GSM monitoring with SCOM 2012 SP1

As a part of Service pack 1 for SCOM 2012, Microsoft has added a new feature called GSM (Global Service Monitoring) It allows you to monitor your services from Microsoft’s datacenters.
Lets say for instance that you have a large web-shop in Europe. You can use GSM to monitor your web-shop from various location in Europe, for instance London or Paris.
This would also pinpoint for instance if you have customers in France that have trouble accessing the web-shop but not in England you can view the GSM status to see if it has trouble accessing the service as well, or it is experiencing latency issues.
This type of feature requires that you have an subscription with Microsoft (Right now this service is a beta, if you wish to try it you can sign up here –> )

The installation is pretty much next, next finish. But after that you need to go into administration –> management packs and import the management packs.
After the installation is complete, you can go into the administration tab can you can see (Global Service Monitoring) there. It might appear a bit to the far right if you have low resolution on the server, in my case I had an VM where I forgot to adjust the resolution on the screen so I didn’t see all the settings on the right. Now for the purpose of this demo I’m going to setup a regular http monitoring request to and
This just does a regular HTTP GET request to the webserver and if the service is available as it should it should respond with at 200 OK.

First of I forgot to install the Identity Provider (If you haven’t installed it, it will say so in the console.
4 This is found via Roles and Features in Server Manager
After that is done we can setup a subscription
So from here you just enter the subscriptiob ID you got from MIcrosoft.

Next you need to state if the monitor requires to go trough an Proxy Server and which of the management servers have internet access.


Then click next and choose “Start Subscription”
Now I can choose to add a monitor
In my case Im going to choose Web Application –>


Give this monitor a name and place it into a management pack.

Next we add values to what websites we want to monitor.
And im going to monitor and


Now I have to choose a location to setup this monitoring, since I’ve used London and Paris earlier in this post I’m going to continue using them Smile
So I choose Paris and add both sites, and the same for London as well.


If I choose “Change Configuration” I can change what kind of reponse code from the HTTP server  I wish to have and how often to poll it.
Click then Next –> Finish.

Now after the services are set up I can go back the the GSM pane and on the right side I can press View GSM tasks.
Here I can now see that my monitoring for and are responding as they should on regular http get requests.


You can as well setup more complex monitoring such as TCP, services etc. if you wish.

#opsmgr-2012, #scom, #scom-2012, #sp1-operations-manager

Operations Manager and service monitoring

With SCOM 2007 you have the ability to monitor a service within your infrastructure with Distributed Applications.
Distributed Applications are basically made up of different components that make your service.
For instance let’s think of a web shop. Which are typically made up of
1x Webserver
1x Database server
1x File Server
and/or a authentication service like AD
All these components make the service. So if one of these components go down your service goes down.
So Distributed Applications allow you to monitor your service, with SCOM 2012 you have a better options of monitoring the SLA (Service Level Agreement) for that service.
By default you have an Distributed Application view in SCOM 2012 which includes the health of your SCOM Management Group


IF you wish to create a new DA monitoring, go to the authoring pane, and choose Distributed Applications right click and choose create new..

Give the DA a describing name and description. There are already some templates avaliable to choose from but we are going with the Blank one so we can cover all the steps.
And always put the DA in a separate MP, for instance you should have one MP with all the DA.


Then click OK, Now we enter the Distributed Application designer. From here we draw how the different components are attached to each other, on the left side you have the search fuction so we can find the different compoents we wish to add.
For the purpose of this post, I’m just going do create a new SCOM DA.


First of now I just added the Management Servers from the left side as an component, next I add the Management Group to the mix, and then I create an relationship between the two, since the servers depend on the Management Group.
As an example, the webserver is dependent on the database server to get its information, the database server on the other hand is not dependent on the webserver.  The designer window will now look like this.


Now lets save this layout. Click the Save button.
Now back in the authoring pane you will now see the newly created DA. Now we are going to create a SLA monitoring. Further down in the authoring pane you can see the Service Level Tracking.
Right click and click create.
Give it a name and choose the new service as a target class.

