tag:blogger.com,1999:blog-32688255848893052762024-02-19T07:34:37.095-08:00System Center BlogA collection of notes and tips from the field.Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.comBlogger14125tag:blogger.com,1999:blog-3268825584889305276.post-79378931716677070942008-08-25T11:51:00.000-07:002008-08-25T11:53:56.066-07:00SCOM: New certificates tool from the OpsMgr Product team<blockquote><p>"CertGenWizard.exe is a wizard tool which will take your CA information as<br />input (it isn't required if you are running the wizard on the box with the CA),<br />take in the computer names (has to be FQDNs), and send out a request for the<br />certificates you need. Now, you no longer have to fill out the Certificate<br />Request form or enter parameters or connect to the web enrollment service.<br />Once the certificates are approved, there is a Retrieve button in the<br />CertGenWizard which will allow you to retrieve the certificates that you have<br />requested. On top of the personal certificates, the wizard will retrieve<br />the root CA certificate.<br /><br />The biggest benefit to this tool is the<br />added ability to request multiple certificates at once. If you have 100<br />non-domain joined agents that you need to set up cert auth for, you can simply<br />request all 100 machine certificates at once, retrieve them all, and manually<br />bring them over to your other machines.<br /><br />Once you have<br />brought them to your other machines, CertInstaller.exe is a second<br />tool that will install the certificates into the local machine store of<br />your computer and run MOMCertImport.exe for you. Note: Install OpsMgr<br />Agent FIRST and then run the tool!"</p><blockquote><p><a href="http://blogs.technet.com/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx">http://blogs.technet.com/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx</a></p></blockquote>This tool will make lives easier for all those who need to deploy large numbers of SCOM agents that will require certificates to communicate.</blockquote>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com2tag:blogger.com,1999:blog-3268825584889305276.post-32495481877784513862008-08-25T11:33:00.001-07:002008-08-25T11:46:21.090-07:00SCOM: Sending notifications for a specific alertJust raising awareness of this invaluable tool. Stephan Koell brings us an excellent powershell script that fills the gaping hole of not being able to send notification on specific alerts.<br /><br />As many SCOM admins are already aware, SCOM out of the box only allows you to scope your notification subscriptions by target type, group, and severity. This works for most cases, however every client I've worked with to-date has expressed a need for a notification on a specific email. <br /><br />Examples:<br />1. Exchange admins want emails for all exchange alerts, however they only want paged in the middle of the night if the servers go down.<br /><br />2. A security analist only wants emails when a specific event is generated in the security logs on DC's.<br /><br />3. A developer only wants to be emailed if the specific application pool for his application goes down.<br /><br />Not possible via the gui by default. What the powershell linked below gives us is the ability to create a subscription that appears in the console (though cannot be modified) that notifies only when a specific alert name is detected.<br /><br />I implemented this successfully today for a client, I find that it works best to use a generic recipient name, so you can later add notification channels should more people need the email that is generated.<br /><br />Several other tips:<br />- See the comments about altering the script to use your local time zone<br />- The alert you target when running the PS script MUST have been generated at least once in the past.<br />- The script out of the box will only watch for alerts generated from monitors. There is a comment that includes a code update to include rules as well, however I have not yet tested that.<br /><br /><a href="http://code4ward.net/cs2/blogs/code4ward/archive/2007/09/19/set-notificationforalert.aspx">http://code4ward.net/cs2/blogs/code4ward/archive/2007/09/19/set-notificationforalert.aspx</a>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com2tag:blogger.com,1999:blog-3268825584889305276.post-61042760026607216722008-06-27T08:26:00.000-07:002008-06-27T09:17:15.634-07:00SCOM: How to change time range in performance view in the Web console.<div><div>When viewing a performance view in the web console, you may note that the default time range is 24 hours of data, and the option to change this is unavailable.<br /><br />This time range can be changed for all web console by altering a file on the server hosting the Web Console as follows.<br /><br />1. Open <span style="color:#ff0000;">web.config</span> in the (InstallDirectory)\Web Console on the server that hosts the Web console with notepad.<br /><br />2. Add the following key under configuration, appsettings:<br /><br /><img id="BLOGGER_PHOTO_ID_5216595690120816674" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfrSgclFrD9zsEWKX6sc-D-iFGbeolLy0Py-j0_O-HSUM7CD6XPNJZ3M2WKL4zScImoRo79v_Sl1bcegBDZE1r76mTeQ3y9a0TVaasoVnTczFCzYyVbfBvvqnVTWJ7K-mAG5SMlXIQJcWu/s400/1.JPG" border="0" /></div></div><div><div></div><br /><div>...where 'X' is the number of hours you'd like to display in the Web Console.