Joe Thompson

  • Joe Thompson changed their profile picture 5 months ago

  • For those doing dashboards and reporting, we have come to depend on base classes that role up different versions of classes in SCOM. Microsoft seems to have broken than rule for SQL Server 2014 and beyond…
    I o […]

  • The PowerShell Deployment Toolkit (PDT) is a set of scripts and knowledge for automated deployment of Microsoft System Center 2012 SP1/R2, including SQL all prerequisites, and all automatable post-setup […]

  • I don’t know about extending, but if you have a license key from Microsoft, you can use the Set-SCOMLicense cmdlet

  • I recently had an issue configuring the SharePoint 2010 management pack in a new Operations Manager 2012 R2 environment. When running the Configure SharePoint Management Pack (SCOM 2012) task, I received the […]

  • Great script, just one edit…

    $mps = Get-SCOMManagementpack | Where-Object {$_.Sealed -eq $false}

  • Add the watcher node computer account to RTCUniversalReadOnlyAdmins group – Which team should do this step SCOM team or Lync Team (This is a domain group, so someone with permissions to update membership of an AD domain security group)

    Run SCOM Lync Watcher component installer on Watcher Node(SCOM team) -am from SCOM team but am not sure w…[Read more]

  • You can use an Include Collection if you have an AST collection that maintains the list of computers you need in the maintenance window.

  • Tao, would like to thank you for this great script. I had a requirement to do the same with Operations Manager, and with a single line code change, it works great!

    To use with Operations Manager, you do not need username and password if you are running with an admin account..

    #Connect to SCOM Management Group
    Write-Host “Connecting to…[Read more]

  • I recently had a problem SCOM Gateway installation thrown my way at a customer site and ran into an interesting issue when configuring multiple gateways communicating with several management servers for […]

    • Hey Joe, I have seen this as well. I keep this OpsMgr Authentication Event Reference handy – http://www.systemcentercentral.com/wiki/operations-manager-wiki/operations-manager-authentication-event-reference/

      Your findings seem to match what this resource says.

  • Welcome to Day 8 of the “100 Days of DevOps with Powershell”! For background on our goals in this series, see Announcing the “100 Days of DevOps with Powershell” Series here at SCC.

    Up to this point, my primary experience with PowerShell Desired State Configuration (DSC) has been in push mode. We typically use DSC to quickly push new configurations, install utilities and even configure Microsoft System Center 2012 in our lab and training environments.

    As discussed by Pete and many others, DSC can also be setup in “pull mode” whereby the client endpoints Local Configuration Manager will pull configuration via either SMB or HTTP/HTTPS.

    To get started, I followed Pete Zerger’s Day 1: Intro to PowerShell DSC and Configuring Your First Pull Server post to prepare my environment to show how we can use an organizational unit in Active Directory to pull a list of servers to configure in pull mode for DSC.

    To quickly recap, I downloaded the xPSDesiredConfiguration module from the Microsoft TechNet gallery and unzipped the files to the %ProgramFiles%WindowsPowerShellmodules folder.

    Next, I ran the following script from Pete’s Day 1 post…
    configuration NewPullServer
    {
    param
    (
    [string[]]$ComputerName = ‘localhost’
    )

    Import-DSCResource -ModuleName xPSDesiredStateConfiguration

    Node $ComputerName
    {
    WindowsFeature DSCServiceFeature
    {
    Ensure = “Present”
    Name = “DSC-Service”
    }

    xDscWebService PSDSCPullServer
    {
    Ensure = “Present”
    EndpointName = “PSDSCPullServer”
    Port = 8080
    PhysicalPath = “$env:SystemDriveinetpubwwwrootPSDSCPullServer”
    CertificateThumbPrint = “AllowUnencryptedTraffic”
    ModulePath = “$env:PROGRAMFILESWindowsPowerShellDscServiceModules”
    ConfigurationPath = “$env:PROGRAMFILESWindowsPowerShellDscServiceConfiguration”
    State = “Started”
    DependsOn = “[WindowsFeature]DSCServiceFeature”
    }

    xDscWebService PSDSCComplianceServer
    {
    Ensure = “Present”
    EndpointName = “PSDSCComplianceServer”
    Port = 9080
    PhysicalPath = “$env:SystemDriveinetpubwwwrootPSDSCComplianceServer”
    CertificateThumbPrint = “AllowUnencryptedTraffic”
    State = “Started”
    IsComplianceServer = $true
    DependsOn = (“[WindowsFeature]DSCServiceFeature”,”[xDSCWebService]PSDSCPullServer”)
    }
    }
    }

    #This line actually calls the function above to create the MOF file.

