Alberto Ortega’s Blog

The upgrade went pretty straightforward on my environment, the SCOM setup detected the RC deployment of OpsMgr and proposed an upgrade when event the OpsMgr database would be upgraded. My OpsMgr Db is on on server and the Root Management server on another, the upgrade should only be run on the RMS.

1. (RMS) Inser the OpsMgr r2 disk on the RMS
2. (RMS) Run Setup
3. (RMS) Select “Upgrade to Operations Manager 2007 R2”
   
4. (RMS) The Health Service on the RMS machine might fail to start when finishing the installation but you can start the service manually.
5. (RMS) Every agent is queued on the pending management option under the Administration node. Running this tasks with a domain wide administrator will upgrade automatically every deployed agent to RTM.
    
6. (RMS) ACS: I had to re-configure the ACS Forwarder on a couple of servers. Re-running the configuration task enabled the forwarder.

Since OpsMgr 2007 I found several times with the same error from the DNS Management pack. The “DNS 2008 External Resolution Monitor” is always in an error state besides my DNS has no problems at all solving public names.

I solve this problem by overriding for the whole DNS Class the “Query Type” parameter of the monitor, changing from “ns” to “A”. I also tried to use the CNAME query type but the monitor kept on the error state.

Hope this helps!

Before OpsMgr ACS is able to collect token related audit events (Event ID 299), auditing needs to be enabled on each Geneva Server on the farm. This will create a lot of audits, which you may need to filer using Noise Filtering on your assigned Audit Collector Server, I will cover how we achieved noise filtering on our platform on other post, for now, I want to share a couple of easy steps to centrally enable audits on your Geneve Servers,

1)  In Geneva Server MMC for each Geneva Server on the farm

1. Root node
2. Edit Service Properties
3. Check “Success” and “Failure” Events

2) In Active Directory

1. Create a GPO and link to the Geneva Servers OU
2. Enable Audits
   1. Navigate to Security Settings->Local Policies->Audit Policy.
   2. Click on the  “Audit object access” Security Setting on the list view at the right side pane.
   3. On the “Local Security Setting” tab, click the “[ ] Success” and/or “[ ] Failure” check boxes according to your needs.
3. Give Permissions to the account
   1. Click Security Settings -> Local Policies -> User Rights Assignment.
   2. Double click “Generate Security Audits” and add the account of your service to Local Security Settings (you can verify service account by opening “services.msc”, and checking the “Microsoft “Geneva” Server” log on account)

Happy auditing!

Note: (2009-07-21) I added a couple of details to the article.

I just finished the deployment of OpsMgr R2 RC on a lab environment using a multiple server architecture, the deployment was straightforward. Below I blog my experience indicating from which VM I run the commands,

Environment

This reference environment is based on:

• AD: Windows Server 2008 running ADDS.
• RMS: Single Windows Server 2008 EE with Operations Manager R2 RC
  • Management Server Node
  • Audit Collection Server
  • WebUI
• DB: Single Windows Server 2008 EE running SQL Server 2008 (with SSRS)
  • SQL Server Enterprise Edition 2008: Database, Analysis and Reporting services.
  • Opened port 1433 on Firewall for SQL Remote Connections.
  • Operations Manager Database Server
  • Operations Manager Reporting Node
  • Operations Manager DataWarehouse Node
  • ACS DB (On different disk array than Ops Mgr DB)

Accounts

1. (AD) In Active Directory Users and Computers, create five accounts: the Management Server Action account, the SDK and Configuration Service account, the Data Reader account, the Data Warehouse Write Action account, and an Operations Manager Administrator account (for example, OpsMgrAdmin). These can all be domain user accounts. No special privileges are required at the domain level.
   • SCOM_Action_Service
   • SCOM_DataReader_Service
   • SCOM_DW_Service
   • SCOM_SDK_Service
2. (AD) In Active Directory Domain Services, create a Global Security group for the Operations Manager Administrators.
3. (AD) Add the Operations Manager Administrator Account to the Operations Manager Administrators Global Security group.
4. (RMS) On the server that you are going to install Operations Manager on, log on with an account that has local administrator rights.
5. (RMS) In the Computer Management tool, under Local Users and Groups, open the Administrators group and add the Operations Manager Administrators Global Security group that you created in step 2 of “To prepare accounts and groups in Active Directory.” Also add the accounts that you created to use as the Management Server Action account, the SDK and Config account, the Data Reader account, and the Data Warehouse Write Action account.

