[Workaround] OMS View Designer Pitfall alias Bug ?

5 Jul

 

In my last post I warned you for a design time issue when using the “Data-flow verification” on the Tile. (https://michelkamp.wordpress.com/2016/07/05/oms-view-designer-pitfall-alias-bug/ )

Now because I was of course myself hit by this and afraid losing my just designed dashboard I looked for a way to just open it behind the screen.

And I found a workaround.

Steps to take:

Open the OMS home Page

 

Now press F12 (using IE)

And (1) select the DOM Explorer. Now (2) and (3) select your custom designed View / dashboard and copy the GUID (4)

 

 

Now copy the URL form the current OMS page (1)

 

Edit the URL as below:

Replace the GUID after ?Solutionid= with the GUID you got from above step (4)

https://e1a1111-1d01-101a-1111-11ef1111c1cf.portal.mms.microsoft.com/?returnUrl=%2f#Workspace/overview/solutions/details/index?solutionId=11111f1e-7e1d-1c1f-1afc-1b1e11ebc11b&_timeInterval.intervalDuration=604800

Open a new IE tab

And paste this new URL above. And yes you are in !!!! Now first to do is to disable the Data-flow verification feature and save the dashboard.

Happy OMS’ing

Michel Kamp

Touching SCOM

https://michelkamp.wordpress.com

 

 

 

OMS View Designer Pitfall alias Bug ?

5 Jul

Hi OMS’ers,

Just a short post to warn you for a nasty situation during designing your fantastic OMS dashboards using the brand new View designer. (Public preview)

When you add a Tile you will have the feature called “Data-flow verification”. This feature will enable you to put a message on the Tile when no data records are found in the OMS system.

This is a handy feature because you don’t want to show an empty dashboard…. But this could also raise an issue during design time.

Because … what will happen when you have setup the “Data-flow verification” to check the past x days for any data but have made a typo or the data isn’t flowing in any more…. Yes of course the dashboard will show the message you specified but you will get more (for free) ….

You CAN NOT open your custom view (dashboard) any more to edit it !!! So you are somewhat stuck here … ; – (

Be warned!

 

So here the steps to see what happens:

Open de View designer

 

Add the Ttile , and enable the Data-flow verification

 

Now look at the tile when you add the query, it will give you a error when it hasn’t got any data back. So this will indicate you are going to have this issue….

 

Now save the dashboard.

And try to open it from the Home page……

 

Happy OMS’ing

Michel Kamp

Touching SCOM

https://michelkamp.wordpress.com

O no I forgot my SCOM account passwords!!

25 May

 

Problem:

O no I forgot my SCOM account passwords!! I don’t know the password of the Data Access, Data Reader and Writer account anymore. Resetting it in AD will force me to do a lot of tweaking to correct the accounts in SCOM.

Don’t worry we will find them for you.

Analyse:

 

SCOM stores the account passwords in the “Run AS Configuration -> Accounts” section. This account information is linked to a “Run As profile”. This Run as Profile can be assigned to a SCOM Workflow (Rule/Monitor/Task…) so that this workflow is going to run under the account security context.

 

Nice but we still can’t see the password on the accounts.

 

Solution:

 

But we can also do other things with the Run As profile. We can just assign them as a parameter to for example a script. In the script we can readout the account information and find our lost password.

In SCOM we can use the secure script provider (vbscript) aka “Microsoft.Windows.ScriptWriteAction”. The secure script provider streams the run as information as an input stream to the VBScript. So if you read this input stream at top of your script you will get the account information. This can be tricky sometimes.

See an example below:

<WriteActions>

<WriteAction ID=”sc” TypeID=”Windows!Microsoft.Windows.ScriptWriteAction”>

<ScriptName>ScriptName.vbs</ScriptName>

<Arguments />

<ScriptBody><![CDATA[ Set oAPI = CreateObject(“MOM.ScriptAPI”)

Set oArgs = WScript.Arguments

 

password= WScript.StdIn.ReadLine()

Call oAPI.LogScriptEvent(“ScriptName.vbs”, 101, 2, “Debug password = ” & password)

]]></ScriptBody>

<SecureInput>$RunAs[Name=”RUNAS_PROFILE_1″]/UserName$ $RunAs[Name=” RUNAS_PROFILE_1″]/Password$</SecureInput>

<TimeoutSeconds>300</TimeoutSeconds>

</WriteAction>

</WriteActions>

 

Using the SecureInput parameter we can provide the Run as account information. For getting the UserName we use :

$RunAs[Name=”RUNAS_PROFILE_1“]/UserName$

And for the password we use

$RunAs[Name=”RUNAS_PROFILE_1“]/Password$

The RUNAS_PROFILE_1 is the internal name of the Run as profile in SCOM. You can use Powershell “Get-SCOMRunAsProfile” to get the internal names.

