At a number of internal conferences recently I, along with two other Premier Field Engineers; Neil Peterson and Thorsten Henking, presented a series of sessions on managing UNIX and Linux clients with Configuration Manager 2012 SP1. The intention of this blog series is to help you understand how Configuration Manager manages UNIX/Linux clients using the content from our sessions.

This blog series will be split into three parts;

1- Introduction and the client
2- General operations and inventory
3- Software distribution

Using Configuration Manager 2012 to manage UNIX and Linux servers, as well as your Windows servers, in the datacentre means you move a step closer to managing your whole datacentre estate through a single pane of glass! So let’s start having a look at what Configuration Manager 2012 SP1 can do to help you manage your UNIX and Linux servers.

Supported Distributions

At the time of writing, Configuration Manager 2012 Service Pack 1 offers client support for the following UNIX and Linux distributions;

• Red Hat Enterprise Linux
• Version 4, 5, 6 (x86 and x64)
• Solaris
• Version 9 (SPARC)
• Version 10 (x86 and SPARC)
• SUSE Linux Enterprise Server
• Version 9 (x86)
• Version 10 SP1 (x86 and x64)
• Version 11 (x86 and x64)

In the near future the number of distributions supported will increase, putting Configuration Manager’s UNIX and Linux support in line with System Center Operations Manager. It is also worth pointing out that the support for UNIX and Linux distributions is targeted to the server distributions rather than the client distributions.

Supported Features

The UNIX/Linux client is fairly lightweight in comparison to its Windows (or even Mac) counter parts, with the following natively supported features;

- Hardware inventory
- Inventory of installed software
- Software distribution

No Configuration Manager 2012 infrastructure changes are required to support UNIX/Linux clients, and additionally, as Configuration Manager 2012 sees the UNIX/Linux clients as just another client, the reports you are using today for your Windows based clients are the same that you use for the UNIX/Linux clients.

Client Architecture

Each UNIX/Linux distribution has its own set of client installation files which can be downloaded from our download centre, as UNIX/Linux versions can have different characteristics that we need to interact with (note the orange layer in the diagram below).

You’ll also note that we are installing a CIM server called NanoWbem (Opensourced by Microsoft through Opengroup http://www.opengroup.org/software/omi) along with the client itself to provide the WMI-like functionality we are used to with a Windows client. One thing to be aware of is that the CIM server we are installing with the Configuration Manager 2012 SP1 client is different to the CIM server that the System Center Operations Manager client installs.

The UNIX/Linux client talks back to the Configuration Manager 2012 SP1 infrastructure over HTTP or HTTPS. Content downloads are also performed over the same protocol (so there is no SMB client requirement on your UNIX/Linux server), but as the UNIX/Linux clients are treated as workgroup clients you need to ensure the network access account is configured. The UNIX/Linux client will then use the network access account to authenticate with the distribution point when downloading content.

Client Installation Notes

None of the automated deployment options (i.e. client push) that we use for Windows systems are available for UNIX/Linux systems, meaning you will need to perform manual or custom (e.g. shell scripts) installations. Full installation details are covered on Technet so I will only call out the main points and look at the methodology;

- Extract the downloaded files to a folder
- Mount the client files from a network share (e.g. CIFS, NFS) or copy them locally
- Install the client by running the install script file  
- Un-mount the client files or delete the install files if copied locally

The client needs to be installed using root privileges, and as UNIX/Linux clients will be treated as workgroup computers you will need to specify a management point and a site code for initial contact and site assignment.

Post installation, two system start-up daemons will be configured on your UNIX/Linux server;

ccmexec.bin is the Configuration Manager Client engine and performs all the interactions between the UNIX/Linux server and the Configuration Manager infrastructure.

nwserver.bin is the CIM server and gives us that WMI like functionality used for inventory. It maps UNIX/Linux classes and properties to Windows equivalent classes. More to be discussed in this blog series part 2.

A final couple of points before I close today;

- As I mentioned, no automated client deployment features are available, however with a little Orchestrator magic we can build our own! Neil covers automating the UNIX/Linux client installation using System Center 2012 Orchestrator on his blog.
- There is no control over the cache size. After successful installation of software the downloaded package files are removed from the cache. They only persist if you explicitly mark the package to persist in the cache, or if the software installation fails (so they remain for retry).
- The log files do not auto truncate so you will need to talk to your UNIX/Linux administrators to ensure they include the client log files in their log rotation tasks. I will talk more about log files in part 2 of this series.
- There is no ccmeval-like task for the UNIX/Linux client

So that’s part 1 over with, an introductory look at the Configuration Manager 2012 SP1 UNIX/Linux client and a few considerations before you go ahead and deploy the client for yourselves. In Part 2 we will explore general client operations and take a deeper look at inventory.

Hi folks,

I just uploaded another script over in the TechNet Script Center. This script allows you to automate the setting of business hours on a ConfigMgr client. This is useful for servers, where you might want to configure this remotely or in other scenarios where user interaction is not desired.  You could also potentially extend this script to read the users working hours from Outlook.  The script uses PowerShell to call into the WMI ClientSDK namespace and invoke a single method.  Most of the script is actually focused on validating and formatting user input, the actual ConfigMgr work is a single line of code.

Get the script here: http://gallery.technet.microsoft.com/scriptcenter/Set-Client-Business-Hours-572ecb95

Regards,
Saud

These postings are provided "AS IS" with no warranties, and confer no rights.

The following information is for example purposes only. Do not rely on this information for a production deployment. These are meant to show the areas you should test for when evaluating ConfigMgr client activity impact on your network before going into production. The results are specific to the below ConfigMgr configuration and may vary from environment to environment.

This blog is an update of my System Center Configuration Manager 2007 blog post (available here: http://blogs.technet.com/b/manageabilityguys/archive/2009/11/19/client-network-traffic-tests.aspx) to System Center 2012. This post will provide the results, the other two posts will provide how to do this manually using Excel with more context and the other post will provide an example PowerShell script that helps (let me know via the comments which of the two you'd prefer and I'll use that to prioritise things J). In a change from the 2007 blog post, I've gone to using IIS logs instead of NetMon. While this does mean that there is a small amount of traffic lost (IP headers, TCP headers) the benefit is that the data can be easily reviewed in Excel if you know what you're looking for or parsed with PowerShell (or whatever programming language you prefer).

