SCOM / SCSM – Retrieve Decrypted RunAs Account Credentials

password-ftr

I am not sure if you have seen it, but Richard Warren from nccgroup has figured out, how to decrypt the RunAs account credentials in SCOM. The problem up to now was, that there was no official way to retrieve the encrypted credentials from SCOM. There is just one DLL to use, which offers the decrypt method. He has written a EXE and a PowerShell script on Github . I know there are always two sides of the medal. In this case an evil and a good way of using this knowledge. I think I don’t have to talk about the evil way, instead I would like to talk about its benefit.

Richard Warren has used it for SCOM RunAs accounts, but if you think about it Service Manager (SCSM), which is based on the same framework, therefore I was curious if this approach also works for SCSM. In fact it did! Why is this awesome? Well, think about it. We are able to “securely” store credentials in SCSM (or SCOM) using RunAs accounts. Now we are able to retrieve those credentials easily. Because I do a lot of automation in SCSM using service requests and itnetX PowerShell activities I always had some trouble to store credentials in a save manner. There are many ways to do so, like exporting the credentials into XML (Export-CliXML) , using certificates , encrypting the credentials using a key and store it somewhere like here or maybe you could store the credentials in SMA and retrieve it using PowerShell. Whatever method you are going to use, you will end up with more or less problems. The best approach would be, to store the credentials on the system where you need it (SCSM) and the SCSM administrator can manage these accounts without to dig into PowerShell code or certificates etc. Therefore RunAs accounts are a perfect way for storing credentials.

Because of that, I have used Richard’s sample, modified the code a bit to be able to use it on SCOM and SCSM and also return proper output. The PowerShell module will return the a credential hash table. You need to execute the module on the SCOM or SCSM management server and the only parameter you need to provide is the SCOM RunAs account display name like in this example.

In SCOM the RunAs account looks like this…

image

…and if you use the PowerShell module it works like this…

image

You can download the module from PowerShell Gallery . Be aware of the fact, that you need permission to access the database and management server.

Continue reading

SCOM – Extensible Network Monitoring Management Pack Generator Tool

image

Microsoft just released the Extensible Network Monitoring Management Pack Generator tool which allows you to build custom SNMP management packs. In my previous post SCOM 2016 TP5 I have written a post about the prototype of this tool which was command line driven. I addressed some missing parts like a GUI, custom SNMP components and handling more complex SNMP values. Guess what?! Microsoft listened and released a GUI based (and also a command line based) tool to create your own SNMP management packs..

Both tool have the following features:

  1. SNMP_MPGenerator tool has an inbuilt MIB browser. Users can load MIB files, search through the Object Identifiers (OIDs) of the component they wish to add workflows for and create rules and monitors.
  2. Users can add monitors and rules for device components such as Processor, Memory, Fan, Temperature Sensor, Power Supply, Voltage Sensor and Custom device components.
  3. This tool would also support custom devices in addition to already supported devices like Switch, Router, Firewall and Load Balancer.
  4. Users can define monitors and rules for multiple devices in a single project file and generate a single Management Pack for all of their devices.
  5. As mentioned above, this tool would also include the command line executive NetMonMPGenerator.exe for users who wish to generate MP through command line interface.

The tool is free and comes with a detailed documentation how to build an MP. I just have clicked through the tool and it seems to be very self-explaining. The GUI has basically two parts, the MIB browser which let’s you import MIBs and browse/search through the MIB tree and the editor part were you can add components, rules and monitors. The MIB browser is just for finding the proper OID for each component and then you are able to copy/paste the value to the proper place in the editor. For the command line tool you need to configure a XML file as input.

I think it is a very nice approach and let’s see how it will perform in some upcoming projects download the tool here.

SCOM 2016 – Network Monitoring MP Generator Tool

SNMP

In one of my previous posts, I covered SCOM 2016 TP5 – What’s New and one of the topics mentioned was, that Microsoft will provide a tool to generate SNMP management packs. A what? Ok, let me explain. You are able to monitor network devices via SNMP. Well this is no magic and pretty common these days. SCOM 2012 provided a new rebuild SNMP stack for monitoring network devices. The magic was / is, that you just need to discover the device and SCOM will take care of the rest, meaning it will discover model, type, cpu, memory, network traffic and a lot more. There is just one problem, because there are so many devices available, SCOM cannot support all devices to the same level. What does that mean? There are “Certified” devices for SCOM which will be monitored very deeply and there are “Generic” devices which are just monitored in a less deep way.

  1. Basic Monitoring – This includes “Availability Monitoring” and “Port/Interface monitoring” for all network devices that have implemented the interface MIB (RFC 2863) and MIB-II (RFC 1213) standards.
  2. Extended Monitoring – This includes monitoring Processor and Memory components of the network device. This level of monitoring is currently available only for network devices certified by Microsoft, as those components could be discovered and monitored mostly through private MIBs.

