Friday, May 28, 2010

EventID 5300 and EventID 5304 in the OpsMgr Event log of the RMS

These two events can be a pain when present on the RMS. It tells you the Health Service has stalled so things like the State Collection are stalled until the HealthService has been restarted. And believe me when I tell you this is a real serious issue which needs to be addressed ASAP.
image

Most of the time Config Churn is the usual culprit here. A discovery has run wild, an override has been wrongly set or a new rule/monitor has been created which is way too much noisy. Or even a bad MP is the culprit,like I already blogged about long ago.

But still, every time when such an EventID pops up on the RMS it needs to be thoroughly investigated. Never presume. Ever!

Yesterday at a customers site EventID 5300 and 5304 started popping up out of nowhere. No new MPs had been imported, nor adjusted in any kind of way. The RMS just started dying on me. Every 30 minutes! It took me much time to find the culprit in this case.

First I presumed Config Churn to be at hand here. So I ran some queries in order to get to the bottom of it. Even unloaded some MPs which turned up in these queries but still the RMS kept on dying on me.

So no Config Churn here. What else?

Again, like I have blogged many times before, the OpsMgr event log is a VERY good starting point for troubleshooting. SCOM logs a lot and I am happy about it. Because this log led me to the culprit, thus enabled me to solve it!

This is what the OpsMgr event log told me some seconds after I restarted the Health Service on the RMS. EventID 33350, DataAccessLayer:
image
I have grayed out the user name, but in this case the server name of the RMS was displayed.

This is no good. Time to check the SQL server…

So I checked the Application Event Log of the SQL server hosting the SCOM DBs. I have grayed out the user name, but in this case the server name of the RMS was displayed in EventID 18456:
image

Contents of EventID 18456:
Log Name:      Application
Source:         MSSQLSERVER
Date:            5/28/2010 9:33:53 AM
Event ID:      18456
Task Category: Logon
Level:           Information
Keywords:     Classic,Audit Failure
User:            <DOMAIN>\<RMS SERVERNAME>
Computer:      SQL SERVER
Description:
Login failed for user '<DOMAIN>\<RMS SERVERNAME>'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: <IP ADDRESS RMS>]

Is this a rare event (one event is not an event…) or not?. But this is what the filter showed me:
image
Ouch! Serious business!!! This is really bad bad.

I had some contact with Graham Davies from the UK and he sent me a link to KB321044. It is all about duplicate SPNs. Time to speak with the AD and Infra guys/girls.

It turned out the computer name and the SPN had gone corrupt in AD. Even though there are ways to reset/remove/rebuild/reregister a SPN with some tooling, I preferred to take another approach which would assure me all would be OK again for a longer time and guarantee me that the issue is solved for a full 100%. This is what I did (with the help of a much appreciated system administrator):

  1. Made a backup of the OpsMgr DB;
  2. Promoted a MS to new RMS;
  3. Demoted the old RMS to MS;
  4. Checked the new RMS in order to see whether it stayed functional: IT DID! Yeah!;
  5. Removed the computer account of the old RMS from AD;
  6. Disjoined the old RMS from the AD domain;
  7. Rejoined the old RMS to the AD domain;
  8. SCOM on this server became problematic so i removed it totally;
  9. Deleted the old RMS from SCOM;
  10. Reinstalled SCOM on the old RMS;
  11. Applied CU#2 on that server;
  12. Promoted to old RMS back to RMS;
  13. Demoted the new RMS to back to MS;
  14. All Agents reported to the original RMS so they had to be set back to the original MS.

And now all is well again. Phew!

The cause of the corrupt SPN and computer name has been addressed as well. So this is likely not to happen again.

Time to start the week-end!

SCOM R2: System Center Core Reporting bug

Bumped into this one yesterday. First some explanations are at order.

With SCOM R2 and the latest Core MP for SCOM R2 new reports have been added. These reports tell you much about SCOM R2 itself is doing or better, how the imported MPs are running.
image

Normally when one of these two reports are run, ALL MPs are shown. But not yesterday. Only the UNSEALED MPs were shown:
image

This happened in the customers environment but in one of mine test environments as well.