To perform this sort of testing you need to enable a few things in IIS logging. Basically, the process is:

• Change IIS log settings to include sc-bytes and cs-bytes (server to client and client to server bytes respectively)
• Perform Activity using the client control panel applet, making note of the timings
  • To reset the Windows Update Agent repository and force a re-download of metadata, stop the Windows Update/Automatic Update service and rename C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
  • To reset the state message store, see http://msdn.microsoft.com/en-us/library/cc146437.aspx (this is a 2007 article, still works for 2012 though)
  • To reset the hardware inventory history and force a re-sync, see http://msdn.microsoft.com/en-us/library/cc144592.aspx (again, a 2007 article but works for 2012)
• Review the log files

 Here are the results from the testing:

Notes on Test Configuration that may impact results

• Application Management test software:
• App-V 5.0 install
• Single DT, script/setup.exe type
• No dependencies
• Software Inventory Configuration:
  • Inventory Rules: *.exe, *.dll (Exclude Windows directory was disabled, therefore the Windows directory was included)
• Hardware Inventory Configuration:
  • Standard SMS_DEF.MOF --> All AI configurations turned on
• Software Updates Configuration:
  • Last Synched: 22/04/2013, 00:20 (GMT/UTC+1)
  • Products
    • All Developer Tools, Runtimes, and Redistributables
    • Forefront Endpoint Protection 2010 (Note: for SCEP definitions)
    • Office 2010
    • CAPICOM
    • Silverlight
    • Skype for Windows
    • Microsoft SQL Server 2012, SQL Server 2008, SQL Server 2008 R2
    • System Center 2012 products (not SP1)
    • Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012,
  • Classifications
    • Critical Updates
    • Definition Updates
    • Security Updates
    • Service Packs
    • Update Rollups
• Client Configuration:
  • Windows 8
  • Office 2013 Professional (Note: that this product was not configured in SUP/WSUS at the time of testing)
  • Programs Registered in Add/Remove Programs: 11
  • Updates Registered in Add/Remove Programs: 6

Hopefully this post helps you get your Configuration Manager rollout moving. The other posts in this series should be coming along in the next couple of weeks (but I do have a day job and customers to keep happyJ).

Saud  

This post was contributed by Saud Al-Mishari, a Premier Field Engineer with Microsoft Premier Field Engineering, UK.

Many times I was referring to the below Kevin Holman's blog post:

http://blogs.technet.com/b/kevinholman/archive/2008/04/15/opsmgr-security-account-rights-mapping-what-accounts-need-what-privileges.aspx

As it was so useful just thought of bringing in an updated version of it but aligned with System Center 2012 Operations Manager SP1.

Hope you guys find it useful!

Just wanted to clarify a question that sometimes customers ask…

How about if my Operations Manager agents are in maintenance mode and I want to run a task against them by using Operations Manager?

The answer is:

Yes they will run. Either the Agent tasks (below left) or the Console tasks (below right) would run as you could see on the screenshot.

What I would like to add is:

Bear in mind that tasks run with less priority and they could potentially be postponed on an Operations Manager 2007 R2 Management Group where the RMS is heavily processing Configuration or pushing out Management Packs.

How about in SCOM 2012?

Although there are now Resource Pools enabling for sharing the workload between their members the tasks are still less priority.

It's unlikely that on a SCOM 2012 Management Group you face the issue stated above however…

The recommendation:

Based on a recent scenario I've faced on one of my customers which was still using SCOM2007 R2 my best recommendation would be:

If you want to trigger a very important task that should finish ASAP on an Agent or group of Agents, always ensure the required task workflow is performing well by triggering a simple task of the same type (Console or Agent) against them.

Only if successful trigger the critical one.

If you could not trigger any tasks at all: you should carefully review the capacity of your environment and overall performance of the Management Group.

The root causes could vary and further investigation would be required to identify the issue.

That would most probably include capturing Operations Manager trace logs on all the SCOM Management Servers, SCOM Gateways and the Agents involved.

Info on Diagnostic tracing in Operations Manager: http://support.microsoft.com/kb/942864

Hope this helps!

So finally I got around to writing up part two of this three part series on managing UNIX and Linux clients with Configuration Manager 2012 SP1, which is going to cover general client operations and inventory.

So first things first, as we’re talking UNIX and Linux management it’s important to recognise that much of the administration of these servers is done via remote command line, and for that reason we don’t supply any sort of client GUI like we do in the Windows world. This means that if you want to interact with the UNIX/Linux client you are going to need to do so via terminal / SSH.

Let’s get logging…

Before we kick off some typical client operations let have a look at where the client log files are located so you can watch how the client interacts with the system when you run commands.

/var/opt/microsoft/scxcm.log– This log file records both installation (think ccmsetup.log in the Windows equivalent world) and operational information (almost everything in %windir%\CCM\Logs). If you’re troubleshooting UNIX/Linux client operations then you are going to become familiar with this log file.

/opt/microsoft/nanowbem/scxcmprovider.log– This is the CIM service log file (nanowbem.bin) which captures the CIM service operations. While useful for troubleshooting purposes, you shouldn’t find yourself venturing in here too much.

By default the logging level for both log files are only going to parse error messages, which for the provider log file is probably enough, however you might find yourself needing more verbose information if you’re troubleshooting client operations with scxcm.log. The following log levels are supported;

• ERROR: Indicates problems that require attention.
• WARNING: Indicates possible problems for the client operations.
• INFO: More detailed logging that indicates the status of various events on the client.
• TRACE: Verbose logging that is typically used to diagnose problems. [NOTE This trace level is only supported for scxcm.log]
(Ref; http://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_LogFilesforLnU)

To turn it up we need to edit the config file /opt/microsoft/configmgr/etc/scxcm.conf

If you open the config file with vi (or whatever your favourite text editor is ) you’ll see its pretty simple;

FILE (
PATH: /var/opt/microsoft/scxcm.log
MODULE: ERROR
MODULE: scx.client ERROR
)

To change the logging level just change all instances of the MODULE tag to your desired level. So for example to turn on maximum logging your scxcm.conf file would look like the following;

FILE (
PATH: /var/opt/microsoft/scxcm.log
MODULE: TRACE
MODULE: scx.client TRACE
)

Just remember that when you turn verbose (TRACE) logging on, there’s going to be a lot of data captured in the scxcm.log file (especially when you consider how many log files we have in the Windows client world, compared to just one here that captures everything including installation). As we don’t perform any automatic log truncation it’s really important to make sure these logs file are maintained as part of your standard log rotation process.

The config file also gives you the option to set the log file path by setting the PATH tag. Additionally, just for the record right now there is no supported method of parsing log messages to syslog.

Where’s my machine policy refresh action?

Now we’ve got logging turned up, let’s get onto managing the client. If you are familiar with ConfigMgr then you are familiar with the Machine Policy Refresh action on clients. To perform this from the UNIX/Linux client, execute the following command;

/opt/microsoft/configmgr/bin/ccmexec -rs policy

If you tail the scxcm.log file (tail –f /var/opt/microsoft/scxcm.log) you’ll see the same order of actions that you are used to with the Windows client, i.e. policy agent contacting the MP and downloading the policy, then policy evaluator coming to life and evaluating the policy.

In part 3 of this series, when walking through software distribution we will actually step through the log file and see how things compare to a Windows client.

Hardware Inventory

Hardware inventory (including installed software) is supported by the Configuration Manager 2012 SP1 client for UNIX and Linux. As already covered, we deploy the nanowbem CIM server along with the client to give WMI like functionality on your Linux/UNIX system. This means we can use the same inventory tables as Windows clients and all classes/properties are mapped to windows equivalents (e.g. Win32_ComputerSystem = SCXCM_ComputerSystem).

