Experts Live Europe – Speaker

ExpertsLive_EUROPE_pos_blue_rgb

Once more I am very excited to be part of one of the best IT conferences in Europe – Experts Live Europe. The 3 conference days are taking place from August 23 – 25 in the Berlin Congress Center in Berlin Germany and will bring together the Microsoft IT Pro Community from all over the world, including a large quantity of Microsoft MVPs and (former) Microsoft employees. You will get the latest about datacenter, cloud and workplace trends. This also includes many vertical topics such as security, identity management and much more.

I will have several sessions / discussion panels / demos:

Azure TestDev Labs – What the heck is it?
Wednesday, August 23 • 10:45am – 11:45am
In this session we, my wingman MVP Stefan Johner and I, show you how you can use Azure DevTest Labs to build your own lab and keep control of cost and resources.

Discussion Panel: Insights and Analystics
Wednesday
, August 23 • 3:15pm – 4:15pm
Discussion panels allow you to meet a group of experts and discuss your questions. In this panel my buddy MVP Kevin Greene and I would like to discuss about OMS monitoring and mainly about Insights and Analytics.

The best of the SCOM community (+whisky tasting)
Wednesday, August 23 • 4:45pm – 5:45pm
If you haven’t been to this famous Squared Up session in the past years, you definitely missed something. Squared Up will present their latest and greatest news about their products surrounded with delicious whisky tasting. There will be some room for community presentations about their recently released PowerShell MP. I will also have a short entertaining demo, what you can do with this MP and PowerShell.

Azure Monitor & Co
Friday, August 25 • 8:00am – 9:00am
Monitoring Azure is getting more and more important. This session will give you an overview of Azure Monitor and its best buddies. I will show you the basics and how you could make sense out of your data.

On-premise automation using SCSM, SMA and PowerShell
Friday, August 25 • 2:00pm – 3:00pm
Everyone is talking about automation. But what does that mean if business processes or IT infrastructures are automated on-premise? Microsoft offers System Center Service Manager (SCSM), Service Management Automation (SMA) und PowerShell as core components to achieve the goal. MVP Stefan Roth and Jonas Feller talk about what problems you could face and what impact does it have starting such a project. In addition we show you a current real-world case and talk about experiences we have made in the past.

me2

I am convinced that this will be another legendary edition of Experts Live Europe and I hope to see you there. If you are not familiar with Experts Live Europe at all read MVP Marcel Zehner’s blog post.


SCOM – Certificate Missing Enhanced Key Usage EventID 20050

missing

If you want to monitor a server which does not belong to a domain you need to use a certificate, which has special requirements. You will find many posts how to handle SCOM certificates using a Microsoft PKI on the internet. An example is the detailed post from Tyson Paul. One of the essential requirements for the certificates is to provide the Enhanced Key Usage properties for Client Authentication (OID 1.3.6.1.5.5.7.3.2) and Server Authentication (OID 1.3.6.1.5.5.7.3.1). If you do not provide these properties you will receive an error in the Operations Manager event log…

image

A problem you could face in the real world is, that some customers won’t allow you to create the certificates for SCOM and they might have “generic” certificates for other use cases. Usually YOU provide the request file and provide the configuration for the certificates. Under certain circumstances this might not be the case. This means, that you might certain properties will be missing on the certificate itself. In case of SCOM, you can add the missing properties on the certificate. Just go to the Details of the certificate after you imported it into your computer. Click Edit Properties and select the purpose in the dialog, like this…

image

Having this option in place, let’s you successfully monitor the workgroup servers.

This will probably save you some headache 🙂 .

SCOM 2016 – Upgrade Notes from the Field

upgrade

Upgrading from SCOM 2012 R2 to SCOM 2016 is theoretically no such big deal. BUT sometimes you could face issues at the customer’s infrastructure, which force you to take some extra hurdle. This post should give you a high level overview of different migration scenarios and additionally some pitfalls you could meet upgrading to SCOM 2016.

High level upgrade path

There are 3 ways to upgrade a SCOM 2012 R2 environment.

