Thursday, July 29, 2010

System Center Server Management Suite 2010 Capability & Pricing Changes

Microsoft announces that two new server management capabilities will be available through Microsoft® System Center Server Management Suite Enterprise (SMSE) and Server Management Suite Datacenter (SMSD):
  1. System Center Service Manager
    Will be a new component of SMSE & SMSD when it is released in the first half of calendar 2010. Service Manager will allow you to improve datacenter service availability and performance by integrating incident and problem management with operational tools—all aimed at simplifying your processes, reducing downtime, and improving the reliability of your datacenter environment. When Service Manager becomes generally available, customers licensed for the SMSE or SMSD will receive the Service Manager Server ML as part of their active Software Assurance coverage.


  2. Opalis
    Was acquired by Microsoft in December 2009 and Opalis software will be granted by the Opalis subsidiary to any new or existing SMSE or SMSD license with active Software Assurance coverage as of December 10, 2009. Opalis delivers IT process automation capabilities, including task orchestration across systems, standardization of processes, automation of repetitive tasks, and integrates with System Center and many third-party tools.

Price Increase:

Because of this the pricing will be adjusted accordingly effective August 1, 2010 (taken directly from the website):

As part of the new capabilities available through the purchase of the suites, effective August 1, 2010, the SMSE will move from $1,198* per license to $1,569* per license and the SMSD will move from $749* for each per processor license to $1,310* for each per processor license.

As some blogs state: ‘The SMSE price will increase by 30%, and the SMSD price will increase by 75%, recommend acquiring or renewing SA now to lock in pricing before the increase.

Used resources:

Wednesday, July 28, 2010

Workaround for: Physical Windows 2008 R2 servers with Teamed NICs do not collect performance data.

29-07-2010 Update: Based on this blog posting I got a good comment that authoring against a computer object is not to be advised, it is better to use Operating System objects for this purpose. So I changed the targeting for this Rule from Windows Server 2008 Computer to Windows Server 2008 Network Adapter and tested it. It works as well. This blog posting has been updated accordingly.

As blogged before I bumped into this issue where teamed NICs on physical Windows Server 2008 R2 servers did not collect any performance data. 

Even though the conclusions as described in that blog posting are correct, I still did not like it. So I put a small MP together (nothing fancy, just straight from the SCOM R2 Console itself) in order to see and test whether I could work around this issue.

Good news I have since I got it working!

Which is great since now performance data can be collected for teamed NICs of physical Windows Server 2008 R2 servers as well!

But first lets take a few steps back in order to see how I got to create the workaround. It is based on these findings:

  1. The Teamed NIC was discovered in SCOM but no Collection Rules ran against it;
  2. In PerfMon of the same server, the instance for the Teamed NIC was not present;
  3. In SCOM the two NICs making up the Teamed NIC were neatly discovered, but no Collection Rules ran against it;
  4. In PerfMon on the same server, the instances for these two NICs are neatly present and show data!

So actually findings  3 and 4 do have some potential. Whenever PerfMon shows a counter with an instance, it can be piped into the SCOM (the Data warehouse DB that is).

But until now SCOM R2 wasn’t very cooperative. Which might seem strange at first but is neatly explained when one takes a look at the discovered network interfaces. It shows also the IP-addresses related to the discovered NICs. The Teamed NIC does have an ip-address but the NICs (the actual ones making up the Teamed NIC) don’t. So by default, no performance collection takes place since there are no IP addresses defined on those interfaces!

So why not try to collect (performance) data since PerfMon shows data coming in on those very same interfaces? Time for a wake-up call in SCOM :).

This is how to go about it:

  1. Create a MP (_Test) in order to differentiate between the real MPs and the test one. (When doing this for real make sure to give it a proper name according the naming conventions of your company);

  2. Open the Management Software of the hardware manufacturer on the related server in order to see what NICs are being used for the Teamed NIC you want to monitor. Write down the names of these NICs, they are needed in the next steps; 

  3. Open the SCOM R2 Console with SCOM R2 Administrator permissions: go to the Authoring Wunderbar > Authoring > Management Pack Objects > Rules. Click right on Rules and select Create a New Rule;

  4. Select Collection Rules > Performance Based > Windows Performance. Select as Management Pack the _Test MP > Next;

  5. Give the Rule a proper Name like: NIC Team Total Bytes Per Second - Adapter xxxx <SERVERNAME> . Add a good Description as well.