    NewPullServer –ComputerName dc01.contoso.com

    I am creating a DSC pull server on a domain controller DC01, something you should only do in the lab.

    Next we need to identify the organizational until with a list of endpoints we want to configure. Since I build most of my labs using PowerShell Deployment Toolkit, this OU should look familar to others that also use PDT. The location we will use is OU=Servers,OU=HQ,DC=contoso,DC=com. We will create a function that will pull all systems, including ObjectGUID into a hash table for all our scripting operations. By using a hash table, we do not have to worry about maintaining csv files as you see in other examples. We will also be pulling the systems ObjectGUID directly from AD, so we will not have to create a new configuration GUID that has to be tracked, we are using one that is already assigned to the system, neat!
    #Pull computer objects for AD
    function GetComputers {
    import-module ActiveDirectory
    Get-ADComputer -SearchBase “OU=Servers,OU=HQ,DC=contoso,DC=com” -Filter *
    }
    $computers = GetComputers

    #Pull list of computers and GUIDs into hash table
    $ConfigData = @{
    AllNodes = @(
    foreach ($node in $computers) {
    @{NodeName = $node.Name; NodeGUID = $node.objectGUID;}
    }
    )
    }

    The GetComputers function is querying the Servers OU, then we are pulling the System name and ObjectGUID into the hash table $ConfigData. We will use this hash table later and pass it as a parameter to our DSC scripts.

    Once we have a hash table of all computer systems and their object GUIDs, we can create our DSC configuration we want to enforce on these endpoints.
    Configuration TestConfig {

    Node $Allnodes.NodeGUID {

    WindowsFeature TelnetClient {
    Ensure = “Present”
    Name = “Telnet-Client”
    }

    Registry DisableUAC {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem”
    ValueName = “EnableLUA”
    ValueType = “DWord”
    ValueData = “0”
    }

    Registry IESecRegAdm {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}”
    ValueName = “IsInstalled”
    ValueType = “DWord”
    ValueData = “0”
    }

    Registry IESecRegUsr {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}”
    ValueName = “IsInstalled”
    ValueType = “DWord”
    ValueData = “0”
    }

    Registry IEEnableFileDLReg {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZones3”
    ValueName = “1803”
    ValueType = “DWord”
    ValueData = “0”
    }

    Registry IEEnableActXContrlsReg {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZones3”
    ValueName = “1405”
    ValueType = “DWord”
    ValueData = “0”
    }

    #Turn on automatic updates

    Registry AUOptions {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU”
    ValueName = “AUOptions”
    ValueType = “DWord”
    ValueData = “4”
    }

    Registry AUOptionsReboot {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU”
    ValueName = “NoAutoRebootWithLoggedOnUsers”
    ValueType = “DWord”
    ValueData = “0”
    }

    Registry AUOptionsNAU {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU”
    ValueName = “NoAutoUpdate”
    ValueType = “DWord”
    ValueData = “0”
    }

    Registry AUOptionsSchDay {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU”
    ValueName = “ScheduledInstallDay”
    ValueType = “DWord”
    ValueData = “7”
    }

    Registry AUOptionsSchTime {
    Ensure = “Present”
    Key = “HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAU”
    ValueName = “ScheduledInstallTime”
    ValueType = “DWord”
    ValueData = “22”
    }
    }
    }
    AllNodes is a special keyword when building DSC Configuration scripts. You will notice, we defined the Allnodes parameter in our hash table, when we pass it to a DSC script using the –ConfigurationData parameter, all the values in the hash table are available to us without using parameters! Node $Allnodes.NodeGUID will create a configuration MOF file for each system pulled back by our GetComputers function. Since we have to specify a GUID to correctly target the Local Configuration Managers of each endpoint, we will use the NodeGUID, which is the ObjectGUID from AD instead of the Nodes name.