So I contacted some people at Microsoft. And they told me it is a confirmed bug. They are working on a permanent solution and for now a workaround is available. It is posted on the Microsoft TechNet Forums for SCOM, the whole thread is to be found here. Below the steps which need to be taken in order to make this report run as it should:

  • Close all windows of the Operations Console;
  • Open the "Region and Language" control panel applet;
  • On the "Formats" tab change your "Format" to "English (United States)";
  • Open the Operations Console and then the reports and the MP list should work as expected.

NOTE: Once you've opened the operations console you should be able to change your "format" back.

And indeed, the workaround makes the reports running as they should. The SEALED MPs are to be found now as well:
image

New MP released: RDP Services MP

Yesterday Microsoft released a new MP: Remote Desktop Services MP:
image

MP is to be downloaded from here. It runs on SCOM RTM, SP1 or R2.

Wednesday, May 26, 2010

TechNet Deep Dive

image

On the 1st of June Microsoft Netherlands organizes the TechNet Deep Dive which will be all about Management and Security. John Craddock, Infrastructure en Security Architect, will not only present here but will also do the Opening Keynote.

So for every one who lives in the Netherlands and want to know more about Management and Security in relation to online services integrated with the IT fabric of the company and datacenter automation, come and join this event. 

There is a change we meet since I will be participating in ATE (Ask The Experts). On top of that I am one the fifteen people to have a joined breakfast with John Craddock. Nice!

I, Robot: Opalis and SCOM. Part II: The Good, The Bad & The Ugly

--------------------------------------------------------------------------------- 
Postings in the same series:
Part I: The Introduction
---------------------------------------------------------------------------------

This posting is provided "AS IS" with no warranties, and confers no rights. Use of the mentioned zip-file is at your own risk. 

image

A bit later than originally intended, but here is the second posting about Opalis. First I promised this posting would cover the Opalis terminology, how I built my Opalis Integration Server (most important steps) and how I connected to the SCOM R2 Management Group.

But as it turns out, all this is very simple. The Opalis documentation included in the installation package is very detailed and spot on. I already blogged about it, found here. When using the Administrator Guide, just follow it through and at the end of Section 4 you have a good Opalis environment at hand. And Graham Davies has written a posting about Opalis terminology, so need for me to repeat it here.

The Good
Installing the Management Server, configuring the Datastore, importing a license and installing the Client are easily done. So no need for me to repeat it all here.
image

Also connecting to the SCOM R2 environment is easily done. Just install the SCOM R2 Console on the Opalis Management Server, Register the SCOM IP (Integration Pack) with the Management Server using the Deployment Manager Tool and – with the same tool – deploy the IP to an Action Server or a Client. Start the Opalis Integration Server Client, go to Options > Microsoft Operations Manager 2007 > Add > enter the credentials of an account with SCOM Admin permissions > Test Connection and when all is well: hit OK > Finish. Now Opalis connects to SCOM.
image

The Bad & The Ugly
The Opalis Operator Console is really something different here. Compared to the installation of all other Opalis components, which are user friendly, the Operator Console is a ‘bit’ of a pain. Still it is ALL WORTH WHILE since Opalis adds so much to your environment, when you are running it in production you soon ask yourself: ‘How did we ever do it without that SUPER toolbox?’.

So hang in there!
image 

With SP1 for Opalis Integration Server 6.2.2 also an installation script for the Console came out, based on PowerShell 2.0. This eases the pain a bit. However, one still has to go all those obscure websites in order to collect the required software. Even though most sites are easy to navigate a couple of them can be a pit of a puzzle.

Therefore I have put all the required software for the Opalis Operator Console into a single zip-file (Opalis Operator Console Software Requirements.zip, 217 MB) and uploaded it to my Dropbox.
image

The file can be downloaded from here. This will save you a lot of time and hassle I guess.

Graham Davies, again :), has made a document which will aid you further with the installation of the Opalis Components. So life is made even more easier! Thanks Graham! His posting about installing Opalis can be found here.

Tuesday, May 25, 2010

Review: Book ‘System Center Operations Manager 2007 R2 Unleashed’

It took me some time to decide whether or not to write a blog posting about this topic.

Why?

First of all, I am not a professional when it comes down to reviewing books. So how would I know how to pass any reasonable professional judgment on any book besides telling I like it or not?

On the other hand, I know a ‘bit’ about SCOM and SCOM R2. I will never say I know it all since that is simply impossible. Any SCOM (R2) environment touches so many things like SQL, Reporting,  scripting, MP authoring to name just a few pillars. I have met many SCOM professionals but until now not one who could say to be a guru on all topics.