  6. Select as Rule Category: Perfomance Collection, Rule Target: Windows Server 2008 Network Adapter and DESELECT the option Rule is enabled > Next

  7. Click on Select > select the related server, select as Object Network Interface > Bytes Total/sec and select as instance the first NIC which makes up the Teamed NIC as found in Step 2;

  8. Set the Interval at a level you think to be appropriate (Not too many times nor too few) >  Next > Optimization can be chosen as well > Create.

  9. Repeat Steps 3 to 8 for the other NIC(s) of the Team as well.

  10. Right click on one of the Collection Rule which has been made in Step 2 to 8 > Overrides > Override the Rule > For a specific object of class: Windows Server 2008 Network Adapter;

  11. Select the related computer > OK > select the option Parameter Name Enabled and set the Override Value to True > Apply > OK.

  12. Repeat Steps 10 to 11 for all other Collection Rules which have been made earlier.

  13. Now patience is needed since it will take a few hours before any data is shown in the SCOM R2 Console and the Reports as well.

How to get some data shown in the SCOM Console in order to see whether all is working?

  • Create a new MP, with the name _Views for instance;
  • In the SCOM R2 Console > Monitoring Wunderbar, right click on the folder _Views and select New > Performance View;
  • Give the View a proper name like Teamed NIC Performance - Total Bytes Per Second;
  • At Show data related to: leave it at its default (Entity) and under Select conditions: select collected by specific rules;
    image
  • Now the Select Rules dialog box appears. Select the earlier created Collection Rules > OK > OK;
  • And after a few hours, after the Rules have been created AND enabled, something like this will be shown:
    image 

How to get some data in a Performance Report?

  • Go to the Reporting Wunderbar > Microsoft Generic Report Library > double click on Performance > Select a From date (yesterday for instance);

  • Click on Change > Click on New Chart > Click on New Series > Click on Add Group > Select the proper server (make sure to select the Windows Computer Class!) > at the Rule section of the screen click on Browse > select the second tab Search by Counter > select as Performance Object Network Interface > click on Search > select the earlier created Rule;

  • Repeat the previous step for the other Rule(s) as well;

  • Run the Report:
    image

Tuesday, July 27, 2010

Empty graphs and reports for NICs based on HP Teamed NIC

28-07-2010 Update: This blog posting describes how to work around it.

Bumped into this issue at a customer. SCOM R2 is deployed, many MPs in place, among them the Server OS MP (of course). Also the Reporting component is installed.

Now came the time to create/publish some good reports, one of them being a Performance Report. This report shows on a per server basis the performance of the disks, cpu’s, memory and NICs. All went just fine until some Server reports did not show any data related to the NICs:
image

Strange. Time to take a deeper dive. I opened the Console the Monitoring Wunderbar > Microsoft Windows Server > Performance > Network Adapter Utilization. I selected a Chart at random and selected the related NICs of the server which showed no data in the earlier mentioned Report. And indeed, no data to be shown. Nothing. Selected another server and now data was shown.

What I noticed however is that the Chart gave me no option to check the relevant NIC of the server. Some NICs were shown but not all. So time to see whether the Discovery process was neatly in place.

In the Console > Monitoring Wunderbar > Discovered Inventory > right click in the middle pane and select Change Target Type. Set it to Windows Server 2008 Network Adapter and click OK. Now the View will show only the discovered Windows Server 2008 Network Adapters.

And here the related NIC was shown! So the NIC was neatly discovered by SCOM R2 but no Collection Rules are running against it. But now I started to see a pattern since the NIC having issues is a teamed NIC, created with 3rd party software. So officially speaking, it is NOT a NIC as seen from a Windows standpoint of View, but a virtual one created by 3rd party software and presented to the OS as a normal one…

So I went back to the reports and the same issue was happening when I targeted teamed NICs.  All other NICs were just fine and made nice graphs in the Reports.

