Thursday, December 31, 2009

How to determine what version of SQL 2008 (RTM or SP1) and features have been installed?

As we all know OpsMgr R2 (and with KB971541 installed on OpsMgr SP1), SQL 2008 with SP1 is supported.

But how to determine the version and installed features of the installed SQL 2008 instance(s)?  From many people I do get this question. So why not write a blog posting about it?

Let’s start.

With SQL 2008 life has been made very easy. With a few steps one can not only see the version of SQL 2008 but also the instances, features, language, editions and whether or not it is clustered!

  1. Go to Start > All Programs > Microsoft SQL Server > Configuration Tools > SQL Server Installation Center (64-bit)

  2. Go to Tools > Installed SQL Server features discovery report

  3. A report in html-format is generated and automatically opened in IE:

  4. With KB article KB321185 one can see whether SQL 2008 is on SP1 level:

Tuesday, December 29, 2009

New KB article: Error message in OpsMgr Report: “The Dundas chart for Reporting Services report item is unavailable"

Microsoft has released a KB article which addresses this issue: the OpsMgr report displays the following error message: ‘The Dundas chart for Reporting Services report item is unavailable.

This issue occurs because there is a change in the reporting services Web.config file after you upgrade from SQL Reporting Services 2005 to SQL Server Reporting Services 2008. The changes prevent charts from being displayed within Operations Manager reports.

The resolution is described in KB977574.

Friday, December 18, 2009

Merry Christmas & a Happy New Year

From today until January the 4th 2010 this blog will be a bit silent since I will be on vacation.

I want to thank you all for visiting my blog, your comments and advises. Thank you so much. 2010 will be an exciting year with System Center Service Manager going RTM. My intention is to work with SCSM a lot more, so my blog will reflect that as well.

All I want to say for now is:

MPConvert Utility

When OpsMgr 2007 became RTM many MPs from MOM 2005 were converted to OpsMgr MPs. Also a tool (MPconvert) was available to run a conversion of a MOM 2005 MP to an OpsMgr 2007 MP yourself.

However, this tool is end of life. And not only that. Future versions of OpsMgr 2007 will not support MPs any more that rely on the backwardcompatibility library MP, since that component will be removed entirely.

So whenever you want to convert a MOM 2005 MP to OpsMgr, think twice.

Running a converted MP in OpsMgr is like using an appliance made for the Flintstones car in a modern car of today.

Even though MOM 2005 and OpsMgr come are both meant for monitoring, the approach being used is totally different, thus the MPs being used by both products are totally different as well. Converted MPs are because of that not ‘happy’ in an OpsMgr environment. Nor is OpsMgr ‘happy’ either about these MPs.

Thursday, December 17, 2009

System Center Feeds

Taken from this blog posting of The System Center Team Blog.

Some very interesting feeds, all about System Center Products, straight from the very source itself!

MP Catalog: New vs. Old

The MP Catalog is moving from its old location (Microsoft TechNet) to its new home. The new location looks very modern and sharp. The transition from the old location to the new one will take a few days.

Some screenshots:

The current/old location

The new location

Microsoft wants to know what you think about it. On the OpsMgr TechNet Forums they have started a thread about it. So feel free to comment. However, the site is still in transition so it won’t be fully operational yet.

OpsMgr R2 Cross Platform Audit Collection Services has been released

Yesterday Microsoft released OpsMgr R2 Xplat ACS which enables the collection and audit of events from UNIX and Linux Servers. Using Xplat ACS, events are collected from the desired Unix/Linux servers and stored in the ACS Database. Audit reports for UNIX/Linux Server collected events are included.

Collection of Audit events from UNIX/Linux server, including:

  • AIX 5.3/6.1
  • HP-UX 11iv2/11iv3
  • Red Hat Enterprise Linux 4/5
  • SUSE Linux Enterprise Server 9/10/11
  • Solaris 8/9/10

Built in Audit Reports including:

  • Access violations – unsuccessful logon attempts
  • Account creation/deletion/password change
  • Administrator activity – su, sudo
  • Forensic – all events for a computer/event ID
  • User logons

To be found here.

Wednesday, December 16, 2009

How to upload a rdl-file for SQL Server Reporting Services?