In terms of functionality nothing is really different from the Windows client world;

- The inventory collection cycle is defined using client settings
- You can view inventory data for UNIX/Linux clients using Resource Explorer or SQL Reporting
- You can turn classes and properties on and off using client settings
- Both full and delta inventory scans are performed
 
To trigger an inventory scan from a client run the following command;

/opt/microsoft/configmgr/bin/ccmexec -rs hinv

If you look at the scxcm.log you will see the inventory agent kick into life and start querying the local CIM “database”.

What’s different is how we actually store inventory data on the UNIX/Linux client. In the Windows world we are typically querying WMI for inventory data, whereas the UNIX/Linux client stores its inventory data in a series of XML files. You can view the default classes by directory listing /opt/microsoft/configmgr/root/cimv. If you were tailing the log file when you ran your machine policy refresh you may have noticed the references to these folders.

If we take a look at Win32_ComputerSystem.xml using less for example (do not modify these files), you can see all the properties we are capturing from our local system. The xml files list all available properties for a particular class, but only properties containing a value are returned back to the database.

If you want to view inventory data on the client locally, you can use the nwcli utility to query the “WMI database”. For example, to view the SCXCM_ComputerSystem class I could run the following from a terminal;

/opt/microsoft/nanowbem/bin/nwcli ei root/cimv2 SCXCM_ComputerSystem

(ei = enumerate instances, followed by namespace, followed by class)

Which would produce the following output;

instance of SCXCM_ComputerSystem
{
    Caption=suse11rtm
    Description=AT/AT COMPATIBLE
    [Key] Name=suse11rtm
    [Key] CreationClassName=SCXCM_ComputerSystem
    WakeUpType=6
    AutomaticResetCapability=false
    CurrentTimeZone=60
    ResetCount=-1
    ResetLimit=-1
    DNSHostName=suse11rtm
    Domain=
    Manufacturer=Microsoft Corporation
    Model=Virtual Machine
    SystemType=x64
    BootOptionOnLimit=1
    BootOptionOnWatchDog=1
    ChassisBootupState=3
    PowerSupplyState=3
    ThermalState=1
    NumberOfProcessors=1
    NumberOfLogicalProcessors=1
    TotalPhysicalMemory=1969881088
}

If you are interested in capturing custom data, I will talk about extending inventory in another blog post coming soon.

Client Setting Considerations

Before closing out I just wanted to call out something I recommend to my customers currently managing, or looking to manage, UNIX and Linux clients with Configuration Manager 2012 SP1 – Client Settings!
Consider creating a separate set of Client Settings for your UNIX and Linux clients, with attention on the following;

- No user policy is processed by the UNIX/Linux client so you can turn this setting off
- Power Management policies are not supported so you can turn these off
- Software Metering is not supported and so can be turned off
- If you extend inventory you can be sure that you are only targeting the correct systems with the new classes (and you may even have distribution specific classes and so may want to have distribution specific client settings!)

So that brings me to the end of Part 2, covering operations and inventory. Part 3 will cover Software Distribution and will look at what options are supported and how to trace software distribution through the log files!

Lists in Service Manager are those drop-down lists which you see on forms. For example, the Incident Category list which you'll see when you open an Incident. It's pretty easy to go and edit existing lists from the Service Manager console, from the Library section – this allows you to add to, or alter those lists which come out-of-the-box.

When you want to go ahead and create your own list, things get a little tricky. The Service Manager Authoring tool allow you to create a list, but you'll only ever to be able use it on stuff in that Management Pack.

For example, I open up the Authoring Tool and extend the Incident Class with a new List called "Locations". This will allow me to have a drop-down list of the incident form which has the locations of my offices.

This works well, but if I wanted to have the same functionality on my SR, CR, PR forms, then I'm faced with two options:

• Create and maintain 4 separate location lists. (Incident Location, Service Request Location, etc.). This is obviously an overhead I don't want to have.
• Create a single Management Pack which has all of the SR, CR, PR and IR customizations in. Yes it will work, but it would be a real pain to maintain later.

What we want to be able to do is create a list called "Locations" and re-use that single list across all my Management Packs. I'd only have to maintain that single list, and I could use it everywhere. This is where the SCSMListMaker utility comes in. Up until now, this has only been possible by writing the raw XML yourself. This tool aims to make that task a little easier!

The tool will generate the XML MP to define a custom list. This should run on any Windows machine with .net 4.

Step 1 – Download SCSM List Maker

Attached to this blog is a zip file, which contains the tool. Download & extract this.

Step 2- Build your List

Open up the Service Manager List Maker Tool. First off, click the "…" button to select where your output .xml file will be saved to.

Next, in the "List Internal Name" type in the name of your list. This has to contain only letters, numbers or full-stops (don't worry, it will stop you if it's wrong!).

To keep your list name unique, it's a good idea to name it ManagementPackName.ListName. In this example, I've called it MyLocationsMP.LocationList

As you type it in, it will populate the "List Display Name". This is the friendly-name of the list, which you'll see in the console from the Library area. Here, I've renamed mine to "My Locations":

Next up, click the "Add List" button. You'll see that the internal name is placed in the left list, and the display name on the right. You can add as many lists as you'd like to this MP, for example "My Locations" and "My Custom Status List".

Finally, you can edit the Version Number. Leave this as 1.0.0.0, unless you're replacing an old version of this MP. Once you're ready to go, click the "Make Management Pack!" button:

Step 3 – Seal it up!

Now, this has created your unsealed Management Pack (.xml) which contains your new list. As we want this list to be referenced from other Management Packs, we need to seal it. There are several ways to do this, but most of my customers like to use the friendly Service Manager Authoring Tool. There's PowerShell or command line alternatives out there if you prefer.

Install the Service Manager Authoring Tools if you haven't already done so, and open it up. The 2012 SP1 version is downloadable from http://www.microsoft.com/en-in/download/details.aspx?id=36214.

In the Authoring Tool, open up the Management Pack you created with the Service Manager List Maker. Right click the MP > Seal Management Pack. Follow the wizard to seal the MP with your key.

Step 4 – Import & populate your list

All you have to do now is open up the Service Manager console > Administration > Management Packs > Import Management Pack. Import your MP. Remember to import the sealed (.mp) file, not the unsealed (.xml) file!

Once imported, you'll be able to see your list from Library > Lists. At the moment, it's just an empty list, we'll have to populate it with data now. To do this, go to Library > Lists > Find your list & click Properties.

When you click 'Add Item' the first time, it will ask you where you want to store you values. This is because our list is stored in a Sealed MP which can't be changed. This will now create an unsealed MP to store the values of the list in. Here, I followed the wizard to create a new unsealed MP called "My Locations Value MP". This means if I want to move the MP, or back it up, the sealed MP will contain the list definition, and the unsealed one will have the values.