1. Side-by-side migration (“Slow Motion”)

image

  • This is probably the way which has almost no risks, but takes a long time to finish and has a consequence that you loose old data. Why is this? You install a brand new SCOM 2016 management group, having brand new databases (OperationsManager / OperationsManagerDW / OperationsManagerAC). If needed you also install separate Web Console, Reporting and if needed the ACS role also on a dedicated (management) server. I think the best option is to install all these SCOM 2016 roles on a brand new Windows Server 2016 server and the databases on SQL Server 2016. This way you have the latest and greatest technologies available and you are armed for the next couple of years. Having this in place you are able to dual-home (multi-homing) the agent which is sending data to both management groups SCOM 2012 R2 and SCOM 2016. There is a good article on TechNet Wiki how to configure multi-homing if you have multiple AD forests or here if you have agents deployed in the same AD forest. As soon you have the new management group up and running you need to migrate all management packs, channels, subscriptions, overrides, roles etc. There are ways to export and import this stuff, but I recommend if you are choosing this upgrade path, then I would start configuring SCOM from scratch. Especially creating new overrides and documenting them will give you a chance to have a well configured and documented SCOM environment. One huge advantage of this upgrade path is, that you are able to upgrade to new versions of existing management packs, implementing new management packs and testing them thoroughly with no impact on your production SCOM environment until you switch management group and turn on notifications. This approach has also few disadvantages:
  • It takes usually a long time to finish this migration.
  • There are 2 management groups to maintain.
  • The amount of work to tune the management packs should not be underestimated.
  • Dual-homing an agent could lead to some more stress on the agent server.

2. SCOM In-place only upgrade (“Big Bang”)

image

  • If you decide to go for an in-place upgrade you are taking a much faster but also “risky” path, which needs more pre-work, testing and in case of failures also some plans to revert the changes using backups and/or VM snapshots. An in-place upgrade is in theory not that much of a problem and also fully supported by Microsoft. The first step is to run the SCOM 2016 setup on a management server which will discover the roles on the management server and upgrade the server itself and also the SCOM databases to SCOM 2016. If you managed to successfully upgrade the first management server / management group, then you go for the next management server, ACS Collector, Gateways, Console, Web Console and Reporting Server. As soon you have upgraded all components you are all done. Sounds easy, but believe me, there are plenty of things that could fail. This approach has also few disadvantages:
  • Because you upgrade SCOM only, the operating system stays the same. Of course you could theoretically in-place upgrade the operating system as well, but I really don’t encourage you to do so. If you need to upgrade SCOM and the operating system as well, please check the next upgrade option.
  • All your SCOM configurations bad or good will stay. If your management group is badly configured it will stay badly configured – an upgrade won’t change anything.
  • You need to check if the management packs work with SCOM 2016, especially third party or community MP’s. Please ask the vendor BEFORE you start the upgrade.
  • Make sure you meet the system requirements for SCOM 2016 .
  • Remember there are also 3rd party connectors in SCOM which might are not supported by SCOM 2016.

3. SCOM In-place upgrade and OS upgrade (“Big Bang++”)

image

  • If you decide to go for an in-place upgrade and you also want to upgrade the operating system to Windows Server 2016 in your environment, then this is an elegant way to achieve this goal. The risks are the same as “in-place only” upgrade but in addition you need to have a good plan how to switch the SCOM agents and ACS Forwarders to the new management servers. Before you start upgrading, make sure you have new Windows Server 2016 servers installed, which will become the new management servers. Step 1 is to run in-place upgrade on an “old” SCOM 2012 R2 management server (make sure it meets SCOM 2016 system requirements). If this is finished upgrade the other SCOM 2012 R2 management servers to SCOM 2016 and also ACS Collector, Gateways, Console, Web Console and Reporting Server. Step 2 if your management group is upgraded successfully install SCOM 2016 management servers on the fresh installed Windows Server 2016 servers. Depending on your SCOM environment, but if you have ACS installed, you could also install ACS Collector on a additional dedicated SCOM 2016 management server running on Windows Server 2016. Step 3 move the Windows / Linux agents, ACS Forwarders to the new management servers / ACS Collector. Step 4 uninstall the “old” management servers from the management group. If you have Web Console and/or Reporting installed you could simply uninstall the features from the “old” SCOM servers and reinstall it on new Windows Server 2016 server pointing to the SCOM 2016 deployment. I recommend uninstalling Reporting and Web Console BEFORE you upgrade the management group. This scenario has the same problems as an “in-place only” scenario but additionally you have to be aware of few more things:
  • Switching the Windows / Linux agents or ACS Forwarders to the new management servers could take some time and depending on the amount of “clients” Step 3 needs to be planned carefully.
  • If you don’t have the agents controlled by the SCOM Console you need to prepare some PowerShell scripts for moving the agents / ACS Forwarders to the new management servers.
  • Remember to install certificates for Linux  or Windows agents monitoring on the new management servers.
  • Remember to set the SPNs for the new management servers.
  • If you changed settings (Registry)  on your old management servers, check if you need to make these settings on your new management servers as well.