Got this question from a regular visitor of my blog. He found a rdl-file containing an interesting Report for OpsMgr. His question is how to get this file into SQL Server Reporting Services (SSRS).

Be aware that a direct import into SSRS introduces some risks:
1. Report upgrade will be difficult manual task.
2. You can not quickly move such a report from a test environment to production.
3. You'll be forced to restore the ReportServer DB in case of recovering the OpsMgr Management Group from a catastrophic failure.

Got this from Alexey Zhuravlev. Thanks Alexey!

Before I show the procedure, lets take a closer look at the rdl-file itself. A bit more knowledge on that topic won’t hurt at all. This is what differentiate us from a robot. Yes, they can built cars or whatever. But they haven’t got a clue of WHAT/WHY they are doing something.

What does RDL mean?
RDL stands for Report Definition Language which is a XML Schema which describes the report. Like a Management Pack which is also XML based. MPs follow a certain XML Schema required by OpsMgr. The same goes for RDL files which follows a specific XML schema required by SSRS.

How are RDL files created?
Not manually but by using graphical tools like Report Designer, Report Builder or Visual Studio.

So I can open a RDL File in Internet Explorer?
Yes, you can. And certainly do so. There you will see the contents of a rdl-file. However, do not alter anything of it, unless you know exactly what you are doing. But taking a closer look at it is a good thing to do.

Why Internet Explorer and not Notepad? Well, IE shows the file in a more structured way compared to Notepad. Also is the file less easier to modify then opening it in Notepad. So less change to wreck it. Lets take a closer look at a RDL file and the most important components:

Schema Definition
The first line defines the XML Schema to be followed:
image `

Defines the source(s) of information to be accessed by the report.

Report Parameters
Defines the parameters of the report itself, like what fields must be filled in before the report can be run. The more parameters, the more customizable a report becomes.

Where as DataSources define where the report must get its data from, the Datasets define what data to use from the defined Datasources. Also the needed queries will be found under this header:

Defines the main layout of the report itself. Not what data is to be displayed, but how.

As the name states. This header defines what information will be shown in the footer of the report.

Let’s move on to importing a rdl-file into SSRS. The attached file from this blog posting is being used.

  1. Open IE on the SQL Server and type: http://localhost/Reports. Since the rdl file to be uploaded depends on the Microsoft Generic Report Library, you need to open that folder (Microsoft.SystemCenter.DataWarehouse.Report.Library):

  2. Click Upload File, Browse and select the rdl-file. Click Open > OK. The file will be uploaded tot SSRS.

  3. When you’re back in the screen as described in step 1, select the Detail View. Select the properties (click on the yellow highlighted hand symbol) for this new report:
    Go to the third option,Data Sources
    A warning will be shown. Click Browse > select the symbol Data Warehouse Main. Its name will be filled into the Location box.
    Click OK. You’re back in the Data Sources screen. This must be shown:
    Click Apply.

  4. Report is uploaded successfully:
    Close SSRS. 

  5. Open the OpsMgr Console > Reporting > Microsoft Generic Report Library:
    The new report will be shown. Double click it and run  it.

Additional Advise:
Normally step 3 is not needed. For this particular file however it was.

Tuesday, December 15, 2009

Repost: EventID 31552

15-12-2009 Update:
A visitor of this blog had a good comment on duplicate accounts, found in OpsMgr. He is totally right so I will repeat his comment here: ‘I would be careful deleting "Duplicate" accounts. If you look at your Run-As Profiles, and then look at the properties for "Data Warehouse SQL Server Authentication Account" and "Reporting SDK SQL Server Authentication Account", under the Run As Profiles you'll see these "Duplicate" Accounts have a path of each Management Server (the RMS and any additional Management Servers you may have).

An OpsMgr environment had an issue with the Data Warehouse. This EventID was frequently logged:

This is serious. When an event like this is logged only once it is not a real problem. Somewhere along the line of storing data in the DW a hiccup occurred and that’s it. But when this event keeps on coming back, it really needs attention.

Whatever I checked all seemed to be OK. The SQL server wasn’t busy at all so it had all the resources available to do it’s job, the permissions weren’t changed. The network was OK, no DNS issues either. Nor was there any other process (like a backup) locking this database. Also the related OpsMgr MP was OK (Data Warehouse Internal Library, version 6.1.7221.0).