<br /><br />The following is an example of what to change in web.config to set the console to show 48 hours worth of data: </div><div> </div><img id="BLOGGER_PHOTO_ID_5216595875380505026" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdbG1fxaP7HEg25S4bVOxpfmPSGJMec5bG2DCorYsnCQTw88A6TBbnGo6pvR2B87cDaNVOkkCOQzlkWpHIo4rgZOfQtUsfp7Ig9zNRBHbpw1pqXAues_RPivEU3REjsmUyadAEUq2VoXB4/s400/2.JPG" border="0" /></div><br /><p> </p><p>Excellent tip from Michael Pearson at Microsoft.</p>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com3tag:blogger.com,1999:blog-3268825584889305276.post-40443948758405477812008-06-23T07:36:00.000-07:002008-06-23T07:57:41.364-07:00SCOM: Alert - Agent proxying needs to be enabled...Since the release of SP1, you may have noticed a number of the following alerts generated from your <span class="blsp-spelling-error" id="SPELLING_ERROR_0">RMS</span> or a <span class="blsp-spelling-corrected" id="SPELLING_ERROR_1">management</span> server:<br /><br /><span style="color:#ff0000;">Agent <span class="blsp-spelling-error" id="SPELLING_ERROR_2">proxying</span> needs to be enabled for a health services to submit discovery data about other computers.</span><br /><br />If you look at the alert details you'll see something like this:<br /><br /><span style="color:#ff0000;">Details:Health service ( 26<span class="blsp-spelling-error" id="SPELLING_ERROR_3">ACBEF</span>7-C424-4943-<span class="blsp-spelling-error" id="SPELLING_ERROR_4">FFA</span>6-6BF4E1C1D18B ) should not generate data about this managed object (52A4944E-<span class="blsp-spelling-error" id="SPELLING_ERROR_5">FCB</span>2-B4D7-0E51-AF18AB48434C ).</span><br /><br />Although this alert is generated from your MS/<span class="blsp-spelling-error" id="SPELLING_ERROR_6">RMS</span>, what it actually means is that the agent proxy setting needs to be enabled on an agent <em>that is connected to that server</em>. The obvious question is: Which agent actually needs to have the setting enabled?<br /><br /><br /><br /><br />The alpha numeric strings are actually <span class="blsp-spelling-error" id="SPELLING_ERROR_7">GUIDs</span>, one referencing the Management Server, the other the agent itself. To determine the agent based on the <span class="blsp-spelling-error" id="SPELLING_ERROR_8">GUID</span>, run the following query against the <span class="blsp-spelling-error" id="SPELLING_ERROR_9">OpsDB</span>:<br /><br /><br /><span style="font-family:courier new;">select * from <span class="blsp-spelling-error" id="SPELLING_ERROR_10">basemanagedentity</span><br />where <span class="blsp-spelling-error" id="SPELLING_ERROR_11">basemanagedentityid</span> = '52A4944E-<span class="blsp-spelling-error" id="SPELLING_ERROR_12">FCB</span>2-B4D7-0E51-AF18AB48434C '</span><br /><br /><br />Note that the <span class="blsp-spelling-error" id="SPELLING_ERROR_13">GUID</span> pasted in is typically the second <span class="blsp-spelling-error" id="SPELLING_ERROR_14">GUID</span> listed. Note also that I have observed these <span class="blsp-spelling-error" id="SPELLING_ERROR_15">GUIDs</span> to be transposed on occasion, so the rule of thumb is to run this query against both <span class="blsp-spelling-error" id="SPELLING_ERROR_16">GUIDs</span>, disregarding the <span class="blsp-spelling-error" id="SPELLING_ERROR_17">GUID</span> of the MS/<span class="blsp-spelling-error" id="SPELLING_ERROR_18">RMS</span>.Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com0tag:blogger.com,1999:blog-3268825584889305276.post-41566984473218107282008-05-15T08:12:00.001-07:002008-05-15T08:20:24.304-07:00OpsMgr Data Warehouse: Changing the number of days that data is storedStumbled across this post out in the news groups a while back and have referenced it numerous times. Vitaly Filimonov at Microsoft has provided this comprehensive explanation of changing data retention settings for the various forms of data in the data warehouse.<br /><br /><br />"Unfortunately, OpsMgr2007 does not have UI to change data retention<br />settings, but you can do it by modifying columns in certain tables inside<br />OperationsManagerDW database.<br /><br /> There are two places in the DW where we store data retention-related<br />settings. For “config space” (your management packs, rules they contain,<br />overrides you’ve created, etc) and “instance space” (objects discovered,<br />their properties and relationships, etc.) we store setting inside the<br />MaintenanceSetting table. Here are the columns of interest and their default<br />values:<br /><br />Instance space settings:<br /><br />1. LastInstanceGroomingDateTime - the last time grooming operations were<br />performed;<br />2. InstanceGroomingFrequencyMinutes - frequency of the grooming process<br />start (default: 480)<br />3. (most important) InstanceMaxAgeDays - maximum age (since the day instance<br />was deleted) for the instance space objects (default: 400)<br />4. InstanceMaxRowsToGroom - maximum number of objects to delete in one run<br />(default: 5000).