Time for another check. I started PerfMon on the server with the teamed NICs and selected the Counter Network Interface. And now it all became clear: only the physical NICs were shown not the teamed NICs (two in total). Even ran the tool Extensible Counter List tool, (Exctrlst.exe) just to be sure, but it changed nothing.

What is basically comes down to is this:

The Server OS does not monitor teamed NICs since these are created by 3rd party software and therefore not ‘real’ Windows NICs as such.

The server experiencing this issue is a HP server. Even with the HP Proliant MP loaded in SCOM R2 it does not collect any performance data at all :(. So unfortunately, for this server no performance collection for its NICs will take place. On the other hand, many times NICs aren’t really bottle necks any more. CPU’s, disks and RAM are and performance data for those parts is neatly collected.

After story:
After some searching I found this thread on the TechNet OpsMgr Forums. Good to know I came to the right conclusions.

Friday, July 23, 2010

To manually reset or not to manually reset. That is the question.

For any SCOM Admin and/or MP Author, Russ Slaten has written a good posting about the pro’s and con’s of Monitors which need to be reset manually. And how to go about it and what the alternatives are.

Posting to be found here.

All OpsMgr EventIDs at a glance

Daniele Muscetta has created an Excel Spreadsheet which contains ALL OpsMgr events and their description:
 image

A great resource it is! To be found here.

Community MP: Logical Disk Extension Management Pack

A MP from the Community which I really like is the ‘Logical Disk Extension Management Pack’. A colleague of mine told me about this Report and I must say, it works great.

It is based on a MP created by Ziemek Borowski and further developed by David Allen, a British SCOM MVP. This is what he says about this MP:
image

An example of such a Report (it can take a while before it is loaded):
image  

MP to be found here

Groups and SCOM

When Groups are created in SCOM their membership must be calculated. That is, when these are Groups which are dynamically populated. Many times one finds him/her self also creating dynamically populated Groups. These Groups are used for Notifications, scoped Views and the lot.

But these Groups – when created too enthusiastically without much planning – can create issues in any SCOM environment. When one uses too complex regular expressions it will result in a very heavy SQL load that can hang the SCOM Console…

So the OpsMgr Support Team Blog posted an article how to go about it, to be found here.

Nice thing is that Michiel Wouters wrote a posting on this topic as well and posted it on his own blog. This posting is an excellent follow up since his posting contains a PS script which helps to find the heavy Group discoveries.

Thanks Michiel!

AD Integration (ADI)

Yesterday I wrote a posting about ADI for SCOM and how to do some repairs when ADI is removed.

Jonathan Almquist (a SCOM PFE) has written an excellent posting about ADI and its potential pitfalls, ‘AD Integration Considerations’, to be found here. When ever you think you need ADI, read his posting first. Since this posting tells all you need to know about it so you can make the right decision.

MP Authoring Guide is complete

As mentioned in earlier blog posting of mine, Brian Wren was rewriting the MVP Authoring Guide. For a week now the final section went life.

But… this doesn’t mean the Authoring Guide is totally finished now. As Brian states on his blog:
image

So the Authoring Guide will be a life document, which is good.

Complete guide to be found here.

Thursday, July 22, 2010

Active Directory (AD) Integration: When to use it and when NOT to use it and how to get rid of EventID 11463…

This posting is provided "AS IS" with no warranties, and confers no rights.

Bumped into an interesting issue some time ago but I forgot to blog about it. I was a bit too busy I guess.

At a customers site all SCOM R2 Agents were pushed from the Console. So the Agents got their configuration directly during the installation. So no need to use ADI here. And yet, ADI was in place and fully functional. At least, that is what the customer thought to be.
image

Normally it is like this:

  1. SCOM Agents are pushed from the Console:
    ADI will not be used, so no need to configure it.

  2. SCOM Agents are not pushed but manually installed:
    ADI can be used, but when the Agents are manually installed the configuration can be done manually as well.

  3. SCOM Agents are not pushed but are part of a server image or pushed by a mechanism like SCCM:
    Now ADI comes into play and must be configured properly.