I hear you thinking, this is way too old, this is VBScript, we WANT PowerShell! And I agree completely.

So for PowerShell we can use the normal PowerShell script provider aka “Microsoft.Windows.PowerShellProbe”. We don’t have to apply a secureinput parameter but just very simple supply the RunAs as a normal parameter. And this will do the trick.

<ProbeAction ID=”Probe” TypeID=”Windows!Microsoft.Windows.PowerShellProbe”>

<ScriptName>DisplayCerdentials.ps1</ScriptName>

<ScriptBody><![CDATA[Param(

$USERNAME,

$PASSWORD

)

 

# output the input paramters

Write-Output “UserName: $USERNAME”

Write-Output “Password: $PASSWORD”

 

# end script

 

]]></ScriptBody>

<SnapIns />

<Parameters>

<Parameter>

<Name> USERNAME </Name>

<Value>$RunAs[Name=”MSDL!Microsoft.SystemCenter.DataWarehouse.ActionAccount”]/UserName$</Value>

</Parameter>

<Parameter>

<Name> PASSWORD </Name>

<Value>$RunAs[Name=”SC!Microsoft.SystemCenter.DatabaseWriteActionAccount”]/Password$</Value>

</Parameter>

 

</Parameters>

<TimeoutSeconds>300</TimeoutSeconds>

<StrictErrorHandling>true</StrictErrorHandling>

</ProbeAction>

 

Now we make a simple workflow for example a task and add use this probeaction.

Concussion

 

You see it’s very simple to get account information that’s stored in the run as accounts / profiles. If this is good is up to you.

To make it even easier I created a MP that will display the most important account information (so the usernames and passwords).

You simply import the MP and select the Managementserver target and press the special task “GetRunAsCredentials”.

The account information will be displayed in the task output.

 

Download link for the Management Pack:

https://onedrive.live.com/redir?resid=A6ECD6E173E79D82!137890&authkey=!AEuYWi5Z6etHxno&ithint=file%2cxml

NOTICE: Please remember that the task output is stored in the SCOM Databases so it can be traced back not very secure I think. So use this only in emergencies. Or change the PowerShell script to write it to a file!!

 

Happy SCOMMING!

Michel Kamp

Touching SCOM

https://michelkamp.wordpress.com

 

 

 

Finding the latest System Center 2012 Rollup in the update jungle

11 Mar

 

This post is just a reminder for myself. Since I work in many different SCOM environments as SCOM 2012, 2012 SP1 , 2012 R2 and even 2007!! I get sometimes lost to find the latest rollup package.

Yes of course I can enable the auto update but that’s not something I would advise for the System Center updates because they have some manual task (SQL) to apply too.

Yes I know there’s a site ( https://support.microsoft.com/en-us/kb/2906925 ) that has all the patches on but this site is sometimes also not updated right after releasing. So I wanted a simple but effective way. By using this simple URL you can get the latest rollup packages at an easy way and download them. Also adding the RSS feed can be handy too.

 

Updates for SYSTEM CENTER 2012 R2

WEBSITE:

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=update+rollup+system+center+2012+R2 and then order by ‘Last Updated’

RSS FEED:


http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=update+rollup+system+center+2012+R2&lang=en

 

Updates for SYSTEM CENTER 2012 SP1

WEBSITE:

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=update+rollup+system+center+2012+SP1 and then order by ‘Last Updated’

RSS FEED:

http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=update+rollup+system+center+2012+SP1&lang=en

 

Updates for SYSTEM CENTER 2012

WEBSITE:

http://catalog.update.microsoft.com/v7/site/Search.aspx?q=System+Center+2012+-+Operations+Manager and then order by ‘Products’ . The product “System Center 2012 – Operations Manager” is the one to use.

RSS FEED:

http://catalog.update.microsoft.com/v7/site/Rss.aspx?q=update+rollup+system+center+2012 &lang=en

 

So you see absolutely no rocket science going on here😉

 

Happy SCOMMING.

Michel

 

 

 

 

[O so Cool] Connecting your Raspberry PI (RPi) to OMS.

8 Feb

 

At my home I have a Raspberry to do all my home automation. (Light, temperature, alarm, cams etc.) . Since the OMS Linux agent is available I was wondering if I could use this agent to monitor my raspberry pi without having a SCOM environment in place.

AND guess what? YES you can!!!

First before you are accusing me of plagiarism I have to say all the credits go to the guy of this blog ( http://kentablog.cluscore.com/2015/12/raspberry-pi-iot-oms_62.html ).

So I followed the steps and it worked. You can’t use the wget described on the oms Quick install Guide ( https://github.com/Microsoft/OMS-Agent-for-Linux ) because this one will fail due to the pre check of AMD64.