I just finish the list by adding more items to the list:

Step 5 – Author with it!

So your list is imported into Service Manager and working a treat. At this point, you may want to use the list to add it into the Incident class, or a Configuration Item. To do this, we'll have to copy your sealed Management Pack to the Authoring Tool Library.

Find where your Service Manager Authoring Tool is installed to, by default it's at: C:\Program Files (x86)\Microsoft System Center 2012\Service Manager Authoring\Library. Copy your sealed MP into this folder.

Now, open up the Authoring Tool & Create a new MP. In this example, I'll extend the Incident Class with my location list, and add it to the form.

In the class browser part of the Authoring tool, find the Incident Class. Right Click > View:

Now, right click the Incident Class & select "Extend Class". A warning will pop up, saying you can't edit a sealed MP. Click OK, to save the customisation in your MP.

Next, click the "Create Property" button. Give it a name, like "LocationList" and click Create. In the "Details" window of the LocationList, change this from Data Type string, to List.

In the pop-up window, you can now select your list! Click OK. At this point, the Incident class is extended with your list. It will match up with whatever contents you've added in.

Finally, you'll probably want to extend the incident form. There's examples of how to do this in the Authoring tool at http://blogs.technet.com/b/robdavies/archive/2012/08/28/displaying-incidents-by-location-option-2.aspx.

Please use the comments to report any bugs, and I'll take a look!

ConfigMgr 2012 Client Cache – Part 1: Overview

I’ve been asked a few times lately about how the Client Cache works in Configuration Manager, where is it, what size it should be set to, how it behaves etc. so I thought that maybe it was time for a blog!

I’m intending for this to be split into two parts:

1 – Overview

2 – Enumerating the Client Cache

What is it, where is it, and how big is it?

Essentially the client cache is a temporary download location for software, applications and software updates that are deployed to a client. By default the client cache is located %windir%\ccmcache but you do have the option of changing this at install time by using the SMSCACHEDIR parameter e.g. CCMSetup.exe SMSCACHEDIR=C:\Temp.

By default the cache size is 5120 MB, but again we can change this by using the SMSCACHESIZE parameter at install time e.g. CCMSetup.exe SMSCACHESIZE=10240. This would install the client with a cache size of 10GB.  You can also change these settings post install either directly on the client itself using the Control Panel applet (See below), or for larger scale changes, by deploying a script.

Determining the size of the cache

So, what determines how big the cache should be, and what do I have to bear in mind when I set the cache size? Essentially, you need to ensure that your cache size is larger than any deployment you are going to send to a client.  Software updates also use the client cache, but software updates are NOT restricted by the cache size and will always attempt to download to the cache

If the client attempts to download content that is greater than the size of the cache, the deployment will fail due to insufficient cache size and Configuration Manager generates a status message with the ID of 10050.

If the client attempts to download content that is less than the size of the cache but the cache is currently full, all required deployments keep retrying until the cache space is available, until the download times out, or until the retry limit is reached for the cache space failure. If the cache size is increased later, the Configuration Manager client attempts to download the package again during the next retry interval. The client tries to download the content every four hours until it has tried 18 times.

If the cache size is increased later, the behaviour of required programs and required applications are different. A required program will not automatically retry to download, you need to redeploy the content. As Applications are state-based, the client will automatically retry the download when it next receives client policy

Bear in mind that if there are required dependencies on an application, these will also be downloaded as part of a deployment.  So actual total cache cost of application = Application + Dependencies

Cache Maintenance

So, does the cache actually maintain itself?  Well, content remains in the cache for at least 24 hours, after that time it’s available to be overwritten by new content if it requires the space. If you configure your packages to persist content in the client cache, the client will not automatically delete the package/overwrite content in the cache. If the client cache space is used by packages that have been downloaded within the last 24 hours and the client must download new packages, you can either increase the client cache size or choose the delete option within the control panel applet of the client to delete contents of the cache. (See screenshot above)

So, that’s it for Part 1, an overview of the cache, the way it behaves, and how it’s maintained.  For Part 2 we’ll look at how we can enumerate the client cache and pull back some more information on it back into Configuration Manager, so that we can then report on it.

All Configuration Items in Service Manager have an "Asset Status" list available. If you've created a custom configuration item using the Authoring Tool, you'll notice that you automatically inherit this drop down list.    

This is the same list which is at the bottom of the Windows Computer form under "CI information":    

This list is useful as you'll have a single status list to use, which is common across all of your Configuration Items.

The problem comes when you ask "how to I edit this list?". Typically, lists in Service Manager are edited through the console, via Library > Lists. If you look in here, you'll see that the Asset Status list is not exposed thorough here – therefore, there is no way for you to change the list values easily.

This is because this list is contained in a sealed Management Pack (System.Library). You can only make changes to unsealed Management Packs, unless you're the author of the signed MP.

The attached Management Pack to this blog, demonstrates how to do two things:

• Change the display name of items in the Asset Status List
• Add new items to the Asset Status List

First, download the attached "Custom.AssetStatus.List.xml" to this blog. We'll look at the following things:

Altering items in the list:

The attached Management Pack references the existing items in the Asset Status lists, and simply overwrites the display of the existing items. All you have to do is edit the highlighted text, to whatever you want:

So if I wanted to change "Undefined" to "No Applicable", I can simply edit the highlighted above & Import the Management Pack. You can do this for each of the out-of-the-box items in this list. Simple!

Adding items to the list:

We can edit this XML to add new item in. Included in the attached MP is a new item in the list "On Loan".

To the XML, add in a new EnumerationValue line, with a new ID value. In the picture below, I've added OnLoan. This is an internal name, and must contain only letters & Full stops.

For example, if you wanted to add in a status of "New", you could copy & paste the EnumerationValue line, and simply change it to System.ConfigItem.AssetStatusEnum.New.

Next, with a new item, we have to give it a display name. Here, I've included the Display String for OnLoan:

The ElementID needs to match your EnumerationValue ID. The Name & Description can then say anything you like!

Do this for each of the new items you want to add & Import your Management Pack. There's no need to seal this one, as nothing should need to refer to this directly.

Reviewing the list:

The two lines of XML in the Categories section will force the Asset Status list to be visible in the SCSM console under Library > Lists.

NOTE: You will not be able to edit the list at all from the SCSM console. You'll receive an error message, stating the list is defined in a sealed Management Pack. I've added the ability to see it in the console, simply so you can review the list contents easily.

If you want to remove this, to avoid confusion, simply remove the two Category lines in the above XML.

Please note: this is not tested, or supported. It's supplied as-is as a demonstration only.

For those of you that have been willing to have the first final released version of this MP your time has come last Friday (when it was released and being published two days ago). J

You could get the Windows Azure SQL Database Management Pack for System Center 2012 version 1.5.4.0 from here.

It enables you to monitor the availability and performance of applications that are running on Windows Azure SQL Database however bear in mind that it's only supported in SCOM 2012.