So this customer had all the Agents pushed from the Console and ADI in place. And configuring ADI is something which needs to be done thoroughly and wisely. Otherwise a faulty SCP (Service Connection Point) is in place.

But here all was well. SCP was correctly configured even though it was never utilized. So all was just fine. Until one day a Forest was removed and the related Gateway Server as well.

ADI was neatly reconfigured so the changes were properly reflected in SCOM R2. But now errors kept popping up in the Console and in the OpsMgr event log of the RMS:
image

And:
image 

Event Type:    Error
Event Source:    Health Service Modules
Event Category:    None
Event ID:    11463
Date:        xxxxxx
Time:        xxxxxx
User:        N/A
Computer:    xxxxxxx
Description:
OperationsManager container doesnt exist in domain xxxxx.com or the Run As Account associated with the AD based agent assignment rule does not have access to the container. Please run MomADAdmin before configuring agent assignment rules and make sure the associated Run As Account is the member of the Operations Manager Administrator role.

Workflow name: CleanerOf_xxxxxx
Instance name: xxxxx
Instance ID: {724CA3B7-7D52-DD21-9E55-C2202C650EDF}
Management group: xxxxxxx

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Also EventID 11701 (Error calling ADsOpenObject in LDAP probe module) is logged:
image

Even though the SCOM R2 Console does not Alert upon it, this nagging Event must be taken care off as well.

But no where in the SCOM R2 Console was anything to be found about it. No more ADI was in place for the old (removed) Forest nor did the related RunAs Profile (Active Directory Based Agent Assignment Account) contain anything about this Forest. With the tool MomADAdmin was the related SCP neatly removed as well, so nothing wrong there.

Now it was time to take a further look into SCOM R2. So I exported the Default MP, made a safe copy of it and stored in a safe place. I opened the export file (not the safe copy!) in XML Notepad and searched for the entry as stated in the Workflow name, found in the description of EventID 11463:
image

I removed the whole Rule which takes care of EventID 11463.

Now it is time for step 2 which takes care of EventID 11701.

I searched for the entry ldap in the Default MP (be sure it matches the description in EventID 11701). At TypeID I found the entry ldap but just removing this rule is not enough: so I went to the ID of this Rule and copied it. 
 image  

The whole Rule was removed and then I searched for the ID of this rule, this is what I found:
image

Removed the DisplayString as well.

Saved the Default MP. Imported the MP, restarted the Health Service on the RMS and the errors didn’t come back anymore.

How to get rid of nagging EventID 1106

This posting is provided "AS IS" with no warranties, and confers no rights.

At a customer got EventID 1106 (Cannot access plain text RunAs profile in workflow "BLABLA", running for instance "FQDN SERVER NAME") in the OpsMgr event log of the RMS nagging me.

Normally this EventID is about not being able to access a Run As Profile. But this Run As Profile was long time ago removed. Also the server it referred to was also longtime ago removed. But still this EventID kept coming back and biting me:
image

I went through all the Run As Account and related Run As Profiles. But as expected, nothing was to be found there.

So time to take a further look into SCOM R2. So I exported the Default MP, made a safe copy of it and stored in a safe place. I opened the export file (not the safe copy!) in XML Notepad and searched for the entry as stated in the Workflow. Tada! There it was:
image

I removed both sections, and saved it. Imported the MP, restarted the Health Service on the RMS and the errors were gone!

Tuesday, July 20, 2010

How to: Monitor new line entries in a log or text file

The OpsMgr Support Team Blog has posted an excellent article about how to monitor new line entries in a log or a text file with SCOM. They have mirrored it from the Arabic SCCM and OpsMgr Blog.

Posting (in English) to be found here.

Troubleshooting guide for grayed out SCOM Agents

Yesterday Microsoft released a KB article which is really great: it is a trouble shooting guide for grayed out SCOM Agents. It describes different scenario’s why an Agent is grayed out, describes how to recognize such scenario’s (based on EventID’s for instance) and describes how to solve it.

Even when you don’t have grayed out SCOM Agents, it is certainly worth while to read it and mark the KB article as a favorite in IE.
image 

KB2288515 tells it all. Go check it out!

