Hi Everyone,

One of my customer requested me to implement the Active Directory  Federation Services 2.0 Management Pack on Operations Manager 2007 R2.

Management Pack is available here with the Guide :
http://systemcenter.pinpoint.microsoft.com/en-US/applications/active-directory-federation-services-2-0-adfs-monitoring-management-pack-12884905753

The only pre-requisite of this management pack that I found in the documentation is to enable the IIS 6 Management Compatibility:

After several hours, still no server in the Federation Servers State view, nothing strange in the event viewer:

Hopefully, one colleague of mine, that I would like to thank you, found the solution in the Know Issues on Microsoft TechNet :

http://technet.microsoft.com/en-us/library/ff730220.aspx

In fact, there is a second pre-requisites that is not in the ADFS MP guide, we have to disable IP version 6 (IPV6) on the agent computer that is running AD FS 2.0.

We have first to disable IPv6 in the Local Area Connection Properties :

But we have also to do it in the server registry. To do that, follow the step below :

• Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list.
• In the User Account Control dialog box, click Continue.
• In Registry Editor, locate and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
• Double-click DisabledComponents to modify the DisabledComponents entry.

Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:

• In the Edit menu, point to New, and then click DWORD (32-bit) Value.
• Type DisabledComponents, and then press ENTER.
• Double-click DisabledComponents.

And finally, the value of the key:

• Type 0xffffffff to disable all IPv6 components, except the IPv6 loopback interface

More details on disabling IPv6 : http://support.microsoft.com/kb/929852

You have to do the steps above on all the servers running ADFS 2.0.

Normally, your ADFS 2.0 servers will now shortly be appear in the Operations Manager Console.

Regards
Christopher Keyaert

mine · operations manager · opsmgr · Scom · TechNet

Hi Guys,

Last week, with my friend Kurt Van Hoecke (SCSM Expert), we delivered two sessions at Microsoft Belgium on System Center Orchestrator 2012. These sessions have been recorded and are now available online on Technet.

System Center Orchestrator 2012: An Overview by Kurt Van Hoecke.
http://technet.microsoft.com/en-us/edge/video/system-center-orchestrator-2012-an-overview

System Center Orchestrator 2012: Migration Plan by Christopher Keyaert.
http://technet.microsoft.com/en-us/edge/video/system-center-orchestrator-2012-migration-plan

Microsoft System Center Orchestrator 2012 Resources :
Microsoft System Center Orchestrator 2012 beta is available as public beta at the Microsoft Download Center : http://www.microsoft.com/download/en/details.aspx?id=26503

Microsoft System Center Orchestrator 2012 Team Blog : http://blogs.technet.com/b/scorch/

TechNet Forums for System Center Cross Platform and Interoperability :http://social.technet.microsoft.com/Forums/en-US/category/scinterop

Cheers
Christopher KEYAERT
http://twitter.com/keyaertc

online · SCSM · System · Team · TechNet

The Audit Trail is a collection of text file logs that contain information about the interaction of a Runbook with external tools and systems. This provides a quick method to identify what and who made changes for audit purposes.

How to activate/deactivate the Audit Trail:

• Open a command prompt with the Run as administrator privilege.
  
  
• and go to C:\Program Files (x86)\Microsoft System Center\Orchestrator 2012\Opalis Integration Server\Management Service
   
  
• To activate the Audit Trail: atlc /enable
  
  
• To deactivate the Audit Trail: atlc /disable
   

Where are the audit files ?

In the folder : C:\Program Files (x86)\Microsoft System Center\Orchestrator 2012\Opalis Integration Server\Management Service\Audit

The file contains information about the date and time at which the policy was launched, the user name and domain that launched the policy, the name of the computer where the policy ran, and the name of the policy that was launched.

In the folder : C:\Program Files (x86)\Microsoft System Center\Orchestrator 2012\Opalis Integration Server\Action Server\Audit

The file contains information about the date and time at which the activity ran, the name of the action server it ran on, the ID of the Policy Module that ran it, and the Object XML.

For having a better view, I advise your to copy/paste the output into a XML indenter tool (Example : http://xmlindent.com/).

Depending on how many policies you run and how many objects those policies contain, the Audit Trail may consume a large amount of disk space on the computer that runs the management server and action server. (When a file reaches 200 megabytes in size, a new file is created) Two solutions, active it only when needed and cleaned the files after, or create a little Runbook for archiving these files to another location.

Microsoft System Center Orchestrator 2012 Resources :
Microsoft System Center Orchestrator 2012 beta is available as public beta at the Microsoft Download Center : http://www.microsoft.com/download/en/details.aspx?id=26503

Microsoft System Center Orchestrator 2012 Team Blog : http://blogs.technet.com/b/scorch/

TechNet Forums for System Center Cross Platform and Interoperability :http://social.technet.microsoft.com/Forums/en-US/category/scinterop

TechNet Library – Audit Trail : http://technet.microsoft.com/en-us/library/gg464925.aspx

Cheers
Christopher KEYAERT
http://twitter.com/keyaertc

collection · indenter · policy · Runbook · TechNet