So how to fill up the gap in once knowledge and experience about SCOM?

Yes, there are many good online resources like the Microsoft TechNet Forums for SCOM, System Center Central, white papers/guides, blogs from Microsoft’s PFE’s and blogs run by SCOM addicts like me.

But what about an index? How to get a real solid grip on it all? I mean, all the resources I mentioned are good but sometimes a good ‘old fashioned’ book is needed which brings it all together and shows the big picture and all the nitty gritty details as well.

And when I came to that thought, it all became clear to me: from this angle, I can certainly write a review about ‘The Big Orange Book, R2’, aka SCOM Unleashed R2. So with this review I will not approach the book like a professional reviewer but as a professional user/implementer/consultant of SCOM.

? Huh? Whether I am unbiased here? No. I do know most of the authors and had the privilege to meet them personally. Great it was! So I came to respect them even more. But you know my blog and the way I run it: I only blog when it is something positive to share. When I do not feel a full 100% good about it, I will simply NOT blog about it. EVER! So when I would think SCOM R2 Unleashed to be no good, this article would never ever have been written. Time is costly and why waste it on negative things?

So let’s start! I have put the review in a Q&A format.

Q1: Do I need to buy SCOM R2 Unleashed as well in order to understand the book completely?
The cover of the book tells one it is a supplement to SCOM Unleashed. But this does not mean one MUST have read that book in order to understand it fully.

The main authors (Kerrie Meyler, Cameron Fuller, John Joyner and Andy Dominey) have gone to great lengths to write a book that stands on its own. In order to achieve that they have been helped by some other great names out of the SCOM world, some of them work for Microsoft and other run their own companies. In short, much much experience, knowledge and angles have been put together to create a book which not only stands on it self but also stands out.

Having said that, SCOM R2 Unleashed refers in some occasions to SCOM Unleashed. So in order to get the WHOLE picture and not ‘just’ the R2 side of it, SCOM Unleashed makes it all complete.

Q2: What does the book contain?
All about the new features of SCOM R2. And not just like: ‘Oh, since R2 Xplat is covered as well’. No way. It contains explanations, examples (in order to write this book the authors had a life lab at hand in order to test it, showcase it and the like), and tons of references. So in the example of Xplat, it takes up about 70 pages of this book. All you want to know about it or wondered about it, is to be found there. Or you are given some url’s where more information can be found. In 450+ pages one is being told what R2 is all about.

A small recap of the index of the book:

  • Chapter 1: Hello! I am SCOM R2 and these are my highlights and capabilities.
  • Chapter 2: What? No Microsoft operating system? But many of them can be monitored by me as well!
  • Chapter 3: Boy! Do I like Windows Server 2008! (Like: Installing, upgrading to SCOM R2)
  • Chapter 4: Did I ever tell you about my new friend, SQL Server 2008?
  • Chapter 5: No! Do not run away now! PowerShell is HOT! Ever seen my extensions? (SCOM R2 and PS. 40+ pages about it!)
  • Chapter 6: Let me introduce my smaller brother who is also doing many more things? Here is System Center Essentials 2010!
  • Chapter 7: Lets go Virtual! (Hyper-V, monitoring Hyper-V and/or VMware, SCOM and virtualization, PRO and the like)
  • Chapter 8: It is all about MP Authoring.
  • Chapter 9: Now it is time to give it all! (High Availability scenario’s, Visio Add-In, ACS, DA’s and the like).

As stated before every single chapter is not simply a list of what SCOM R2 is all capable of, it is showcased, explained into detail without ever getting way to far of the topic. And that is not all. The book also contains 3 appendixes which tell you:

  • Appendix A: How to configure the most commonly used MPs (AD, Exchange, SQL, DNS, GPO to name a few). Please ALWAYS RTFM the related MP guides, but look upon this appendix as an additional source of information based on real field experience. Always welcome information like that.
  • Appendix B: Almost 20 pages of reference URLs!
  • Appendix C: Online resources.

Q4: Do I need to be a real Pro in order to understand it all?
No, you don’t. The main thing is that you are interested and willing to LEARN. Some chapters can take a deep dive but still there is a build up. Take your time for it. The most important thing is that you have real life experience with SCOM R2 and – even better – some kind of test environment at hand. With all the trial versions available today for SQL 2008 SP1, SCOM R2 and Windows Server 2008 R2 (all valid for 180 days), software shouldn’t be an issue here.