<br /><br />Config space settings:<br /><br />1. LastConfigGroomingDateTime - the last time grooming operations were<br />performed;<br />2. ConfigGroomingFrequencyMinutes - frequency of the grooming process start<br />(default: 60)<br />3. ManagementPackMaxAgeDays - maximum age for the management pack (since the<br />day MP was uninstalled) (default: 400)<br />4. NonSealedManagementPackMaxVersionCount - maximum # of non-sealed MP<br />versions to preserve (independent of the age) (default: 3)<br /><br />Based on these settings for config space, sealed MP will be removed 400 days<br />after it was uninstalled from all management groups that are members of the<br />DW. Non-sealed MPs play by the same rules, but in addition we keep up to 3<br />old versions of non-sealed MP maximum.<br /><br />Now, to the data. Each data type is stored in a separate structure called<br />“dataset”. There is Performance dataset for perf data, state dataset for<br />monitor state transitions, event dataset for events, etc. etc. MPs may<br />introduce new datasets as well. All datasets in existence known today are<br />so-called “standard datasets”. For those, we have a set of tables that hold<br />description of the dataset including data retention policies. Non-standard<br />datasets may be introduced (we do not know of one today though) and they<br />don’t have to follow the same rules - data retention settings for<br />non-standard datasets are dataset specific.<br /><br />For standard dataset data retention is set at the “aggregation” level. Such<br />that performance “raw” data (samples themselves) stored certain number of<br />days which may be different from the number of days daily aggregates of<br />performance counters are stored. These settings are stored in the<br />StandardDatasetAggregation table. Here are the columns of interest. Note<br />that “primary key” of the table is composite consisting of dataset id (you<br />can lookup which dataset is which id in the Dataset table and<br />AggregationTypeId which can be looked up at the AggregationType table). The<br />defaults very by dataset / aggregation type:<br /><br />1. MaxDataAgeDays - maximum number of days to store data;<br />2. GroomingIntervalMinutes - grooming process frequency;<br />3. MaxRowsToGroom - max number of rows to delete per transaction (see note<br />below);<br />4. LastGroomingDateTime - last time grooming process run.<br /><br /> One important note here is that we do not always groom data row-by row. If<br />data inflow is high (which is usually the case in medium-to-large<br />organizations for performance and event data) we create additional tables to<br />store data. For example, we store first 10M performance samples in the first<br />table. Once we get more data we leave the first table there, create second<br />table and start inserting into it. At the same time we calculate min and max<br />date for the data in the first table (and store it separately in the<br />StandardDatasetTableMap table). Then the grooming process works like that<br />(for certain dataset/aggregation type combination): Check to see if we have<br />only one table. If one - delete records row-by-row using DELETE TOP and<br />using MaxRowsToGroom parameter. If there is more then one table, find the<br />table with the oldest “max date” for data in it. If the “max date” is older<br />then retention period - drop entire table if not, leave everything there.<br /> So, we do not necessarily “up to date” on grooming all the time. If you<br />have a table which spans one month, we will keep some records one month<br />longer then really needed, but performance gains of dropping whole table vs.<br />row deletes is so huge that we think it is way better to store a bit more<br />data for a bit longer then to pay the penalty.<br /><br /> Hope, this helps.<br /><br />–<br />Vitaly Filimonov [MSFT]<br />——————————————-<br />This posting is provided “AS IS” with no warranties, and confers no rights.<br />Use of included script samples are subject to the terms specified at<br />http://www.microsoft.com/info/cpyright.htm"Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com2tag:blogger.com,1999:blog-3268825584889305276.post-55179650732731933002008-05-15T07:50:00.000-07:002008-05-15T11:51:07.341-07:00OpsMgr: Performance reports not showing data"When I run a performance report against a single machine I get no data."<br /><br />A very commonly asked question in the news groups. The resolution is quite simple:<br /><br /><strong>When running a performance report against a single machine, use the 'Add Group' button for that machine rather than the 'Add Object' button.</strong><br /><strong></strong><br /><div></div><img id="BLOGGER_PHOTO_ID_5200678948155026658" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzDvoFZn7FMt0kbxGol7kOcTvurzbDU1cm7f9Em9M7DEfi7-A2THXijD1ZqPtN5jl7wwr4hW67GY99c5g6wpdtN_kJQHClQ3JDKwns9pIiBl0cPWs-7jwvA02hImz3n3cgmwj8K3D7M_Xd/s400/ss04.JPG" border="0" /> <div>Why?