Thursday, September 29, 2016

SCOM 2016 PowerShell: 12 New PS CMDLETS, 3 Gone

With SCOM 2016 there are 12 new PS cmdlets and 3 – present in SCOM 2012 R2 – are gone.

These are the goners, all SCOM CEIP (Customer Experience Improvement Program) related:

  1. Exit-SCOMCEIP
  2. Join-SCOMCEIP
  3. Test-SCOMCEIP

Which makes sense since in SCOM 2016 CEIP is replaced by Diagnostic and Usage data.

  • SCOM 2012x CEIP:
    image
  • SCOM 2016 Diagnostic & Usage Data:
    image

New PS cmdlets in SCOM 2016 are related to two items:

SCOMTelemetry, 3 cmdlets:

  1. Disable-SCOMTelemetry
  2. Enable-SCOMTelemetry
  3. Get-SCOMTelemetry

The Help option in PS doesn’t reveal much. However my guess is these cmdlets are possibley connected with an application insights functionality. Perhaps OMS based. We’ll see.

SCOMMaintenanceSchedule, 9 cmdlets:

  1. Disable-SCOMMaintenanceSchedule
  2. Edit-SCOMMaintenanceSchedule
  3. Enable-SCOMMaintenanceSchedule
  4. Get-SCOMMaintenanceSchedule
  5. Get-SCOMMaintenanceScheduleList
  6. New-SCOMMaintenanceSchedule
  7. Remove-SCOMMaintenanceSchedule
  8. Stop-SCOMMaintenanceSchedule
  9. Update-SCOMMaintenanceSchedule

This is because (finally) SCOM 2016 supports out of the box the creation of Maintenance Mode schedules. And of course, this new functionality requires PS cmdlets as well.

How this posting came to be
Based on this posting of fellow MVP Stefan Roth I did my research. However, I did some minor adjustments.

First I had two txt files created with all SCOM related PS cmdlets, one for SCOM 2012 R2 (UR#11) and another for SCOM 2016 Eval. However, I had all the spaces removed as well in the txt files, using these lines of PS code:

SCOM 2016:
Get-Command –Module OperationsManager | Select-Object Name | Out-File C:\temp\SC2016PS.txt
$content = Get-Content C:\temp\SC2016PS.txt
$content | Foreach {$_.TrimEnd()} | Set-Content C:\temp\SC2016PS.txt

SCOM 2012:
Get-Command –Module OperationsManager | Select-Object Name | Out-File C:\temp\SC2012PS.txt
$content = Get-Content C:\temp\SC2012PS.txt
$content | Foreach {$_.TrimEnd()} | Set-Content C:\temp\SC2012PS.txt

Then I put both files in the same folder and ran these lines of PS code:
$SC2012PS = Get-Content C:\temp\SC2012PS.txt
$SC2016PS = Get-Content C:\temp\SC2016PS.txt
Compare-Object $SC2012PS $SC2016PS

This is the output I got:
image

SCOM 2016 Web Console: No More Silverlight Dependency. Really?

SCOM 2007 up to SCOM 2012 R2
Even though SCOM is a great monitoring solution, it has some challenges, one of them being the SCOM Web Console. A major drawback is it’s dependency of Silverlight. As a result it only runs in IE, this in the age where tablets are widely used, running other browsers. So the SCOM Web Console has very limited usage.

And when you run the SCOM Web Console in IE, it’s painfully slow and shows only a subset of the information, presented in the SCOM UI. Ouch! So for quite a long time, I don’t install the SCOM Web Console anymore, unless the customer insists on it.

A 3rd party ecosystem has grown instead, delivering very mature solutions which have outgrown the SCOM Web Console by far. Think about companies like Savision and SquaredUp with their flagship products. Even though the differences between both products are big, they share common ground like being HTML5 based and smart coding, ensuring the Consoles are fast and stable. As a result these Consoles run on a plethora of browsers, thus platforms.

Compared to the SCOM Web Console, these 3rd party web based consoles are like Porsches and Ferrari’s whereas the SCOM Web Console is more like a Trabant, looking at the technologies being used.
image

SCOM 2016 & the ‘revamped’ Web Console
For some days now the eval bits for System Center 2016 are available for download, among them SCOM 2016. Rumors are that the SCOM 2016 Web Console is based on HTML 5 AND has no more Silverlight depedencies.

Perhaps Savision and SquaredUp have to fear for their markets? Time to test it!

For one thing, the SCOM 2016 Web Console runs on different browsers now! Awesome!