Than something came to my mind. I had experienced a similar issue before at a customers site. OK, it was long ago (in the days SP1 had to come out), but what the heck. It solved my issue then so why not now?

So I opened the OpsMgr Console, went to Administration> Run As Configuration > Accounts. In the Accounts pane there are – among other account types – also Simple Authentication Accounts defined. Two of them are directly related to the Data Warehouse: Data Warehouse SQL Server Authentication Account and Reporting SDK SQL Server Authentication Account.

By default these accounts are set in such a manner that the account AND password are nothing but a single space. So is the case in this environment as well. But just to be sure, I ‘reset’ both accounts, using the same account and password (a single space):


Applied the changes and checked the OpsMgr eventlog. Even though the EventID’s 31552 were still appearing, the frequency was far less. So I was on the right track. Time for a second step.

Even though the OpsMgr databases are maintained automatically, it doesn’t hurt to run every now an then a Stored Procedure to update the statistics: sp_updatestats. I ran it against the Data Warehouse database (OperationsManagerDW) and the output showed that many tables were updated.

When checking the OpsMgr eventlog, EventID 31552 didn’t occur anymore. The next day, I double checked and nope, no more errors like those (nor others as well :) ).

New KB article: E-mail notifications are not sent when you use the "With specific text in description" option

Microsoft has released a KB article which addresses this issue: You create an Alert Notification subscription in OpsMgr Sp1 or R2. If you use the "With specific text in description" option, e-mail notification messages are not sent.

Cause and resolution for it are described in KB978359

Monday, December 14, 2009

ACS Noise Filter: Translating Windows 2003 Server Security EventIDs to those of Windows Server 2008 and the magic number 4096

When one implements an ACS Solution, a good working Noise Filter is a must in order to keep the ACS database under tight control. A correct working Noise Filter does not only keep the unneeded events (example: User X Logged On Successfully) out of the database, but keeps the database clean as well.

For setting Noise Filters much good documentation is to be found, like the ACS Noise Filter Guide from Secure Vantage. This guide is part of their ACS Resource Kit.


All the documentation with the related Security Events which can be filtered out, are all based on Windows 2003 Server. But what if you are designing an ACS solution for Windows Server 2008 servers? Yes, you can apply the filter as stated in those very same documents. But it won’t work since the Security Events in Windows Server 2008 DO NOT MATCH with the Security Events in Windows 2003 Server!

So a translation of these Windows 2003 Server Security Events to those in Windows Server 2008 is at order. It took me some time, but finally I had all the needed resources in place: a webpage with all the Security Events of Windows 2003 Server, the ACS Noise Filter Guide from Secure Vantage AND the Excel sheet with all Windows Server 2008 Security Events.

But cross-referencing all these sources of information really takes a whole lot of time. Way too much actually. It took me 30 minutes to match 5 Security Events! So it was time for another approach.

When I took a closer look at the matching EventIDs which I had found, it seemed like those incremented by the same amount! Could it be? So I ran the calculator and this is what I did: EventID W2K08 – Matching EventID W2K03. And the number 4096 came out. I ran the same ‘formula’ against the other matching EventIDs and the same number came out!

Time for a test. I took a non-matched W2K03 Security EventID and add 4096 to it. Then I searched for that EventID in the Excel sheet for Windows Server 2008 Security EventIDs:
W2K03 EventID.

Adding 4096 to it.

The outcome.

Looking up that EventID in the sheet for Windows Server 2008 Security EventIDs: BINGO!

Rule of Thumb:
When having issues with properly translating Windows 2003 Server Security EventIDs to Windows Server 2008, try to add 4096 to the EventID number as listed in Windows 2003 Server. Then look in the Excel sheet for Windows Server 2008 Security EventIDs whether there is a match. Many times there will be.


Windows Server 2008 IS NOT Windows 2003 Server. So many Windows 2003 Events are not found back in Windows Server 2008. So keep that in mind when using above mentioned Rule of Thumb.

Sunday, December 13, 2009

Kris does it again: Public Beta of the xSNMP MP Suite to be released soon!

In September 2009 Kristopher Bash (aka Kris Bash) released the free Cisco MP built by himself, licensed under the GNU Public License. A great MP it is. Yes, it contains some area’s which need additional attention, but still it is a very respectful piece of work.