<br /><br />The reason for this lies in the way that performance counters are assigned to objects in <span class="blsp-spelling-error" id="SPELLING_ERROR_0">SCOM</span>. For example, a CPU performance counter may not necessarily be "owned" by a specific computer object. Figuring out that assignment can be painful. However when 'Add Group' is used rather than 'Add Object', you are basically telling <span class="blsp-spelling-error" id="SPELLING_ERROR_1">SCOM</span> "I want this counter data for this machine. You figure the rest out." A bit <span class="blsp-spelling-corrected" id="SPELLING_ERROR_2">unorthodox</span> but it works.<br /><br />Credit goes to Vitaly Filimonov at Microsoft for explaining this.<br /><br />Additionally, here is a more thorough explanation of this from Kevin Holman:<br /><a href="http://blogs.technet.com/kevinholman/archive/2008/04/21/why-do-my-reports-show-no-data.aspx">http://blogs.technet.com/kevinholman/archive/2008/04/21/why-do-my-reports-show-no-data.aspx</a></div>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com1tag:blogger.com,1999:blog-3268825584889305276.post-24102413550374687722008-05-14T10:37:00.001-07:002008-05-14T11:16:32.822-07:00OpsMgr: Monitoring the Event Log - Part 1Event log monitoring is arguably the bread and butter of SCOM. There is plenty of flexibility in other directions, but from the customers I've dealt with most custom monitors that are needed deal with the event log. In this post I'll discussing Event Log properties.<br /><br />If you've built any event log monitors and have needed to specify any properties other than the default of 'ID' and 'Source', you likely have seen that only a handful of the event properties are available to choose from:<br /><br /><br /><img id="BLOGGER_PHOTO_ID_5200291413255908530" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9kbHqFXj1zsP7pYhikd2JriWUaiTD3S4OcIdLdx1U1PFkfd5FZbiagblmV040ul1MPNs8BPLEYiHgNCCxpVkZk29y7STjuSyS7iPzm-f5dibQlhxORm8e75nwbzIdxRFtH36i8lQqiAhQ/s400/ss01.JPG" border="0" /><br /><br />These present a good starting point, but what if you want to look for a particular Event Type, or perhaps text in the Event Description?<br /><br />The answer is to use the 'Use parameter name not specified' option. This option allows you to specify any parameter including those not listed above, provided that you know the parameter name. Here are the parameter names that can be specified:<br /><br /><p><img id="BLOGGER_PHOTO_ID_5200296142014901442" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpozUsykpAI8_toPN7Dtn9yEnSrDvVKB7wGXadgpF3BJdoGQ6zmEiMKVc98eu9kXSF7gPz4iQTAkCUKRyS_FnZ59AyrXAHn8ZmMU8qbTzRJphqdHvTirdsbm44lr7yk2h1S9DWLPaYBcFN/s400/ss02.JPG" border="0" /></p><p>So for example, if we wanted to create a rule to look for an event in the application event log from the source "App01", with an ID of "123", that has the text "Error 1 encountered" in the body of the description, our expression would look like this:</p><p> </p><p></p><p><img id="BLOGGER_PHOTO_ID_5200298057570315474" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9CCxhPXgFiPkelzNk8ZMOwxQcrB4bF0JGhBrZCiIcv6F6IS6Gd1RiZKnNrnIrxE2pKTIe6OjWcjD-LayyEnko4xFtnrNO4jhyphenhyphen0G4cCemjltBmTOpm9yMnuuSUfbnUI_eY-fbEMlwRpb2Y/s400/ss03.JPG" border="0" /></p><p><br /></p><p>That should clarify things a bit. I'll be posting the next part in this series soon that will address customization of alert descriptions shortly.<br /></p>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com5tag:blogger.com,1999:blog-3268825584889305276.post-38644551040642164852008-04-28T11:38:00.000-07:002008-04-28T11:52:04.179-07:00OpsMgr: ASP.net monitoringIn the area of .Net monitoring there are two prominent options, both presented by AVIcode.<br /><br /><span style="font-size:130%;color:#3366ff;">Option 1: Licensed Managment Pack</span><br />This option is basically a shim for OpsMgr into the Avicode monitoring software. AVIcode offers an extremely comprehensive monitoring tool for ASP.net, and this managment pack basically builds rules and monitors in OpsMgr that are fed off of this tool. Further, it actually integrates the OpsMgr UI with the AVIcode UI to a degree, so when you are invenstigating an alert in OpsMgr you can dig into it via AVIcode reporting via the OpsMgr UI. I've deployed this for a client who already used the AVIcode tool. The customer was very satisfied, particularly since they were aiming for a single monitoring interface for all tools.<br /><br />Good stuff if you are looking for extensive ASP.net monitoring.<br /><br /><span style="font-size:130%;color:#3366ff;">Option 2: Free Management Pack</span><br />This little known MP is included on the Ops Mgr install CD. It provides basic monitoring only however I've deployed it for several clients as well who are looking for casual .Net monitoring and it has suited their needs well.<br /><br />Location: \MangementPacks\Microsoft.SystemCenter.ASPNET20.2007.mp<br /><br />Documenation: <a href="http://www.avicode.com/AVIcodeDownloads/PDFs/Overview%20of%20ASP.NET%202.0%20MP.pdf">http://www.avicode.com/AVIcodeDownloads/PDFs/Overview%20of%20ASP.NET%202.0%20MP.pdf</a><br /><br />There's a good write-up of this MP out on SystemCenterForum, as well as a comment from AVIcode directly: <a href="http://www.systemcenterforum.org/web-service-monitoring-in-operations-manager-and-essentials-2007/">http://www.systemcenterforum.org/web-service-monitoring-in-operations-manager-and-essentials-2007/</a>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com5tag:blogger.com,1999:blog-3268825584889305276.post-86756827612262161492008-04-17T08:48:00.000-07:002008-04-17T08:55:32.882-07:00SCCM Tool: Client CenterStumbled across this excellent tool out on Sourceforge: SMS Client Center. Has every action you could ever want in SMS all in a very slick gui. And most importantly it works in SCCM as well.