Monitoring Citrix with Operations Manager 2012

In the earlier days if you have Operations Manager 2007 you would have MP’s available for the most of the Citrix products. On the installation media on XenApp 6.5 you would for instance have a management pack which you could use in OpsMgr 2007.
Now with 2012, Citrix have said that they would no longer continue with development of these management packs and have pushed the development to a partner called ComTrade.

ComTrade have developed a bunch of Management Packs for most of Citrix’s products including;

* XenApp
* XenDesktop
* XenServer

Now for instance Netscaler is primarily a network device so you have “free” monitoring capabilities via SNMP but for extended monitoring and pro capabilities Citrix actually has a new MP which was released in September.
When regarding the MP’s you can sign up for a free trial at ComTrade’s website here–> http://www.managementproducts.comtrade.com/management_pack/citrix/Pages/default.aspx
I’m going to take a quick walkthrough of how XenApp monitoring is set up and how it works.

After you have received the user information you can start downloading the MP’s
The installation process is pretty straight forward, next. next, finish and the setup will automatically import the management packs.

So if you open the console and check under adminitration –> Management packs
You can now see ComTrade Management Packs appear.

If you go back to the monitoring pane, you will see that there are a bunch of new options under ComTrade XenApp

As well as under reports there a new bunch of new reports available for XenApp.

This will give you a good insight in your Citrix environment, and regarding what applications users actually use. And what kind of performance issues they might be having.
We will take a further look at this later when we are finished setting up the connection to XenApp.

When the installation process is finished you will receive a new start-menu shortcut which allows you to complete the process of setting up the monitoring, you can see a shortcut called “XenApp connector”
Here you have to enter information about the XenApp farm, a farm administrator and password.

Now remember that you have to be a farm administrator if it is to setup correctly. And you have to get a valid license from ComTrade in order to use it. After that you have to set the scom agent as an proxy you can do this under managed agents in the administration pane on SCOM.

After this you have to go to the monitoring pane and find under Comtrade XenApp servers, from there choose the XenApp server you wish to monitor. On the right side you have the option to install a XenApp MP agent, so run this command.

When the installation is done (You can see this in the event viewer) you can see (in a while) that data starts being populated into SCOM.
So Yay! now we have a good and solid XenApp monitoring solution along with the rest of the infrastructure.
Now we can start monitoring SLA on our infrastructure (XenApp, Netscaler, SQL Server, Web-interface)

And as simple as that ( I have no real licenses on my XenApp server, therefore I get an error message each time I logon to the server around the licenses. ) And it also appeared in Operations Manager

#citrix-xenapp-monitoring, #comtrade, #scom-xenapp, #scom-2012

GSM monitoring with SCOM 2012 SP1

As a part of Service pack 1 for SCOM 2012, Microsoft has added a new feature called GSM (Global Service Monitoring) It allows you to monitor your services from Microsoft’s datacenters.
Lets say for instance that you have a large web-shop in Europe. You can use GSM to monitor your web-shop from various location in Europe, for instance London or Paris.
This would also pinpoint for instance if you have customers in France that have trouble accessing the web-shop but not in England you can view the GSM status to see if it has trouble accessing the service as well, or it is experiencing latency issues.
This type of feature requires that you have an subscription with Microsoft (Right now this service is a beta, if you wish to try it you can sign up here –> https://connect.microsoft.com/site1286/Survey/NominationSurvey.aspx?SurveyID=14053&ProgramID=7588 )

The installation is pretty much next, next finish. But after that you need to go into administration –> management packs and import the management packs.


After the installation is complete, you can go into the administration tab can you can see (Global Service Monitoring) there. It might appear a bit to the far right if you have low resolution on the server, in my case I had an VM where I forgot to adjust the resolution on the screen so I didn’t see all the settings on the right. Now for the purpose of this demo I’m going to setup a regular http monitoring request to www.microsoft.com and www.vg.no
This just does a regular HTTP GET request to the webserver and if the service is available as it should it should respond with at 200 OK.