Google Chrome seems to work:
image

Mozilla Firefox seems to work:
image

Safari hangs. The basics aren’t properly loaded (higlighted in yellow), making it unresponsive:
image

IE works (of course):
image

It still has the old look & feel as present in the SCOM 2012x Web Consoles. So you could say it’s just the old SCOM Web Console but now based on HTML5. Nothing fancy here. But it finally seems to work on other browsers besides IE, which is good.

No more Silverlight?
When I started clicking through the Web Console in a non IE browser and tried to open any dashboard view I became very disappointed. Why? Just read on…

Google Chrome:
image

Mozilla Firefox:
image

Silverlight is still alive and kicking…
What is happening here? Let’s open the same view in IE since I fear something isn’t right here…

IE shows us the culprit:
image

OUCH!!! So Silverlight is still required in order to use the SCOM 2016 Web Console!!! This is bad news, rendering the ‘new’ SCOM 2016 Web Console pretty useless since you can only run it ‘completely’ in IE, meaning that all Views will work WHEN Silverlight is installed and properly configured.

Verdict
Savision and SquaredUp can have a big laugh and relax. Their eco system isn’t at any risc at all but just got better by this ‘revamped’ SCOM 2016 Web Console. More disappointed customers I guess, looking for alternatives.

Somehow Microsoft finds it difficult to ditch the Silverlight dependency in one step and seems to require more time to get it right. Perhaps when an Update Rollup comes out, the SCOM 2016 Web Console will loose that depedency. But until then, this Web Console is just as ‘usefull’ as the previous versions.

In the end, the SCOM 2016 Web Console is nothing but a pimped Trabant. The shell has gotten an overhaul but inside it’s still a Trabant. And I don’t know about you, but in this age I don’t want to own a car like that.
image

Time to buy me that Porsche or Ferrari!

Wednesday, September 28, 2016

System Center 2016 Evaluation Bits Are Available!!!

Wow! Finally the System Center 2016 Evaluation bits are available for download!
image

Want to test drive them yourself? Go here.

Wednesday, September 21, 2016

PowerShell: SCOM Health Check HTML Report v2.3

Some background information & how version 2.1 came to be
Almost a year back I posted a PS script for the SCOM Health Check Report. And NO, that script wasn’t made by me, but by Jason Rydstrand for SCOM 2007x. Later on fellow MVP Scott Moss rewrote that PS script for SCOM 2012x. Back then I added some additional information to that Report and shared that with the community.

Version 2.3
From that moment on I used that Report on many occasions, adding/modifying the PS code as I got along. Many of these modifications came to be based on customer feedback. Also I fixed some issues and modified the formatting in the Report for improved reading. An overview of the most important modifications I made:

  • Added GW Server Primary & Failover MS server information;
  • Added warning when no Failover MS server for GW server is detected;
  • Added Generic Alerts Overview section;
  • Fixed issue where Unhealthy SCOM Agents table didn't show in report;
  • Fixed issue where SCOM Agents in Maintenance Mode table didn't show in report;
  • Fixed issue where SCOM Agents in Maintenance Mode table missed Maintenance Mode Comments;
  • Added report section with SCOM license information;
  • Added detection and warning when only one SCOM MS server is present;
  • Modified report formatting for improved reading experience.

How to use it
That’s pretty easy. Best way to do is to run it from any SCOM Management Server. Otherwise from a system where the SCOM 2012x Console is installed. In the latter situation please ‘activate’ and modify lines 45 & 46.

Also adjust the customer/company name in line 65. This will personalize the report for your usage.

Some screenshots of the Report
Here are some examples of the SCOM Health Check Report v2.3.

Don’t forget to modify line 65 as mentioned earlier, otherwise the report has this default company name:
image

Say hello to the new formatting which improves the overall reading experience:
image

And:
image

Some new sections:
image

SCOM GW server section:
image

Same section, in another SCOM MG with multiple GWs, configured in failover mode:
image

Now with one GW server not configured for failover:
image

Where to get it?
I’ve uploaded it to TechNet Gallery, to be found here.

Credits
As stated earlier, the basis of this PS script isn’t written by me. Instead Jason Rydstrand wrote the PS script for SCOM 2007 and Scott Moss rewrote it for SCOM 2012x. I just added some additional stuff, that’s all. So all credits go to Jason Rydstrand and Scott Moss.

When you think you can add some use full code as well, feel free to do so. Contact me and I will update this posting accordingly.

Sharing is Caring!

Thursday, September 8, 2016

OMS Solution ‘Security & Audit’ vs SCOM ACS: And The Winner Is OMS! (Thanks To Wei Hao Lim)

Some history of ACS
In all the years SCOM is available, as a side solution ACS (Audit Collection Services) is wrapped in it, enabling organizations to audit their IT systems and produce audit reports. By default this solution is disabled when SCOM is installed, but can be enabled and – after some additional configuration and installation of additional components – used.