<br /><br /><p>Major credit to rzanders and skissinger on Sourceforge for their work on this.</p><br /><a href="http://sourceforge.net/projects/smsclictr/">http://sourceforge.net/projects/smsclictr/</a><br /><br /><br /><br /><img id="BLOGGER_PHOTO_ID_5190243216096699666" style="DISPLAY: block; MARGIN: 0px auto 10px; CURSOR: hand; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgc_RK3n_dcxi2tIgGuO-bHZqFxZ3iKKBQIZcJnioOkULGHHLd2i9dUdxz6qp1zYIaNY6jT66HhX_tbd7v52ffMq_4DOFoUy1isIBQpN8JhBJTOL4qzuWVxALh3PL-kQ0F_4T3gn9eCLh9Q/s400/screenshot.jpg" border="0" />Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com3tag:blogger.com,1999:blog-3268825584889305276.post-65274539941200474312008-04-17T08:05:00.000-07:002008-04-28T13:15:18.049-07:00SCCM - Software inventory failing on XP clients: ~0000.exeFor those who have been around the <span class="blsp-spelling-error" id="SPELLING_ERROR_0">SMS</span> block, there are any number of reasons why a software inventory can fail. <span class="blsp-spelling-error" id="SPELLING_ERROR_1">DNS</span>, firewall rules, Management Point issues etc. All of these reasons have been well documented on <span class="blsp-spelling-error" id="SPELLING_ERROR_2">MyITforum</span>.com, as well as numerous other <span class="blsp-spelling-error" id="SPELLING_ERROR_3">SMS</span>/<span class="blsp-spelling-error" id="SPELLING_ERROR_4">SCCM</span> resources. This was a new one.<br /><br /><strong><span style="color:#ff0000;">Issue:</span></strong><br /><br />The current client that I'm working with was seeing that the Software inventory had never run on approximately 50% of their <span class="blsp-spelling-corrected" id="SPELLING_ERROR_5">environment</span> since <span class="blsp-spelling-error" id="SPELLING_ERROR_6">SCCM</span> was deployed to all servers and desktops last fall. (This problem was identified by running the 'Inventory dates for a specific computer' report, and seeing a blank value for half of the workstations in the list.) Digging further in revealed that the issue was workstation-specific as all servers were running inventory as scheduled.<br /><br />The <span class="blsp-spelling-error" id="SPELLING_ERROR_7">log</span> files were showing that the <span class="blsp-spelling-error" id="SPELLING_ERROR_8">MIF's</span> were making it to the management point, however the processing of the <span class="blsp-spelling-error" id="SPELLING_ERROR_9">MIF's</span> was failing. As a result the 'badsinv' inbox had thousands of .sid's and .sic's.<br /><br /><strong><span style="color:#ff0000;">Resolution</span></strong><br /><br />The culprit for this problem is <span class="blsp-spelling-error" id="SPELLING_ERROR_10">Symantec</span> Ghost. When imaging a workstation, certain version of ghost drop a temporary file that is not removed: <strong>~0000.<span class="blsp-spelling-error" id="SPELLING_ERROR_11">exe</span></strong> This file is located here:<br /><br /><span style="font-size:85%;">C:\Documents and Settings\All Users\Application Data\<span class="blsp-spelling-error" id="SPELLING_ERROR_12">Symantec</span>\Ghost\<span class="blsp-spelling-error" id="SPELLING_ERROR_13">AutoInstall</span>\Installed Applications\~0000.<span class="blsp-spelling-error" id="SPELLING_ERROR_14">exe</span></span><br /><br />This file is dated with the year 1601. Apparently the Microsoft <span class="blsp-spelling-error" id="SPELLING_ERROR_15">SCCM</span> developers forgot to account for the all-to-common scenario of handling files that were created during the colonization of America.<br /><br />Once this file was either removed or skipped and a full software inventory was run, the issue was resolved (see my post prior to this for a script to run that scan).<br /><br /><strong><span style="color:#ff0000;">Important note on skipping directorys in your inventory scans:</span></strong> Most are probably aware that 'Skpswi.dat' can be created used to exclude directorys and subdirectories from software inventory. A not so widely known fact is that <em>software inventory will only exclude the directory if Skpswi.dat is hidden. </em><br /><br />So when you create your blank text file & rename it to Skpswi.dat, make sure you check the box to make it hidden before deploying.<br /><em></em><br /><br /><br /><br /><strong><span style="color:#ff0000;"></span></strong><br /><span style="color:#ff0000;"></span>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com4tag:blogger.com,1999:blog-3268825584889305276.post-73831997234290157812008-04-16T10:40:00.001-07:002008-04-17T07:33:33.154-07:00SCCM - Script to Run FULL Software and Hardware InventoryThese have proven useful for any number of situations. There are numerous resources out there to kick off software & hardware delta scans, however scripts to kick off full scans are rare. Like...say for example Symantec Ghost drops and executable that is dated 1601 that causes half of your enterprise to not report software inventory (more on that to come), the easiest resolution is to drop skpswi.dat into the folder and re-run a full scan.