First of I forgot to install the Identity Provider (If you haven’t installed it, it will say so in the console.
This is found via Roles and Features in Server Manager

After that is done we can setup a subscription

So from here you just enter the subscriptiob ID you got from MIcrosoft.

Next you need to state if the monitor requires to go trough an Proxy Server and which of the management servers have internet access.

Then click next and choose “Start Subscription”
Now I can choose to add a monitor

In my case Im going to choose Web Application –>

Give this monitor a name and place it into a management pack.

Next we add values to what websites we want to monitor.
And im going to monitor VG.no and Microsoft.com

Now I have to choose a location to setup this monitoring, since I’ve used London and Paris earlier in this post I’m going to continue using them
So I choose Paris and add both sites, and the same for London as well.

If I choose “Change Configuration” I can change what kind of reponse code from the HTTP server  I wish to have and how often to poll it.
Click then Next –> Finish.

Now after the services are set up I can go back the the GSM pane and on the right side I can press View GSM tasks.
Here I can now see that my monitoring for www.microsoft.com and www.vg.no are responding as they should on regular http get requests.

You can as well setup more complex monitoring such as TCP, services etc. if you wish.

#opsmgr-2012, #scom, #scom-2012, #sp1-operations-manager

SCOM 2012 Setup error

When installing SCOM 2012 w/webconsole you might the this error message during installation.

 

The ISAPI and CGI Restrictions are disabled or missing: Web Console cannot operate properly because the ISAPI and CI Restrictions in Internet Information Services (IIS) are disabled or missing for ASP.NET 4.0.

ASP.NET 4.0 Registration Check: The ASP.NET 4.0 handler is not registered with IIS.

you must open a Command prompt as Administrator and run the following command which registers ASP.NET 4.0 with
IIS:%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe –r

You should receive the following output:

Start installing ASP.NET (4.0.30319) and changing IIS configuration to use this version of ASP.NET.

Finished installing ASP.NET (4.0.30319) and changing IIS configuration to use this version of ASP.NET.

Secondly, run Internet Information Services (IIS) Manager, open ISAPI and CGI Restrictions properties of the web site, select ASP.NET v4.0.30319, and then click Allow.

NOTE: ISAPI and CGI Restrictions in IIS for ASP.NET 4 are not enabled by default so this step is also applicable in case if you have installed IIS before installing .NET Framework 4.

Might be that you need to restart the setup in order for the prerequisites to register properly

#isapi-and-cgi-restrictions, #scom-2012

SCOM 2012, Operation console does not open and gives SDK service error

This is going to be a quick post, got a strange error message on my SCOM server today.
I tried opening the console, it would try to open for a couple of min ( it’s a vm so it takes some time ) and it stops and just hangs.

And I got this error message appearing in the console “the data access service is either not running”
I opened up the services.msc and I saw that the service was actually running.

I saw in the Event log under operations management that It has trouble connecting to the SQL servers (Which is a physical server that resides in another room, turns out It wasn’t connected ) After attaching it back to the lan, the console started.

Not the most informative error message, so be sure to check if the MS has access to the SQL server before you start to debug

#scom-2012, #sdk-service-error

SCOM 2012, part 1 installation

Since I said in my previous post that I’m working on the whole System Center package ( and I’m getting tired of blogging about SCCM, I thought I would start a bit on SCOM (Operations Manager)

Much has changed since the previous version SCOM 2007 R3 CU5 (Which I believe was the last release )
A lot of new features has entered, including:

• SNMP v3 support ( The previous versions supported only v1 & v2 )
• More PowerShell cmdlets
• Removal of the RMS role (Which was introduced in 2007 ) so all servers are now management servers and distribute the load between the MS servers, which gives HA out-of-the-box
• Agent Control panel applet
• More support Network devices and protocols (Including CDP and LLPD)
• More support for web applications J2EE, .Net

And remember that SCOM consists of the following

• Management Server
• SCOM DB
• SCOM Data warehouse DB
• Gateway Server
• ACS
• ACS Database
• Agent
• Console
• Web Console
• Reporting Server
• Management Packs
• Agents

Now that we covered the basics, we start by installing it.
PS: Remember to install .Net framework 3.5.1

After I start the setup of the SCOM 2012, I get the option to choose what I want to install, in this case since I only have 1 server I choose  Management + Console

Next is about installation location, leave it at the default.