Thursday, July 15, 2010

SCOM Reporting: 27 additional Reports, all about the health of the SCOM Management Group

Today on System Center Central a new MP has been released. This MP contains 27 Reports which contain good information about the Health of the SCOM Management Group:
image

Some samples:

  1. Groups Reports:
    image

  2. Database Usage (Operational Database & Data Warehouse):
    image

  3. RunAs Profiles:
    image

These Reports are all to be found in one MP. Before importing the MP a new Data Source in SSRS has to be created. The document, to be found in the same zip-file which contains the MP, describes how to go about it.

A good MP it is!

MP to be downloaded from here. (Free registration is needed before the MP can be downloaded. And as stated before: RTFM because an additional Data Source has to be created.)

Wednesday, July 14, 2010

Milestone!

Since the 20th of February 2009 I use a small gadget on my blog from ClustrMaps. It keeps track of all the visitors of my blog: not only the total amount is being tracked but also the countries where the visitors come from.

According to this gadget I have reached a milestone: over 100,000 visitors!
image

When I started this blog I never ever expected this to happen! Thanks everybody for spending time on my blog and all your comments! That is what this blog is all about: SCOM and the Community!

Cross Platform e-learning course on TechNet

As we all know is SCOM R2 capable to monitor non-Microsoft environments (aka Cross Platform). However, many of us are Windows oriented so managing non-Windows environments with SCOM R2 can be a challenge.

In order to address this issue a website has been launched by Microsoft which contains an e-learning course about SCOM R2 and managing Cross Platform environments. This site is available for some months already but many people do not know about it.

Therefore, go check it out and learn. A good site it is. Many new things to be learned.
image

Website to be found here.

Tuesday, July 13, 2010

SCOM R2 E-Mail Notifications do not work: Error message ‘Recipient address is not valid’ is shown

Issue:
The SMTP Channel seems to be configured properly but nothing is being send from the RMS. Only this error is shown in SCOM : ‘Recipient address is not valid’:
image

Cause:
When one checks the recipient addresses one will find nothing to be wrong with them. Many times it is caused by the SMTP server which does not allow relaying (which is a GOOD thing).

Resolution: 
The IP-address of the RMS has to be added to the list of servers which are allowed for relaying. Now the RMS is able to send out mail messages.

MP Extension Contest: And the Winner is…

System Center Central organized a contest in order ‘to challenge community members to create management packs that add new capabilities to existing management packs found in the System Center Pack Catalog.

An interesting contest it was. Raphael Burri has won the contest. He wrote an extension to the SQL MP which enables the monitoring of SQL DB Monitoring. This is a much asked for feature in the SQL MP. With the SQL MP Extension Raphael has made this is possible now.

Want to know more? Go check it out yourself here.

New KB Article: Alerts may not get forwarded as expected via a connector

Yesterday a new KB article has been released which describes the issue where Alerts may not get forwarded as expected via a connector.

KB2277825 describes this issue, its cause and how to resolve it.

Friday, July 9, 2010

Tech-Ed Berlin 2010: To Present a Session Or Not. That Is The Question

Wow! Today I sent my ideas about a Session I would like to present at Tech-Ed Berlin 2010 to Microsoft Redmond US.
image 

At the moment I cannot tell what the Session is about. All I can say it is SCOM related… (duh!)

I keep my fingers crossed. Personally I believe strongly in the topic I have chosen and know for sure that I can give a solid and very interesting session about it. Hopefully Microsoft feels the same about it.

To be continued…

New KB article: The monitoring of SNMP devices may stop intermittently

Microsoft has released a new KB article describing an issue where the monitoring of SNMP devices stops and EventID 4000 is logged in the OpsMgr event log.

KB982501 describes this issue, the cause and how to solve it (applying a hotfix).

Pinpoint Management Pack Catalog

The Pinpoint Management Pack Catalog has been given a new home page. It looks very promising since it adds some good filters (Filter by Product and Filter by Company) and on top of it, a good sort option  (Sort by) as well.
image

I have tried the new page in order to search some MPs which were normally very hard to find in the previous versions of Pinpoint. And the good news is, these MPs are easily found now. The filters are really snappy and filters the dataset on the fly.

