Category SCOM

SCOM 2016 EXECUTE permission was denied on the object ‘sp_help_jobactivity’, database…

Short blog post here. After deploying SCOM 2016 if you see this error after clicking on the new Maintenance Schedules:

An exception was thrown while processing GetMaintenanceScheduleInfoList for session ID uuid:33c42f9a-9967-4f94-b7cd-800007beb49b;id=17.
Exception message: The creator of this fault did not specify a Reason.
Full Exception: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UnknownDatabaseException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to The EXECUTE permission was denied on the object ‘sp_help_jobactivity’, database ‘msdb’, schema ‘dbo’.
The data access service account might not have the required permissions).

Go change the System Center Data Access Service from running under local system account to run under your SCOM domain account that has the proper access to the SQL instance that the Operations Manager database is running on. That should fix this error. And don’t forget to apply UR2!

Read More

Agent Pending Management Ghost

One of my clients recently had an issue with SCOM 2012 R2 latest UR. They were trying to install the SCOM agent on a server. It did not work through the console they would receive the following warning:

One or more computer you are trying to manage are already in the process of being managed. Please resolve these issues via the Pending Management view in Administration, prior to attempting to manage them again.”

clip_image001

The server was not displaying under SCOM Console>>Administration>>Pending Management. They installed the SCOM agent manually but it still did not show in SCOM Console>>Administration>>Pending Management. I jumped into PowerShell and ran the following:

Get-SCOMPendingManagement | ft AgentName,AgentPendingActionType

Output:

clip_image002

NOTE: You can also run this query “select * from agentpendingaction” against the OperationsManager database to see a list of agents in a pending state.

I ran

Get-SCOMPendingManagement | where {$_.AgentName -Like “SERVERNAME.SERVERDOMAIN.com”} | Deny-SCOMPendingManagement

It gave this error:

clip_image003

I then ran:

Get-SCOMPendingManagement | where {$_.AgentPendingActionType -eq “ManualApproval”} | Deny-SCOMPendingManagement

This gave the same error. I then ran Get-SCOMPendingManagement | where {$_.AgentName -Like “SERVERNAME.SERVERDOMAIN.com”} and this worked fine. So PowerShell was not helping me here except for showing me some servers are in the pending state even though they do not show in the console.

To resolve this issue I was able to fix this by removing the stuck agents in SQL. To do this I ran the following stored procedure (blog on this here) against the OperationsManager database:

exec p_AgentPendingActionDeleteByAgentName ‘SERVERNAME.SERVERDOMAIN.com’

After that I ran

Get-SCOMPendingManagement | ft AgentName,AgentPendingActionType in PowerShell again and the server was no longer listed.

I then went back to SCOM Console>>Administration>>Pending Management and now the server shows as pending. I clicked Approve and the SCOM agent was fine after that.

clip_image004

Read More

System Center 2012 R2 UR7 Highlights

Its been a while since I have posted a new blog. I have been busy working on multiple System Center projects and other behind the scene activities. Today update rollup 7 for System Center 2012 R2 was released and this is definitely worth a post. This UR includes DPM, SCSM, SPF, VMM, , SCORCH, Azure Pack, but not Operations Manager. UR7 for Operations Manager will be coming within a few weeks. More info here.  It is interesting that SCOM is not in this UR and we actually see SCORCH included. Here are some highlights from UR7:

For Orchestrator The Monitor SNMP Trap activity has an issue fixed and there is a fix for Stop Job and Stop Runbook. The SCORCH UR also includes some fixes for SMA.

For Service Manager we see a bunch of fixes. Some fixes I want to call out are MPSync Data Warehouse job stop responding and the Get-SCDWInfraLocations cmdlet introduced in update rollup 5 have been fixed. Great work from the Service Manager team. Keep it up.

Beyond just fixes we see new features in two of the System Center components VMM and DPM. As always its exciting to see new features added via UR’s.

In VMM we see support for Windows 10, the ability to provision and customize Debian 8 Linux as a Guest Operating System, support for VMWare vCenter 5.5, the ability to have Multiple External IP Addresses per Virtual Network, the ability to re-associate orphaned virtual machines to their service or VM role, and support for VMM DHCP Extension PXE/TFP Forwarding. There also is a ton of great fixes for issues in VMM. This is great work from the team and should make VMM more stable.

In DPM we see support for Windows 10 client protection, and a really cool feature being the ability to use alternate DPM servers to recover backups from Azure Backup vault. These means if you sent your backup data to Azure from one DPM server and it croaks you can connect a different DPM server to your Azure Backup subscription and recover data from Azure! I have a feeling we will continue to see greater collaboration between on premise backup/DR (DPM) and cloud backup/DR Azure Backup in the future.

