microsoft.

As this management pack is sealed, we need to export it with Microsoft PowerShell by using the following command:

Get-managementpack | Where-object {$_.DisplayName -eq “Microsoft Lync Server 2010 Management Pack”} | export-managementpack -path D:\MpExtract\

Now, from the SCOM console, in the Administration pane, Management Packs, you have to delete the installed “Microsoft Lync Server 2010 Management Pack”.

Import the management pack that you just exported (xml file) with the PowerShell command:

After the import of the management pack, you have the possibility to modify the “Microsoft Lync Server 2010 Profile” and change the “This Run As Account will be used to manage the following Objects” from “All targeted objects” to Class “Windows Computer”.

Technically, that will change the following line in the management, from

<SecureReferenceOverride ID=”Microsoft.LS.2010.Override.RunAsAccount.NetworkService” Context=”System!System.Entity” Enforced=”false” SecureReference=”Microsoft.LS.2010.RunAsAccount”> <Value>01010101010101010101010101010101010101010100000000000000000000000000000000000000</Value></SecureReferenceOverride>

To

<SecureReferenceOverride ID=”SecureOverride2f91f0bb_03e8_9dbf_09c9_ca1673e1cb05″ Context=”Windows!Microsoft.Windows.Computer” Enforced=”false” SecureReference=”Microsoft.LS.2010.RunAsAccount”><Value>01010101010101010101010101010101010101010100000000000000000000000000000000000000</Value></SecureReferenceOverride>

This work around will fix the problem of “Secure Reference Override Failure” alerts caused on Linux / UNIX servers and from my own tests, that will not affect your Lync and Linux / Unix monitoring.

You could download below the management pack directly modified, but it’s at your own risks to use it.
http://www.vnext.be/wp-content/uploads/2011/03/Microsoft.LS_.2010.Monitoring.zip

Now we are waiting for an official fix from Microsoft, in the meantime if you have any further information, please contact me.

Christopher KEYAERT

· · · · ·

May/10

20

PowerShell : Upload file to WebDav Server

1 Comment · Posted by Christopher Keyaert in PowerShell

The purpose of that Powershell Script is to upload a file on a webdav server. This could be useful for automatic report publishing on a portal.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
########################################
#Webdav Access with PowerShell
########################################

#Put the complete path of the file that you want to upload
$file = "D:\test.txt"

#Put the url without the last "/"
$url  = "http://mywebSite/webdav"  

#Provide User and Pwd for Webdav Access
$user = "user"
$pass = "pwd"

########################################
#Script
#######################################

#Adding the name of the file at the end of the URL
$url += "/" + $file.split('\')[(($file.split("\")).count - 1)]

#Connecting to WebDav
Write-Host "File upload started"

# Set binary file type
Set-Variable -name adFileTypeBinary -value 1 -option Constant

$objADOStream = New-Object -ComObject ADODB.Stream
$objADOStream.Open()
$objADOStream.Type = $adFileTypeBinary
$objADOStream.LoadFromFile("$file")
$arrbuffer = $objADOStream.Read()

$objXMLHTTP = New-Object -ComObject MSXML2.ServerXMLHTTP
$objXMLHTTP.Open("PUT", $url, $False, $user, $pass)
$objXMLHTTP.send($arrbuffer)

Write-Host "File upload finished"

And that’s it :-)

Christopher Keyaert

· · ·

May/10

20

SCOM : Automatic Agent Deployment on Windows OS With PowerShell

No comments · Posted by Christopher Keyaert in OpsMgr / Scom, PowerShell

Hello,

Some weeks ago, I had to deploy SCOM Agent on more than 350 windows servers at the same time. For that, I wrote a little PowerShell Script where you just have to give a server list in input (a simple txt file, one server name per line) and the name of your RMS/MS . And that’s it, the script’ll perform the agent installation for you and a CSV file will be generated as output with the agent installation status for each servers.

Concerning the right management, you have to ensure that the Default Action Account used on your (root) management server has administrative right on the servers that you want to add in SCOM. For that, and the duration of the deployment only, use a Domain Admin Account as the Run As Account of your MS/RMS.