Next the setup, verifies that you have the required hardware & software in order to run OpsMgr.
In my case I forgot to update my server to2008 R2 SP1 and I forgot to install the Report Viewer Controls.

Of course those are pretty easy to fix. (Can’t figure out thou why Microsoft couldn’t put the setup for Report Viewer on the installation media ) So after you’ve installed SP1 and installed the Report Viewer Controls run the setup again.

Now that’s done I can continue with the setup, next you create a management group.
This is unique for each instance of OpsMgr so choose a unique name if you have muliple instances.

Click next, accept the license terms.

Then Click next again, now we come to the DB setup.
Enter the name of your SQL server, and the setup will automatically connect to it.
And will by default try to store the database on the C:\ drive of the SQL server, to change that to another disk (Pref NAS/SAN)

Next we get another database setup, but this is regarding the Data warehouse DB, this is the database that the
reporting services uses & for the long term data storage.

After you are done here, click next. Now we get to the service account setup screen.
A little info about the different accounts.

Management server action account:
This account is used to carry out actions on monitored computers across a network connection.
This should be a domain account, which has local administrative rights.

System Center Configuration service and System Center Data Access service account
This account is one set of credentials that is used to update and read information in the operational database. Operations Manager ensures that the credentials used for the System Center Data Access service and System Center Configuration service account are assigned to the sdk_user role in the operational database.
This can be either a domain account or run as local system. For cases where the operational database is hosted on a remote computer that is not a management server, a domain account must be used. For security reasons, don’t use the same account as the MSAA.

Data Warehouse Write account
The Data Warehouse Write account writes data from the management server to the Reporting data warehouse and reads data from the operational database.
This account is assigned write permissions on the Data Warehouse database and read permissions on the operational database.

Data Reader account
The Data Reader account is used to define which account credentials SQL Server Reporting Services uses to run queries against the Operations Manager reporting data warehouse.
Ensure that the account you plan to use for the Data Reader account has SQL Server logon rights and Management Server logon rights.

After you have created the domain accounts, enter the username and passwords click next.

Since I choose a domain admin account as my operating manager server action account I got a warning from the installed that this is not recommended. But as I said before, it’s a demo in a closed environment no harm there

Next we have the help improvent and error reporting (choose whatever you want there)

Next we have Microsoft update, since we are using SCCM to do patch management I turned this off.

Click next and you get the summary screen, double-check the information here that click install.
And then the waiting begins. If you want you can check the logs that the setup stores under C:\users\(runninguser)\appdata\local\scom\logs and the OpsMgrSetupWizard.log
When the setup is finished, mark the “Start the console” and close the installer.

Now we are in the console, OpsMgr automatically says that there are tasks that we need to do before we can manage and monitor our network. First thing is that I want to push the OpsMgr information out to Active Directory so that our agents can find what Management Group & Server they need to connect to (of course we don’t need to publish that information in AD, if we want we can manually type that in under the setup parameters of the agent. )

This step needs to be performed as a user with domain rights.
Open the installation media on OpsMgr on a domain controller.  Browse to SUPPORTTOOLS\I386 then open MOMADADMIN via cmd. What this tool does it that It
creates an Operations Manager container under the root of the domain specified,
Creates a container under the Operations Manager container the tool just created with the name of the management group specified.
Within the management group container, the tool creates two service connection points (SCP) and one security group.

The syntax is: MomADAdmin ManagementGroupName MOMAdminSecurityGroup RunAsAccount Domain
Example: MomADAdmin MyManagementGroup contoso\MOMAdmin contoso\ActionAccount Contoso

So in my instance MomADAdmin TEST_MG test\MOMadmin test\administrator test

Note thou, this only creates the folder in AD, I doesn’t add the Management servers, so the agents still don’t know which server it should contact.