Q5: Do I need to read the book from chapter 1 to 9 or can I pick out the things which interest me the most?
Even though the book has been setup that with starting at chapter 1 and going from there one gets the clearest picture of SCOM R2, every chapter stands on its own as well. So when you want to know more about MP Authoring, just start at chapter 8. So the book can be used as a reference as well.

Q6: I already have a SCOM RTM/SP1 environment in place. We are about to upgrade to R2. Does this book tell me about upgrading?
Yes. Chapter 3 will tell you all about it. Chapter 1 & 2 will tell you WHY to upgrade to R2. So when your managers are still wondering whether or not to upgrade, show them those chapters. The other chapters will tell you how to get the most out of it.

Q7: My environment is already at R2 level. I use it on a daily basis. So what good is this book for me?
This book can be looked upon as an index of much of the information to be found on the internet. Like a looking glass. On top of it, it adds many things like advices based on lessons learned out of the field. Also many things are demonstrated. And many times will a SCOM R2 environment not do everything what it can do at a given company. Simply because some functionality is not needed (at that time), but you can still have questions about it. Or you are using a certain functionality and simply want to know more about it. This book shows and tells it all.

Q8: In what format is this book available?
Hello 2010! SCOM R2 comes in two formats: electronic and as a bunch of paper, aka ‘book’. I myself have both formats. The book is at home and the electronic one resides on my notebook. Really works great.

Q9: Wow! I want that book! Now! How & where to get it?
Again: Hello 2010! Open IE and check it out: http://thoughtsonopsmgr.blogspot.com/2010/03/scom-unleashed-r2-available-for.html

Final words 
Instead of more talking/blogging I will try a different approach. The last question should be like this:

Q10: Who should buy AND read this book and why? And who should NOT buy it?

Any one who works with SCOM R2 in any kind of way AND cares about it should buy AND read this book. It tells you all you want to know and where to find more information on the internet when needed. Also the clear demonstrations, pictures and explanations helps one out to get a quick and thorough understanding of SCOM R2 and the power present in the product and most important, how to UNLEASH it. So whether you are a SCOM R2 die-hard or a newbie, this book is a MUST HAVE for everyone.

When you run a SCOM R2 environment and simply don’t care, well DON’T buy it. But remember in a situation like that it is more than likely that SCOM R2 is running you. Also that way SCOM R2 becomes just a blob of software and you are missing out on it all… Like having a Ferrari in the garage and going to your work by bus! So open up your eyes, start IE and order the book online! BUY IT, READ IT and regain CONTROL!

Thursday, May 20, 2010

A new MP for network component monitoring for SCOM 2007 (SP1/R2)

OpsLogix, the company which creates and builds intelligent native MPs (so no connectors or other layers are needed) has recently released a new MP. This new MP monitors your network components, aka OpsLogix Intelligent Management Pack for Network Monitoring.

On it self not a shocking thing. I mean, there are already other MPs which do exactly that. However, certain things really make it stand out of the crowd:

  1. A new SNMP Module
    The SNMP Module shipped with SCOM SP1/R2 has some rough edges. It does not scale very well and might randomly fail. All other vendors who deliver MPs for network monitoring do use this module though. OpsLogix however introduces a NEW SNMP module which is way much better so the scaling issues and possible failures are gone.

  2. Native MP
    This MP does not need any additional layer like a connector. Just import the MP, add the devices and be done with it.

  3. Pricing & Licensing
    Other vendors ask a fee per monitored network device where also the complexity is accounted for. The more complex a monitored network device becomes, the more money has to be paid. When one has many network devices to be monitored by SCOM this will create a considerable price tag. For many customers of mine this has been the main reason  NOT to monitor too many network devices all to deeply. They only cover the most critical ones with a MP like that and monitor the rest with a simple ping, run from the OpsLogix Ping MP which is free.

    OpsLogix uses a total different approach. Their licensing model uses a device group basis which starts at a total of 50 devices. Afterwards device groups are added as needed, which consists out of 75 devices per group. The pricing of these group is totally independent of the vendor and model number of the monitored devices. This creates a very affordable price tag per device. When this MP is used to its fullest, it is even less than 10 euro’s per device! In another setup a customer of mine pays just 50 euro’s per monitored network device which is still a very affordable price tag.