<br /><br />What MS has to say about Software inventory:<br /><a href="http://technet.microsoft.com/en-us/library/bb632607.aspx">http://technet.microsoft.com/en-us/library/bb632607.aspx</a><br /><br />What MS has to say about Hardware inventory:<br /><a href="http://technet.microsoft.com/en-us/library/bb632916.aspx">http://technet.microsoft.com/en-us/library/bb632916.aspx</a><br /><br />(Appologies for the small size, it was the easiest way to keep the formating in both the blog & copying into notepad.)<br /><br /><span style="color:#ff0000;"><strong>Script: Full software inventory scan</strong></span><br /><span style="font-size:78%;"><br /><strong><span style="color:#ff0000;"></span></strong><pre class="csharpcode">'Reset SMS Software Inventory Action to force a full HW Inventory Action </span></pre><br /><span style="font-size:78%;">sInventoryActionID = "{00000000-0000-0000-0000-000000000002}" </span><br /><span style="font-size:78%;"></span><br /><span style="font-size:78%;">' Get a connection to the "root\ccm\invagt" namespace (where the Inventory agent lives) </span><br /><span style="font-size:78%;">Dim oLocator </span><br /><span style="font-size:78%;">Set oLocator = CreateObject("WbemScripting.SWbemLocator") </span><br /><span style="font-size:78%;"></span><br /><span style="font-size:78%;">Dim oServices </span><br /><span style="font-size:78%;">Set oServices = oLocator.ConnectServer( , "root\ccm\invagt") </span><br /><span style="font-size:78%;"></span><br /><span style="font-size:78%;">' Delete the specified InventoryActionStatus instance </span><br /><span style="font-size:78%;">oServices.Delete "InventoryActionStatus.InventoryActionID=""" & sInventoryActionID & """" </span><br /><span style="font-size:78%;"></span><br /><span style="font-size:78%;">'Pause 3 seconds to allow the action to complete. </span><br /><span style="font-size:78%;">wscript.sleep 3000 </span><br /><span style="font-size:78%;">'######################################</span><br /><span style="font-size:78%;">'Run a SMS Software Inventory </span><br /><span style="font-size:78%;">Set cpApplet = CreateObject("CPAPPLET.CPAppletMgr") </span><br /><span style="font-size:78%;">Set actions = cpApplet.GetClientActions </span><br /><span style="font-size:78%;">For Each action In actions </span><br /><span style="font-size:78%;">If Instr(action.Name,"Hardware Inventory") > 0 </span><br /><span style="font-size:78%;">Then action.PerformAction </span><br /><span style="font-size:78%;">End if </span><br /><span style="font-size:78%;">Next</span><pre class="csharpcode"><span style="font-size:78%;"><br /></span> </pre><br /><br /><span style="font-size:0;"><br /></span><span style="font-size:100%;"><strong><span style="color:#ff0000;">Script: Full hardware inventory scan</span></strong><br /><strong><span style="font-size:78%;"><span style="font-family:Trebuchet MS;color:#ff0000;"></span></strong></span><br /></span><span style="font-size:78%;"><span style="font-family:courier new;">'Reset SMS Hardware Inventory Action to force a full HW Inventory Action </span><br /><span style="font-family:courier new;">sInventoryActionID = "{00000000-0000-0000-0000-000000000001}"</span><br /><span style="font-family:Courier New;"></span><br /><span style="font-family:courier new;">' Get a connection to the "root\ccm\invagt" namespace (where the Inventory agent lives) </span><br /><span style="font-family:courier new;">Dim oLocator</span><br /><span style="font-family:courier new;">Set oLocator = CreateObject("WbemScripting.SWbemLocator")</span><br /><span style="font-family:courier new;"></span><br /><span style="font-family:courier new;">Dim oServices</span><br /></span></span><span style="font-size:78%;"><span style="font-family:courier new;">Set oServices = oLocator.ConnectServer( , "root\ccm\invagt")<br /></span><br /><span style="font-family:courier new;">' Delete the specified InventoryActionStatus instance </span><br /></span><span style="font-size:78%;"><span style="font-family:courier new;">oServices.Delete "InventoryActionStatus.InventoryActionID=""" & sInventoryActionID & """"<br /></span><br /><span style="font-family:courier new;">'Pause 3 seconds to allow the action to complete. wscript.sleep 3000</span><br /></span><span style="font-family:courier new;"><br /><span style="font-size:78%;">'######################################<br /><br /></span></span><span style="font-family:courier new;"></span><span style="font-size:78%;"><span style="font-family:courier new;">'Run a SMS Hardware Inventory</span><br /><span style="font-family:courier new;">Set cpApplet = CreateObject("CPAPPLET.CPAppletMgr")</span><br /><span style="font-family:courier new;">Set actions = cpApplet.GetClientActions</span><br /><span style="font-family:courier new;">For Each action In actions</span><br /><span style="font-family:courier new;">If Instr(action.Name,"Hardware Inventory") > 0 Then </span><br /><span style="font-family:courier new;">action.PerformAction</span><br /><span style="font-family:courier new;">End if</span><br /><span style="font-family:courier