On paper it’s awesome. But in real life ACS misses out on a lot of things, like (but not limited to):

  • No high availability. It can be achieved, but only as workarounds with the possibility of duplicate – or even worse – loss of data (I’ve done some pretty deep research when I wrote the chapter ‘Complex Configurations’ for System Center 2012 – Operations Manager Unleashed book, so I am pretty sure here Smile);
  • Monster sized ACS databases when the retention is set higher then the default of 14 days which isn’t enough for most customers I know. I’ve seen ACS databases of 4 TB!;
  • ACS Reports timing out because of the monster sized databases;
  • No archiving solution out of the box. For some time a 3rd party delivered this solution (Secure Vantage Technologies, SVT), but they asked outrageous prices so I never ever had a customer using it. And now SVT is no more.

As such, ACS never really took off and became (sadly) an obscure feature. Funny in it’s own way but never functioning well enough for enterprise environments (out of the box that is). One customer I know got it working but only with many additional customizations and programming, resulting in a non-supported custom solution…

And today ACS is still available, and will be available as well when SCOM 2016 sees the light. And yes, in the past years support for UX systems is added, as well the support for Windows Server 2008/2012 which uses other Event ID numbers for all their events, the security ones included.

But still, I don’t recommend it to any organization which is looking for a serious IT auditing solution. Period.

Back to the future and today
However, as we all know has Microsoft focused itself on the cloud en hybrid workloads. Their offering of cloud based services is huge. IaaS, PaaS and SaaS alike and many other forms as well.

One of those offerings is OMS, which is growing in functionality, capability and supportability by the month. Each functionality in OMS is available as a Solution. And one of them is Security and Audit:
image

And this Solution is very good AND very fast, simply because the backend – required to run the queries – is huge, far more bigger than any enterprise organization will ever have for it’s own.

Yes, this Solution collects a HUGE amount of data (also depending on how servers upload their data AND what kind of audit policies you’ve got in place). And the more data you upload, the more money you pay. But you know, security is key to many organizations, which should be reflected in the available budgets. And don’t underestimate the on-premise auditing solutions, requiring lots of hardware, maintenance, energy and so on. Also not very cheap Smile.

OMS solution ‘Security & Audit’ vs SCOM ACS
So here we are. We can choose for SCOM ACS with all the limitations, or for OMS (pay as you go) with the Solution Security and Audit. Where the latter can unleash enormous calculation power, helping you to drill through a mountain of data, like it’s nothing!

But wait! How about those queries? Because in ACS their are about 20+ pre canned Reports. Just click on them, fill out some fields and you’ve got yourself a nice auditing report (when the ACS database isn’t too big that is…).

In OMS however, even with the solution Security & Audit enabled, you still need to build some challenging queries in order to get back some valid auditing information. Ouch! For sure, the same solution contains some pre canned search queries as well, but still some additional effort is required when needing more detailed information, like the pre canned SCOM ACS Reports…

This is where Wei Hao Lim comes in
Some years ago I met Wei Hao Lim. His knowledge and skills amazed me, since he’s just a beast (in a positive way that is). Soon after I met him he joined Microsoft (they recognized his skills as well I guess Smile) in the role as Senior PFE. In that role he started blogging, where each posting is of very high quality. I’ve learned a lot from him.

In one of his latest posting he shares the OMS search queries, mapped to the pre canned SCOM ACS Reports! Which is awesome since these OMS search queries can be saved so you can use them another time far more easier.

So now all is complete!

Still using SCOM ACS? Time to move to OMS solution ‘Security & Audit’
So you’re using SCOM ACS and frustrated because of the limitations? Why not try OMS with a free data plan, enable the Security & Audit solution in order to experience the difference. And yes, visit Wei’s blog for the correct OMS search queries.

Please know this: When using OMS with the free data plan, the daily upload of data is capped to 500 MB. When the solution Security and Audit is enabled, and some servers are connected to OMS, their upload of data will exceed the 500 MB. So start small, and when adding more servers, change to a paid data plan since otherwise the collected data will have gaps, because of the dropped data, exceeding the daily limit of 500 MB based on the free data plan.

Credits
A big thanks goes out to Wei Hao Lim for sharing.

OMS IP Bug: ‘Operations Manager Failed to Access the Windows Event Log’ SCOM Alert

Issue
A customer of mine who has one of his SCOM environments connected with OMS reported me that they saw the Alert ‘Operations Manager Failed to Access the Windows Event Log’ coming in for many SCOM managed servers, but not all of them. They noticed the Alert was all about trying to access a non-existent event log, ATA?