To access update rollup 7 visit this link: https://support.microsoft.com/en-us/kb/3069110

Read More

SCRIPT: Schedule Maintenance Mode SCOM 2012 R2

I know scheduled maintenance mode functionality is coming to SCOM 2016 as shown here. However I have clients that are still on SCOM 2012 R2 that need to schedule maintenance mode in SCOM right now. There are options out there for this already the best solution is a tool called SCOM 2012 Maintenance Mode Scheduler . It has a small fee but is well worth it. Sometimes I have clients that would prefer to run a script vs. pay the fee for a tool especially when this is coming to SCOM 2016.

There are a bunch of scripts out there for this but most are old and or don’t work. I have been using my own script to do this for a while. I recently updated it and have decided to share it. I run this script from Windows task scheduler. It could also just as easily be scheduled to run from Orchestrator, SMA or Azure Automation. I will put the download link at the end of this blog post. This script will put a SCOM group in maintenance mode. It also sets the duration in minutes but can easily be changed to hours.

Here is the PowerShell script:

<#

#########================================================================================================#########

#

#

# ** Name: SCOMGroupMaintMode.ps1

# ** Author: System Center MVP – Steve Buchanan

# ** Date: 7/30/2015

# ** Version: 1.4

# ** Website: www.buchatech.com

#

# ** Description:

# ** This script can be used to a group of objects within SCOM into Maintenance Mode.

# ** This script needs to be run in an administrative PowerShell console.

# ** This script needs to be run with some mandatory parameters. Parameters shown in examples.

#

############################################

Example when running from PowerShell w...

Read More

4th time System Center MVP

This morning I received an email from Microsoft that I am awarded System Center Cloud and Datacenter Management MVP for the 4th year. Here is the email I received:

image

The System Center Cloud and Datacenter Management MVP’s are a great lively bunch of folks. It is an honor to still be a part of this group. I have made many friends at Microsoft, with other MVP’s and in the community during my time as an MVP...

Read More

Cant change SCOM agents Primary Management SVR in SCOM Console

Problem:

When in SCOM you go to change the primary management server on a SCOM agent but you cannot. It is grayed out.

clip_image001

More details about this issue referenced on the following links:

https://social.technet.microsoft.com/Forums/systemcenter/en-US/c5214222-0cc3-4da5-a40e-64cbeff91573/r2-cannot-change-primary-management-server?forum=operationsmanagergeneral

http://www.systemcentercentral.com/forums-archive/topic/moving-agents-from-one-gateway-server-to-another/

I built a quick script to help with this. It can be used in any SCOM environment. Details are as follows:

Script:

MoveAgentSCOMMgmtServer.ps1

Description:

This script can be used to move agents from one management server or gateway server to another.

There is a common issue “Cannot change SCOM agents Primary Management via the GUI (SCOM Console)”. This script can be used to help with this issue.

This script should be run in an administrative PowerShell console on a SCOM management server. You can run this script using: powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

How to run:

Step 1: Copy the MoveAgentSCOMMgmtServer.ps1 script to a SCOM management server.

Step 2: Open an elevated PowerShell and navigate to the script. For example: CD “C:\SCOM Scripts”

Step 3: Run powershell.exe -executionpolicy unrestricted -command .\MoveAgentSCOMMgmtServer.ps1

You will be prompted to enter the name of the management server you want the SCOM Agents set to. You need to enter in the servers full FQDN. This can be a management server or a gateway server.

clip_image002

Step 4: A window will pop up with a list of your SCOM Agents. Select the SCOM Agents you want to change the primary management server for. Click the OK button.

clip_image003

Step 5: Once the SCOM Agents are set you should see a similar output.

clip_image004

Download from TechNet Gallery:

https://gallery.technet.microsoft.com/Move-Agent-SCOM-Primary-9927d7a3

Read More

System Center Futures 2016 and Beyond

UPDATE 9-4-2015:

***There is an upcoming FREE event covering the Future of System Center. This will be held on Sep 25, 2015 at the Microsoft MTC in Minnesota (http://www.microsoft.com/en-us/mtc/locations/minneapolis.aspx). This is a must attend event for any company running System Center. For more info on this event visit: http://bit.ly/1JIHS48***

Last week I was able to attend the first ever Microsoft Ignite conference in Chicago. There was a lot of exciting news announced at this conference around the many Microsoft products and technologies. Everything was covered from SharePoint, Exchange, Unified Communications, Office, Windows server, Windows 10, all things Azure and more. This post is focused for any System Center professional that was unable to attend the MS Ignite 2015 conference but what’s to know what’s up with System Center. If you had any concern about System Center going away or just want to know about the future of System Center in general this post is for you.