  4. Coverage
    This MP covers a wide range of network components. OpsLogix uses the term ‘certified’ for it. The list is growing as we speak, or better as I blog :). This list is impressive.

    But suppose you have this particular device which is not certified at the moment. OpsLogix can certify it for you. And for a reasonable price. Of course, when you have this ‘beast’ of a network component which is very complex, the pricing will be different compared to a network device which is more straight forward. Just contact them and they will help you further.

Soon I will put this MP through its paces at a customers site. When allowed I will blog about it. I must say it looks very promising already. Can’t wait to test it!

How To: Monitoring Exchange 2007 with OpsMgr R2 and the native MP

Rui Silva, an Exchange MVP, is writing a very good and detailed HOWTO guide about monitoring Exchange 2007 with OpsMgr R2 and the native MP. This guide will consist out of 6 parts. I will update this posting when a new part is published.
image

Part   I: Introduction, the 11 needed steps;
Part  II: Covering the first 3 steps of the 11 necessary;
Part III: How to enable Exchange 2007 server role discovery, customizing the MP;
Part IV: How to configure synthetic transactions;
Part  V: How to configure monitoring of SCR/CCR Log Shipping and Unified Messaging servers;
Part VI: Migration options for the previous version of the converted Exchange management pack, common troubleshooting and reporting.

New MP released: File Services Management Pack for Windows Server 2008 R2

Some days ago a new MP has been released by Microsoft. This MP monitors the File Services hosted by Windows Server 2008 R2.

Taken directly from the website:
image

MP to be downloaded from here.

Tuesday, May 18, 2010

New KB Article: New Management Server unable to get configuration

Microsoft has released yesterday a new KB article which describes the issue where a new SCOM Management Server is not able to process the configuration after having downloaded it from the RMS.

KB article KB2027535 describes this issue, what causes it and how to solve it as well.

Monday, May 17, 2010

Opalis Integration Server 6.2.2. SP1 & Opalis Operator Console Installer Script download locations

Update 90-06-2010: This Posting contains non-working links. Check this posting for the ‘new’ download locations.

At these locations are the latest Opalis releases to be found:

Opalis Integration Server 6.2.2. SP1: http://www.opalis.com/download.asp?id=188
Opalis
Operator Console Installer Script: http://www.opalis.com/download.asp?id=189

Many thanks to Marcus Oh who ‘sent’ me the links before I found them else where…

Thursday, May 13, 2010

Opalis Integration Server 6.2.2 SP1 about to be released

SP1 for Opalis Integration Server 6.2.2 is about to be released.

It contains many enhancements, bug fixes. It shows the dedication of Microsoft towards Opalis.

Operator Console Installer Script
One enhancement which will be really appreciated is the Operator Console Installer Script. It takes one much work out of hands and lessens the change to errors: 
image 

Hotfix Rollup
It also contains a set of hotfixes which addresses some issues:
image  

New Integration Pack (IP)
A new IP has been added as well:
image

Authoring & Workflow Examples
New in this SP is the introduction of a library of pre-built AND documented workflows, aka Opalis Workflow Catalog. These are designed to help the Opalis users to understand the basics how workflows and solutions are to be designed  & authored:
image

The same blog posting contains a list of complex Workflow samples and simple Authoring Examples.

Want to know more? (Actually when you are in to Opalis, you really should take a look!). Blog posting is to be found here.

ACS Forwarder connection issues

The OpsMgr Support Team has published a new blog posting which describes an issue with the ACS Forwarder which may frequently log connection and disconnection events on Windows XP POS (Points Of Sale) computers. But the issue might occur on any ACS Forwarder if the accounts and/or permissions being used are configured incorrectly.

The same posting describes these issues in detail, tells how to start some debugging AND how to solve it. The posting is to be found here.

Wednesday, May 12, 2010

Its all about semantics

Hmm. Had my piece of semantics today. At a customers site the Forefront TMG MP had been imported and configured, all by the book (the related MP guide that is).

Soon all the Forefront TMG related information started to show up in the SCOM R2 Console. All roles were neatly discovered, the topology views got populated. At least, that’s what we thought.

But when we looked at the Enterprise Topology view, it turned up empty:
image

Time to take a look at the Discovered Inventory view and target it at Enterprise Management Server Role:
image

Strange. The customer told me TMG Enterprise to be in place.