My two cents will be:

In case you also didn't know yet; there is a new MPViewer v2.3 available here (Thanks go to Daniele Muscetta)

With it you can now have a look over this or other SCOM 2012 MP files.

It's always interesting to have an insight beforehand over what an MP does, specially the discoveries right? J

Enjoy!

Leigh Simmonds, a fellow UK System Center PFE, has written an excellent blog post introducing System Center Virtual Machine Manager SP1 over at our Premier UK blog;

http://blogs.technet.com/b/mspremuk/archive/2013/05/15/system-center-2012-virtual-machine-manager-sp1.aspx

Recommended reading for those interested in building their own private cloud!

Scenario:

After setting up your SCOM 2012 Management Group you later on decide to define a custom and friendly FQDN name for your SCOM Web Console to connect to it instead of to the server name where it is actually running.

You think you have done everything right… but… Boom!!! You get the following alert in the console:

And then you may say… WHAT???

Yeah it could end up happening…

I could imagine that someone out there may be struggling a bit with this issue so with this post I hope to provide some help on how to fix it and more importantly some easy ways of troubleshooting this things.

Additionally this is a very good sample scenario to show the real benefit of a new feature in SCOM 2012: The On-Demand Discoveries!

Hope you enjoy!

Starting briefly by what you most probably have configured

You went to DNS and defined your custom ALIAS:

You went to IIS Manager and you defined your Bindings appropriately:

You event went to the SCOM Console and you defined the Web Console address:

After all that you even tested the Web Console:

You feel proud of yourself because you did a good job.

Nice one!

HOWEVER…

Even though everything seemed to be working fine you experience the alert I've mentioned above.

Just to recap:

Looking into the alert properties (in the Alert Context tab) you see that it is actually testing something else:

And then you may say again… WHAT???

And you may think: SCOM it's not working properly!!!

Well… to be honest… kind of… anyway; bottom line it's actually a custom setting right?

Let me explain you …

How to troubleshoot this?

Open the SCOM Console and click the Monitoring button. Then select Discovered Inventory on the navigation pane.

Then right-click the results pane in the middle, type in as shown, and select Web Console Watcher.

You'll see the red state for the instances of that class and see that the Web Console URL is incorrect:

Now that we have a clue, from where this data comes from?

Check Object Discovery

Click on the Authoring button and on the navigation pane select Object Discoveries.

Scope your console to just the Web Console Watcher class:

And select the rule as shown:

Right-click it, open its properties and select the Configuration tab:

Now you can see that the data is actually coming from the registry on your Web Console Server.

Checking that you see (below) that the URL's are incorrect (not only the Web Console but the AppAdvisor and AppDiagnostics consoles as well, the last two are related to Application Performance Monitoring for those who didn't know yet…).

How to Fix it?

Update all three values accordingly:

Well done! That's it.

BUT…

You may ask: Based on the Discovery rule configuration now I have to wait 1 day??

No!

How to get this done and showing as fixed? … By triggering a SCOM 2012 On-Demand Discovery

… will be indeed the easiest and quickest way!

To do it, open a SCOM Powershell console and run the following (remember we saw the discovery name earlier on…):

Get-SCOMDiscovery | where {$_.DisplayName -eq 'Discovery rule that populates Web console watchers'}

Take note of the Id value. Which was a101fce3-925e-24d5-d430-0b32aa6b1433 as you can see on the screenshot above.

Then click the Monitoring button and select Management Servers State on the Navigation Pane:

Then select the server as shown and click Trigger On Demand Discovery:

Select the DiscoveryId parameter and click override:

Type in the new value as shown:

Click Override and the Run.

Wait for it to complete:

Going back to Discovered Inventory you may still see the Web Console Watcher as unhealthy although the URL could be already updated as shown:

After a few moments the monitor is kicked and you should see the Watcher finally Healthy:

YAY!

Hi All,

We made some major announcements at TechEd North America 2013 around System Center 2012 R2 & Windows Server 2012 R2. Based on that, I thought I would share the following list of Windows Server 2012 R2 and System Center 2012 R2 content with you. This is basically I list I built for the team internally but I think it might be of some benefit for y'all to view.

Channel 9 Apps

         Events App (Windows 8 and Windows Phone, good for viewing schedules – plus other platforms): http://channel9.msdn.com/Blogs/TechEd/Stay-Connected-with-the-Ch9-Events-App#fbid=-Z_200XYHZt

         Windows 8 Channel 9 app (allows viewing videos on Windows 8 and RT after TechEd): http://apps.microsoft.com/windows/app/channel-9/29b1eeb0-9d70-482d-9bcb-291014cb9fb1

Windows Server 2012 R2 sessions

         Intros/What's New:

o   Introduction to Windows Server 2012 R2

o   Hyper-V - What's New in Windows Server 2012 R2

o   What's New in Windows Server 2012 R2 Networking

o   Internet Information Services: What's New in Window Server 2012 R2

o   Storage Spaces: What's New in Windows Server 2012 R2

o   Storage and Availability Improvements in Windows Server 2012 R2

         Depth Content and Scenarios:

o   Virtualization

  Upgrading Your Private Cloud with Windows Server 2012 R2

  Enhancements with Window Server 2012 R2 Hyper-v Replica

  Building Hosted Clouds Using Windows Server 2012 R2

o   Storage

  Storage Changes in Windows Server 2012 R2

  Windows Server 2012 R2: Enabling Windows Server Work Folders

  Deploying Windows Server 2012 R2 File Services for Exceptional $/IOPS

o   Networking

  Deep Dive on Hyper-V Network Virtualization in Windows Server 2012 R2

  Network Automation Using Window Server 2012 R2 IPAM

  Networking for Cloud Services in Windows Server 2012 R2

o   Availability

  Continuous Availability: Deploying and Managing Clusters Using Windows Server 2012 R2

  Windows Server 2012 R2 Clustering

o   Desired State Configuration with Windows Server 2012 R2

System Center 2012 R2 sessions

         Introduction to System Center 2012 R2

         Configuration Manager & Intune

o   Microsoft System Center 2012 SP1 - Configuration Manager Overview (Actually includes R2 content )

o   What's New in Infrastructure: Microsoft System Center 2012 SP1 - Configuration Manager… (Actually includes R2 content)

o   What's New with Microsoft Deployment Toolkit 2012 Update 1 (Include MDT 2013 info)

o   Windows Intune Overview (Includes R2 and Intune changes)

o   Deploying and Configuring Mobile Device Management Infrastructure with Microsoft System Center 2012… (Includes R2 content)

o   Application Delivery with Microsoft System Center 2012 SP1 - Configuration Manager and Windows Intune (includes R2 content towards the end)

o   Unified Modern Device Management with Microsoft System Center 2012 SP1 - Configuration Manager… (Includes R2 content)

         Data Protection Manager

o   Automate Private Cloud Protection and Recovery with Microsoft System Center 2012 - Data Protection…