new;">Next</span> </span><br /><br /><p></span></p>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com8tag:blogger.com,1999:blog-3268825584889305276.post-52897843965070464012008-04-15T06:33:00.000-07:002008-04-15T06:58:27.375-07:00OpsMgr Agent - Installation / Deployment Command LineHere's the command line options to deploy the OpsMgr agent:<br /><br /><span><span style="font-family:courier new;">msiexec.exe /i \\path\Directory\MOMAgent.msi /qn /l*v \logs\MOMAgent_install.log USE_SETTINGS_FROM_AD=0 MANAGEMENT_GROUP=(Management Group) MANAGEMENT_SERVER_DNS=(Management Server FQDN) ACTIONS_USE_COMPUTER_ACCOUNT=0 ACTIONSUSER=(Username) ACTIONSDOMAIN=(Domain) ACTIONSPASSWORD=(Account password) </span></span><span style="color:#339999;"><br /></span><br /><br />A note on the default action account for each agent:<br /><br /><span><span style="font-family:courier new;">ACTIONS_USE_COMPUTER_ACCOUNT=0</span> </span><br /><ul><li>Requires that a domain, username, and password be specified as listed above.</li></ul><p> </p><p><span><span><span style="font-family:courier new;">ACTIONS_USE_COMPUTER_ACCOUNT=1</span> </span></span></p><ul><li><span><span>Indicates that the Local System account should be used (thus <span style="font-family:courier new;">ACTIONSUSER=(Username) ACTIONSDOMAIN=(Domain) ACTIONSPASSWORD=(Account password)</span> are not needed.)</span></span></li></ul>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com0tag:blogger.com,1999:blog-3268825584889305276.post-40853875345500189742008-04-14T08:30:00.000-07:002008-04-14T08:57:41.464-07:00OpsMgr SP1 Installation: Bug(s) Part 1<span style="font-family:trebuchet ms;"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">OpsMgr</span> SP1 Bug(s):<br />After upgrading to SP1 in a clean environment with 1 <span class="blsp-spelling-error" id="SPELLING_ERROR_1">RMS</span>, 2MS, 1GS, and no agents deployed, I <span class="blsp-spelling-error" id="SPELLING_ERROR_2">recieved</span> several alerts in the console. Here's the alerts encountered and how to handle them:<br /><br /><br /><strong><span style="color:#ff0000;">Alert: </span></strong></span><br /><span><span style="font-family:arial;font-size:85%;">Performance Module could not find a performance counter</span> </span><span style="font-family:georgia;"><br /></span><span style="font-family:trebuchet ms;"><br /><strong>Description:</strong> </span><br /><span style="font-family:trebuchet ms;"><span style="font-family:arial;font-size:85%;">In <span class="blsp-spelling-error" id="SPELLING_ERROR_3">PerfDataSource</span>, could not find counter <span class="blsp-spelling-error" id="SPELLING_ERROR_4">OpsMgr</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_5">DW</span> Writer Module, Total Error Count, All Instances in Snapshot. Unable to submit Performance value. Module will not be unloaded. One or more <span class="blsp-spelling-error" id="SPELLING_ERROR_6">workflows</span> were affected by this. <span class="blsp-spelling-error" id="SPELLING_ERROR_7">Workflow</span> name: Microsoft.SystemCenter.DataWarehouse.CollectionRule.Performance.Writer.TotalErrorCount Instance name: ManagmentServer1.domain.local Instance ID: {3F1346<span class="blsp-spelling-error" id="SPELLING_ERROR_8">DF</span>-E205-4888-<span class="blsp-spelling-error" id="SPELLING_ERROR_9">CAEF</span>-9<span class="blsp-spelling-error" id="SPELLING_ERROR_10">FEFA</span>093A3FD} Management group: <span class="blsp-spelling-error" id="SPELLING_ERROR_11">ManagmentGroup</span>1</span><br /><br /><strong>Resolution:</strong> Long story short, this is a bug. The problem is mentioned by numerous people in the <span class="blsp-spelling-error" id="SPELLING_ERROR_12">OpsMgr</span> newsgroups confirmed that it happened for them as well. A Microsoft developer confirmed it was a bug & has submitted it to the appropriate parties in MS. In the mean time the best approach is to temporarily disable the rule "Performance Data Source Module could not find a performance counter".<br /><br /><strong><span style="color:#ff0000;">Warning: </span></strong></span><br /><span><span style="font-size:85%;"><span style="font-family:arial;">SDK SPN Not Registered</span> </span></span><span style="font-family:trebuchet ms;"><br /><br /><strong>Description:</strong> </span><br /><span style="font-family:trebuchet ms;"><span style="font-family:arial;font-size:85%;">The System Center Operations Manager <span class="blsp-spelling-error" id="SPELLING_ERROR_15">SDK</span> service failed to register an <span class="blsp-spelling-error" id="SPELLING_ERROR_16">SPN</span>. A domain admin needs to add <span class="blsp-spelling-error" id="SPELLING_ERROR_17">MSOMSdkSvc</span>/<span class="blsp-spelling-error" id="SPELLING_ERROR_18">RootManagementServer</span>01 and MSOMSdkSvc/RootMangementServer01.domain.local to the <span class="blsp-spelling-error" id="SPELLING_ERROR_19">servicePrincipalName</span> of Domain\<span class="blsp-spelling-error" id="SPELLING_ERROR_20">SDKactionaccount</span><br /></span><br /><strong>Resolution:</strong> What's happening here is the domain account that the <span class="blsp-spelling-error" id="SPELLING_ERROR_21">SDK</span> service is running as is trying to update it's <span class="blsp-spelling-error" id="SPELLING_ERROR_22">SPN</span> every time the service is restarted. Domain accounts do not by default have permissions to update their <span class="blsp-spelling-error" id="SPELLING_ERROR_23">SPN</span>. The best way to get around this is to grant the <span class="blsp-spelling-error" id="SPELLING_ERROR_24">SDK</span> action account the rights it needs to update it's <span class="blsp-spelling-error" id="SPELLING_ERROR_25">SPN</span>.