SMA – Migrating SMA Runbooks (SMART Toolkit) Annoying Confirmation

blocked

To migrate SMA runbooks from one environment to another you probably want to use SMA Runbook Toolkit to export and import the runbooks and assets, you can find the download here. This toolkit is a collection of PowerShell scripts which are few years old but still work perfectly with SMA 2016. After you downloaded the toolkit and extracted it, there is e.g. the SMART\Import and Export Tool\SMART-IE-GUI.ps1 to export and import your runbooks with a PowerShell GUI…

image

…and the GUI looks like this…

image

One problem you might encounter is, that you would have to confirm the execution of a child script Import-SMARunbookfromXMLorPS1.ps1 for each script you want to import…

image

…to circumvent this annoying step, you need to unblock the files in PowerShell. How can you do it? Well you just need to get all files in the SMART directory and use Unblock-File cmdlet to unblock the script….

2

…after this step the import runs without interruption. This problem happens not only to the SMART tools, but also could happen to any other module you download from an external source.

SCOM / SCSM – Retrieve Decrypted RunAs Account Credentials

password-ftr

I am not sure if you have seen it, but Richard Warren from nccgroup has figured out, how to decrypt the RunAs account credentials in SCOM. The problem up to now was, that there was no official way to retrieve the encrypted credentials from SCOM. There is just one DLL to use, which offers the decrypt method. He has written a EXE and a PowerShell script on Github . I know there are always two sides of the medal. In this case an evil and a good way of using this knowledge. I think I don’t have to talk about the evil way, instead I would like to talk about its benefit.

Richard Warren has used it for SCOM RunAs accounts, but if you think about it Service Manager (SCSM), which is based on the same framework, therefore I was curious if this approach also works for SCSM. In fact it did! Why is this awesome? Well, think about it. We are able to “securely” store credentials in SCSM (or SCOM) using RunAs accounts. Now we are able to retrieve those credentials easily. Because I do a lot of automation in SCSM using service requests and itnetX PowerShell activities I always had some trouble to store credentials in a save manner. There are many ways to do so, like exporting the credentials into XML (Export-CliXML) , using certificates , encrypting the credentials using a key and store it somewhere like here or maybe you could store the credentials in SMA and retrieve it using PowerShell. Whatever method you are going to use, you will end up with more or less problems. The best approach would be, to store the credentials on the system where you need it (SCSM) and the SCSM administrator can manage these accounts without to dig into PowerShell code or certificates etc. Therefore RunAs accounts are a perfect way for storing credentials.

Because of that, I have used Richard’s sample, modified the code a bit to be able to use it on SCOM and SCSM and also return proper output. The PowerShell module will return the a credential hash table. You need to execute the module on the SCOM or SCSM management server and the only parameter you need to provide is the SCOM RunAs account display name like in this example.

In SCOM the RunAs account looks like this…

image

…and if you use the PowerShell module it works like this…

image

You can download the module from PowerShell Gallery . Be aware of the fact, that you need permission to access the database and management server.

Continue reading

SCOM – Extensible Network Monitoring Management Pack Generator Tool

image

Microsoft just released the Extensible Network Monitoring Management Pack Generator tool which allows you to build custom SNMP management packs. In my previous post SCOM 2016 TP5 I have written a post about the prototype of this tool which was command line driven. I addressed some missing parts like a GUI, custom SNMP components and handling more complex SNMP values. Guess what?! Microsoft listened and released a GUI based (and also a command line based) tool to create your own SNMP management packs..

Both tool have the following features:

  1. SNMP_MPGenerator tool has an inbuilt MIB browser. Users can load MIB files, search through the Object Identifiers (OIDs) of the component they wish to add workflows for and create rules and monitors.
  2. Users can add monitors and rules for device components such as Processor, Memory, Fan, Temperature Sensor, Power Supply, Voltage Sensor and Custom device components.
  3. This tool would also support custom devices in addition to already supported devices like Switch, Router, Firewall and Load Balancer.
  4. Users can define monitors and rules for multiple devices in a single project file and generate a single Management Pack for all of their devices.
  5. As mentioned above, this tool would also include the command line executive NetMonMPGenerator.exe for users who wish to generate MP through command line interface.

The tool is free and comes with a detailed documentation how to build an MP. I just have clicked through the tool and it seems to be very self-explaining. The GUI has basically two parts, the MIB browser which let’s you import MIBs and browse/search through the MIB tree and the editor part were you can add components, rules and monitors. The MIB browser is just for finding the proper OID for each component and then you are able to copy/paste the value to the proper place in the editor. For the command line tool you need to configure a XML file as input.

I think it is a very nice approach and let’s see how it will perform in some upcoming projects download the tool here.