Next under service level objectives click Add. Give it a name, choose Availability type and leave the rest at the default. Since will monitor SLA based on critical events on the target “My Service” DA. So if a critical event were to happen on that service my SLA would fall. After you have created the SLA monitoring go back to the my workspace pane, Right click on my workspace and press new dashboard view, and select Service Level Dashboard.


Under Scope add the new SLA monitor you just created, (You could for the record here add multiple SLA’s to view on the dashboard.
And choose the time scope (Default is 24 hours) click next and create.
You can now see that the new SLA widget appears under Favorite viewes and I get a fancy overview of the SLA for my DA.


You can also generate reports of the SLA (If you have SQL reporting services installed)
ill give more detail when regarding monitoring of a large service including network devices and SAN solutions in a later post, but this is just to give you the general idea of how you can monitor your services using SCOM 2012.

#distributed-applications, #operations-manager, #scom, #sla

SCOM 2012, part 1 installation

Since I said in my previous post that I’m working on the whole System Center package ( and I’m getting tired of blogging about SCCM, I thought I would start a bit on SCOM (Operations Manager) Smile

Much has changed since the previous version SCOM 2007 R3 CU5 (Which I believe was the last release )
A lot of new features has entered, including:

  • SNMP v3 support ( The previous versions supported only v1 & v2 )
  • More PowerShell cmdlets
  • Removal of the RMS role (Which was introduced in 2007 ) so all servers are now management servers and distribute the load between the MS servers, which gives HA out-of-the-box
  • Agent Control panel applet
  • More support Network devices and protocols (Including CDP and LLPD)
  • More support for web applications J2EE, .Net

And remember that SCOM consists of the following

  • Management Server
  • SCOM Data warehouse DB
  • Gateway Server
  • ACS
  • ACS Database
  • Agent
  • Console
  • Web Console
  • Reporting Server
  • Management Packs
  • Agents

Now that we covered the basics, we start by installing it.
PS: Remember to install .Net framework 3.5.1

After I start the setup of the SCOM 2012, I get the option to choose what I want to install, in this case since I only have 1 server I choose  Management + Console


Next is about installation location, leave it at the default.


Next the setup, verifies that you have the required hardware & software in order to run OpsMgr.
In my case I forgot to update my server to2008 R2 SP1 and I forgot to install the Report Viewer Controls.


Of course those are pretty easy to fix. (Can’t figure out thou why Microsoft couldn’t put the setup for Report Viewer on the installation media ) So after you’ve installed SP1 and installed the Report Viewer Controls run the setup again.

Now that’s done I can continue with the setup, next you create a management group.
This is unique for each instance of OpsMgr so choose a unique name if you have muliple instances.


Click next, accept the license terms.


Then Click next again, now we come to the DB setup.
Enter the name of your SQL server, and the setup will automatically connect to it.
And will by default try to store the database on the C:\ drive of the SQL server, to change that to another disk (Pref NAS/SAN)


Next we get another database setup, but this is regarding the Data warehouse DB, this is the database that the
reporting services uses & for the long term data storage.


After you are done here, click next. Now we get to the service account setup screen.
A little info about the different accounts.

Management server action account:
This account is used to carry out actions on monitored computers across a network connection.
This should be a domain account, which has local administrative rights.

System Center Configuration service and System Center Data Access service account
This account is one set of credentials that is used to update and read information in the operational database. Operations Manager ensures that the credentials used for the System Center Data Access service and System Center Configuration service account are assigned to the sdk_user role in the operational database.
This can be either a domain account or run as local system. For cases where the operational database is hosted on a remote computer that is not a management server, a domain account must be used. For security reasons, don’t use the same account as the MSAA.

Data Warehouse Write account
The Data Warehouse Write account writes data from the management server to the Reporting data warehouse and reads data from the operational database.
This account is assigned write permissions on the Data Warehouse database and read permissions on the operational database.

Data Reader account
The Data Reader account is used to define which account credentials SQL Server Reporting Services uses to run queries against the Operations Manager reporting data warehouse.
Ensure that the account you plan to use for the Data Reader account has SQL Server logon rights and Management Server logon rights.

