System Center Guide

David Williams, Analyst with Gartner, has published an in-depth examination of System Center Operations Manager 2007. In his report, Williams states that “Operations Manager 2007 has moved to rival many of the capabilities provided by more-established and more-expensive [tools].”

To read the full report (no Gartner account needed), visit the Gartner site at:

http://mediaproducts.gartner.com/reprints/microsoft/vol10/article2and3/article2and3.html

UPDATED! 

The following are the steps we took today to implement certificate-based management of OpsMgr 2007 agents in a workgroup environment for a hosted datacenter customer: 

Start 4:20PM

• Install MS-XML 6.0 on target agent, as this is a requirement for the installation and may not be present on your intended agents. Also, on some systems we found that WMI was not installed which later impacted some of the discovery methods used by some management packs.

• Update hosts file on the agent with the target management server address

• Update hosts file with agent server name on on the management server

• Install the agent using the MSI file through a network share

• Import the certificate (PFX) from the CA will issue the certificate on the agent, in the Trusted Root Certification Authority node of the Certificates (Local Computer) MMC console.

• Issue a certificate request from the stand-alone certificate authority (CA) from the target agent by connecting to http://<servername>/certsrv

• From the Certificate Authoring MMC snap-in issue the requested certificate for the target agent

• Install the issued certificate on the target agent by reconnecting to the CA website and clicking the link to view the satus of a pending certificate request. From there you will select the pending certifcate, and choose the option to install the certificate.

• From the target agent, export the agent certificate using the Certificates MMC snap-in

• Import the agent certificate by using the MOMCertImport.exe on the agent. This will appropriately place the certificate in the Operations Manager container.

• Restart OpsMgr Health Service on the target agent

• Verify OpsMgr recognizes the agent in the Operations Console

Stop 4:41

As you can see, it took over 20 minutes to fully configure a single agent for mutually authenticated certificate-based management. While that is not a long time for one agent, multiply it by several hundred and you’re now talking a couple weeks just to deploy agents. While I’m grateful that we have a workable means of managing these disjoined environments, I’m not very pleased with the number of steps required to get to a ready state. Needless to say, I’m anxiously awaiting to see what Certificate Lifecycle Manager will do to help in this regard.

We’ve had quite the thread running lately on the myITForum.com MOM mail list regarding problems folks are encountering with installing the SQL Server 2005 Reporting Services. Here are some great links to help troubleshoot issues with the installation – particularly the WMI errors:

• When you try to install MOM 2005 Service Pack 1 (SP1) Reporting, the prerequisite checking process fails
  http://support.microsoft.com/kb/918712/en-us
• Prerequisite Checker errors that may occur when you install Microsoft Operations Manager 2005 Reporting
  http://support.microsoft.com/kb/919954

(Although the latter is for MOM 2005, the SRS installation issues can still be found when installing for OpsMgr 2007.)

Thanks again to Clive Eastwood for mentioning these articles and for some of the other work he’s doing at Microsoft to improve the documentation experience for OpsMgr.

Before you can setup alert recipients in Operations Manager 2007, you must first establish at least one of four available Notification Channels. These channels are basically the means by which you’ll allow notifications to be set. Currently, the four channels include SMTP, IM, SMS or Command-line. Most environments will seek to use SMTP, but should have at least one other channel configured in the event of a mail service outage.

To configure a Notification Channel, in the Operations Console, select the Administration node, then click Settings and double-click on Notifications in the details pane. Select the tab you wish to configure and specify the appropriate settings based on your environment. To configure the SMTP channel you must specify at least the SMTP server and a return address. The email notifications are already configured to use numerous variables to specify what content the emails should contain.

Once you’ve configured your Notification Channel, you can then add notification Recipients.

Management Packs have changed significantly in System Center Operations Manager 2007. First, they are available in two types: sealed and unsealed. A sealed management pack (identified by the .MP file extension) is compiled binary code that can’t be altered. To change the default behavior of a sealed MP you must create overrides. The overrides can then be stored in either the Default Management Pack or another MP (new or existing) so long as it’s not sealed.

An unsealed MP can be sealed using the tool MPSeal.exe, but requires a client certificate to do so.

Beyond the seal and unsealed nature of SCOM ‘07 Management Packs, they also typically require multiple management packs that provide different roles in the operations management of the technology covered. Basically, most Management Packs will come with a Library, Discovery and Monitoring management pack. In addition, there may be multiple versions of the Discovery and Monitoring MPs broken down by specific versions (i.e. Windows Server Active Directory 2000 and 2003).

While this may sound complicated, it’s really not once you get used to it and if you’ve selected an MP that has dependencies you’ve not selected it will alert you; requiring that you remove that MP or add the prerequisite ones to the list to be imported.  

Auto assignment of agents in System Center Operations Manager is a two-step process. First, you must use the command line tool MOMADAdmin.exe create a container in Active Directory (note: this tool does not modify the Active Directory schema). Then, on the appropriate Management Servers, specify new inclusion criteria for Auto Agent Assignment.

• Click the Administration navigation button
• Click Management Servers from the Device Management node
• In the Management Servers detail pane, righ-click the server you want to have agents automatically assigned
• Click the Auto Agent Assignment tab and then click Add. This will launch the Agent Assignment and Failover Wizard.

Proceed through the wizard, specifying your inclusion criteria.

A more detailed explanation, including screen captures, can be found at Infront Consulting’s website:

http://www.infrontconsulting.com/AD_OpsMgr2007.pdf

Due to a known issue related to the Automatic Updates service being disabled, the remote push of the System Center Operations Manager 2007 agent may fail when targeted systems have the service disabled. This is a known issue that Microsoft is working on. In the meantime, you must either change the service startup on the target systems or perform a manual agent installation.

Well, after a whirlwind tour of the country, I’m finally back at home in Austin, Texas – if only for a week. Since April 28th I’ve been trekking the country providing a two-day, System Center Operations Manager 2007 boot camp for Microsoft partners. The series kicked off in Atlanta, and included NYC, Denver, Houston, Dallas, Philadelphia, Ft. Lauderdale, and Seattle. While I was in these cities another instructor was in another eight cities. So, needless to say, Microsoft has fully committed themselves to the System Center brand and carrying the message to the field!

The events have been extended to re-visit some of the overbooked cities that couldn’t accomodate the number of folks on the stand-by list. So, if you’d be interested in attending one of those sessions, please visit the Microsoft Readiness website today to register:

http://www.msreadiness.com/IL_MultiRegister.asp?multiregid=5015308