         Operations Manager

o   Microsoft System Center 2012 SP1 - Operations Manager: Overview and What's New (Yes, this includes R2 content as well)

         Orchestrator

o   Microsoft System Center 2012 R2 Automation

         Virtual Machine Manager:

o   What's New in Microsoft System Center 2012 R2 - Virtual Machine Manager

o   Building Cloud Services with Windows Server 2012 R2, Microsoft System Center 2012 R2 and the Windows…

o   Everything You Need to Know about the Software Defined Networking Solution from Microsoft

Windows 8.1 sessions

         What's New in Windows 8.1 Security: Overview (repeats on 6/4 at 5 pm)

         What's New in Windows 8.1 Security: Modern Access Control Deep Dive

The ConfigMgr product team has just released an update to the Unix/Linux client.  This update adds support for AIX, HP-UX, Solaris 11, CentOS, Debian, Oracle Linux and Ubuntu.  It also introduces a new common Open Management Infrastructure CIM server (OMI version 1.0.6.5), along with simplified common universal agent for cross distro support in Linux and various other minor updates.  The new agents can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=36212.

The Support Configuration for Configuration Manager has been updated to reflect the changes, and lists the specific versions of each distribution supported: http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigLnUClientReq

The Linux/Unix client product documentation on TechNet has also been updated to reflect the release of the update agent:

http://technet.microsoft.com/en-us/library/jj573947.aspx

http://technet.microsoft.com/en-us/library/jj573941.aspx

http://technet.microsoft.com/en-us/library/jj573937.aspx

There is also a new excellent section of documentation that explains how to extend hardware inventory: http://technet.microsoft.com/en-us/library/jj573945.aspx. (warning this is straightforward, if you're a *nix admin :-) and does require some significant knowledge of OMI but links are provided to their documentation).

At least we can now say ConfigMgr supports the same *nix distros as OpsMgr. ;)

ConfigMgr 2012 uses SQL Server Reporting Services as its reporting engine and this is great because it really improves the control and extensibility you have over your reports, but it can be a little daunting for newcomers to the product. 

So a quick one from me today covering a very common reporting question I get from customers – “how do we pass parameters to reports like we used to in SMS/SCCM 2007 ASP reporting?” A typical scenario for doing this is that customers want to link ConfigMgr reports with other BAU reporting tools to give end users the complete environment picture.

An easy and recent example I had of this was a customer who wanted to recreate the link in their asset portal, so when a member of staff clicked the computer name they were taken to a page that listed installed software on that machine.

1. Identify the report you want to pass parameters to on the fly
    
2. Get a list of parameters used by this report. There are two ways to do this;
   
   1. Using the reporting portal locate the report you are looking for, in our case Software registered in Add Remove Programs on a specific computer, open the drop down menu and select Manage from the list of options
      
      
      
      Select the Parameters tab on the left hand menu and inspect the parameters available to use with this report. Remember to note down the parameter name and not the display text. 
      
       
      
   2. Using report builder open the report you are interested in and expand parameters from the left. The nice thing about doing this is you can actually look at where the report is pulling the particular parameter from
      
      
       
3. Finally now you have the parameter name, use the ReportServer link to the report and tag the parameter and value on the end to instantly build the report on the fly.
   
   In my case the report server URL for the report is: http://sp1rtm/ReportServer/Pages/ReportViewer.aspx?%2fConfigMgr_PR1%2fSoftware+-+Companies+and+Products%2fSoftware+registered+in+Add+Remove+Programs+on+a+specific+computer&rs:Command=Render
   
   With my parameter appended and an example value, it looks something like this: http://sp1rtm/ReportServer/Pages/ReportViewer.aspx?%2fConfigMgr_PR1%2fSoftware+-+Companies+and+Products%2fSoftware+registered+in+Add+Remove+Programs+on+a+specific+computer&rs:Command=Render&computername=SP1RTM
   
   Opening the above link automatically opens the report with the data for the device I was looking at.
   
   Meaning all my customer had to do was automatically add the computername variable to the end of the report URL and they could make sure of the SCCM reporting engine.
   
    

Let's say someone in your organisation changes their name for some reason. Let's also say that the same person is in your Service Manager CMDB. If that persons Active Directory username changes, then might not quite work as you'd expect – this is correct at the time of writing in System Center 2012 – Service Manager SP1 with Update Rollup 2.

In Contoso, we set AD usernames as FIRSTNAME.LASTNAME, so when somebody changes their name, we'll also alter their AD username to match.

Let's look at an example, Libby Owens. We can see her here in the Service Manager CMDB, as an AD User:

Opening up the user form, we can see her details, which were pulled from the Active Directory Connector, including the username, which is read-only.

Most importantly, we can see the relationships the user object has – relationships to work items like Incidents or Service Requests. We've also got relationships to Configuration items the user owns.

Now, our user goes ahead & changes her last name – as a result, we'll change her username in Active Directory:

Now, after the Active Directory Connector runs in Service Manager, we'll have two objects in the CMDB for Libby – one with her old name and another with her new.

So – why do we have two objects in Service Manager? They're still the same single object, with the same SID in Active Directory. This is because the user object in Service Manager has a key attribute of Domain + Username. Therefore, if the AD Username changes, we're going to have a different key and as a result, be a different Service Manager object. This is because user objects may be created from other sources, aside from AD.

So, going back to Service Manager, we can see the new user does not have any of the relationships – they're still on the 'old' object, before the name change:

This can also cause some confusing if you're searching for the user to add them on a new Incident:

We want to make sure that we get rid of the 'old' user object for Libby, so we use her new name from this point. However, if we simply delete the old User object from Service Manager, we'll lose all the relationship information – for example, if there are open Incidents, where the old user object is the affected user, that will be lost.

Therefore, what we want to do is move the relationships from the older user object to the new one, then delete the old object. There are a number of ways of doing this – manually through the console, Orchestrator, SDK, PowerShell, etc. In this blog, we're going to look at a PowerShell example. You may choose to trigger this manually, when somebody changes their username, or automate it through Orchestrator.

In this example, this PowerShell script will delete relationships from one user, and recreate them on the new one. The following relationship types are 'copied':

• Affected User
• Incident Closed by
• Work Item created by
• Work Item assigned to
• Work Item resolved
• Configuration Item Owned by

If you want to add, or remove other relationship types, you can easily edit the example script. This was intended to cover the most common relationships, which you see on the 'Related Items' tab.

After running the script successfully, you'll see the new user with the same related items as the old one:

The PowerShell script example is pasted below or downloadable from this blog. You can simply run it, supplying in the AD Usernames of the users to alter:

• oldADUser is the old username you want to copy the relationships from
• newADUser is the username where the relationships will be copied to

For example:

.\Move-Relationships.ps1 –oldADUser "Libby.Owens" –newADUser "Libby.Atkins"

After copying across these successfully, you can go ahead & delete the old user.

Note: You may have to change the directory, after the Import-Module command, depending on where Service Manager is installed.