Since the RPI platform isn’t AMD64 you will have to trick it a little.

So you will have to follow the steps below:

1

Install The OS on your RPI

We take the latest RASPBIAN WEEZY

https://downloads.raspberrypi.org/raspbian/images/raspbian-2015-05-07/2015-05-05-raspbian-wheezy.zip

2

Open a putty and log on as pi / raspberry

 

3

Now we install the Ruby , and fluent modules

sudo aptitude install ruby-dev git make

sudo gem install fluentd

sudo fluent-gem install fluent-plugin-td

     

4

Next we create a user that the OMS agent service is using for running. Remember the password you provide

sudo adduser omsagent

     

5

Now we are going to get the OMS source code for github

git clone https://github.com/Microsoft/OMS-Agent-for-Linux.git

6

Next is to create the directory structure since we can’t use the OMS installer

sudo mkdir -p /etc/opt/microsoft/omsagent/certs

sudo mkdir -p /etc/opt/microsoft/omsagent/conf/omsagent.d

sudo mkdir -p /etc/opt/microsoft/omsagent/sysconf

sudo mkdir -p /etc/opt/microsoft/scx/conf

sudo mkdir -p /opt/microsoft/omsagent/bin

sudo mkdir -p /opt/microsoft/omsagent/plugins

sudo mkdir -p /var/opt/microsoft/omsagent/tmp

sudo mkdir -p /var/opt/microsoft/omsagent/run

sudo mkdir -p /var/opt/microsoft/omsagent/log

sudo mkdir -p /var/opt/microsoft/omsconfig/log

sudo mkdir -p /var/opt/microsoft/omsconfig/run

sudo chown omsagent:omsagent -R /var/opt/microsoft/omsconfig

sudo chown omsagent:omsagent -R /var/opt/microsoft/omsagent

sudo ln -s /usr /opt/microsoft/omsagent/ruby

sudo ln -s /usr/local/bin/fluentd /opt/microsoft/omsagent/bin/omsagent

7

We setup the correct config files for the OMS agent service

sudo cp OMS-Agent-for-Linux/installer/scripts/auth_key.rb /opt/microsoft/omsagent/bin/

sudo cp OMS-Agent-for-Linux/installer/scripts/omsadmin.sh /opt/microsoft/omsagent/bin/

sudo chmod u+x /opt/microsoft/omsagent/bin/omsadmin.sh

sudo cp OMS-Agent-for-Linux/installer/scripts/service_control /opt/microsoft/omsagent/bin/

sudo cp OMS-Agent-for-Linux/installer/scripts/omsagent.ulinux /etc/init.d/omsagent

sudo chmod u+x /etc/init.d/omsagent

sudo cp -Rf OMS-Agent-for-Linux/source/code/plugins /opt/microsoft/omsagent/

8

We copy the default agent configuration files , we are going to change this later on to specify what we want to monitor

sudo cp OMS-Agent-for-Linux/installer/conf/omsagent.conf /etc/opt/microsoft/omsagent/conf/

sudo mv /etc/rsyslog.conf /etc/rsyslog.conf.default

sudo cp OMS-Agent-for-Linux/installer/conf/rsyslog.conf /etc/

9

And this is probably the trick for this all. We fake the OMS agent to believe it’s an AMD64 platform.

sudo echo “1.0.0-47 20151102 Developer_Build” > /tmp/installinfo.txt

sudo echo `date +%Y-%m-%dT%H:%M:%S` >> /tmp/installinfo.txt

sudo mv /tmp/installinfo.txt /etc/opt/icrosoft/omsagent/sysconf/

sudo echo “OSName=Ubuntu” > /tmp/scx-release

sudo echo “OSVersion=14.04” >> /tmp/scx-release

sudo echo “OSFullName=Ubuntu 14.04 (x86_64)” >> /tmp/scx-release

sudo echo “OSAlias=UniversalD” >> /tmp/scx-release

sudo echo “OSManufacturer=Canonical Group Limited” >> /tmp/scx-release

sudo mv /tmp/scx-release /etc/opt/icrosoft/scx/conf/

10

Now we are going to onboard the OMS agent to your OMS workspace.

Get your (1) <workspace id> and (20 <key> from the OMS page -> Settings -> Connected Sources

 

 

 

11

And we fill it in the omsadmin script as parameters

sudo /opt/microsoft/omsagent/bin/omsadmin.sh -w <workspace id> -s <key>

   

If everything is successful it will give you the onboard message. If not check the keys.

12

Next is to edit the OMS agent config to let it know what it should monitor.