Validate SQL Server Reporting Services

1. Browse: http://<SERVER>/Reports/Pages/Folder.aspx
2. Browse: http://<SERVER>/ReportServer

Deploy Root Management Server (RMS)

1. (RMS) Added Web Role with ASP.NET + AJAX 1.0
2. (RMS) Deploy Operations Manager RMS
   1. SCOM Action Account: SCOM_Action_Service
   2. SCOM SDK Account: SCOM_SDK_Service (Local administrator of RMS and DB)
3. (RMS) Test deployment importing the SQL management pack and verifying Ops Mgr successfully monitors his database layer
4. (RMS) Installed SCOM Agent con (DB) to monitor SQL.
5. (RMS) Problems discovering computers? http://blogs.technet.com/momteam/archive/2006/10/24/having-trouble-discovering-computers-using-the-opsmgr-2007-discovery-wizard.aspx
6. (DB) Enable the following FW exceptions on monitored computers.
   • Port
     • 135 - TCP
     • 139 - TCP
     • 445 - TCP
     • 5723 - TCP
     • 173 - UDP
     • 138 - UDP
     • 445 - UDP
   • Exception for “File and Print Sharing” for Ops Mgr Agent deployment.

Deploy Operations Manager Reporting

(SQL) If your SSRS 2008 deployment is healthy you will not have problems during this deployent. To guarantee a least privilege scenario use domain specific accounts for running this role services, for example:

• SCOM_DW_Service –> Warehouse write account
• SCOM_DataReader_Service –> Reporting services reader account.

Deploy Audit Collection Services

(RMS) Deploy Audit Collector Server and specify a dedicated disk to host the AC Database on your database server. The auth between the audit collector and the database server occurs via Kerberos.

1. (following the operations manager 2007 deployment guide)
2. Deployed the Audit Collector role on RMS following the wizard
   1. 2 AM in the Morning to do db maintenance tasks
   2. 365 days of data retention
   3. Deployed the Audit Database to DB to a different disk array
3. Imported ACS reports on DB following this procedure: http://blogs.technet.com/smsandmom/archive/2007/08/29/scom2007-audit-collection-services-acs-reports-installation-configuration.aspx
4. Enabled Audit on computers. You can do this through OpsMgr Console –> Moniroting Node –> Operations Manager –> Agents, then when you select an agent on the details pane, the action pane will show the “Enable Audti Collectio” action
5. Create custom reports: http://contoso.se/blog/?p=288

Troubleshooting

• Troubleshooting - Discovery hangs, alerts on Service Broker

It is great to see how this community is growing, I like the video-way of being on top of industry related news, go deep and spend 20 minutes a day watching this 5-10 minutes videos and you will find yourself on-top of most of the MS management technologies

http://edge.technet.com/Tags/System+Center/

The last toy of Ops Mgr R2:

Visio Integration with Operations Manager R2

Last Wednesday 18-February we had a TechNet webcast about the System Center Suite. If you want to go deeper you can download the session resources here: http://cid-5f9c7b75bd402dda.skydrive.live.com/browse.aspx/Public/TechNet/2009-02-18%20-%20System%20Center%20y%20el%20Centro%20de%20Datos

I recommend this session to earn a high-level perspective about the System Center Suite, on the online session you can watch demos about the following scenarios:

1. Datacenter Deployment: Windows Deployment Services (WDS) technology to remotely deploy OS on your datacenter environment.
2. Model Based Updates Management: System Center Configuration Manager 2007 (SCCM) to achieve templates based updates roll-out to the datacenter.
3. End to end monitoring: System Center Operations Manager 2007 R2 Beta (SCOM) to have an holistic view of your production services health.
4. Model based standards in the datacenter: System Center Configuration Manager 2007 (SCCM) to manage workstation and servers baselines against a desired configuration baseline enforced by IT.
5. Accountability in the datacenter: System Center Operations Manager 2007 R2 Beta (SCOM) to concentrate audit events, using Audit Collection Services,  from your windows server environment with reporting capabilities to overcome your security auditor demands.
6. Datacenter Planinng: System Center Capacity Planner 2007 (SCCP) (free download!) to size your services deployment on Miacorosft solutions like Exchange, Sharepoint and Operations Manager.

You can download the On-Demand session here: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=es-AR&EventID=1032400708&CountryCode=AR

Next week Southworks SRL will take part of the SMSE (Systems Management Server Enterprise) event series on Microsoft Argentina, targeted for MS EPG customers. From Southworks we will be involved as expert in the System Center family Solutions. I will be a speaker on sessions about: System Center Operations Manager, System Center Configuration Manager, System Center Virtual Machine Manager, System Center Data Protection Manager and Windows Server 2008 Hyper-V sharing the stage with the great Alejandro Ponicke and Leandro Sgallari the magician

Sessions Details

The series will be:

• SMSE Live Day 1: Wednesday 27-Aug (9-13 Hs): Live Event – Clients by invitation only.
• SMSE Live Day 2: Thursday 28-Aug (9-13 Hs): Live Event – Clients by invitation only.
• SMSE WC Day 1: Thursday 28-Aug (14:30-16 Hs): Public webcast
  http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032383808&EventCategory=4&culture=es-AR&CountryCode=AR
• SMSE WC Day 1: Friday 29-Aug (14:30-16 Hs): Public webcast
  http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032383810&EventCategory=4&culture=es-AR&CountryCode=AR

The outline for the Live sessions is (still developing on our UNMG network!):

• SMSE Live Day 1
  • SCVMM: Platform showcase | Intro | Snapshots | Live Migration
  • SCOM: Intro | SUSE Monitoring | Service Level Dashboard | Custom MP
  • SCCM: Intro | Win2k8/Vista Mgmt | Asset Intelligence | Update Mgmt
  • SCDPM: Intro | DB recovery | End User File recovery
• SMSE Live Day 2
  
  • Intel: VPro (By Gabriela Gallardo, Intel)
  • SCVMM: Live Migration Drill-Down | Self Service Portal
  • SCCM + SCOM: Control Panel Advertisements | SCCM Monitoring | Desired Configuration Management | Internet based clients
  • SCDPM + SCCM + SCOM: VM backup | DPM Reporting | DPM Health with Ops Mgr | SCCM Recovery from DPM triggered by Ops Mgr

The agenda for the Webcasts sessions will be a sub-set of the above focused on SCVMM 2008 Beta and Hyper-V. Subscribe today using the above links so you will have a reminder on your calendar!

SMSE is a licensing model developed this year by Microsoft to encourage the adoption of System Center products on the Enterprise.

The IT industry has learned so far that efficient operations without consistent/adaptative processess is not possible. The knowlodge has to be extracted from peoples brain and documented in tangible artifacts. We cannot sill relying on heroes for solving every infrastructure issue.

Jason Osborne (Microsoft - Frameworks PM) has started posting about what is comming in MOF. In his last post: The Operations and Support Phase of the MOF Lifecycle he has began talking about Operations Management proceses.

Here is a little overview about how Operations Management process is being defined. For a depth understanding, not only read the previous post, but also take 5 mins to download and review the PPT Jason has attached.

Hi all! I am willing to write a post series about Operations Manager Management Pack development. However, it is impossible to talk about Management Packs without talking about the Microsoft Systems Management vision. This is what this post is about.

Thanks to Wallis for this Management Packs Roadmap:

The installation media contains

• Exchange Server 2003
• Windows Server 2000/2003 AD
• Information Worker
• MS Server 2000/03 OS
• MS Client 2000 XP OS
• Windows Server IIS 2000/03
• SharePoint Portal Server 2003
• Windows SharePoint Services 2003
• Windows Server 2000/03 Terminal Services
• SQL Server 2000/05

May 2007

• SMS 2003
• Office SharePoint Server 2007
• Windows SharePoint Services 3.0
• Windows DHCP Server 2003/2000
• Windows File Replication Service 2003/2000
• Windows Group Policy 2003
• Windows Print Server 2003

June 2007

• Windows DNS Server 2003/2000
• Virtual Server 2005
• ISA Server 2006
• BizTalk Server 2006
• Windows Distributed File Systems Replication Service 2003

Q3 2007

• Configuration Manager 2007
• Virtual Server 2005
• System Center Virtual Machine Manager 2007
• Exchange 2007
• Windows Server Clusters 2000/03
• Host Integration Server 2006
• Office Live Communications Server 2005 SP1
• System Center Data Protection Manager 2006
• Forefront Security for Exchange
• Forefront Security for SharePoint
• Identity Integration Server 2003
• Office Project Server 2007
• Windows Routing and Remote Access Service 2003
• Windows Network Load Balancing 2003
• Windows Distributed Transaction Coordinator 2003
• Computer Cluster Server 2003
• Windows AD Federation Services 2003
• Windows Print Server 2000
• Windows Internet Name Service 2003
• Windows Rights Management Services 2003
• Windows Key Management Services 2003
• ISA Server 2004

Q4 2007

• Office SharePoint Server 2007
• Windows SharePoint Services 3.0
• Commerce Server 2007
• Host Integration Server 2006
• Windows Password Change Notification Service 2003
• Antigen 9.0 MOM Pack
• Windows Server Automated Deployment Services 2003
• Windows Server Performance Advisor 2003
• Windows System Resource Manager 2003
• Communicator Web Access 2005

We could expect to get the Exchange 2007 MP at CYQ3 (between July and September), in the meantime we can convert the Exchange 2007 Management Pack created for MOM 2005 to a SCOM MP using the guidelines provided by the SCOM help. You will get almost full monitoring functionality but Client Side Monitoring won't work until the SCOM MP is released.