Now we have to enter the console,

Go into the administration tab and into Management Servers, –> right click on the server (which is a MS) and press properties.

Next click the Add button under «Auto Agent Assigment»

Now we come to the Agent Assigment and Failover Wizad,
as you can see here it says that the Momadadmin has to been run before you can continue this wizard.

Click next, Select the domain of the computers from the Domain name drop-down list.

Set Select Run As Profile to the Run As profile associated with the Run As account that was provided when MOMADAdmin.exe was run for the domain. The default account that is used to perform agent assignment is the computer account for the root management server, also referred to as the Active Directory Based Agent Assignment Account. If this was not the account that was used to run MOMADAdmin.exe, select Use a different account to perform agent assignment in the specified domain, and then select or create the account from the Select Run As Profile drop-down list.

On the Inclusion Criteria page, either type the LDAP query for assigning computers to this management server in the text box.

The following LDAP query returns computers with a name starting with scom, (&(sAMAccountType=805306369)(objectCategory=computer)(cn=scom*))

On the Exclusion Rule page, type the fully qualified domain name (FQDN) of computers that you explicitly want to prevent from being managed by this management server

On the Agent Failover page, either select Automatically manage failoverand click Create or select Manually configure failover.

Now remember that It can take up to one hour for the agent assignment setting to propagate in Active Directory Domain Services.

Since it might take some time, we are going to install the agent manually, but before we can do that we have to change the security settings for the scom site.
Because by default, SCOM rejects manually installed agents. So therefore go into Administration tab ->

Click the Security tab, and press properties. Here change the value from Reject to automatically approve.

Then click OK. After that is done, go to the server that you want to agent to be installed. And run this command in a cmd shell as administrator.

Installing the agent:
%windir%\system32\msiexec.exe /I dir\momagent.msi /qn USE_MANUALLY_SPECIFIE_SETTINGS=1 MANAGEMENT_GROUP=TEST_MG MANAGEMENT_SERVER_DNS=scom.test.local

NOTE: That the dir here is the installation media of scom

NOTE: Active Directory Integration is disabled for agents that were installed from the Operations console. By default, Active Directory Integration is enabled for agents installed manually by using MOMAgent.msi.

After the installation it might take some time before the agent appears in the console, when it does it will appear, under the administration and Agent Managed tab.

You can also check the control panel applet on the server, this displayed info about the agent.

And under the event log under Windows logs –> Applications and services logs –> Operations Manager –> and se if you have any error messages appear.

When it is finished and you have no error messages, to into the console again, monitoring -> Windows Computers -> you will see the agent appears as Healthy here. So it seems like the agent is working as it should.

By the way, the server I installed was an SQL server. By default SCOM doesn’t contain anything useful to monitor SQL servers. Therefore we need to download a management pack for SQL server 2008, inorder for SCOM to manage the server properly.

A Management Pack is a file that contains parameters, values, task, rules, monitors for a known product. So they contain all the information that  scom needs to monitor a certain product.
Microsoft has a lot of free management packs avaliable (for free) for download via their online library. (There are other 3 party vendors also that have published management packs for their products on the website but these usually costs $$)

Next I choose to search the online catalog, and I search for the name “SQL”
And a number of Management Packs appear, and I choose the SQL 2008 server MP.

I choose Add all of these and download them to the desktop of my server.

Now after we downloaded them , we have to import them into the OpsMgr site.
Go back to the management pack pane under administration. And on the right side click “import Management Packs”
And browse to those you’ve downloaded and click install.

After you’ve done that, another view called SQL server will appear under the monitoring tab ( which was a part of the MP you installed )

After OpsMgr has updated the database, and distributed the new SQL MP to the agent, the server will appear here.

As you can see that It appears with a critical event, but we will go deeper into the events and rules in a later blog post
Part 1 done!

#agent, #managent-groups, #opsmgr, #scom, #scom-2012, #setup, #system-center, #system-center-2012