After you have created the domain accounts, enter the username and passwords click next.


Since I choose a domain admin account as my operating manager server action account I got a warning from the installed that this is not recommended. But as I said before, it’s a demo in a closed environment no harm there Smile

Next we have the help improvent and error reporting (choose whatever you want there)


Next we have Microsoft update, since we are using SCCM to do patch management I turned this off.


Click next and you get the summary screen, double-check the information here that click install.
And then the waiting begins. If you want you can check the logs that the setup stores under C:\users\(runninguser)\appdata\local\scom\logs and the OpsMgrSetupWizard.log
When the setup is finished, mark the “Start the console” and close the installer.


Now we are in the console, OpsMgr automatically says that there are tasks that we need to do before we can manage and monitor our network. First thing is that I want to push the OpsMgr information out to Active Directory so that our agents can find what Management Group & Server they need to connect to (of course we don’t need to publish that information in AD, if we want we can manually type that in under the setup parameters of the agent. )

This step needs to be performed as a user with domain rights.
Open the installation media on OpsMgr on a domain controller.  Browse to SUPPORTTOOLS\I386 then open MOMADADMIN via cmd. What this tool does it that It
creates an Operations Manager container under the root of the domain specified,
Creates a container under the Operations Manager container the tool just created with the name of the management group specified.
Within the management group container, the tool creates two service connection points (SCP) and one security group.

The syntax is: MomADAdmin ManagementGroupName MOMAdminSecurityGroup RunAsAccount Domain
Example: MomADAdmin MyManagementGroup contoso\MOMAdmin contoso\ActionAccount Contoso

So in my instance MomADAdmin TEST_MG test\MOMadmin test\administrator test

Note thou, this only creates the folder in AD, I doesn’t add the Management servers, so the agents still don’t know which server it should contact.

Now we have to enter the console,

Go into the administration tab and into Management Servers, –> right click on the server (which is a MS) and press properties.


Next click the Add button under «Auto Agent Assigment»

ow we come to the Agent Assigment and Failover Wizad,
as you can see here it says that the Momadadmin has to been run before you can continue this wizard.


Click next, Select the domain of the computers from the Domain name drop-down list.

Set Select Run As Profile to the Run As profile associated with the Run As account that was provided when MOMADAdmin.exe was run for the domain. The default account that is used to perform agent assignment is the computer account for the root management server, also referred to as the Active Directory Based Agent Assignment Account. If this was not the account that was used to run MOMADAdmin.exe, select Use a different account to perform agent assignment in the specified domain, and then select or create the account from the Select Run As Profile drop-down list.


On the Inclusion Criteria page, either type the LDAP query for assigning computers to this management server in the text box.

The following LDAP query returns computers with a name starting with scom, (&(sAMAccountType=805306369)(objectCategory=computer)(cn=scom*))


On the Exclusion Rule page, type the fully qualified domain name (FQDN) of computers that you explicitly want to prevent from being managed by this management server


On the Agent Failover page, either select Automatically manage failoverand click Create or select Manually configure failover.

Now remember that It can take up to one hour for the agent assignment setting to propagate in Active Directory Domain Services.


Since it might take some time, we are going to install the agent manually, but before we can do that we have to change the security settings for the scom site.
Because by default, SCOM rejects manually installed agents. So therefore go into Administration tab ->

Click the Security tab, and press properties. Here change the value from Reject to automatically approve.


Then click OK. After that is done, go to the server that you want to agent to be installed. And run this command in a cmd shell as administrator.

Installing the agent:
%windir%\system32\msiexec.exe /I dir\momagent.msi /qn USE_MANUALLY_SPECIFIE_SETTINGS=1 MANAGEMENT_GROUP=TEST_MG MANAGEMENT_SERVER_DNS=scom.test.local

NOTE: That the dir here is the installation media of scom

NOTE: Active Directory Integration is disabled for agents that were installed from the Operations console. By default, Active Directory Integration is enabled for agents installed manually by using MOMAgent.msi.

After the installation it might take some time before the agent appears in the console, when it does it will appear, under the administration and Agent Managed tab.


