Friday, 5 February 2016

Exchange Database - Low Space Warnings

After implementing Exchange monitoring in Operations Manager you may notice alerts for low volume space that you may not expect.  This is caused by the Exchange Health monitor being set too high for your environment.

Alerts will look like this, however when you look at the alert you will find more than enough space!

[DataProtection Alert] (SERVERNAME) Database 'EXCH-DB14' is low on log volume space.

Below will set the global permanent override to reduce the threshold to 10Gb, changing the version to match my Exchange Version.

Add-GlobalMonitoringOverride -Item Monitor –Identity MailboxSpace\StorageLogicalDriveSpaceMonitor -PropertyName MonitoringThreshold -PropertyValue 10 -ApplyVersion 15.0.1104.5

After the override is added you will need to restart the Exchange Health Service.

Thursday, 28 May 2015

Cireson – Change default templates

 From the Service Manager Management Server console:


  • Open the ‘Service Manager Shell'
  • Run the following PowerShell to return all the Template Objects
Get-SCSMObjectTemplate | Sort-Object TypeID, DisplayName | Format-Table DisplayName, Name


  • Copy the Name text from the Name column you require
  • Open up SQL Server Management Studio
  • Navigate to the ‘ServiceManagement’ Database
  • Expand Tables
  • Right Click ‘dbo.SettingsItem’ and Click ‘Edit Top 200 Rows’
  • Search the results and locate the Default Template rows



  • Update the ‘Value’ of the Template you wish to change with the Name value copied from the PowerShell output
  • Alternatively if you are using version 3.7 or above of the Cireson Portal, click the ‘Admin Settings’ menu item
  • Scroll to the bottom of the web page and click the ‘Settings Items’ button
  • From here you can also change the database settings



  • Restart the Cireson Website for the changes to take affect

Friday, 17 April 2015

Using PowerShell to Repair SCOM Agents

Quite often after installing Operations Manager Roll-ups you may notice that even after updating all of your managed Agents some still report as being on the wrong patch level.


This is often common and can be frustrating so I knocked up this little script that will run a repair on the agents and (hopefully) resolve the issue.

If (!(Get-Module -Name OperationsManager))

{

    Import-Module -Name OperationsManager

}



$Creds = Get-Credential

$Rollup = "*UR5*"



New-SCManagementGroupConnection -Credential $Creds -ComputerName YOURSCOMSERVER



[Array]$AgentstoUpdate = Get-SCOMAgent |

Where-Object -FilterScript {

    ($_.Patchlist -notlike $Rollup) -and ($_.Patchlist -notlike '')

} |

Select-Object -Property DisplayName , PatchList



Foreach ($i in $AgentstoUpdate)

{

    Try

    {

        Write-Output 'Submitting Repair Request for ' $i.DisplayName

        Get-SCOMAgent -DNSHostName $i.DisplayName | Repair-SCOMAgent -Actionaccount $Creds

    }

    Catch

    {

        Write-Output 'Failed to Submit Repair Request for ' $i.DisplayName

    }

}

Tuesday, 14 April 2015

Robert Ryan - Co-Aurthor for:

Microsoft System Center 2012 R2 Operations Manager Cookbook

Learn how to deploy, configure, and maintain System Center Operations Manager with 50 recipes designed to help you meet the challenges of managing a complex IT system

Who this book is for

If you are tasked with monitoring the IT infrastructure within your organization, this book demonstrates how System Center 2012 R2 Operations Manager offers a radical and exciting solution to modern administration.


https://www.packtpub.com/virtualization-and-cloud/system-center-2012-r2-operations-manager-deployment-and-administration-cook

http://www.amazon.co.uk/Operations-Manager-Deployment-Administration-Cookbook/dp/1782176241



Friday, 20 March 2015

Cireson Management Pack for Operations Manager 2012 R2 Update

SCOM Management Pack for Cireson Self Service/Analyst Portal Release 2

If you use Cireson's Self Service/Analyst Portal, you'll probably
already know that keeping the CacheBuilder service happy is
integral to keeping everything ticking.

The CacheBuilder service is pretty good for reporting its health. The
CacheBuilder service will write into the event log and there is also a
log in the Cireson Portal bin directory. 
But what happens if you fail to notice an error...

Details on the 1st release of this management pack can be
found on Rafael Delgado's BLOG.

New Features in this release:
  • Cireson Portal Server Properties View
    • DB Server
    • DB Name
    • Debug Level
    • CacheBuilder User
  • Cireson Support Portal Web View
  • Task Status View
  • Tasks
    • Change the logging level, DEBUG or ERROR
    • Restart the CacheBuilder Service
    • Restart the WWW Service
    • Re-Sync the CacheBuilder
      • Requires you to run the task with a user of sufficient rights
Requirements

The servers with the Cireson Portal installed will need to have IIS 6 WMI
compatibility tools installed.

Download

Download from the Technet Gallery here

Screenshots







Monday, 2 March 2015

Configure WAP for SSL Certificates


Embarking on this work I followed this excellent Blog post by Anders Ravnholt which led me to add notes on my experience of setting up WAP Certificates, Anders expands on other sections which I felt are not worth re-writing.

