Author: Captain

Let’s talk about monitors and rules in SCOM 2012 R2

ahoy sailor!

so today’s challenge is to set up a monitor for Citrix Print Manager Service. A customer of mine has this “bug” where this service terminates unexpectedly when one connects to a XenApp server.

So let’s first of all talk about monitors and rules in SCOM 2012R2. Aftewards I’ll show you how to configure a unit monitor with a basic recovery task.

As far as I understand everything right I can tell you this:

When you want to monitor specific occurences with SCOM you’ve got two options to go.

 

On the one hand you’ve got Rules:

Rules collect data from sources like Log Files, Windows Event Logs or if you want to collect performance data . This data gets stored in the Operations Manager database where it replicates with the Data Warehouse (if one exists) and can be used for reporting purposes. So a Rule is kind of a stateless Monitoring element and does not create Alerts about state changes. The result of a rule is always a write action and a rule does not come up in the health explorer.

 

On the other hand we have Monitors:

Monitors provide real-time information So if you want to monitor an object like application components, Windows services, scripts or events, a monitor should be your method of choice. In general we distinguish to kinds manifestations we do have “Two-state” and “Tree-State” Monitors. Thus a monitor can either be in one of thwo /tree states. So here is what the point is: a Monitor is programmed with the intelligence to determine wheter a componenent is healthy or not and (in the best case) has the appropiate command or script to solve the incident.

 

Alright now let’s have deeper look on the tree monitors.

Unit monitors

  • “Unit monitors are often described as the “workhorses” of SCOM monitoring and are the most common kind of monitor out there.” A unit monitor is the fundamental monitoring component and is used to monitor events, scripts, services etc. “These unit monitors can be used at an extremely granular level and provide you with a multitude of ways to monitor even the most minor elements of system stability.”

 

Aggregate rollup monitors

  • An aggregate rollup monitor is a collection of several monitors. Aggregate Monitors should be configured to watch similar items like a group of DNS Servers.  So here’s how an aggregate rollup monitor works: “Suppose you’re using a dependency rollup monitor to watch eight separate DNS servers. You could create a high level monitor that undergoes a state change only once five of the eight DNS servers become unavailable. In this way (i.e. Only raise alert if 5 of 8 DNS servers are down) you can be alerted on your terms. “

So use an aggregate rollup monitor to group multiple Monitors into one.

 

Dependency rollup monitor

  • The dependency rollup monitor, allows the health of one object to directly affect the health of another completely unrelated object. Let’s make an example regarding a SQL Cluster. You would use a dependency rollup monitor to check for the databases. But if one database is offline this does not mean, that the whole SQL is critical so you could configure the monitor in the way to not notice you. If the master database is not available the SQL Environment is down for sure and the dependency rollup monitor would generate alerts. So this construct offers you a bit more flexibility.

 

Please notice:

In the above listed definitions I’ve tried to make the fielding as clear as possible. Unfortunately it’s not always that clear in business. Sometimes there are to possible ways to implement tasks (like checking whether a certain service is up & running) and can be solved with both rules and monitors. But the above definitions should give you a good starting point.

Thanks to Scott D.Lowe for this great article about Introduction to System Center Operations Manager 2012 (Part 6) – Monitors where I’ve copied some fantastic descriptions to my post.

If you need more informations on Monitors and Rules have a look at TechNet!

 

Cheers! And Arghhhhhh! Bring the Rum cask aft.

*Captain

Configuration Manager cannot create the object “SMS-Site-XXX” in Active Directory

Ahoy Sailor,

a few weeks ago I had a case at a customers site where the following event showed up in ConfigMgr Site status.

2014_09_18_14_19_35_P01_wwmmpb000319_Remote_Desktop_Connection

Configuration Manager cannot create the object “cn=SMS-MP-[SiteCode]-[FQDN]” in Active Directory ([DOMAIN]).

Possible cause: The site server’s machine account may not have full control rights for the “System Management” container in Active Directory
Solution: Give the site server’s machine account full control rights to the “System Management” container, and all child objects in Active Directory.

Possible cause: Another Active Directory object named “cn=SMS-MP-[SiteCode]-[FQDN]” already exists somewhere outside of the “System Management” container
Solution: Locate the other object with the same name, and delete the object from its current location.  Then allow the site to create a new object.

Possible cause: The Active Directory schema has not been extended with the correct ConfigMgr Active Directory classes and attributes.
Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended.  The schema can be extended with the tool “extadsch.exe” from the installation media.