You can also check the control panel applet on the server, this displayed info about the agent.

And under the event log under Windows logs –> Applications and services logs –> Operations Manager –> and se if you have any error messages appear.


When it is finished and you have no error messages, to into the console again, monitoring -> Windows Computers -> you will see the agent appears as Healthy here. So it seems like the agent is working as it should.


By the way, the server I installed was an SQL server. By default SCOM doesn’t contain anything useful to monitor SQL servers. Therefore we need to download a management pack for SQL server 2008, inorder for SCOM to manage the server properly.

A Management Pack is a file that contains parameters, values, task, rules, monitors for a known product. So they contain all the information that  scom needs to monitor a certain product.
Microsoft has a lot of free management packs avaliable (for free) for download via their online library. (There are other 3 party vendors also that have published management packs for their products on the website but these usually costs $$)


Next I choose to search the online catalog, and I search for the name “SQL”
And a number of Management Packs appear, and I choose the SQL 2008 server MP.



I choose Add all of these and download them to the desktop of my server.


Now after we downloaded them , we have to import them into the OpsMgr site.
Go back to the management pack pane under administration. And on the right side click “import Management Packs”
And browse to those you’ve downloaded and click install.


After you’ve done that, another view called SQL server will appear under the monitoring tab ( which was a part of the MP you installed )


After OpsMgr has updated the database, and distributed the new SQL MP to the agent, the server will appear here.


As you can see that It appears with a critical event, but we will go deeper into the events and rules in a later blog post Smile
Part 1 done!

#agent, #managent-groups, #opsmgr, #scom, #scom-2012, #setup, #system-center, #system-center-2012

System Center requirements

Just thought I post a quick post about system requirements regarding the System Center products, this is because im setting up a new lab enviroment with the 2012 edition of System center. And ill try to blog about installation and setup of these systems and how the integrate to each other. This post is most for myself so I can remember the requirements for each product. This new test lab will be running on a Windows 8 Hyper-v cluster.

  • SCOM ( System Center Operations Manager )
  • SCCM ( System Center Configuration Manager )
  • SCVMM ( System Center Virtual Machine Manager )
  • SCSM ( System Center Service Manager )
  • SCDPM ( System Center Data Protection Manager )
  • System Center Orchestrator
  • System Center App controller

SCOM 2012

Management Server

  • Server Operating System: must be Windows Server 2008 R2 SP1.
  • Windows PowerShell version: Windows PowerShell version 2.0.
  • Windows Remote Management: Windows Remote Management must be enabled for the management server.
  • Microsoft Core XML Services (MSXML) version: Microsoft Core XML Services 6.0 is required for the management server.
  • Both .NET Framework 3.5 Service Pack 1 (SP1) and .NET Framework 4 are required. For more information, see the following documents:

Operations Console

Web Console

  • Web browsers: Internet Explorer 7, Internet Explorer 8, Internet Explorer 9
  • Internet Information Services (IIS) 7.5 and later versions, with the IIS Management Console and the following role services installed
    • Static Content
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • HTTP Logging
    • Request Monitor
    • Request Filtering
    • Static Content Compression
    • Web Server (IIS) Support
    • IIS 6 Metabase Compatibility
    • ASP.NET
    • Windows Authentication

Operational Database (This also applies to the Data warehouse database)

 SCCM 2012
 Most of these roles require .Net 3.5 SP1 and .Net 4.0
Site Server 
  • Remote Differential Compression
  • .Net 4.0
  • .Net 3.51 SP1
Application Catalog Web Service Point 
  • HTTP Activation
  • Non-HTTP Activation
  • IIS 6 Metabase Compatibility
Application Catalog Web Site Point 
  • Common HTTP Features:
    • Static Content
    • Default Document
  • Application Development:
    • ASP.NET (and automatically selected options)
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
Distribution point
  • Application Development:
    • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • Common HTTP Features:
    • HTTP Redirection
  • IIS Management Scripts and Tools
    • Remote Differential Compression
    • BITS Server Extensions (and automatically selected options), or Background Intelligent Transfer Services (BITS) (and automatically selected options)
    • Incase of deployment you also need Windows Deployments Services
Management point
  • BITS
    • Application Development:
      • ISAPI Extensions
    • Security:
      • Windows Authentication
    • IIS 6 Management Compatibility:
      • IIS 6 Metabase Compatibility
      • IIS 6 WMI Compatibility
 Software update point
  • Requires Windows Server Update 3.0 SP2