As you can see there will be missing information depending on the device support. To close this gap, Microsoft created a command line tool to generate a management pack which will monitor these missing things.In this example here, I will kind “abuse” this tool to monitor a Windows Server via SNMP. Because I don’t have a network device and I want to do a bit more advanced stuff we will create a SNMP MP for a Windows Server 2012 R2. Some of you SCOM guys will now yell at me – “That is not possible, because you cannot discover Windows Servers via SNMP in SCOM!”. Of course it is!

How does this Network Monitoring MP Generator Tool work at a high level view? Well, basically you provide an OID (Object Identifier) for the target, an OID for the value you want to monitor and then you need to set thresholds for triggering alerts. That’s it, the tool itself will create all necessary information in the background. So let’s start, first we prepare our target server for monitoring…

Step 1 – Install SNMP service

On your Windows Server go to Add Roles and Features wizard and select SNMP Service in the Feature section, it will look like this…

2

After you installed the SNMP service, open the Services MMC and open the SNMP service, select the Security tab and configure the SNMP settings like below, in this example I will provide a read-only community string public

3

So, now we are able to query our Windows Server with the “password” / community string public and getting all the SNMP information.

Continue reading

Azure Automation – ISE Add-On Editing Runbooks

image

Well it has been a while since last post, because there is a lot going on in my private life as also in my job. But now some “tasks” are completed and I will have more time for community work again. Microsoft product machinery is running at high speed in all areas. One tool I really appreciate is the ISE add-On for Azure Automation. I have written quite a lot of runbooks in the past for SMA using regular ISE and Visual Studio but a tool for writing runbooks which integrates into the SMA environment is missing. This add-On integrates seamlessly into your ISE environment and lets you write runbooks for Azure Automation in different flavors like regular PowerShell scripts and PowerShell workflows and executes them using Azure Automation. As a target you are able to choose either Azure itself or a Hybrid Worker Group. Joe Levy (PM Azure Automation) has already written a post about this add-on. I would like to dive a bit more into this.

How does it look like?

As you can see it seamlessly integrates into ISE…

image

Continue reading

Quick Post – Influence SCOM vNext Features aka “SCOM Wish List”

Wish list

It is not quite Christmas yet but you are right now allowed to submit your wish list for SCOM features and improvements! The SCOM product team opened yesterday a feedback form for submitting any ideas for SCOM vNext. There might be things you are missing, things you hate how they work or you just have seen things in other monitoring tools you would like to have in SCOM. Now is the time to let Microsoft know WHAT YOU WANT! YES! YOU! Don’t complain about SCOM, help to improve it and bring SCOM to the next level.

You can find the “wish list” here http://systemcenterom.uservoice.com/forums/293064-general-operations-manager-feedback .

I also submitted a couple of improvements and you might want to vote for them http://systemcenterom.uservoice.com/users/95583468-stefan-roth .

Nothing in life is perfect, but we can help to make SCOM almost perfect!

SCOM 2012 R2 Technical Preview 2 – What’s New?

image

Few days ago Microsoft released the technical preview of it’s Windows Server and System Center stack. One thing I am very interested in is SCOM, if there is anything new.

If you download SCOM in comes on a pre-configured VHD including the latest Windows Server (2016) TP2, SQL Server 2014 and SCOM 2012 R2 TP2. So there is no extra configuration necessary and you can start testing right away.

So what’s new?

Continue reading

System Center – RSS Feeds Collection

It doesn’t matter If you are new to the System Center stack or if you have been working many years in the System Center field, we all share the same problem. How are we keeping up with this massive amount of information dropping in every single day? There are so many excellent sources out there but you have to find it and get informed if there is a new article or blog post.

I think staying up-to-date is essential for must of us, especially if you are working as a consultant. So, how are we staying ahead? Well, I like Twitter very much when it comes to interact with the community and getting information immediately. In my opinion Twitter is the fastest source for getting information almost in real-time.

One other source which everyone knows about, but somehow not a lot of people are using are RSS feeds. This technology started about 15 years ago and was developed further up to now. RSS feeds are based on XML and publish the blog or website in a structured way. Almost any blog / website has such a functionality and if enabled it lets you collect all the published content in a very comfortable way. You can use many applications for displaying RSS feeds like Internet Explorer, Outlook or dedicated applications like Feedreader . You can use Feedreader online or install it on your Windows box.

image

Feedreader (Online)

image

Feedreader (Client)

image

I would like to share my (personal) feeds which I collected and tried to categorize by topic and / or technology (download the OPML file at the end of the post). I tried to collect as many good and reliable sources for staying up-to-date in the System Center field. If I missed any valuable source it was not my intention, let me know and I will add it.

Continue reading