[CmdletBinding()]
Param(
  [Parameter(Mandatory=$True,Position=1)]
   [string]$oldADUser,
 
   [Parameter(Mandatory=$True)]
   [string]$newADUser
)

if (!(Get-module System.Center.Service.Manager))
{
 #TODO: You may need to alter the location of the PowerShell Module:
 import-module 'C:\Program Files\Microsoft System Center 2012\Service Manager\PowerShell\System.Center.Service.Manager.psd1';
}

#Get the old and new user objects from the CMDB
$oldName = Get-SCClassInstance -Class (Get-SCClass -Name "System.Domain.User") -Filter "UserName -eq $oldADUser";
$newName = Get-SCClassInstance -Class (Get-SCClass -Name "System.Domain.User") -Filter "UserName -eq $newADUser";

#Get relationships targeted at the old user object
$relatedItems = Get-SCRelationshipInstance -TargetInstance $oldName;

foreach ($item in $relatedItems)
{
 #Figure out the type of each of those relationships & check against the list
 $relType = Get-SCRelationship -Id ($item.RelationshipId);
 if ($relType.Name -eq "System.WorkItem.TroubleTicketClosedByUser" -or
  $relType.Name -eq "System.WorkItemAffectedUser" -or
  $relType.Name -eq "System.WorkItemCreatedByUser" -or
  $relType.Name -eq "System.WorkItemAssignedToUser" -or
  $relType.Name -eq "System.WorkItem.TroubleTicketResolvedByUser" -or
  $relType.Name -eq "System.ConfigItemOwnedByUser")
 {
  #delete the old relationships & recreate them with the new user object
  Remove-SCSMRelationshipInstance -Instance $item;
  New-SCRelationshipInstance -RelationshipClass (Get-SCRelationship -Name $relType.Name) -Source $item.SourceObject -Target $newName;
 }
}

DISCLAIMER: THIS PROGRAM SOURCE CODE IS PROVIDED "AS IS" WITHOUT WARRANTY REPRESENTATION OR CONDITION OF ANY KIND EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO CONDITIONS OR OTHER TERMS OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. THE USER ASSUMES THE ENTIRE RISK AS TO THE ACCURACY AND THE USE OF THIS PROGRAM CODE OR RESULTING EXECUTABLE CODE

Hi All,

As hopefully most of you are aware we released KB article 2801987 for System Center 2012 Configuration Manager SP1. This update provides a new version of MicrosoftPolicyPlatformSetup.msi (a prerequisite for CI-related activities, in case you were wondering such as DCM, AppMgmt and so on). If you install 2801987 you won't need to install the Windows update provided in Security Advisory 2749655for Configuration Manager. I highlight this, because the Windows update addresses this generically for other products/updates rather than just Configuration Manager (or specifically MicrosoftPolicyPlatformSetup.msi).

That said, one thing that crops up is that the cert used to sign MicrosoftPolicyPlatformSetup.msi expires in March, 2013. Does this mean that you'll need a new hotfix in March this year to install the client because the cert expires then?

The answer is no, you won't have to install new hotfix in March, 2013 because of the cert expiring then.

Why? The reason for this is that the issue described in Security Advisory 2749655 and the hotfix 2801987 has to do not with the signing certificates themselves expiring but with the a missing timestamp. From 2749655:

Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This could cause compatibility issues between affected binaries and Microsoft Windows...

The timestamping extension to digital signatures basically allows a signature (and cert) to be marked as valid at the time of signing. That basically means that a certificate is valid until a certificate is revoked by the Certificate Authority (CA) or marked as untrusted. Timestamping allows those signatures and the binaries they sign to have an indefinite lifecycle, rather than an arbitrary limit. From Security Advisory Security Advisory 2749655:

How are timestamp Enhanced Key Usage (EKU) extensions used? 
Per RFC3280, timestamp Enhanced Key Usage (EKU) extensions are used to bind the hash of an object to a time. These signed statements show that a signature existed at a particular point in time. They are used in code integrity situations when the code signing certificate has expired, to verify that the signature was made before the certificate expired. For more information about certificate timestamps, see How Certificates Work and Windows Authenticode Portable Executable Signature Format.

Hopefully this helps to clarify things for this update!

Saud.

In Service Manager, out of the box, we have a view of Review Activities which you need to vote on.  However, if the RA has multiple reviewers, even if you've already voted, it'll stay in your list until the other folks have voted & the activity is completed.  This can make your view a little messy, and difficult to find what you have and have not already voted on. 

The steps below show you how to make a view which will only show Review Activities on which you need to vote.  As soon as you have voted, you'll no longer have the RA in the view. 

In the Service Manager console, go to Work Items > Activity Management > Right Click > Create Folder:

 Give the folder a name, for example “Custom Activity Views”.

Store this in a separate MP for views.  We don’t want this to be stored in another MP with lots of other stuff.

I clicked the ‘New’ button to create an MP Called “Contoso Custom Views”.  

When you’ve created your folder > Right Click > Create View.

 In your new view, give it a Name.

 Under Criteria, click the ‘Browse’ button.

In the drop-down list in the top-right, select Combination classes.

Search for “Review Activity (Advanced)” and select it.

In the criteria section:

-          On the left, select “Review Activity”. Under Available properties, select “Status” & click Add.

-          Set Status to ‘In Progress’

-          Expand “Review Activity” and select “Reviewers”.

-          Tick Decision & click Add.

-          Set Decision to “Not Yet Voted”.

The Criteria should now look like this screenshot:

 Finally, under the ‘Display’ section, simply select which columns you want to display and click OK.

Next, we want to export the Management Pack.  From the SCSM portal, go to Administration > Management Packs.

Find the Management Pack your view is stored in & Export it. 

Next, open up your Management Pack in Notepad, or an XML editor.

-          Search for your view name, so in my example, I’ll search for “My reviews to vote”

-          We want to find the DisplayString section with this text:

-          Make a note of the ID, so in this example View.02e062005ddf4f148754dead958ff93a

Now, search for your View ID in the MP XML.  We want to find the section which looks like <View ID=” View.02e062005ddf4f148754dead958ff93a”

 Now, find the <Expression> section within this view.

Within your <Expression> section, copy & paste in the yellow XML below.