Very soon after the release of that MP Kris told me that he is working on another MP. Also targeted at SNMP enabled devices but more generic and vendor specific.

No! I am not talking rubbish here.

First there is a root MP, named the xSNMP MP. The other MPs from the same Suite depend on that root MP and are vendor specific. Just take a look how this Suite presents itself in the OpsMgr UI in the Monitoring pane:

(Screenshot taken from the blog of Kris Bash.)

Want to know more? Visit the blog run by Kris himself. There he explains this MP Suite in much more detail. All I can say that it looks very promising and of a very high level of quality.

Great work Kris! Thanks so much.

It is good to see that many OpsMgr professionals are delivering free MPs of such a good quality. There are already other free MPs out there which are really very good. To name a few:

  1. OpsLogix free Ping MP
    This company has already built some great MPs, like the one for monitoring Black Berry Enterprise (BES) environments or the Capacity MP which helps companies ‘predict’ the future by running trend analyses on the data present in the Data Warehouse. With their free Ping MP OpsLogix supports the community around OpsMgr. It is a great MP which I have used at multiple customer sites. Works great! 

    To be expected from OpsLogix as well is a free Print MP. I am very curious about it. Don’t know when it will be released. Xmas is a good time for such a present :) …

  2. PKI Certification Verification MP
    Many companies do have many certificates in place. But how to keep track of them in order to know whether the certificates are still valid? This MP does it all. To be found here. It can be a real life saver.

I know their are many more free MPs out there. When you know a free MP which is just as good as the MPs mentioned in this blog posting, let me know and I will update this posting.

Saturday, December 12, 2009

Microsoft Acquires Opalis Software

Got this one from a colleague of mine. The System Center Team Blog has posted an article about it:

Microsoft has acquired Opalis Software.
image image

Some highlights. (For the whole story visit the System Center Team Blog and read the article.)

Highlight 01: What does Opalis do?
Taken from their website: Opalis writes software that orchestrates, integrates, and automates IT processes such as incident, problem, configuration, and change management across the IT infrastructure - all from a single console.

Opalis creates Run Book Automation (RBA) software.
Run Book Automation (RBA) is the ability to define, build, orchestrate, manage and report on workflows that support system and network operational processes.

Sounds like much added value for System Center doesn’t it?

Highlight 02: Why has Microsoft acquired Opalis?
As Brad Anderson states: ‘This deal brings together the deep datacenter automation expertise of Opalis with the integrated physical and virtualized datacenter management capabilities of Microsoft System Center.’

Highlight 03: Why is process automation important to Microsoft?
As Brad Anderson states: ‘We know that as customers and service providers use Microsoft server infrastructure, tools and applications in more - and larger - datacenters, these customers require a greater level of automation in their operations.

Highlight 04: RBA and System Center. Is there a future?
As Brad Anderson states: ‘We intend to make RBA capabilities a core part of System Center going forward. You can get more details of the transition at Microsoft Pathways.’

Even though it is a bit early to talk about a conclusion it is not that hard to see what the future will bring. With this acquisition Microsoft emphasizes their dedication to the System Center Product range as a whole. The roadmap shown on Tech-Ed Berlin was already very impressive. With the knowledge, experience and software from Opalis incorporated into the System Center Products much added value will be found. System Center is growing up fast. Big time!

KB971541: Update Rollup for OpsMgr SP1

12/12/2009 – Update:
Initial release was 6th of November 2009. How ever, there were some issues with it. The new release contains fixes for those issues.


An update Rollup for OpsMgr SP1 has been released by Microsoft. It combines previous hotfix releases for SP1 with additional fixes.

With this Rollup package also support is added for:

  1. OpsMgr SP1 roles on Windows 7 and Windows Server 2008 R2.
  2. Database role and SQL Server Reporting Services upgrade support from SQL Server 2005 to SQL Server 2008.


Update Rollup can be downloaded from here. The related ReadMe for this Update Rollup package can be downloaded from my SkyDrive.

When you are running OpsMgr SP1 it is advised to apply this Rollup Package.

Friday, December 11, 2009

Error message when uploading ACS Reports to SRS instance: CreateSRSDataSource: Exception Invalid URI: The URI scheme is not valid...