No errors to be found in the OpsMgr event log of the Forefront TMG servers. Nor did the SCOM R2 Console show any Alert relating to a Discovery going sour. Lowered the interval to 5 minutes, hoping to get some more information why no Enterprise servers got discovered, but also no difference there. Removed that override.

Time to take a deeper look at TMG itself. When the TMG console is opened this is shown in the right top side:
image

Looks like Enterprise to me. Or not?

As it turned out, it is all about semantics. The situation is that the Enterprise edition of TMG has been installed. But the TMG MP does not look at that. It checks whether the TMG servers and arrays are Enterprise Managed!

This is simply checked by right clicking on the Array and go to its properties. As is turned out here it is a Standalone Array and not Enterprise Managed:
image

So in this case the Enterprise Topology view will stay empty simply because there is no TMG Enterprise in place!

Lesson learned: semantics can play an important role when using SCOM R2.

Savision: Live Maps v5 RTM

A couple of days ago Savision released v5 of Live Maps. A great tool and a must have for any SCOM environment has become even better! I have blogged already about the previous version, to be found here.

Some of the new features to be found in this new version are:
image

Want to know more about it? Visit this webpage which also contains some great video’s showing some of the new features.

Tuesday, May 11, 2010

Opalis Operator Console installation

Even though the Opalis installation package contains good documentation about how to install all needed Opalis components (Opalis_Integration_Server-Administrator_Guide.pdf, which I already blogged about), Microsoft has added some good documentation of their own as well.

How ever, last week-end I noticed that the pdf ‘Opalis Integration Server Deployment Overview’, provided by Microsoft describing the installation of the Opalis components contains some ‘bugs’. This document is actually a compressed edition of the Opalis_Integration_Server-Administrator_Guide.pdf, in order to get your Opalis (test) environment quickly up & running.

The guide does a good job, but the part which describes the installation of the Opalis Operator Console (pages 13 to 16) is not up to specs. It contains some omissions which could result in a not fully functional Opalis Operator Console.

Therefore when you are about to install the Opalis Operator Console, it is better to use the guide provided by Opalis: Opalis_Integration_Server-Administrator_Guide.pdf. Pages 30 to 35 of that guide describe everything you need to know. This blog posting of mine tells you where to find that guide.

Monday, May 10, 2010

Cannot log on to the Opalis Operator Console: ‘The username or password you have entered is not correct. Transaction failed’

First a small story.

At the moment I am testing Opalis. I have installed it multiple times, just to get it into my system and document it thoroughly. The part I ‘like’ the most is the installation of the Opalis Operator Console! Yeah, right!

Some of my friends are really Unix/Linux geeks and do not like Microsoft. So many times when we meet they start their usual song about Microsoft and their state of the art (duh!) U/L systems. I always let them. Somehow U/L people are a bit uncertain and need to talk about systems they do not understand. They love to dive deep into systems while MODERN systems do it for YOU and way much better so you can focus on the things that really matter :).

But the installation procedure of the Opalis Operator Console has really given me so MUCH ammo! I mean, installing the SCOM (R2) Web Console is a piece of cake. Just a couple of mouse clicks, and TADA! The OpsMgr Web Console is installed AND functional. In the background many issues/tasks have been taken out of the hands of the person installing the application. As it should.

How different is the installation of the Opalis Operator Console. First, one has to visit many obscure websites in order to get all the needed files (16 in total!). Some sites are easy to navigate but other websites are a bit of a challenge in order to obtain the correct file. When all the needed files are downloaded one has to install, unpack, copy, move and edit many files in order to get the Opalis Operator Console operational! It is good Opalis has been acquired by Microsoft. Can’t wait until the Opalis Operator Console is fully IIS and .NET Framework based…

Phew! I got it out my system! Needed that! :)

Now the issue which I encountered today: I could NOT logon to the Opalis Operator Console. No matter what I tried, this is what i got: ‘The username or password you have entered is not correct. Transaction failed’:
image

I checked everything: the SQL server involved, TCP settings of the SQL server, the port (1433), the firewalls, the account being used. I even removed the Opalis Operator Console and reinstalled it again. All to no avail. Reread the Opalis installation guide and double checked everything, but no way I could get in. Almost started to think about a Kerberos Double-hop issue :).

Time to take a deeper dive into JBoss and the other components. So first I stopped it and removed the two log files (boot.log and server.log), found in <JBOSS>\server\default\log, (where <JBOSS> refers to location where JBOSS is installed. In my situation it’s c:\JBOSS):
image

I restarted JBoss in order to get clean log files. After JBoss became fully operational I opened the log file server.log and started to search for strange issues.

Hmm. This is what I found: ‘Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication.’:
image

I had altered the related file for the database connection (opalis-ds.xml) in such a way it refers to the correct SQL server and database (Opalis) and to use integrated security. Normally it should work.

So time to start a search on the internet and this blog told me what was happening. So I searched for the file sqljdbc_auth.dll on the server hosting the Opalis Operator Console, found it in the folder <JBOSS>\bin and copied it to the folder C:\Program Files\Java\jdk1.6.0_04\bin. I stopped JBoss, deleted the two log files and started JBoss again.

I checked the log file server.log and first thing I noticed was its size. Much smaller! Less errors perhaps?
image

And no more errors to be found. Nice. So lets start the Opalis Operator Console and log on to it:
image

So finally I cracked it! Took me some time though, but none the less, I cracked it! :) Thanks to the Microsoft JDBC Driver Team Blog of course.

Can’t wait to meet my U/L friends again and ask them whether they have ever heard how easy it is to install the SCOM (R2) Web Console…

Kris is on the ball!

Kris Bash is about to publish his newly build MP for monitoring Oracle on Unix/Linux servers. Don’t ask me what the exact date will be since he is the only who knows it.

The looks and the details of this MP are good, just as the former released xSNMP MP Suite. He has written five blog postings about the Oracle SCX MP for Cross Platform Agents. These five postings describe this MP in many details. The last posting shows some interesting details about the MP, along with some screenshots. This MP covers many aspects of Oracle.
image
(Screenshot taken from his blog.)

When you are running Cross Platform Agents AND Oracle on those servers, I really advise to keep track of his blog.

Thursday, May 6, 2010

New KB article: Management servers or assigned agents unexpectedly appear as unavailable in the SCOM Console in Windows Server 2003 or Windows Server 2008

Microsoft has released a KB article (KB981263) which addresses above mentioned issue. This issue might occur in SCOM SP1 and SCOM R2 as well.

Cause and resolution to be found here. It is all about an issue in the storage engine of the jet database that is hosted on Windows.

When downloading it for Windows Server 2008 you can select the Vista option since it has the same code base as Windows Server 2008.
image

SCOM R2 Updated documentation available

Since yesterday the most recent versions of all official Microsoft SCOM R2 documentation can be downloaded from here.

As you can see, much good information is to be found. RTFM really makes the difference between running a SCOM R2 environment or being run by a SCOM R2 environment.
image

SCOM R2: Not able to remove a MP when a profile is set

Sometimes a MP is not needed any more or has ended a test phase and needs to be removed. When one has NOT used the Default MP for storing overrides, this is easily done. First remove the MP containing the overrides related to that specific MP and then remove the related MP components one by one. However…

When the related MP needs additional permissions, these are set within OpsMgr configuring the Run As Configuration by first defining an Account, distributing it to a set of computers or a certain Class and then adding that same account to a Profile, related to that MP. 
image

When a Run As Configuration is set in SCOM R2 what actually happens is that a new MP is created or, when already in place because sometime a Run As Configuration has been set before, that very same MP is altered. The MP I talk about is the Microsoft.SystemCenter.SecureReferenceOverride MP:
image

And sometimes, when removing a MP which needed additional permissions, that MP can get in the way. One can get this error message when trying to remove the last component of a MP:
image 

So one tends to think: ‘Lets clean up the related Profile and Account and be done with it’. However, this will not always work as expected.

Lets clean up the related profile of the MP to be removed:
image

As you can see, all is gone. No more accounts associated to the Profile related to the MP to be removed. Now lets try to remove the MP:
image

So it is time to edit the Microsoft.SystemCenter.SecureReferenceOverride MP manually. In this example I have taken the PKI Certificate Validation MP. Do not get me wrong since I really like this MP. It is only an example.