The script :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
###########################
# Autor : Christopher Keyaert
# Version : 1.0
# Date : 28 DEC 2009
##########################
#Getting the credential of the user
#$creds = Get-Credential

###########################
#Param
##########################
$RMS =  #don't forget to use the FQN RMS001.contoso.local
$MS  =  #don't forget to use the FQN MS001.contoso.local

$myFile = "D:\Dep\myfile.txt" #List of Servers
$ResultPath = "D:\Dep" #Folder for path output
Start-Transcript -path "$ResultPath\Transcript$(get-date -uformat '%Y-%m-%d_%Hh%Ms%S').log"

$MaintenanceModeEnable = $false

$MaintenanceModeDuration = 10 * 1440 # 1440 minutes per day
$comment = 'Global Deployment'
$reason = 'PlannedOther'

######################
#Functions
#####################
function SetToMaintenanceMode($rootMS,$computerPrincipalName,$minutes,$comment,$reason)
{
$computerPrincipalName = $computerPrincipalName + ".dir.ucb-group.com"
$computerClass = get-monitoringclass -name:Microsoft.Windows.Computer
$healthServiceClass = get-monitoringclass -name:Microsoft.SystemCenter.HealthService
$healthServiceWatcherClass = get-monitoringclass -name:Microsoft.SystemCenter.HealthServiceWatcher
$computerCriteria = "PrincipalName='" + $computerPrincipalName + "'"
$computer = get-monitoringobject -monitoringclass:$computerClass -criteria:$computerCriteria
$healthServices = $computer.GetRelatedMonitoringObjects($healthServiceClass)
$healthService = $healthServices[0]
$healthServiceCriteria = "HealthServiceName='" + $computerPrincipalName + "'"
$healthServiceWatcher = get-monitoringobject -monitoringclass:$healthServiceWatcherClass -criteria:$healthServiceCriteria
$startTime = [System.DateTime]::Now
$endTime = $startTime.AddMinutes($minutes)

Write-host " "
"Putting " + $computerPrincipalName + " into maintenance mode"
New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -monitoringObject:$computer -comment:$comment -Reason:$reason
 
"Putting the associated health service into maintenance mode"
New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -monitoringObject:$healthService -comment:$comment -Reason:$reason
 
"Putting the associated health service watcher into maintenance mode"
New-MaintenanceWindow -startTime:$startTime -endTime:$endTime -monitoringObject:$healthServiceWatcher -comment:$comment -Reason:$reason
Write-host " "

}

#################################
#Init the connection to SCOM srv
#################################
if(-not (Get-pssnapin | Where-Object {$_.Name -eq "Microsoft.EnterpriseManagement.OperationsManager.Client"}))
    {
    Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
    }  
new-managementGroupConnection -ConnectionString:$RMS
Set-Location "OperationsManagerMonitoring::" -ErrorVariable errSnapin ;
Set-Location $RMS -ErrorVariable errSnapin ;   

##########################
#Agent installation
##########################
#Creating the computers list
$ComputersList  = @()
$ComputersList = Get-Content $myFile

#Define a WindowsDiscoveryConfiguration
$discoConfig = New-WindowsDiscoveryConfiguration –ComputerName: $ComputersList –PerformVerification: $true -ComputerType: "Server" #–ActionAccountCredential: $creds

#Start the discovery process.
$managementServer = Get-ManagementServer | Where-Object {$_.PrincipalName -like "*$MS*"}

$discoResult = Start-Discovery –ManagementServer: $managementServer –WindowsDiscoveryConfiguration: $discoConfig

#Check that the discovery process discovered the Windows computers you specified.
$discoResult.CustomMonitoringObjects

if($discoResult.CustomMonitoringObjects -ne $null)
    {
    Write-Host "Agent installation in progress..."
    Write-Host ""
    Install-Agent –ManagementServer $managementServer –AgentManagedComputer $discoResult.CustomMonitoringObjects

    Write-host "Installation Finished, waiting for 60 secondes"
    Start-Sleep -s 60
    }
else{
    Write-Host "No servers discovered"
    }  

####################################################################
#We have to check if all the agent has been well installed + Maintenance mode
#####################################################################
Write-Host ""
Write-Host "Installation Checking"
Write-Host ""

$InstallArray = @()
foreach($srv in $ComputersList)
    {
    $Value = $null
    $Value = Get-agent | Where-Object {$_.ComputerName -like "*$srv*"}
   
    if($Value -ne $null)
        {
        Write-Host "$srv - Agent installed "
        $InstallTime = $Value.InstallTime
        $HealthState = $Value.HealthState
        $AgentInstalled = $true
       
        #Write-Host "Activation of the Maintenance Mode"
        #Put the server in Maintenance Mode
        if($MaintenanceModeEnable -eq $true){SetToMaintenanceMode $RMS $srv $MaintenanceModeDuration $comment $reason}
       
        }
    else{
        Write-Host "$srv - Agent not installed"
        $AgentInstalled = $false
        $InstallTime = ""
        $HealthState = ""
        }
   
    $obj = New-Object PSObject
    $obj | Add-Member Noteproperty -Name "Name" -Value $srv
    $obj | Add-Member Noteproperty -Name "AgentInstall" -Value  $AgentInstalled
    $obj | Add-Member Noteproperty -Name "InstallTime" -Value  $InstallTime
    $obj | Add-Member Noteproperty -Name "HealthState" -Value  $HealthState
    $InstallArray += $obj
    }