    Next, we need to build the configuration MOF files and create checksums so that each Local Configuration Manager will know when a configuration changes. Once the checksums have been created, we will copy all the files to the DSC pull servers Configuration directory so that they can be served out to the endpoints. You will notice, we are passing the hash table of system values we created with the GetComputer function to our TestConfig configuration using the –ConfigurationData parameter. Hash tables, whether dynamically created, or created by hand are an excellent way to maintain different configurations, such as having hash tables for Dev, Test and Production environments.
    TestConfig -ConfigurationData $ConfigData -OutputPath “$Env:TempTestConfig”

    write-host “Creating checksums…”
    New-DSCCheckSum -ConfigurationPath “$Env:TempTestConfig” -OutPath “$Env:TempTestConfig” -Verbose -Force

    write-host “Copying configurations to pull service configuration store…”
    $SourceFiles = “$Env:TempTestConfig*.mof*”
    $TargetFiles = “$env:SystemDriveProgram FilesWindowsPowershellDscServiceConfiguration”
    Move-Item $SourceFiles $TargetFiles -Force
    Remove-Item “$Env:TempTestConfig”

    The last step is to configure the Local Configuration Manager of each endpoint so that they will start pulling their configurations from the DSC pull server.
    Configuration ConfigurationForPull
    {
    Node $allnodes.NodeName
    {
    LocalConfigurationManager
    {
    ConfigurationID = “$($Node.NodeGUID)”
    RefreshMode = “PULL”;
    DownloadManagerName = “WebDownloadManager”;
    RebootNodeIfNeeded = $true;
    RefreshFrequencyMins = 5;
    ConfigurationModeFrequencyMins = 10;
    ConfigurationMode = “ApplyAndAutoCorrect”;
    DownloadManagerCustomData = @{ServerUrl = “http://DC01.contoso.com:8080/PSDSCPullServer.svc”; AllowUnsecureConnection = “TRUE”}
    }
    }
    }

    ConfigurationForPull -ConfigurationData $ConfigData -OutputPath “$Env:TempPullDSCCfg”
    Set-DscLocalConfigurationManager -Path “$Env:TempPullDSCCfg”

    You can download the completed script from my Github repository HERE.
    References:

    An In-Depth Walkthrough of Desired State Configuration in PowerShell Windows Management Framework v4
    Desired State Configuration (DSC) Nodes Deployment and Conformance Reporting Series (Part 2): Deploying a pull service endpoint and automating the configuration of the DSC nodes

    Previous Installments
    To see the previous installments in this series, visit “100 Days of DevOps with PowerShell”.

  • Marcus, it is possible you have another maintenance window defined in another collection that the servers are a member of. It is also important to have at least one maintenance window defined for all servers that is set way off in the future as outlined in these instructions, or you do not have it set to ignore deadlines…

  • After having worked for multiple days getting this to work. I wanted to get a fast publish doc out there before I forget all the steps required to enable Lync 2013 Synthetic Transactions as part of the SCOM Lync […]

    • Hi Joe,

      There are couple of questions

      Add the watcher node computer account to RTCUniversalReadOnlyAdmins group – Which team should do this step SCOM team or Lync Team
      Run SCOM Lync Watcher component installer on Watcher Node(SCOM team) -am from SCOM team but am not sure where should i get this componet

      BR/Siva

    • Add the watcher node computer account to RTCUniversalReadOnlyAdmins group – Which team should do this step SCOM team or Lync Team (This is a domain group, so someone with permissions to update membership of an AD domain security group)

      Run SCOM Lync Watcher component installer on Watcher Node(SCOM team) -am from SCOM team but am not sure where should i get this component. (The watchernode.msi is downloaded along with the Lync 2013 MP from Microsoft…
      https://www.microsoft.com/en-us/download/details.aspx?id=35842)

  • You could look for the first property in a seed discovery then have another discovery only run if the base class exists, if the base class exists, the second property should have a value, right?..

    This example […]

  • Great timing Cameron! I was just looking to get a Surface 2 for testing. I gave that MMS 2013 “Man Bag”, I mean “Satchel” to my daughter, but kept the accessory bag! 🙂

  • here is some code that may help you…

    #Set specific Gateway Server to use PRI_MS and Primary and FAILOVER_MS as Failover
    $primaryMS = Get-SCOMManagementServer | where {$_.Name –eq ‘scomms01.prod.local’}
    $failoverMS = Get-SCOMManagementServer | where {$_.Name –eq ‘scomms02.prod.local’}

    $gatewayMS = Get-SCOMManagementServer | where {$_.Name –eq…[Read more]

  • ThumbnailWhen installing the Operations Manager Web Console role on a standalone server, apart from a management server, you must enable constrained delegation. This is due to the double hop authentication from the Web […]

  • ThumbnailNext in our series on Will It Cluster with PDT, let’s take a look at Operations Manager. In this small example, we want to cluster the OperationsManager, OperationsManagerDW and ReportServer databases for high […]

  • Load More