  1. First check out the ID of the MP which generates the error about the Microsoft.SystemCenter.SecureReferenceOverride MP. Double click it and copy its ID:
    image 

  2. Export the Microsoft.SystemCenter.SecureReferenceOverride MP. When done copy the export file (xml-file) to another place so there is ALWAYS a way back!!!
    image

  3. Open Notepad and drag the export file into it. Search for the ID (found in Step 1) of the related MP which generates the error (in this case SystemCenterCentral.Utilities.Certificates):
    image 
    When found remove the section which starts <Reference Alias=””>, found directly above the <ID> line. The end of the section is the FIRST </Reference> part, right after the <ID> line.

  4. When removed it looks like this:
    image 
    (Every SCOM environment differs from the other one, so changes are huge that you will see something different here.)

  5. Save it and export this MP into SCOM R2.

  6. Now the MP which needs to be removed can be deleted without any error message.

Tuesday, May 4, 2010

Opalis: RTFM…

As with everything else, RTFM is a MUST. Otherwise the related product will manage you instead the other way round. Which is not good.

But where to find all the needed information about Opalis? The Opalis website hosted by Microsoft contains some documentation about it.
image 

However, this documentation is written in telegram style. Many of the details aren’t to be found there. It gives one a good and solid introduction to Opalis. What about the requirements for Opalis Integration Server? How to create a workflow? How to use an Integration Pack? Just a few questions which need some answering.

The documentation containing all the answers (and more!) is not to be found on the earlier mentioned website. Which is understandable.

Why?

The Opalis Integration Server installation package (Opalis Integration Server 6.22_6.2.2.5229.zip) contains all you want to know about Opalis. All the details are covered in four comprehensive guides.

So why publish it twice?

Just download the trial package, unzip it and you will find in the folder containing the unzipped files many new folders. One folder is named Documentation. And as the name states, that folder contains all you need/want to know about Opalis.
image

Some explanation:

  • The yellow highlighted PDF is all about the components and the installation/configuration and requirements per component.
  • The red highlighted PDF is all about creating workflows, activating Integration Packs and the lot.

The other two remaining guides are also important but can be read in the second stage where Opalis is installed and functional. The first two guides are a must to be read prior to installing and configuring Opalis.

Really RTFM is the magic word here. Seriously!
image

Monday, May 3, 2010

Tools: Terminals

On many customer sites I use my own notebook to start a RDP session to the SCOM (R2) Management Servers. But with the years going by the amount of customers has grown and the size of the Management Groups as well.

So how to keep track of it all? Every company has a user account and password policy in place. So I end up with a whole collection of accounts, passwords and server names. So just starting a RDP session from the start menu won’t suffice any more.

Gladly there are some great solutions to be found on the internet. Some require money to be paid, others only ask for a donation. And to be frankly, when software is great, I do not mind paying for it.

For sometime now I use Terminals which is a great tool.

Why? Some reasons:

  • It has a password manager onboard, so no more hassle with remember usernames and passwords.
  • The program is password protected by default, which is a REQUIREMENT.
  • The capability to tag any new connection is great. So many connections can be added from different sites without losing control.
  • The possibility to add a description per server name is really great: with a single glance I know exactly what server does what.
  • All sessions opened in Terminals are displayed in a tab of its own. So switching between sessions is really easy!
  • All the possibilities available in RDP are to be found in Terminals as well:
    image 
  • Besides RDP there are also many other connectivity options available, like:
    image

It works really great and cannot imagine my personal IT toolbox without it anymore.

Want to download it yourself? Go here.
image

I use the 1.8c version since that is the latest stable release.

Saturday, May 1, 2010

Cumulative Update 2 for System Center Operations Manager 2007 R2

As stated before, every quarter Microsoft will release a new set of patches and hot fixes for SCOM R2. This set will be put into a Cumulative Update. And every cumulative update will also contain the one before. Just a day ago a new Cumulative Update for SCOM R2 has been released, CU#2.

The release notes about CU#2, KB979257, describes this new CU in detail:
image 
Even though with many hot fixes it is stated to be ‘used when affected’, I have highlighted two issues which this CU resolves which are important for any SCOM R2 Management Group.

But of course, Change Management and Testing are very important here. So test this CU first before applying it to any production environment. This is very important!

The CU refers to the same KB article as well:
image

Be wise and RTFM before applying this CU.

This CU can be downloaded from here. The earlier mentioned KB article also contains the installation instructions:
image

When you want to read about some thorough installation experiences, Kevin Holman has written a solid blog posting about it. To be found here. Combined with the earlier mentioned KB article you will get as much as good information as needed.

Soon enough I will share my personal update experiences.