Time to investigate
As it turned out, this Alert about not being able to access the ATA event log, only happened on a subset of SCOM managed servers. As stated before, the particular SCOM MG is connected to OMS. And in OMS a Group of computers is managed by OMS. And for all those servers, this Alert pops up.

The non-existent event log, ATA is all about Microsoft Advanced Threat Analytics. And the specific Rule causing this Alert is Microsoft.SystemCenter.CollectATAEvents:
image
This Rule comes from the MP Microsoft System Center Advisor Advanced Threat Analytics.

What surprises me here is the targeting of the Rule. One of the basics MP authors are taught (even though I am not a MP author, I am familiar with the foundation and the rules), is NOT to use the Windows Computer Class as a target. Simply because it’s to broad! Like using buckshot instead of a well aimed bullet…

And yet, this Rule is like buckshot:
image
Ouch!

And even though this Rule is disabled by default, it’s enabled for the Group Microsoft System Center Advisor Monitoring Server Group:
image

And this Group is populated with all the SCOM managed servers who’re also connected to OMS. And none of those servers has an Microsoft ATA event log, even though this Rule wants to connect to it:
image

But when looking deeper into this Rule, it looks even weirder since the Rule doesn’t contain any filters at all?
image
Wow, when an ATA log is present it basically means EVERY ATA event is uploaded to OMS. How much data is that? Consider this running for hundreds of servers….

So now we have the culprit and the cause. Time to solve it.

Workaround
Since this is a badly written Rule but we don’t have access to the source code, we need a workaround which is nothing more than an Override in order to disable it.

In this case I set an Override (Disable) for the Group Windows Server Computer Group and also ENFORCED the same Override in order to be 100% sure it’s effective:
image

Case closed.

Thursday, September 1, 2016

OMS & X-Plat

OMS is an ever evolving Azure based service. New features, functionality and extensions are added on a monthly basis. The push behind it is huge and very impressive.

For a few weeks now OMS supports multiple Linux operating systems, and different versions and editions as such:

So OMS shows that Microsoft isn’t only about Microsoft anymore. Instead, other non-Microsoft based technologies are fully supported as well. Totally awesome!

Want to know more? Go here.

OM12 R2 UR#11 Released

Yesterday Microsoft released Update Rollup 11 for SCOM 2012 R2, per KB3183990.

The fixed issues are quite numerous:

  1. Network discovery fails because of monitoring host crash if no paging file is set on the operating system;
  2. Backport PuTTY 0.64 and 0.66 updates from 2016 release;
  3. Update Register-SCAdvisor cmdlet for WEU workspaces;
  4. ACS eventschema.xml has incorrect parameter mappings for multiple audit events;
  5. Memory leak when monitoring network devices by using SNMPv3;
  6. Web Console user can view datawarehouse performance or SLA widget data outside of their scoped dashboard views;
  7. Downtime duration doesn't take business hour into consideration;
  8. Cisco 3172 PQ network device certification issues;
  9. Adding SCOM assessment links in the Operations Management Suite view in the SCOM console;
  10. SQL Server Seed relationship with a server that is running Windows;
  11. Alert subscriptions are not always fired for 3 state monitors;
  12. When you connect SCOM to OMS, Availability monitors health state of some management servers changes to Warning state;
  13. RunAs Account password expiration does not work with Active directory Password Settings Objects that breaks the validation of LOCAL User Accounts;
  14. MPB Entries in Catalog database for the VersionIndependentGuid column is updated;
  15. If the first try of importing MPB failed then re-importing the MPB was not possible until the SCOM console is closed and reopened;
  16. Change of the displayname field for a group in a sealed or unsealed management pack.

Support added for Linux OS version:

  1. Ubuntu Linux 16.04 LTS (x86 and x64)

Fixed issues for the UX\Linux MPs:

  • During UNIX/Linux computer discovery, the GetOSVersion.sh script is run with sudo elevation if a sudo-enabled user is selected for Discovery;
  • Scripts executed by the ExecuteScript method in Management Packs always run from the /tmp folder;
  • UNIX or Linux computers together with sshd versions that implement the Key Exchange Algorithms described in RFC 4419, such as Ubuntu 15.10, cannot be discovered with the Discovery Wizard;
  • Network statistics collected on AIX servers are reset when another tool such as NetStat is also used;
  • Physical disks are shown incorrectly as offline if an LVM snapshot is taken.

Resources:

Warning:

As before: TEST it before rolling it out in PRODUCTION.