2014_09_18_14_23_13_P01_wwmmpb000319_Remote_Desktop_Connection

 

 

Configuration Manager cannot create the object “SMS-Site-[SiteCode]” in Active Directory ([Domain]).

Possible cause: The site server’s machine account may not have full control rights for the “System Management” container in Active Directory
Solution: Give the site server’s machine account full control rights to the “System Management” container, and all child objects in Active Directory.

Possible cause: Another Active Directory object named “SMS-Site-[SiteCode]” already exists somewhere outside of the “System Management” container
Solution: Locate the other object with the same name, and delete the object from its current location.  Then allow the site to create a new object.

Possible cause: The Active Directory schema has not been extended with the correct ConfigMgr Active Directory classes and attributes.
Solution: Turn off Active Directory publishing for each site in the forest, until the schema can be extended.  The schema can be extended with the tool “extadsch.exe” from the installation media.

 

For me the error seemed to be very obvious. So I decided to do the schema extension.

Referring on TechNet the ExtAdSch.exe is a good way to do this so I executed extadsch.exe on a domain controller. Unfortunately this did not work the first time…

 

<09-19-2014 17:21:29> Modifying Active Directory Schema – with SMS extensions.
<09-19-2014 17:21:29> DS Root:CN=Schema,CN=Configuration,DC=sys,DC=net
<09-19-2014 17:21:30> Defined attribute cn=MS-SMS-Site-Code.
<09-19-2014 17:21:30> Defined attribute cn=mS-SMS-Assignment-Site-Code.
<09-19-2014 17:21:30> Defined attribute cn=MS-SMS-Site-Boundaries.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-Roaming-Boundaries.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-Default-MP.
<09-19-2014 17:21:31> Defined attribute cn=mS-SMS-Device-Management-Point.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-MP-Name.
<09-19-2014 17:21:31> Defined attribute cn=MS-SMS-MP-Address.
<09-19-2014 17:21:32> Defined attribute cn=mS-SMS-Health-State.
<09-19-2014 17:21:32> Defined attribute cn=mS-SMS-Source-Forest.
<09-19-2014 17:21:32> Defined attribute cn=MS-SMS-Ranged-IP-Low.
<09-19-2014 17:21:32> Defined attribute cn=MS-SMS-Ranged-IP-High.
<09-19-2014 17:21:32> Defined attribute cn=mS-SMS-Version.
<09-19-2014 17:21:33> Defined attribute cn=mS-SMS-Capabilities.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
<09-19-2014 17:21:33> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
<09-19-2014 17:21:33> Failed to extend the Active Directory schema, please find details in “C:\ExtADSch.log”.

<09-19-2014 17:25:47> Modifying Active Directory Schema – with SMS extensions.
<09-19-2014 17:25:47> DS Root:CN=Schema,CN=Configuration,DC=sys,DC=net
<09-19-2014 17:25:47> Attribute cn=MS-SMS-Site-Code already exists.
<09-19-2014 17:25:47> Attribute cn=mS-SMS-Assignment-Site-Code already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-Site-Boundaries already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-Roaming-Boundaries already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-Default-MP already exists.
<09-19-2014 17:25:48> Attribute cn=mS-SMS-Device-Management-Point already exists.
<09-19-2014 17:25:48> Attribute cn=MS-SMS-MP-Name already exists.
<09-19-2014 17:25:49> Attribute cn=MS-SMS-MP-Address already exists.
<09-19-2014 17:25:49> Attribute cn=mS-SMS-Health-State already exists.
<09-19-2014 17:25:49> Attribute cn=mS-SMS-Source-Forest already exists.
<09-19-2014 17:25:49> Attribute cn=MS-SMS-Ranged-IP-Low already exists.
<09-19-2014 17:25:49> Attribute cn=MS-SMS-Ranged-IP-High already exists.
<09-19-2014 17:25:49> Attribute cn=mS-SMS-Version already exists.
<09-19-2014 17:25:50> Attribute cn=mS-SMS-Capabilities already exists.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
<09-19-2014 17:25:50> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
<09-19-2014 17:25:50> Failed to extend the Active Directory schema, please find details in “C:\ExtADSch.log”.