Continue reading

SCOM 2016 – System.Data.SqlClient. SqlException, Exception Error Code: 0x80131904 Login failed for user

NoClue

Sometimes there are things you won’t understand. I tried to install a new SCOM 2016 management server in a virgin Azure VM (Windows Server 2016). The necessary SQL Server 2016  was placed on another Azure VM (Windows Server 2016). Well this is nothing special and I have installed SCOM a gazillion times, BUT now I faced this error…1

…of course I checked the setup log as suggested and I found this error…

[21:17:34]:    Error:    :Exception running sql string [NOT DEFINED]: Threw Exception.Type: System.Data.SqlClient.SqlException, Exception Error Code: 0x80131904, Exception.Message: Cannot open database “OperationsManager” requested by the login. The login failed.
Login failed for user ‘RETURNONE\Stefan’.
[21:17:34]:    Error:    :StackTrace:   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken, Boolean applyTransientFaultHandling)
    at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions

I double checked the permissions for my account, so it has sysadmin permission on the SQL Server but repeating the installation ended up in the same error. After a while I found the solution, I unregistered and registered msiexec program on the SCOM server like this…

image

…the I executed the setup again (make sure you always use elevation ;))and the installation succeeded. Thanks to Abu-Obaid who delivered the solution, all credits to him. I hope this will save you some time!

WAP – Get Windows Azure Pack Websites via PowerShell

image

Windows Azure Pack was Microsoft’s first attempt to bring Azure into your on-premise datacenter. The things you can do with it are limited to IaaS VM, PaaS databases and PaaS websites. In addition there is Service Bus and some networking part which is necessary for the IaaS / PaaS services. Of course there are other required parts, like Service Provider Framework (SPF), SC Virtual Machine Manager etc. Because my job is to automate things using PowerShell, I have sometimes the need to get data out of systems like in this case WAP as my data source. If you look a bit closer at WAP and you want to get information about configured SQL databases or MySQL databases there is a rich set of PowerShell cmdlets available and these modules are installed on the WAP admin servers…

image

…so what you could do is use PowerShell remoting and query these server for information. If you want to get information about provisioned VM’s you simply could query VMM using its own cmdlets to gather information.

One other way you could get information out of WAP, is to use the Public Tenant API. This API provides information about tenant specific information, therefore you need to provide a subscription to get detailed information about that specific tenant. MVP Ben Gelens has written a fantastic PowerShell module to get all sorts of information from the WAP Public Tenant and WAP Admin API you can find the module here https://github.com/bgelens/WAPTenantPublicAPI . I have tested it and it works like a charm.

So but what is now the point of this post? Well, so far we have seen, that we can get information about SQL Server and MySQL databases using these PowerShell cmdlets using the Admin API, for VM’s use VMM as a data source, but what about websites? There are also modules installed on the web controller servers itself, e.g. the WebSites module…

image

…and the WebSiteDev module…

image

…to get infos about websites from the system just use these cmdlets above.

One more elegant way to pull website information is going through the endpoint REST API (Web Site Cloud REST Endpoint) which you need to provide when adding the website resource to the admin portal. It depends how you configured, it but as an example you can find the settings you configured on the web controller server you could execute the Windows Azure Pack Websites MMC and find all different settings…

Continue reading

SCSM 2016 / SCOM 2016 – SCOM 2016 Console Crashes After SCSM 2016 Console Installation

boom

Have you ever installed System Center Service Manager 2016 and System Center Operations Manager 2016 console on the same system? Depending on the installation order, the SCOM console will crash with multiple errors like this…

image

…and the console will appear empty or crash totally. We had the case, that the SCOM console was installed first and the SCSM console afterwards. It is a known issue and MVP Eric Berg as blogged about it in German, check his post here.

Because this error has massive impact and I was also affected by this nasty bug I will re-write it in English and pimp this post with some nice screenshots :).

The problem is the Analysis Management Objects (AMO) 2014 package which is being installed by the SCSM 2016 console installation. What you could do, is uninstalling the Analysis Management Objects (AMO) 2014 package and run a repair installation of the SCOM console.

image

A better workaround is the following (taken from Eric Berg’s blog)…

Continue reading

Experts Live Switzerland 2017 – Speaker

image

I am very proud to be speaking at Experts Live Switzerland 2017. I will have a talk together with my buddy Jonas Feller from itnetX. We both have gained a lot of experience in the past, doing on-premise automation projects and this is also the title of our session

“On-premise Automation using System Center Service Manager (SCSM), Service Management Automation (SMA) and PowerShell”

We will highlight some conceptual aspects, but also show some technical automation kung fu kicks you might want to be aware of. In addition we will discuss some approaches and tools, which can avoid some headache and trouble. The event takes place May 17th in Bern, so save the date and hopefully you join our session. The session is held in German.

What is Experts Live Switzerland and how does it fit into the entire Experts Live stack?

Continue reading