During conference there were many sessions related to the various System Center components however there were a couple of critical sessions that covered the future of System Center. These are the Platform Vision & Strategy sessions. These are titled:

Windows Server & System Center Futures—Bring Azure to your Datacenter (Platform Vision & Strategy)

And

Platform Vision & Strategy (6 of 7): What’s New in System Center for Management

These sessions are important because they featured System Centers top guy Jeremy Winter and he talked about future direction of the management solutions. In this post I will sum up key information from each of these sessions.

NOTE: This post is my perspective on the Platform Vision & Strategy sessions from Ignite and do not represent the opinions of Microsoft.

Traditionally System Center has been a complete management stack for IT Operations. This is not going to change but will continue to get better. The stack consists of: Managing endpoints (PC’s/Mobile device/servers) – *SCCM/Intune* | Monitor – *SCOM* | Automation – *Orchestrator (SMA)* | Provision – *VMM* | Service Management – *SCSM* | Protection – *Data Protection Manager* | Self-service – *Azure Pack* also represented in the following screenshot from one of the session slides.

clip_image001[4]

So we are now in the year 2015 and have not had a new major version of the entire stack since 2012. However since the release of System Center 2012 we have seen a steady progression of enhancement to the stack. We have seen it move from SP1 to R2 and now updates and new features through update rollups.

These update rollups have been released on a faster cadence at a speed we have not seen from Microsoft before. In fact we have recently seen a round of new features in update rollup 6 and more announced at Ignite. Below is a list of key features that stuck out to me along with slides from one of the Platform Vision & Strategy sessions giving insight into where the System Center components are headed next.

SCCM: Support for Windows 10 and a plethora new MDM features.

clip_image002[4]

Automation: Graphical authoring. How cool is this!, DSC Push/Pull servers now in SMA and you can manage DSC in SMA, Role Based Access Control.

clip_image003[4]

DPM: Backup as a Service in Azure Pack powered by DPM, VMWare Backup, Azure Backup offline seeding.

clip_image004[4]

SCOM: LAMP Stack monitoring, Scheduled Maintenance Mode.

clip_image005[4]

VMM: Ability to manage Azure IaaS VM’s in VMM. 🙂

clip_image006[4]

SCSM: Workflow server scale-out, Azure Stack IT Marketplace

clip_image007[4]

All of those enhancements are exciting for System Center as it appears to be leading up to a major release soon...

Read More

Streaming Enterprise Backup Ignite 2015 Session

My Enterprise Backup session with Microsoft PFE Islam Gomaa and System Center MVP Robert Hedblom from Microsoft Ignite is now on Channel 9. Here is what we covered in the session:

  • Offline seeding to Azure Backup
  • Monitoring and the new enhanced reporting
  • Custom reporting
  • Real-world deployment best practices

and

  • The all new Backup as a Service in Azure Pack powered by DPM

You can watch it here:


Read More

Deploy & Configure DPM Enhanced Reporting

A while back I posted about the enhanced reporting for DPM here: http://www.buchatech.com/2014/11/dpm-2012-r2-reporting-improvements/ I wanted to create another blog post on how to deploy and configure the new enhanced reporting for Data Protection Manager (DPM) 2012 R2 and as a follow up to my Enterprise Backup session @ Microsoft Ignite (http://meme.ms/d5gpbrq). Here is a diagram of the new DPM reporting framework:

clip_image001

This new reporting for DPM is a part of Operations Manager (SCOM). SCOM can monitor your DPM server/s so it only made sense to build this new reporting framework in SCOM. Data from your DPM server/s is brought over to SCOM through the monitoring and placed in SCOM’s data ware house database. This data is then accessed via a new set of DPM SQL views and served up to the reports.

Following is a breakdown of what you need to get the new reporting framework put in place and configured.

What do you need?

  • Need SCOM 2012 R2 deployed w/ DW working.
  • DPM management packs must be imported to SCOM and central console must be deployed.
  • DPM 2012 R2 and Central console must be on UR5.
  • Must configure SLA’s on your DPM servers using Set-DPMProtectionGroupSLA CMDLet to get SLA data in reports. More on this later.
  • The FileServices MP is a pre-req of the DedupReporter MP.