Some Tips & Tricks:

  1. I want to see the Microsoft MPs only with the most recent one on top
    Go to Filter by Product and select Operations Manager, go to Filter by Company and select Microsoft System Center.  Now all Microsoft MPs are shown with the most recent on top. So with a few mouse clicks one can check very easily whether a new or updated MP has been published!

  2. I want a different sorting
    Notice the prominent Sort By options at the top of the list of results. The default is to sort by Release Date but you can also sort based on Name or Rating.

Go check it out yourself and be surprised. Do not forget to update your favorites referring to the new Pinpoint homepage.

Thursday, July 8, 2010

How to monitor for Opalis Integration Server Platform Events

Microsoft just released a KB article describing how to monitor Opalis Integration Server platforms with SCOM (R2). KB2269622 describes how to go about it.

Updated DHCP MP has been released

Yesterday Microsoft released an updated version of the DHCP MP, version 6.0.6709.0. Changes in this update:
image

MP to be downloaded from here.

Challenge: How to exclude certain servers from being monitored on a certain application?

Bumped into this issue. A customer needs a quick installation of a SCOM R2 environment. Many servers, services and applications have to be monitored. Many MPs are required for this, among them the SQL MP.

But a certain set of servers must NOT be monitored on SQL level since that is done by another company. However, all other components on those very same set of servers must be monitored by SCOM R2 none the less. And to make things a bit more challenging, all other SQL servers present must be monitored by SCOM R2.

So how to go about it? There are multiple approaches available here. But personally I believe in taking care off it at the source and not at the end. Why? It is better to keep the SCOM Console clean of any SQL related Alert from that certain set of servers instead of having the Console displaying anything that the Operators are told to ignore. That is really some noise any SCOM environment can do without. Also it will cause unneeded data in the SCOM R2 databases.

Some MP Theory
(very shallow it is, I know…)

As we all know, any MP starts with some or more Discoveries. These Discoveries detect all MP related components/classes/objects and populate the MP related Groups. Against these Groups is all the monitoring targeted. (This is a huge simplification about how a MP works but this is all we need to know for this blog posting).

Actually, when the Discoveries do not find any SQL server of that particular set of servers, never ever will SCOM R2 monitor any SQL related aspect of those servers. So never ever will a SQL related Alert be raised for them. Time to disable the Discovery of any SQL related component on those servers.

This is what I did:

  1. Created a Group which is dynamically populated with ALL Windows Computers except for the set of servers which must not be monitored (the naming convention used for the servers allowed for an easy to use formula.) ;

  2. Disabled – one by one – every Discovery targeted against SQL 2005 and SQL 2008, targeted against Windows Server (For all objects of class: Windows Server);
    image

  3. Started the PS extensions for SCOM R2 where I ran this cmdlet: Remove-DisabledMonitoringObject. This empties all Groups which have been populated by the in Step 2 disabled Discovery;

  4. Enabled explicitly the Discovery with an override where used the Group (Override > For a group…) created in Step 1.

  5. Reran Steps 2 to 4 for every SQL related Discovery.

After some time the SQL Server Views in the SCOM Console dropped all SQL Servers of that particular set of Servers. All other SQL Servers returned neatly in those very same Views.

Wednesday, July 7, 2010

New KB article: SCOM Web Console on Windows Server 2008 fails to open

Microsoft has released a new KB article describing an issue where the SCOM Web Console installed on a Windows 2008 Server fails to open. Instead it shows this error: ‘Error: Could not load file or assembly 'Microsoft.ReportViewer.WebForms, Version=9.0.0.0’.

KB2010168 describes this issue, its cause and how to solve it.

Tuesday, July 6, 2010

Installation error when installing a SCOM R2 Management Server: ‘Error validating current user and server’

Bumped into this issue today at a customers site. SQL, RMS and Reporting were already in place and fully functional. Time to install a SCOM R2 MS.

All seemed to running just fine until I had entered the credentials for the SDK Account. Setup stalled too long and threw this error:
image

? What?!

