[Solve] Forefront Unified Access Gateway (UAG) Management Pack Import Error

22 Feb

Problem:

You want to import the Microsoft Forefront Unified Access Gateway management pack. But you will be hit with an import error showing the message:

Forefront Unified Access Gateway could not be imported.
If any management packs in the Import list are dependent on this management pack, the installation of the dependent management packs will fail.
Database error. MPInfra_p_ManagementPackInstall failed with exception:
Database error. MPInfra_p_ManagementPackInstall failed with exception:
ManagementPack cannot be imported because it contains a Managed Type with the same name as an existing type: Teredo_Server_Class

 

Analyze:

Looking at the message it looks like the import is failing because there is a name conflict. Every class in SCOM must have a unique internal name. In this case there is already an management pack imported that defined a class with a name “Teredo_Server_Class” . So we are going to look what this MP is.

We are going to use PowerShell for this. Because in the SCOM console we can’t see the internal names , we only see the display names.

Open PowerShell and type:

PS D:\> get-SCCLASS -Name ‘*Teredo*’

DisplayName ManagementPackName Name Id
Teredo Server DirectAccess_Server Teredo_Server_Class 67886a42-d91d-1752-41e9…
Teredo Relay DirectAccess_Server Teredo_Relay_Class 78cd6ee6-f774-8811-dac9…

 

Got it ! This the Direct Access MP. Awake readers have noticed I used SCOM 2012 for this Knipogende emoticon

 

Solution:

Okay since we want also to monitor the direct access we can’t remove the Direct access MP. So we will have to unseal the Forefront Unified Access Gateway management pack and change the class names. Seal it again and import. This is not so complex as it sounds.

There are several tools on in the community that can unseal a sealed MP for you.  Just pick one. I however use the new System Center 2012 Visual Studio Authoring Extensions (VSAE) for this job.  How to do this I will blog after this post.

After done this. You open the unsealed MP with any plain text editor you have. I use Visual Studio (VS) for this. Next step is to do a global replace on the text below:

Search Replace with
IPHTTPS_Gateway_Class UAG_IPHTTPS_Gateway_Class
ISATAP_Router_Class UAG_ISATAP_Router_Class
Network_Security_Class UAG_Network_Security_Class
Router_6to4_Class UAG_Router_6to4_Class
Teredo_Relay_Class UAG_Teredo_Relay_Class
Teredo_Server_Class UAG_Teredo_Server_Class

 

Save the xml file. At this point you could import the unsealed MP into SCOM but keep in mind that every override you will be making that is using a target class for this MP will we stored in this MP. And also using any target form this MP in a DAM will fail. (or you will have to save this DAM into this MP also)

So best way is to seal this MP. Search on the web to do this or follow below:

1) Install the “System center Authoring Console 2007” software

2) Open the MP with the authoring console

3) And go to File –> Save as –> Sealed and Signed Management Pack

image

 

4) choose a location and save. Don’t change the file name!

5) Now you will have to assign the company name and the key file. This key file you will have to create before. (see http://msdn.microsoft.com/en-us/library/6f05ezxy(VS.80).aspx )

image

6) Press OK and you’re done

(of course you can also use the FastSeal.exe to do this all from a one-liner command line/PowerShell)

After this you can import the sealed MP into SCOM.

 

Drawbacks:

If you are going to use this solution you have to realize that if Microsoft is updating his “front Unified Access Gateway” management pack you will not be able to upgrade ! This because the seals don’t match. To solve this you can uninstall your version and import the MS one. Ore you can unseal the Microsoft one and do the seal trick again with your seal.

But I think MS is never going to release a updateable version of this MP because they would have to change the internal class names too. And if you do this the MP will loose its upgrade feature!! So you will always have to uninstall the MP first. So the conclusion is no real drawback!

 

The end:

Hope you enjoyed this post.

 

Happy SCOMMING….

 

Michel Kamp

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: