VMware KB: The Hardware Status tab displays the error: Hardware monitoring service on this host is not responding or not available – Solved

One of the alerts that often pops up in OpsMgr 2012 is that it cannot retrieve health data from the VMware hosts and falls back to using Vcenter. To fix this enable SSH on your VMware hosts and login to run the following command from the article below:

/etc/init.d/sfcbd-watchdog restart

I have not seen any interruption so far running this command.

Source: VMware KB: The Hardware Status tab displays the error: Hardware monitoring service on this host is not responding or not available

How to monitor Unix, Linux, Debian, CentOS, RHEL, Ubuntu with OpsMgr 2012 R2

This is a quick guide collecting the information I needed to install an OpsMgr agent on RHEL 7 and CentOS 6 operating systems. There can be some variations from the different systems, but this should give you an indication on what is needed and save you some hours.

To install the agent the firewall needs to be opened, a local service account needs to be created and a security settings need to be set on the Linux server. After this it can be implemented in OpsMgr 2012 with the discovery wizard.

Prepare OpsMgr 2012 R2 for the Linux implementation

Kevin Holman preparation guide

Find the latest OpsMgr Management Pack: Google System Senter 2012 management pack for Unix ]

Import the Management PackHow to import and Operations Manager Management Pack

Version 2015/08 includes support for the following operating systems:

AIX 5.3, AIX 6.1, and AIX 7 operating systems.

HP-UX 11iv2 and HP-UX 11iv3 operating systems.

Red Hat Enterprise Linux Server 4, Red Hat Enterprise Linux Server 5, Red Hat Enterprise Linux Server 6, and Red Hat Enterprise Linux 7 operating systems.

Solaris 9, Solaris 10, and Solaris 11 operating systems.

SUSE Linux Enterprise Server 9, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Server 11, and SUSE Linux Enterprise Server 12 operating systems.

CentOS 5, CentOS 6, and CentOS 7 operating systems

Debian GNU/Linux 5, Debian GNU/Linux 6, Debian GNU/Linux 7, and Debian GNU/Linux 8 operating systems

Oracle Linux 5, Oracle Linux 6, and Oracle Linux 7 operating systems

Ubuntu Linux Server 10.04 and Ubuntu Linux Server 12.04, and Ubuntu Linux Server 14.04 operating systems

Information on ports and firewall requirements

Default discovery and management occurs over TCP 1270,

Troubleshooting, and diagnostics discovery occur over SSH, TCP 22.

Discovery and deployment over SSH, default TCP 22

  • Secure Shell (SSH) – Used for installing, upgrading, and removing agents.
  • Web Services for Management (WS-Management) – Used for all monitoring operations and include the discovery of agents that were already installed.

Installing SCOM agent – requirements

https://technet.microsoft.com/en-us/library/hh230690.aspx

Configure a Low-Privileged Account for sudo elevation:

To create a low-privileged user

1.Log on to the UNIX or Linux computer as root.

2.Add the user:

# useradd opsmgrsvc

3.Add a password and confirm the password:

# passwd opsmgrsvc

# (define password here)

You can now configure sudo elevation

To configure sudo elevation for the low-privileged user

1.Log on to the UNIX or Linux computer as root.

2.Use the visudo program to edit the sudo configuration in a vi text editor. Run the following command:

# visudo

3.Find the following line:

root ALL=(ALL) ALL

4.Insert the following line after it:

Opsmgrsvc ALL=(ALL) NOPASSWD: ALL

5.Insert the following line after “Defaults requiretty”

Defaults:opsmgrsvc !requiretty

6.Save the file and exit visudo:

Press ESC + : (colon) followed by wq!, and then press Enter.

7.Test the configuration by entering in the following two commands. The result should be a listing of the directory without being prompted for a password:

# su – opsmgrsvc

# sudo ls /etc

Configuring the firewall

RHEL 7 had a firewall enabled, and it was necessary to run the following command:

# iptables -I INPUT -p tcp -m tcp –dport 1270 -j ACCEPT

# firewall-cmd –runtime-to-permanent

Configuring sudo Elevation for UNIX and Linux Monitoring with System Center 2012 – Operations Manager

If you would like to have more granular control of the service account permissions, you can read the below post.

http://social.technet.microsoft.com/wiki/contents/articles/7375.configuring-sudo-elevation-for-unix-and-linux-monitoring-with-system-center-2012-operations-manager.aspx

Installing the agent

When the firewall ports are opened, and the service account is put in place, then the OpsMgr agent can be installed with the Discovery Wizard.

Management Pack view in OpsMgr 2012 console:

OpsMgr Linux MP

References:

Accessing UNIX and Linux Computers in Operations Manager

https://technet.microsoft.com/en-us/library/hh212886.aspx

How to Configure sudo Elevation and SSH Keys

https://technet.microsoft.com/en-us/library/hh230690.aspx

Configuring sudo Elevation for UNIX and Linux Monitoring with System Center 2012 – Operations Manager

http://social.technet.microsoft.com/wiki/contents/articles/7375.configuring-sudo-elevation-for-unix-and-linux-monitoring-with-system-center-2012-operations-manager.aspx

Accessing UNIX and Linux Computers in Operations Manager

https://technet.microsoft.com/en-us/library/hh212886.aspx

How to Configure sudo Elevation and SSH Keys

https://technet.microsoft.com/en-us/library/hh230690.aspx

Credentials You Must Have to Access UNIX and Linux Computers

https://technet.microsoft.com/en-us/library/hh476947.aspx

Agent and Agentless Monitoring

https://technet.microsoft.com/library/hh487284.aspx

Understanding SCOM 2012 Alerts and Monitors and how to reactivate a closed Monitor

If you would like to know a bit more about the differences between a SCOM “Rule” and a “Monitor” and why Alerts can be closed and Monitors should not, then read this great article from Cameron Fuller. It describes nicely how to react on Alerts and Monitors in SCOM / OpsMgr 2012 R2 

An alert can typically be closed if the state has not changed for a longer period of time, otherwise there would be a repeat count on the alert if it were still an issue.