<br /><br />Kevin Holman's blog confirms this and provides the step-by-step walk through to fix it:<br /></span><span style="font-family:trebuchet ms;"><br /><br /></span><span style="font-family:trebuchet ms;"></span><span style="font-family:trebuchet ms;"><ul><li><span style="font-size:85%;">Run <span class="blsp-spelling-error" id="SPELLING_ERROR_26">ADSIEdit</span> as a domain admin. </span></li><li><span style="font-size:85%;">Find the <span class="blsp-spelling-error" id="SPELLING_ERROR_27">SDK</span> domain account, right click, properties. </span></li><li><span style="font-size:85%;">Select the Security tab, click Advanced.- Click Add. Type “SELF” in the object box. Click OK. </span></li><li><span style="font-size:85%;">Select the Properties Tab. </span></li><li><span style="font-size:85%;">Scroll down and check the “Allow” box for “Read <span class="blsp-spelling-error" id="SPELLING_ERROR_28">servicePrincipalName</span>” and "Write <span class="blsp-spelling-error" id="SPELLING_ERROR_29">servicePrincipalName</span>” </span></li><li><span style="font-size:85%;">Click OK. Click OK. Click OK. </span></li><li><span style="font-size:85%;">Restart your <span class="blsp-spelling-error" id="SPELLING_ERROR_30">SDK</span> service – if AD has replicated from where you made the change – all should be resolved.</span> </li></ul><p><br /></p><br /><br />Link: </span><a href="http://blogs.technet.com/kevinholman/archive/2007/12/13/system-center-operations-manager-sdk-service-failed-to-register-an-spn.aspx"><span style="font-family:trebuchet ms;">http://blogs.technet.com/kevinholman/archive/2007/12/13/system-center-operations-manager-sdk-service-failed-to-register-an-spn.aspx</span></a><br /><span style="font-family:trebuchet ms;"></span><br /><br /><br /></span></span></span>Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com0tag:blogger.com,1999:blog-3268825584889305276.post-65196053312061771662008-04-14T06:39:00.000-07:002008-04-28T12:05:42.304-07:00What's the deal with this blog?This blog focuses on the Microsoft System Center suite of products. Observations, tips, notes, bugs, etc etc, all coming to you from my experiences out in the field with these products. As with any blog, take what I say with a grain of salt, I'm not a Microsoft engineer and as such the stuff that I post is in no way official.<br /><br />A little about me...<br /><br />I'm currently working with a Microsoft Gold certified consulting firm. My focus is primarily enterprise management via a number of vehicles. I've been working with application packaging and automated deployment solutions for about 5 years now. I've worked with all versions of SMS/SCCM, Managesoft, and GPO deployments, and I've dabbled in Zenworks, Unicenter, and Tivoli. Of recent I have taken up OpsMgr 2007 and have worked numerous implementations with many more on the horizon.<br /><br />So why write this blog?<br /><br />I'm writing this for several reasons actually. First off, I recently had a conversation with a Microsoft engineer in which he confirmed what many of you probably have already observed: The approach for getting info out to the technical community is shifting away from the traditional approach of KB articles for every nuance and more towards a more viral approach via blogs, news groups, and partner websites. Some may view this approach with skepticism, however I feel that this is very effective if you consider how the SCCM and OpsMgr products are designed.<br /><br />With both, Microsoft has provided flexible and customizable solutions that can be utilized in many different ways. For almost any desired outcome with either product there are numerous ways to get there. As a vendor you can support this in several ways. The way that Microsoft has chosen works well...as long as the MS engineers and developers are actively involved in the community - which they are. There is a System Center blog as well as blogs from individual MS engineers. Further, there is a remarkably high number of MS engineers/developers that frequent the newsgroups and participate in the solving of problems posted there. There have been many cases in which problems have identified in the newsgroups, and the developers that wrote them saw the post and posted an official update as a result.<br /><br />So. What does all that mean? Why is this blog here? I'm writing this both to document what I see out there, and hopefully in the process help others in the same boat. Half the struggle with OpsMgr/SCCM implementations is finding the answers to the questions that you are asking, that others have already asked, that have already been resolved. Hopefully I can make life easier for others in my shoes.Will Kaiserhttp://www.blogger.com/profile/17017947362709010600noreply@blogger.com0