Site database (have no idea but SCCM is a bit picky on which database version it supports)

  • SQL Server 2008 SP2 with Cumulative Update 9
  • SQL Server 2008 SP3 with Cumulative Update 4
  • SQL Server 2008 R2 with SP1 and Cumulative Update 4
  • The instance of SQL Server in use at each site must use the following collation: SQL_Latin1_General_CP1_CI_AS.

SCVMM 2012

VMM Database

  • SQL Server 2008 R2 SP1 or earlier
  • SQL Server 2008 SP2
VMM Management Server
  • Windows Automated Installation Kit (AIK) for Windows 7
  • At least Microsoft .NET Framework 3.5 Service Pack 1 (SP1)
VMM Self-Service Portal
  • .NET Extensibility
  • Default Document
  • Directory Browsing
  • HTTP Errors
  • IIS 6 Metabase Compatibility
  • IIS 6 WMI Compatibility
  • ISAPI Extensions
  • ISAPI Filters
  • Request Filtering
  • Static Content
  • .Net 3.5
SCSM 2012
Service Manager Server 
  • Windows Server 2008 R2 with SP1
  • Microsoft .NET Framework 3.5 with SP1
  • ADO.NET Data Services Update for .NET Framework 3.5 SP1
  • Windows PowerShell 2.0
  • Microsoft Report Viewer Redistributable

Database Server

  • Windows Server 2008 R2 with SP1
  • 64-bit version of SQL Server 2008 with SP1, SP2 or version 2008 R2
  • SQL Server Reporting Services

Service Manager console

  • Windows Powershell 1.0 or higher
  • Microsoft Report Viewer Redistributable
  • Microsoft .NET Framework 3.5 with SP1
  • ADO.NET Data Services Update for .NET Framework 3.5 SP1

Self-Service Portal

  • IIS 7.5 with IIS 6 metabase compatibility installed
  • Self-signed SSL certificate
  • ASP.NET 2.0
  • Microsoft .NET Framework 4.0
  • Microsoft Analysis Management Objects
  • Microsoft SharePoint Foundation 2010
  • Or Microsoft SharePoint Server 2010
  • Or Microsoft SharePoint 2010 for Internet Sites Enterprise
  • Excel Services in SharePoint 2010 is required for hosting dashboards for advanced analytical reports

SCDPM 2012

  • Microsoft .NET Framework 3.5 with Service Pack 1 (SP1)
  • Microsoft Visual C++ 2008 Redistributable
  • Windows PowerShell 2.0
  • Windows Single Instance Store (SIS)
  • Microsoft Application Error Reporting
  • 64-bit version of SQL Server 2008 R2, Enterprise or Standard Edition.

SC Orchestrator 2012

  • Microsoft SQL Server 2008 R2
  • SQL_Latin1_General_CP1_CI_AS
  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft .NET Framework 4

SC App controller 2012

  • Microsoft .NET Framework 4
  • Static Content
    • Default Document
    • Directory Browsing
    • HTTP Errors
    • ASP.NET
    • .NET Extensibility
    • ISAPI Extensions
    • ISAPI Filters
    • HTTP Logging
    • Request Monitor
    • Tracing
    • Basic Authentication
    • Windows Authentication
    • Request Filtering
    • Static Content Compression
    • IIS Management Console
  • SQL Server 2008 R2 Datacenter
  • SQL Server 2008 R2 Enterprise
  • SQL Server 2008 R2 Standard
  • SQL Server 2008 Enterprise
  • SQL Server 2008 Standard

#hyper-v, #internet-information-services, #sccm, #scom, #scvmm, #system-center, #system-center-2012, #virtual-machine-manager, #windows-8