Monitors will typically close by them self, if not you would have to reset the health state to close it automaticly.

If you by accident close a Monitor, it will not reappear before the health state changes. Therefore, if you are running out of disk space, the monitor will only reappear when the issue have been resolved and then reappears.

This script can reset the closed monitors, which has been copied from this great article, with a small fix since the script was missing a terminator.

$Alertname=@();
$State=@();
$Displayname=@();
# Import Operations Manager Module and create Connection
Import-Module OperationsManager;
New-SCOMManagementGroupConnection EURSCOMACS01;
$alerts=get-scomalert -Criteria “Severity!=0 AND IsMonitorAlert=1 AND ResolutionState=255” | where {$_.LastModified -ge ((get-date).AddMinutes(-5)).ToUniversalTime()}
if ($alerts -is [object])
{
foreach ($alert in $alerts)
{
$monitoringobject = Get-SCOMClassinstance -id $alert.MonitoringObjectId
# Reset Monitor
If (($monitoringobject.HealthState -eq “Error”) -or ($monitoringobject.HealthState -eq “Warning”))
{
$monitoringobject.ResetMonitoringState()
$State+=$monitoringobject.HealthState
$Displayname+=$monitoringobject.displayname
$Alertname+=$alert.Name
}
}
}

I have verified that it works, but use at your own risk.

/Mads

Software Update Cleanup in System Center 2012 Configuration Manager

If you need some understanding on how software updates and cleaning up expired or superseeded updates works in System Center 2012 Configuration Manager – SCCM 2012, i can recommend this great little article that describes the automatic progress that runs in the background and also shows you the manuelt steps that can be done to remove old updates no longer needed.

http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanup-in-system-center-2012-configuration-manager.aspx

Best Regards

/Mads

SCVMM error 609 deploying from a Template – SOLVED

If you encounter that your SCVMM – System Center Virtual Machine Manager 2012 are giving you an error 609 when you try to install a new Virtual Machine from a template, you might want to ensure this settings:

  • If you have supplied a KMS key under the “Guest OS Profile” under Library\Profiles – Change it to a KMS key.

SCVMM Guest OS Profile

  • If you forgot to define the OS version of your Template server disk, do it under Library\Library Servers\

SCVMM Library Operating System

Then try to deploy your template again.

 

How to import existing computer objects to a SCCM 2012 collection with PowerShell

 Sometimes you need to add a lot of different already existing computer objects to a Configuration Manager collection.

 If you are lucky, these objects are placed in another collection or in a AD group, BUT – what if you just got a specific list of computers from someone ells that they would like to have updated with a certain application?

 Instead of adding the computer objects manually to the SCCM collection membership, you can add all object to an existing collection using Configuration Manager 2012 PowerShell.

 First: Create a collection in SCCM with the name you like

 Second: save the list of computers in a 1 column CSV file with the computer names only, remove all other information.

PowerShellComputers

 Third: Run this script and change the CSV file name and path and SCCM Collection Name.

$computers = Get-Content “c:\temp\computers.csv” | foreach {Add-CMDeviceCollectionDirectMembershipRule -CollectionName “COLLECTION NAME HERE” -ResourceId $(get-cmdevice -Name $_).ResourceID}

 At Last: Run this PowerShell script in the Configuration Manager Console PowerShell windows – at your own risk –  and please test with a single computer object first!

SCCMConsolePowerShell

I hope this tip will help you save some time.

Updating #FEP or #SCEP definitions gives error 0x80248014 – small fix required when using Windows Update as source

If you update Forefront Endpoint Protection from the agent shown below, it will sometime not update its definitions from Microsoft Update unless you have allowed the OS to receive updates from other products than Microsoft.

SCEPGUI

If you encounter something like the error code 0x80248014 below when updating FEP – Forefront Endpoint Protection or SCEP – System Center Endpoint Protection definitions, you need to make a small adjustment.

Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.173.226.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.10502.0
Error code: 0x80248014
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Forefront Endpoint Protection cannot get Definition updates from Microsoft Update unless you check this box “Give me updates for other Microsoft Products when I update Windows”:

Image

 

If SCCM 2012 show this Antimalware Policy configuration, the “Updates distributed from Microsoft Update” will not work until you have checked the box.

Image

You can use a VB script to change it:

Save the text below in a file with a VBS extension.

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)
ServiceManager.ClientApplicationID = “My App”
‘add the Microsoft Update Service, GUID
Set NewUpdateService = ServiceManager.AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,””)

Run the below command in an elevated command prompt: cscript optinMU.vbs

 

The reverse step is also possible with a simple alteration:

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)
ServiceManager.ClientApplicationID = “My App”
‘remove the Microsoft Update Service by GUID
ServiceManager.RemoveService(“7971f918-a847-4430-9279-4a52d1efe18d”)

Source: http://support.microsoft.com/kb/2832355