<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpressionLeft>
<Property>$Context/Property[Type='CustomSystem_WorkItem_Activity_Library!System.WorkItem.Activity']/Status$</Property>
</ValueExpressionLeft>
<Operator>Equal</Operator>
<ValueExpressionRight>
<Value>{11fc3cef-15e5-bca4-dee0-9c1155ec8d83}</Value>
</ValueExpressionRight>
</SimpleExpression>
</Expression>
<Expression>
<In>
<GenericProperty Path="$Context/Path[Relationship='CustomSystem_WorkItem_Activity_Library!System.ReviewActivityHasReviewer']/Path[Relationship='CustomSystem_WorkItem_Activity_Library!System.ReviewerIsUser']$">Id</GenericProperty>
<Values>
<Token>[me]</Token>
<Token>[mygroups]</Token>
</Values>
</In>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpressionLeft>
<Property>$Context/Path[Relationship='CustomSystem_WorkItem_Activity_Library!System.ReviewActivityHasReviewer' TypeConstraint='CustomSystem_WorkItem_Activity_Library!System.Reviewer']/Property[Type='CustomSystem_WorkItem_Activity_Library!System.Reviewer']/Decision$</Property>
</ValueExpressionLeft>
<Operator>Equal</Operator>
<ValueExpressionRight>
<Value>{dae75d12-89ac-a8d8-4fe3-516c2a6a26f7}</Value>
</ValueExpressionRight>
</SimpleExpression>
</Expression>
</And>
</Expression>

Next, save your MP XML file.  Import your saved Management Pack into Service Manager.

After importing, close the SCSM console & re-open.

Your view should now only show Review Activities assigned to you, on which you’ve not yet voted.

Please note: If you edit this view from the console in the future, you will lose the manually entered XML to display the RA’s only assigned to [me]. 

If you make changes to the view in the UI, you’ll have to enter in the XML above again.

Enjoy!

This series of blogs aims to show administrators how to create daily reports summarising the health of Operations Manager using PowerShell. This should reduce the overheads required for daily health reviews of their system environments.

The third entry in the blog series explains how PowerShell can be used to extract information from Operations Manager to show the health state of agents and then output this onto an HTML page. Agent health is key to ensuring data is being received by Operations Manager to allow access to all Operations Manager options and functionality. Subsequent posts will build on this principle to allow more sophisticated system health reporting.

#Outputs header and formatting for agent health

$ReportOutput += "<br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

$ReportOutput += "<h6>Agent Health</h6>"

#Gets all agents that have an agent health state that is not green

$ReportOutput += "<h5>Agent Managed Health States which are not Green</h5>"

$Count = Get-SCOMAgent | where {$_.HealthState -ne "Success"} | Measure-Object

if($Count.Count -gt 0) {

                        $ReportOutput += Get-SCOMAgent | where {$_.HealthState -ne "Success"} | select Name,HealthState | ConvertTo-HTML

} else {

$ReportOutput += "<p><h4>Agent Managed Health State is Green.</h4></p>"

}

#Outputs header and formatting for unresponsive grey agents

$ReportOutput += "</br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

$ReportOutput += "<h5>Unresponsive Grey Agents</h5>"

#Gets all agents that are not available and in an unresponsive grey state

$AgentMonitoringClass = Get-SCOMClass -name "Microsoft.SystemCenter.Agent"

$Count = Get-SCOMClass -name "Microsoft.SystemCenter.Agent" | where {$_.IsAvailable -eq $false}  | Measure-Object

if($Count.Count -gt 0) {

                        $ReportOutput += Get-SCOMClassInstance -monitoringclass:$AgentMonitoringClass | where {$_.IsAvailable -eq $false} | select DisplayName | ConvertTo-HTML

} else {

$ReportOutput += "<p><h4>All Agents are Responsive.</h4></p>"

}

#Outputs header and formatting for Last 24 hours health watcher alerts

$ReportOutput += "</br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

$ReportOutput += "<h5>Last 24 Hours Health Watcher Alerts</h5>"

#Counts agent heartbeat failure within the last 24 hours

$targetdate = (get-date).AddDays(-1)

$Count = get-SCOMalert | where-object {($_.TimeRaised -gt $targetdate) -and ($_.Name -eq "Health Service Heartbeat Failure")} | group-object Name | Measure-Object

if($Count.Count -gt 0) {

                        $ReportOutput += get-SCOMalert | where-object {($_.TimeRaised -gt $targetdate) -and ($_.Name -eq "Health Service Heartbeat Failure")} | group-object Name | Select count,name | sort-object count -descending | ConvertTo-HTML

} else {

$ReportOutput += "<p><h4>No Health Service Heartbeat Failures Recieved.</h4></p>"  

}

#Outputs header and formatting for agents in pending state

$ReportOutput += "</br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

$ReportOutput += "<h5>Agents in Pending State</h5>"

#Checks if any agents are currently pending approval

$Count = Get-SCOMPendingManagement | sort AgentPendingActionType  | Measure-Object

if($Count.Count -gt 0) {

                        $ReportOutput += Get-SCOMPendingManagement | sort AgentPendingActionType | select AgentName,ManagementServerName,AgentPendingActionType | ConvertTo-HTML

} else {

$ReportOutput += "<p><h4>No Agents are Pending Approval.</h4></p>" 

}

#Outputs header and formatting for Agent Load Balancing

$ReportOutput += "</br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

$ReportOutput += "<h5>Agent Load Balancing</h5>"

#Checks agent load balancing over System Center – Operations Manager 2012

$ReportOutput += get-SCOMagent | sort Name | Group PrimaryManagementServerName -Noelement | sort Name | Select Count,Name | ConvertTo-HTML

#Outputs header and formatting for agent patch list

$ReportOutput += "</br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

$ReportOutput += "<h5>Agent Patch List</h5>"

#Queries SQL operations database and counts current agent patch levels 

$SqlConnection = New-Object System.Data.SqlClient.SqlConnection

$SqlConnection.ConnectionString = "Server=$OpsDatabaseSQLServer;Database=$OpsDatabaseName;Integrated Security=True"

$SqlCmd = New-Object System.Data.SqlClient.SqlCommand

$SqlCmd.CommandText = "select COUNT (hs.patchlist) AS 'Count' , hs.patchlist AS 'Patch_Level'  from MT_HealthService hs

GROUP BY Patchlist

"

$SqlCmd.Connection = $SqlConnection

 $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter

 $SqlAdapter.SelectCommand = $SqlCmd

 $DataSet = New-Object System.Data.DataSet

 $SqlAdapter.Fill($DataSet)

 $SqlConnection.Close()

 $OpsAgentPatchSQLQuery = $dataSet.Tables[0].rows | Select-Object Count , Patch_Level

 $ReportOutput += $OpsAgentPatchSQLQuery | ConvertTo-HTML

#Outputs line for end of report format purposes

$ReportOutput += "</br>"

$ReportOutput += "<hr size=4 width=50% align=left>"

Now run using the command from the previous blog to start the script, replacing parameters as required, as illustrated in this example:

PowerShell.exe Daily-Report.ps1 MSServerName c:\scripts Daily-Report.htm

This will produce a report similar to the below :

This is a really quick post to get a useful resource out into the Opsmanosphere.

Back in OpsMgr 2007 days, one of the assets I carried with me everywhere was Daniele's OpsMgrEventIDs spreadsheet. Daniele does a good job of explaining usage of a spreadsheet like this. I would use this day in day out to decipher OpsMgr environments, or use as a look up for questions stating EventIDs but no other information e.g. Source, description. It's also very useful when breaking down the top events collected by OpsMgr.

The tool used to extract this event log information is Event Log Explorer.