You must be careful about how you install/upgrade the DPM central console and management packs on SCOM as you can run into problems if you do not pay attention. I have had to re-deploy a SCOM server once in a lab to get this to work. Here is the order I follow and have had the best success with:

How to deploy the reporting?

1st: Import RTM 4.2.1126 MP’s in SCOM (You may already have these loaded. They are DPM 2012 R2 RTM MP’s and are named:

         – Microsoft.SystemCenter.DataProtectionManager.2012.Discovery.MP

         – Microsoft.SystemCenter.DataProtectionManager.2012.Library.MP

clip_image002

2nd: Install Central console (This is DPM 2012 R2 RTM)

You will find this on the DPM media

3rd: Apply UR5 to your DPM server/s.

For a list of DPM version build numbers and download links visit:

         – http://social.technet.microsoft.com/wiki/contents/articles/4058.list-of-build-numbers-for-system-center-data-protection-manager-dpm.aspx

          – UR5 is version 4.2.1292.0. UR5 with the latest hotfix is version 4.2.1297.0.

4th: Apply UR5 to Central console.

NOTE: When updating the DPM Central Console be sure to run the correct .exe.

See the following screenshot that highlights the correct one for the Central Console.

clip_image004

5th: On your SCOM server import the new DPM management packs version 4.2.1276 MP’s. These will automatically upgraded the RTM DPM 4.2.1126 MPs.

         – The System Center Management Packs for Data Protection Manager 2012 R2 Reporting, DedupReporter, Discovery and Monitoring can be downloaded from here: https://www.microsoft.com/en-us/download/details.aspx?id=45525.

           NOTE: With the new DPM MP’s there are two additional MP’s that were not part of the DPM RTM MP’s. There is the    Microsoft.SystemCenter.DataProtectionManager.2012.Reporting.mp which is required for the new reporting and there is the Microsoft.SystemCenter.DataProtectionManager.DedupReporter.mp that is optional if you want to get reporting around de-duplication on your DPM servers.Here is a screenshot of importing the new DPM MP’s and the File Services MP:

clip_image005

After you import the new DPM MP’s you should have the following management packs loaded in your SCOM:

clip_image006clip_image007

In SCOM if you navigate to the Reporting workspace you will have System Center 2012 R2 Data Protection Manager Reporting. Here you will find the DPM Executive Summary Report.

clip_image008

The following screenshot is what the DPM Executive Summary Report looks like.

clip_image009

6th (Optional): Configure SLA’s on your DPM server/s using Set-DPMProtectionGroupSLA CMDLet to get SLA data in reports. This has to be done on each DPM server per each protection group that you want to receive SLA reporting on. The steps to do this are:

Launch the DPM Management Shell. Run Get-ProtectionGroup -DPMServerName YOURDPMSERVERNAMEHERE to get a list of Protection Groups.

clip_image010

Run Get-DPMProtectionGroup | where {$_.Name –ieq ‘Exchange Mailbox Databases’} | Set-DPMProtectionGroupSLA –SLAInHours 24 to set the SLA on a protection group.

That is it. Now you have set an SLA for your protection group. The SLA is defined in hours. DPM will check the SLA once a day and an event is written to the DPM backup event in the event log.

That’s all for the setup and configuration. Stay tuned for a post on how to build out custom reporting in the enhanced reporting framework in the near future.

Read More

Tech Reviewer of New SCOM 2012 R2 Book

I was fortunate to be a Technical Reviewer on another System Center book. This one is about Operations Manager 2012 R2. It is titled Microsoft System Center 2012 R2 Operations Manager Cookbook. Authors include a fellow System Center MVP Steve Beaumont (http://systemcenter.ninja | @StevybSC ), a colleague of mine Chiyo Odika (http://mrchiyo.com | @MrChiyo ), Jonathan Horner, and Robert Ryan (http://scnuggets.blogspot.com). Here is a screenshot of the cover:

image

It contains 50 recipes that you can use with your SCOM deployment. The recipes in this book will help you:

  • Optimize SCOM
  • Build out monitoring for business applications, infrastructure and more
  • Work through tuning
  • Build and use dashboards along with reporting
  • Author management packs using MP studio or Visual Studio
  • Overall gain deeper insight into your SCOM environment

The book can be found here:
http://www.amazon.com/Operations-Manager-Deployment-Administration-Cookbook/dp/1782176241

and here:
https://www.packtpub.com/virtualization-and-cloud/system-center-2012-r2-operations-manager-deployment-and-administration-cook

Read More