Since the OMI agent isn’t installed on this platform we can only do the syslog stuff for now.

sudo vi /etc/opt/microsoft/omsagent/conf/omsagent.conf

13

The most important is to check if this elements exists in the file

<source>

type syslog

port 25224

bind 127.0.0.1

tag oms.syslog

</source>

 

<filter oms.syslog.**>

type filter_syslog

</filter>

14

Now we are going to let the OMS agent startup correctly as a service. We have to manipulate the init.d file a bit to have it run from of the source files we got from git hub.

sudo vi /etc/init.d/omsagent

15

Edit the file

Change this line:

START_QUALS=”-d $PIDFILE –no-supervisor -o $LOGFILE”

To:

START_QUALS=”-d $PIDFILE –no-supervisor -o $LOGFILE -p /opt/microsoft/omsagent/plugins -c /etc/opt/microsoft/omsagent/conf/omsagent.conf

16

Next we setup the syslog log levels. Just get all😉

sudo vi /etc/rsyslog.conf

add this row

*.* @127.0.0.1:25224

17

And we startup the OMS agent

sudo service omsagent start

18

And the syslog deamon

sudo service rsyslog restart

19

Now you logon to the portal http://oms.microsoft.com

And you watch for the syslog event type messages. Could take some minutes.

Go to Search and type: “* Type=Syslog” (without the quotes)

Or you search by name if you know the PRI host name: “* HostName=raspberrypi” (without the quotes)

20

This could be the output. We see the startup syslog messages!!!

 

Cool isn’t it!!

Next step would be to get the OMI agent working so we can readout the performance data.

 

Happy OMS’ing

Michel Kamp

Touching SCOM

https://michelkamp.wordpress.com

 

 

[FOR the MP Devs] Grooming your managed objects completely from scom

8 Feb

Hi,

I some situations when you are developing a new MP you want to be sure that your discovery’s are working correctly.

The problem

Normally you would let the discovery run and watch if the managed object is created, but after the first time discovering and un-discovering the managed object it could trick you for the next discovery.

Basically we as MP devs know that we can simply manual delete a managed object from scom by using a SQL query and set the isDeleted to true. But this can be tricky. If the discovery workflow runs again and create a managed object (the same) it will just update the isDeleted to False. So basically you are getting ‘old’ discovery data. Knowing this in some cases the configuration is not updated and the workflows under this managed object just won’t get executed. So you will be stuck in having an uninitialized managed object(s). Especially when using Managed objects that are managed by a scom resource pool can be facing this issue.

Solution

Two solution could help you out. (ALL UNSUPPORTED BY MICRSOSOFT, but yhea … no guts no glory)

  1. Wait 2 days … then the normal purge will kick in
  2. Modify the purging threshold and manual run the purge

The SQL script below provides step 2. Connect to the operational DB as admin and follow the steps.

Before you run it you will have to change ‘vcenterlab.contoso.com‘ to the first parent name you want to delete. (By not including the right % in the like) In this case it’s the parent of all VMWARE monitoring managed objects.

————————————————–
— Delete a managed object completely from scom

————————————————–

— Michel Kamp

————————————————–

————- Find the object

select
*
from dbo.BaseManagedEntity where FullName like
%:vcenterlab.contoso.com’

————- delete it (hmmm okay mark it as delete)

update dbo.BaseManagedEntity set IsDeleted=1 where FullName like
%:vcenterlab.contoso.com’

— object is still in DB but now as isdeleted = true

— it will be deleted after 2 days. but we don’t want to wait.

— we force the delete by setting the purgedate delta to 0

————- Update the purge date time function

ALTER
FUNCTION [dbo].[fn_DiscoveryDataPurgeThreshold]()

RETURNS
datetime

BEGIN

    –RETURN DATEADD(dd, -2, getutcdate())

    RETURN
DATEADD(dd, 0, getutcdate())

END

— now we call the purge stp to clean it all

————- do the real purge

exec p_DiscoveryDataPurging

— we do a check if it is gone.

————- Find the object

select
*
from dbo.BaseManagedEntity where FullName like
%vcenterlab.contoso.com’

— and there should not be any (0) result.

— End script

O don’t forget to change the DiscoveryDataPurgeThreshold back to its original when you are ready …

Happy SCOMMING PURGING

Michel Kamp

TOUCHING SCOM

https://michelkamp.wordpress.com/

New OMS Mobile App released

22 Oct

Hi OMS’rs,

Last past weeks I have worked together with the Microsoft OMS team to review and test the new OMS mobile App. And yesterday they officially released it !

(Not all planned features are implemented yet, so keep watching for updates.)

Now you can get even better OMS access using your mobile to browse your data.

So go pick it up at your mobile app store for Windows Phone, Android and even iOS !!!

http://www.microsoft.com/en-us/server-cloud/operations-management-suite/mobile-apps.aspx

Below some screenshots from my (of course) windows phone:

 

Follow

Get every new post delivered to your Inbox.

Join 37 other followers