SCOM 2016 – Network Monitoring MP Generator Tool

SNMP

In one of my previous posts, I covered SCOM 2016 TP5 – What’s New and one of the topics mentioned was, that Microsoft will provide a tool to generate SNMP management packs. A what? Ok, let me explain. You are able to monitor network devices via SNMP. Well this is no magic and pretty common these days. SCOM 2012 provided a new rebuild SNMP stack for monitoring network devices. The magic was / is, that you just need to discover the device and SCOM will take care of the rest, meaning it will discover model, type, cpu, memory, network traffic and a lot more. There is just one problem, because there are so many devices available, SCOM cannot support all devices to the same level. What does that mean? There are “Certified” devices for SCOM which will be monitored very deeply and there are “Generic” devices which are just monitored in a less deep way.

  1. Basic Monitoring – This includes “Availability Monitoring” and “Port/Interface monitoring” for all network devices that have implemented the interface MIB (RFC 2863) and MIB-II (RFC 1213) standards.
  2. Extended Monitoring – This includes monitoring Processor and Memory components of the network device. This level of monitoring is currently available only for network devices certified by Microsoft, as those components could be discovered and monitored mostly through private MIBs.

As you can see there will be missing information depending on the device support. To close this gap, Microsoft created a command line tool to generate a management pack which will monitor these missing things.In this example here, I will kind “abuse” this tool to monitor a Windows Server via SNMP. Because I don’t have a network device and I want to do a bit more advanced stuff we will create a SNMP MP for a Windows Server 2012 R2. Some of you SCOM guys will now yell at me – “That is not possible, because you cannot discover Windows Servers via SNMP in SCOM!”. Of course it is!

How does this Network Monitoring MP Generator Tool work at a high level view? Well, basically you provide an OID (Object Identifier) for the target, an OID for the value you want to monitor and then you need to set thresholds for triggering alerts. That’s it, the tool itself will create all necessary information in the background. So let’s start, first we prepare our target server for monitoring…

Step 1 – Install SNMP service

On your Windows Server go to Add Roles and Features wizard and select SNMP Service in the Feature section, it will look like this…

2

After you installed the SNMP service, open the Services MMC and open the SNMP service, select the Security tab and configure the SNMP settings like below, in this example I will provide a read-only community string public

3

So, now we are able to query our Windows Server with the “password” / community string public and getting all the SNMP information.

Continue reading

SMA – ISE Add-On Editing Runbooks

powershell-whatsnew

A couple of month ago Microsoft released the latest (updated) version of PowerShell 5.0 . Why is this worth writing about? Well, with every new release there are some fantastic goodies included, you just need to discover them :). One of these goodies is (my) long awaited runbook editing capability for ISE. In this post I would like to show you how to get it installed and how to work with it.

First we need to get the module which is called SMAAuthoringToolkit. Because my lab environment does not have internet access, I will just download the module to my notebook and copy it to the lab machine.

Save-Module  SMAAuthoringToolkit -Path C:\Temp

This command will save the module from the PowerShell Gallery in C:\Temp…

image

Next, I copy the module to the lab server to my user path C:\Users\[user]\Documents\WindowsPowerShell\Modules

image

Next type…

Install-SMAIseAddOn

This will install the add-on so that it will be automatically loaded next time you start your ISE.

If you have internet connection on your system you don’t need to do the above “offline” copy steps, instead you just need to type…

Install-Module SMAAuthoringToolkit -Scope CurrentUser

If you add the -Scope CurrentUser parameter, the module is installed to…

$env:USERPROFILE\Documents\WindowsPowerShell\Modules

Then, if you want the PowerShell ISE to always automatically load the add-on, run…

Install-SMAIseAddOn

Otherwise, whenever you want to load the add-on, just run the following in the PowerShell ISE…

Import-Module SMAAuthoringToolkit   

No let’s start ISE and see what we got…

Continue reading

SCOM – Authoring History and System Center Visual Studio Authoring Extensions 2015

mp

I usually don’t blog about new releases of management packs or similar things, but this time I feel I have to do so. If you have been working for some time with SCOM, you know there is a (long) history behind authoring MOM/SCOM management packs. Back in the days where MOM 2005 used to rule the monitoring world, you had these AKM management pack files which could not be changed or authored outside of MOM. In 2007 when SCOM 2007 was released, Microsoft changed that concept to the sealed (MP extension) / unsealed (XML extension) management pack concept which is still valid up to this point. In the same wave Microsoft released the widely loved Authoring Console which was a GUI driven approach and more or less intuitive to work with for an IT Pro.

ac

Continue reading

OMS – Price & Size Calculator

image

You might have already  heard of Operations Management Suite (OMS) or you are already using the free OMS version which is great, besides the limitations :). Now you are deciding to actually buy a licenses for your company and you don’t know how much the licenses will cost. Luckily Microsoft has created an online calculator to estimate cost and the actual services you get. Navigate to http://omscalculator.azurewebsites.net/ and get an overview which license model is appropriate for you.

Data gathering page…

image

…and the actual comparison between the two license options…

image

Enjoy!