Write-Host ""  
Write-Host "Save the Result File"  

$InstallArray  | Export-Csv "$ResultPath\$(get-date -uformat '%Y-%m-%d_%Hh%Ms%S').csv"
Stop-Transcript

Christopher Keyaert

· · · ·

May/10

20

VI Toolkit / PowerShell : How to connect to more than one Virtual Center at the same time

No comments · Posted by Christopher Keyaert in PowerShell, VMWare

Hello All,

If you only use the command GET-VM, you will receive back the VMs List only from the Virtucal Center that you last connect on. If you want the get all the VM from your both virutal centers, you absolutely need to add the parameter -server $vcs to you command.

If you want to connect to more than one virtual center at the same time, here the starting code :

1
2
3
4
5
6
7
$vcs = @()
$vcs += connect-viserver vc1.mydom.local
$vcs += connect-viserver vc2.mydom.local
# You could add many as you need...

# Command example
get-vm -server $vcs | export-csv C:\Export.csv

In a general way, don’t forget to add -server $vcs to every command than you use with the VI Toolkit.

As always, RTM -> the documentation on VI Toolkit :
http://communities.vmware.com/docs/DOC-4210

Christopher Keyaert

· · ·

May/10

6

SCOM / PowerShell : Number of locked AD accounts

No comments · Posted by admin in PowerShell

Dear All,

Here a new little powershell script that creates an event 6970 in the event viewer when there is more than X accounts locked in less than Y minutes. Now, you just have to create a new rule in SCOM that collect event with the ID6970 and schedule that script to run every 10 minutes.

Thanks to that you can be alert when there is an attack attempt to your Active Directory.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
########################################################
#Get the number of lock account in less than 10 minutes
########################################################
###########################
# Param
###########################
$LockedSince = 10 #Minutes
$NumberofLockedAccount = 50 #

###########################
# FUNCTIONS
###########################
###########################
# SCRIPT
###########################
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = "(&amp;(objectClass=User)(lockoutTime&gt;=1))"
$colProplist = "name","samaccountname","lockoutTime"

foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i) | out-null}
$colResults = $objSearcher.FindAll()

$cpt = 0
$result = $null
$result2 = $null

foreach ($objResult in $colResults) {

    $domainname = $objDomain.name
    $samaccountname = $objResult.Properties.samaccountname

    $user = [ADSI]"WinNT://$domainname/$samaccountname"
    $ADS_UF_LOCKOUT = 0x00000010
    #$objResult.Properties

    if(($user.UserFlags.Value -band $ADS_UF_LOCKOUT) -eq $ADS_UF_LOCKOUT) {
        $Sam = $objResult.Properties.samaccountname
        $Name = $objResult.Properties.name
        [String]$LockTime = $objResult.Properties.lockouttime
        [datetime] $LockTime = [datetime]::FromFileTime($LockTime)

        #We want all the account locked in the last 24h
        $DayDate = Get-Date
        $DayDateBefore = $DayDate.AddMinutes(-$LockedSince)

        if(($LockTime -gt $DayDateBefore) -and ($LockTime -lt  $DayDate))
            {
            Write-Host "************"
            Write-Host "User : $sam"
            Write-Host "Name : $name"
            Write-Host "LockTime : $lockTime"
            Write-Host "************"
            Write-Host ""

            $result2 += "************`r"
            $result2 += "User : $sam`r"
            $result2 += "Name : $name`r"
            $result2 += "LockTime : $lockTime`r"
            $result2 += "************`r"
            $result2 += "`r"

            $cpt += 1
            }
    }
}

Write-Host "************"
Write-Host "There is $cpt account(s) locked in the last $LockedSince minutes"
Write-Host "************"

$result += "************`r"
$result += "There is $cpt account(s) locked in the last $LockedSince minutes`r"
$result += "************`r"
$result += $result2

if($cpt -ge $NumberofLockedAccount)
    {
    Write-Host ""
    Write-Host "Limit reached, /!\ ALERT /!\"
    Write-Host ""
    $infoevent=[System.Diagnostics.EventLogEntryType]::Error
    }
else{
    $infoevent=[System.Diagnostics.EventLogEntryType]::Information
    }  

############################
#Var for the event creation
############################
$evt = new-object System.Diagnostics.EventLog("Application")
$evt.Source = "AD-SCOM"
$evt.MachineName = "."
$evt.WriteEntry($result,$infoevent,6970)

· · ·

Christopher Keyaert
Copyright 2010 © vNext.be