Bumped into this one today. Felt a ‘bit’ stupid afterwards when I found the cause, since I have installed ACS a couple of times before, but somehow I don’t seem to remember this pitfall.
Character ‘Andy’ from Little Britain.

So with this posting I hope to make it stick.

This is the deal:
When uploading the ACS Reports to the SRS instance the document tells you to do this:

Notice the yellow high lights above since that will cause the command to go wrong:

And the error message CreateSRSDataSource: Exception Invalid URI: The URI scheme is not valid... is born.

So don’t take the document to literally and leave the quotes out:

Now all is well:

Wednesday, December 9, 2009

ACS, Windows Server 2008 and the Events Generated Per Second Script

As mentioned in my previous blog posting about ACS in conjunction with Windows Server 2008, the document OpsMgr 2007 Performance and Scalability Guide refers to a script named ‘Events Generated Per Second Script’:

As it turns out, this script doesn’t work on Windows Server 2008.

So be aware about that.

Linking multiple Gateway Servers together

The OpsMgr Product Team has posted an excellent article about how to “chain” multiple gateways together in order to get monitoring across multiple untrusted boundaries up and running.

Three examples are given with the last one being an unsupported configuration which is also good to know since the ‘Realm of Unsupported Configurations’ is something to stay away from. The same posting also writes about using Gateways in areas with poor network performance, something I also wrote about.

The article about linking multiple gateways together can be found here.

Tuesday, December 8, 2009

Audit Collection Services (ACS), ‘some’ searching and some useful links

Found myself digging deep in order to refresh/update my knowledge on this topic. Many good things are to be found on the internet. However, some less good or contradictory stuff as well. For instance, ‘old’ news like an article stating that ACS Reporting doesn’t support Windows Server 2008 (R2). But that is NOT true. With OpsMgr R2 it is supported out of the box, for OpsMgr SP1 additional reports need to be loaded.

Another shiny example is the calculating sheet for ACS DB sizing. Even though some sheets do look the same, the outcome is totally different, even though the same numbers (amount of servers and the time the data needs to be kept within the database) are being used in both sheets. As it turned out, the sheet with the highest outcome had the Events Per Second doubled, which is the result of a calculation.

For this calculation the number being used for Event Data (Target Environment) Machine Type Domain Controller turned out to be doubled:

So I was a bit at a loss here. What to trust? Also, the servers (DCs) to be hit by an Audit Policy are going to be Windows Server 2008 (R2) based. And these servers do log a LOT more compared to Windows 2003 DCs. Of course, the script being referred to in the OpsMgr 2007 Performance and Scalability Guide can be run on a domain controller in the test environment. But then, no way 6000+ users are using the test environment. Nor do any LOBs run there, some of which are AD integrated. So the outcome of that script won’t be very useful either.

Hmm. Creating a script simulating 6000+ users where 4000+ log on/off 6 times a day? (The users here are very mobile and log on and off many times a day on different workstations through out the locations.) Could be done. But the time it takes to create it, test it, correct it and run it again takes a bit too much time.

The recently released OpsMgr R2 Sizing Helper sheet (has helped me on many occasions) didn’t help either. Not a single thing about ACS to be found in it. So I am still on a quest in order to get a clearer sight at the needed ACS DB size. However, during my search on the internet (and through my archives) I found some useful links about ACS. For instance:

  1. Auditing and Compliance in Windows Server 2008
    An online TechNet Magazine article about how Windows Server 2008 handles auditing with Windows Eventing 6.0. Very interesting article but the information about the size of the ACS DB is doubted by me. I mean, 150 DCs generating aprox. 140 events per second per DC with default retention settings of 14 days on the ACS DB, results in a DB size of 150 GBs in 14 days? When using these numbers in one of the mentioned sheets (the modest one!) I get a DB size of 1384 GBs… :
    And I even haven’t changed the Event Count /sec. It is still 20, not 140

  2. ACS Reporting and Windows 2008 (R2)
    An article about OpsMgr R2 ACS Reporting in conjunction with Windows 2008 (R2) and how to make OpsMgr SP1 ACS Reporting support Windows 2008 (R2). Special thanks to Graham Davies for this link.