Anders Blog post can be found:
http://blogs.technet.com/b/privatecloud/archive/2013/12/10/windows-azure-pack-reconfigure-portal-names-ports-and-use-trusted-certificates.aspx

Setting up the Windows Azure Pack to use SSL Certificates:
My reference notes:
1)      Pre Requisites:

a)      Presumes you have the standard WAP Express installed

b)      Assumes you have your own local Certificate Authority or access to the Certificates needed

c)       Appropriate permissions

d)      SSL Certificates

i)        For this I will use three Certificates generated from my Certificate Authority

(1)    Azure.domain.local

(2)    AzureAdmin.domain.local

(3)    WAPHost.doman.local

e)      DNS Entries

i)        Create the following DNS A Records:

(1)    Waphost.domain.local                   10.10.1.123

(2)    Azure.domain.local                         10.10.1.123

(3)    AzureAdmin.domain.local            10.10.1.123

2)      Install all three Certificates on to WAPhost.domain.local

3)      Configure up IIS ports and bindings as follows:




As you may notice above we have two sites that share the 443 binding. It is important that when setting the certificate on these two site you ensure the host name and Require Server Name Indication check box is ticked. Failing to do this will present an error and will set the 443 sites to both use the same certificate which is not desired.

For more information see:

http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability

Edit the bindings on both the MgmtSvc-AdminSite and MgmtSvc-TenantSite respectively ensuring you set the correct Host Name, SSL Certificate and that the SNI checkbox is ticked.




Authentication is set depending on your requirements and settings below are for example purposes only, however for this installation the following authentications were set:

Site
Authentication
MgmtSvc-SQLServer
Anonymous
Azure.domain.local
MgmtSvc-WebAppGallery
Anonymous
Azure.domain.local
MgmtSvc-WindowsAuthSite
Windows, Anonymous
WAPHost.domain.local
MgmtSvc-TenantAPI
Anonymous
Azure.domain.local
MgmtSvc-AdminAPI
Anonymous
Azure.domain.local
MgmtSvc-TenantPublicAPI
Anonymous
Azure.domain.local
MgmtSvc-Usage
Anonymous
Azure.domain.local
MgmtSvc-UsageCollector
Anonymous
Azure.domain.local
MgmtSvc-Monitoring
Anonymous
Azure.domain.local
MgmtSvc-ConfigSite
Windows
Azure.domain.local
MgmtSvc-AuthSite
Windows
Azure.domain.local
MgmtSvc-AdminSite
Windows
AzureAdmin.domain.local
MgmtSvc-TenantSite
Anonymous
Azure.domain.local

From an elevated PowerShell prompt with a user with sufficient permission, run the following commands:

Note: SQL connections strings can be modified to use explicit connection details if required.

If not already imported, import the module:
Import-Module -Name MgmtSvcConfig

Admin Portal:

Set-MgmtSvcFqdn -Namespace "AdminSite"
-FullyQualifiedDomainName "AzureAdmin.domain.local" -Port 443 -Server
"YOURSQLSERVER"

Set-MgmtSvcRelyingPartySettings –Target Admin
–MetadataEndpoint 'https://WAPHost.domain.local:30072/FederationMetadata/2007-06/FederationMetadata.xml'
-ConnectionString "Data Source= YOURSQLSERVER;Integrated Security =
True"

Note: You may have errors running the next command which will more than likely be permission related, as a work around set the site to Anonymous Access temporary and remember to set it back afterwards.

Set-MgmtSvcIdentityProviderSettings –Target Windows
–MetadataEndpoint 'https://AzureAdmin.domain.local/FederationMetadata/2007-06/FederationMetadata.xml'
-ConnectionString "Data Source= YOURSQLSERVER;Integrated Security =
True"

Tenant Portal:

Set-MgmtSvcFqdn -Namespace "TenantSite"
-FullyQualifiedDomainName "Azure.domain.local" -Port 443 -Server
" YOURSQLSERVER "

Set-MgmtSvcFqdn -Namespace "AuthSite"
-FullyQualifiedDomainName "Azure.domain.local" -Port 444 -Server
" YOURSQLSERVER "

Note: You may have errors running the next command which will more than likely be permission related, as a work around set the site to Anonymous Access temporary and remember to set it back afterwards.

Set-MgmtSvcIdentityProviderSettings –Target Membership
–MetadataEndpoint 'https://Azure.domain.local /FederationMetadata/2007-06/FederationMetadata.xml'
-ConnectionString "Data Source= YOURSQLSERVER;Integrated Security =
True"

After following the above steps I recommend that you restart IIS to ensure everything is set as expected. Once IIS has been restarted you should be able to test the following website:

https://Azure.domain.local

https://AzureAdmin.domain.local


Thursday, 30 October 2014

Dynamic Parameter and Value String Creation PowerShell

Whist working on a larger script with my colleague Rafael we found a need to build up a commands parameters on the fly before Invoking the command.  The reason is, we wished to only include the parameters and values which had been specified in our XML settings file.

We then created this handy function that along with some If Statements we could manipulate the string how we needed.

The function will also handle $True and $False values, if by some chance you need this to be True and False instead you may need to tweek the function.

Raf also amended the function to include an option for ignoring "SpeachMarks" just in the event you needed it to :)

At the end all you would need to do to run your command would be something like this:
Invoke-Expression $ADRCommand

The Function is as follows:
$Global:ADRCommand = "New-CMSoftwareUpdateAutoDeploymentRule"
Function Add-ToString([string]$parameter, [string]$value,[boolean]$IgnoreSpeechMarks)
{
if ($value -eq "True")
{$Value = '$True'
$Global:ADRCommand += " " + $parameter + " " + $Value
}
elseif ($value -eq "False"){$Value = '$False'
$Global:ADRCommand += " " + $parameter + " " + $Value
}
Else
{
if($IgnoreSpeechMarks = $True)
{
$Value = $Value -replace "'",""
$Global:ADRCommand += " " + $parameter + ' ' + $Value
}
else{$Global:ADRCommand += " " + $parameter + ' "' + $Value + '"'}
}
}

Blog Archive