Time to check the OpsMgr event log of the RMS:
image

EventID 26319? But that event is mostly to be found in old Windows Active Directory environments (Windows 2000 environments or Mixed Mode environments) and not in a AD domain which is more modern. In those days one had to add the SDK account to a special Global Group. But that is not the case here. Also, the SDK account is just fine. Otherwise the other SCOM R2 Servers would not have been installed without any glitch.

Also, the server to become a MS has not a SCOM R2 Agent installed, nor does it host the SCOM R2 Gateway Server role. Nor is it Agentless Managed. This server is totally new and up to specs. So what is happening here? It can’t be any authorization issue either since the installation is run under my special installation account which has all the needed permissions.

No matter what I tried, the same error kept coming back biting me. So I cancelled the installation and examined the logfile (%temp%, MOMxxx.log). But nothing there to be found. Only that the SDK account could not be verified. Nothing new. No more details.

Checked the firewall settings, the RMS (again), the SDK account, the account of the server to become the MS. But nothing at all. All seemed just fine. Nothing exceptional. AD replication was running smoothly as well. So I was running out of options…

Now it was time for a different approach. Like I already blogged about when installing the RMS and testing the Web Console afterwards, many times it throws an error. But after a reboot, all is well. Could it help here as well?

So I rebooted the server and ran setup again. Same error! Hmm. Before taking a real deep dive I decided to reboot the RMS. Easily to be done since SCOM R2 is still under construction.

After that the installation just ran fine! It still puzzles me though. Perhaps did the reboot reregister some accounts/services which were not too happy before the reboot took place.

Being a SCOM consultant is never ever dull. Always something new to experience :).

Friday, July 2, 2010

New KB article: Console fails with "The client has been disconnected from the server" exception

Microsoft has released yesterday a new KB article which describes the issue where the SCOM Console fails on opening with the following exception: "The client has been disconnected from the server".

KB article KB2262476 describes this issue, what causes it and how to solve it as well.

Updated core MP for SCOM R2 has been released

For almost a week now has the new core MP for SCOM R2 been released:
image

This MP is a continuation of the Health Checks the previous updates of the Core MP for SCOM R2 introduced. SCOM R2 checks itself even more thoroughly than before which is good.

As is the case with ALL MPs: RTFM first!!!

MP to be found here.

Thursday, July 1, 2010

AD MP throws error: ‘Health Service Credentials Not Found Alert Message’

Had this issue at a customers site. The AD MP had been imported and configured. Also replication monitoring was configured. For this a Run As Profile within SCOM has to be configured (AD MP Account).

All was set as it should but still the DCs raised this Alert in the Console: ‘Health Service Credentials Not Found.’ And: ‘An account specified in the Run As profile "Microsoft.Windows.Server.AD.ActionAccountProfile" cannot be resolved.’.

So time to check everything. An AD account with sufficient permissions was in place and operational. Not blocked, what so ever. The account was neatly added in SCOM as a Windows Run As Account. This account was added to the related Run As Profile.

Of course, for the Run As Account the ‘More Secure’ distribution type was selected. Also the correct DCs for this Run As Accounts were selected.

Time to move on to the Run As Profile. Especially the third option Run As Accounts is important here.
image

Hmm. All seemed to be well. But when the Alert was closed and on the related DC the Health Service was restarted, the Alert reappeared. So somehow it did not work as it should.

Since the account itself and the Run As Account in SCOM are OK, the cause had to be found in the Run As Profile. Perhaps in this case more granular targeting was needed?

So I removed the earlier Run As Account from that Profile and added it. However, this time it was targeted directly at the DCs, like this:
image
At the ‘This Run As Account will be used to manage the following objects: hit the Select button > choose Object.

image 
In the Look for: box select Windows Computer and in the Filter by: box, type the name of the DC and click OK > OK.

Repeat these steps for all DCs. When complete, the list looks a bit like this:
 image

Hit the button Save and be fine.

Close all Alerts from these DCs about ‘Health Service Credentials Not Found.’.

Now when the Health Services of the related DCs are restarted, the Alerts won’t return.