 

Turned out that I didn’t pick the schema master. So I had to figure out which server the schema admin is. Therefore I used the following command…

netdom /query fsmo

2014_09_19_17_53_44_MyDesk_Desktop_Viewer

Executing the extadsch.exe on the schema master and everything was fine…

<09-19-2014 17:46:19> Modifying Active Directory Schema – with SMS extensions.
<09-19-2014 17:46:19> DS Root:CN=Schema,CN=Configuration,DC=sys,DC=net
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Site-Code already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Assignment-Site-Code already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Site-Boundaries already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Roaming-Boundaries already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Default-MP already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Device-Management-Point already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-MP-Name already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-MP-Address already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Health-State already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Source-Forest already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Ranged-IP-Low already exists.
<09-19-2014 17:46:19> Attribute cn=MS-SMS-Ranged-IP-High already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Version already exists.
<09-19-2014 17:46:19> Attribute cn=mS-SMS-Capabilities already exists.
<09-19-2014 17:46:20> Defined class cn=MS-SMS-Management-Point.
<09-19-2014 17:46:21> Defined class cn=MS-SMS-Server-Locator-Point.
<09-19-2014 17:46:21> Defined class cn=MS-SMS-Site.
<09-19-2014 17:46:21> Defined class cn=MS-SMS-Roaming-Boundary-Range.
<09-19-2014 17:46:21> Successfully extended the Active Directory schema.

<09-19-2014 17:46:21> Please refer to the ConfigMgr documentation for instructions on the manual
<09-19-2014 17:46:21> configuration of access rights in active directory which may still
<09-19-2014 17:46:21> need to be performed. (Although the AD schema has now be extended,
<09-19-2014 17:46:21> AD must be configured to allow each ConfigMgr Site security rights to
<09-19-2014 17:46:21> publish in each of their domains.)

 

*Captain

My first day at Midwest Management Summit

MMS728x90_thumb1

Ahoey out there!

What a great first day at MMS2014!!! First of all: I had no bad or uninteresting Session the whole first day!!! – how wonderful is that?!

The Sessions:

Well I decided to take part to the sessions hourly and it was not the worst decission in retrospect. Even though the speakers would blame me eventually….

This decision brought me to the total number of 10 awesome Sessions for the day!

In a nutshell: here a my personal highlights of the day:

One of my hightlights for the day was Session of  called: “Configmgr – State of the Union” apparently a traditional MMS session where Kim Oppalfens & Kent Agerlund told us interinsting news about what happened in the world of SCCM and MMS in the past year. Really, really intersting news but the big thing was a tool called CASUM, which was released by Kent Agerlund within the Session. It’s a tool that helps you automating your Windows Updates very easy. In addtion to that you will find recommanded blogs for Configuration Manager in the slides.

 

Another awesome session was called “Compliance Settings – The Dark Art of Client Management” hold by Sherry Kissinger & Kent Agerlund where Sherry used the “non-compliant ” function for Software inventory. Both of them explained us their undestanding of compliant settings and different areas of application.

 

“Get Started with Configuration Manager and PowerShell” unsurprisingly was a super session too. A good starter for anybody who wants to start using PowerShell to administrate ConfigMgr. Good news for everyone who has missed the session: the PowerShell commands are within the notes field of every slide.

 

I’ve visited two PowerShell “starter” sessions too. “PowerShell – Fine, I’m finally ready to learn what PowerShell is!” and “Practical PowerShell Tips ‘n Tricks” both sessions were quite awesome. A very good one was the explanation of PowerShell on the understandable example of beer by Trevor Sullivan. He is going to do a webinar in mid-december on building a lab in Azure with windows PowerShell. Don’t miss that one.

IMG_5668

 

A real jewel in the sessionboard from my point of view was one of the afternoon sessions called: “Non-trivial Configuration Manager 2012 Sites and Hierarchie” where Wally Mead & Jason Sandys provided us with very (!!) helpful information about building complicated and non-trivial ConfigMgr site and hierarchies. The session included information and architecture tricks for boundaries, boundary groups, secondary sites, remote site systems, cross-forest support, and how to support managed systems within a DMZ or any type of zone where network traffic is strictly controlled.

Make sure you get these slides!!!

IMG_5682

Things you eventually know – well I didn’t:

– Wally Mead has left Microsoft beacause he figured out that Windows 10 will come without notepad

– swimming shorts, a Hawaiian Shirt, a straw hat and slippers are the recommanded outfit for a session

– the main organizer of this event and popular MVP for Client Management is NOT named Brian Mason his actual name is Brain Mason instead.

– the “Coretech Automated Software Update Management–CASUM” Tool is working even tough your company logo is a cat

– if Kaido Järvemets explains you something in PowerShell with the words: “Thats very easy” – you shouldn’t trust him 🙂

– Kent Agerlund even has a tool for doing blogpost

 

Seariously guys this event is community to the max, like Peter Daalmans said. And how cool is it that David James who played an important role in the development of SMS for years was at the event too?!

 

I’m looking forward to the second day!

*Captain

© 2022 IT-Pirate