  3. ACS Sizing Sheets
    Excel sheets to have a rough estimate about how big the size of the ACS DB must be. Found here and here, contained within the ACS Resource Kit offered by Secure Vantage.

  4. Online ACS Documentation
    Microsoft’s online TechNet Library about ACS. Updated on May 2009.

  5. System Center Central
    A good resource on OpsMgr. Also an article about the tools present in the ACS Resource Kit. Good posting! Special thanks to Pete Zerger.

  6. Security Audit Events for Windows 7 and Windows Server 2008 R2
    An Excel sheet with a list of all security audit events for Windows Server 2008 R2 and Windows 7.

  7. Video’s on ACS (and more)
    Secure Vantage has very useful information about ACS, also some video’s. Referred to as ACS Master Class Series.

The search to run a good trustworthy calculation on the needed size for the ACS DB continues. When I have found it, I’ll post about it.

Good advise:
when diving too deep into matters like these take a look at this old commercial
where John Cleese compares an portable computer with a dead fish… Helps to put the focus back. :)

Thursday, December 3, 2009

Exchange 2010, OpsMgr and other System Center Products

Yesterday I attended a Influencer Live Meeting about System Center and Exchange 2010. Very interesting it was. During this meeting much was told and demonstrated about how the System Center Products like OpsMgr and DPM 2010 can aid in making an Exchange 2010 more robust and disaster proof.


OpsMgr MP for Exchange 2010
Jon LeCroy, Program Manager of the Exchange Team told the audience about this part of the Meeting.

Like the R2 MP for Exchange 2007 has already shown, the newly released MPs have become way much better and far less noisy. This new approach is to be found in the Exchange 2010 MP as well. For noise reduction this MP is shipped with a Windows Service called the Correlation Engine. What it does? This engine uses dependencies encoded in the Health Model in order to determine the most likely root cause Alert when a problem occurs.

Duh! But what does that mean exactly? Well, take a look at this picture:

Suppose you have an problem with the AD Driver. This has its effect on many Exchange services like EWS, EAS, IMAP, POP and OWA. In the old days this would fill up the OpsMgr Console with a whole lot of Alerts. But now only the Alert for the lowest level failure will be raised and that within a 90 second window! That is a huge improvement isn’t it?

Also the Alert has been reclassified into 3 categories:

  1. Key Health Indicator
    Important service impacting issue (most alerts).

  2. Non Service Impacting
    Issues that affect specific mailboxes but do not impact the larger system.

  3. Forensic
    Monitors diagnostics that may not represent a specific problem. (Forensic monitors do not alert.)

Also the Reporting feature has been changed significantly. Some high lights:

  • The reporting about Mail flow statistics is based on message tracking logs.
  • Uptime measures application/feature (Service oriented reporting), not the server itself.
  • Availability reporting is Exchange aware.

DPM 2010
Jason Buffington
, Senior Tech. Product Manager took care of this part of the Meeting.

Very interesting it was as well since some new high lights of DPM 2010 were being shared with the audience as well. For instance, DPM 2010 will be capable of backing up servers residing in workgroups and/or DMZs! In the beta version this option isn’t available. But in the RC version it is very much likely to be present! Nice!

The most important message of this part of the Meeting was about the way DPM 2010 integrates tightly with Exchange (2010) and the way it backups the data. Only the native VSS Writers for Exchange is being used here, so the data is correctly backed up in a way that Exchange fully supports, so there is always a way back. And not just that, but one can go back 15 minutes up to 30 days (for instance) with only a few mouse clicks. Again, DPM 2010 takes care of the rest!

Also the fully transparent interface and wizards do take away many questions people do have to answer when using other backup products, like creating backup schema’s with full backups and the lot. Also where the data resides is taken care of. So no more hassle. Just implement a valid backup schedule/schema and be done with it. Also the way DPM 2010 checks its own health is great. Really Set & Forget! Wish I had a backup tool like that in my days being a Systems Engineer. Would have saved me many many days! :) And the company I worked for many euro’s!

Also good solid advise was given about virtualization and Exchange 2010:

A very interesting Live Meeting it was. An hour very well spent. The only ‘bad’ thing was that it was only one hour :). Time really went fast and both speakers had way much more to tell. Future sessions I will certainly attend.