Installing SCOM 2007 R2 on a SQL 2008 Instance with all Windows Firewalls Enabled.

I decided I needed to re-install my lab environment.  I wanted to keep all of the firewalls on during the install process and only open the ports that are actually needed. I installed SQL using a named instance as many customers use a SQL 2008 cluster.
After I installed the SCOM database on the SQL 2008 server with all firewalls on.  I created a firewall rule to let port 1433 allow connections.  As specified in the Supported Configurations doc

Root management server 1433 —> OperationsManager database

I also setup a firewall rule to allow port 1434 back to the RMS server from the SQL Instance Server. (Also in the guide)

Root management server 1434 UDP < — OperationsManager database

I start the install of SCOM to the RMS server.  I unchecked Database as my database is already install the on the SQL instance.

I typed in my SC Database Instance Name and clicked Next

But I got this error “Setup cannot location the SC database”

So I enabled firewall logging to see what was getting dropped blocked by setting the firewall to log dropped packets.


In the SCOM setup I clicked back and then next.
I checked the firewall logs in %systemroot%\system32\Logfiles\Firewall\pfirewall.log  and it looks like UDP port 1434 is being dropped

date	time	action	protocol	src-ip	dst-ip	src-port	dst-port	size	path
12/26/2010	16:56:54	DROP	UDP	192.168.2.63	192.168.2.61	58321	1434	38	RECEIVE

I create another rule on the SQL server to enable UDP port 1434


In the SCOM setup I click back and next again.

Once again same failure.  “Setup cannot location the SC database”
Back to the firewall logs.  It now needs TCP port 62756 (Not in the guide)

date	time	action	protocol	src-ip	dst-ip	src-port	dst-port	size	path
12/26/2010	17:12:03	DROP	TCP	192.168.2.63	192.168.2.61	50503	62756	38	RECEIVE

I create another rule on the SQL server to enable TCP port 62756

After that rule is enabled I am able to continue on a install SCOM successfully with all of the windows firewalls still on.

HTTP 500 Error with Large Reports in SCCM 2007

If you have more than a couple thousand clients in your SCCM 2007 site and have ever tried to run a large report (like “Hardware 01A – Summary of computers in a specific collection” against the All Systems collection, for example), you’ve probably encountered this HTTP 500 error:

This problem and resolution are pretty well documented for Windows Server 2003 and IIS6, but in this particular case we’re running Windows Server 2008 SP2, so we’re using IIS7.  The underlying cause is the same (default ASP Buffering Limit is set too low to handle the size of the report) and the fix is the same (increase the limit), but the steps to fix are just a little different for IIS7:


1. Launch IIS Manager
2. Click on the server name in the left pane to bring up the features for IIS (if you have more than just the SCCM reporting hosted in IIS and don’t want to modify this setting for all sites, expand the Sites node and click Default Web Site to bring up the features for just that site)
3. Double-click on the ASP feature

4. Expand the Limits Properties node and find the Response Buffering Limit item.

By default it’s set at about 4MB (4194304 bytes).  The general rule of thumb is about 1MB per 1000 records, but you may want to go with 1.5 to 2 MB just to be safe.  Modify the value and click Apply in the actions pane.
5. Restart IIS.
Now when you run your report you should actually get the results!

As you can see, in this case we had around 4500 records, which was just enough to fill the response buffer and generate the error.  Bumping it up to 10k bytes to accommodate future growth was more than enough to resolve the issue.

Useful ConfigMgr Resources

========================================================
ConfigMgr Resources/Information:

• Learning:
  • TechCenter on TechNet: http://technet.microsoft.com/en-us/configmgr/default.aspx
  
  
  • Features (Technical Content): http://technet.microsoft.com/library/bb680550.aspx
  
  
  • Virtual Labs: http://technet.microsoft.com/en-us/configmgr/bb539977.aspx
  
  
  • Webcasts: http://www.microsoft.com/events/series/technetmms.aspx?tab=webcasts&id=42364
  
  
  • Audiocasts (WMA): http://technet.microsoft.com/en-us/configmgr/bb727202.aspx
  
  
  • TechNet Virtual Labs, ConfigMgr: http://technet.microsoft.com/configmgr/bb539977.aspx
  
  

• Download Service Pack 2 Here: http://www.microsoft.com/downloads/details.aspx?FamilyID=3318741a-c038-4ab1-852a-e9c13f8a8140&displaylang=en (Upgrade download, Full Evaluation download available here).  Configuration Manager 2007 SP1 left support on January, 11^th, 2011 (http://support.microsoft.com/lifecycle/?p1=12769).


• Open (public) Betas Invites & Product Feedback.  Note: the Connect sites have information about both R3 and v.Next.
  • Configuration Manager 2012: https://connect.microsoft.com/ConfigurationManagervnext/program4346
  
  
  • Product Feedback: smswish@microsoft.com
  
  
  • Documentation Feedback: smsdocs@microsoft.com
  
  


• Windows Server 2008 and Server 2008 R2 and Configuration Manager: http://technet.microsoft.com/en-us/library/cc431377.aspx

• · PFE worldwide Blogs, News and Announcements: http://www.opsvault.com/
  • o System Center Configuration Manager 2007 Toolkit V2: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5a47b972-95d2-46b1-ab14-5d0cbce54eb8&displaylang=en
  
  

• Blogs:
  • Product Team:
    • System Center Product Team: http://blogs.technet.com/systemcenter/
    
    
    • Configuration Manager Product Team: http://blogs.technet.com/configmgrteam/
    
    
    • Configuration Manager Support Team: http://blogs.technet.com/configurationmgr/
    
    
  
  
  • PFE UK Manageability: http://blogs.technet.com/b/manageabilityguys
  
  
  • The Deployment Guys (TechNet): http://blogs.technet.com/deploymentguys
  
  
  • Steve Rachui – PFE (MSDN): http://blogs.msdn.com/steverac/
  
  
  • ConfigMgr Writers – team of writers behind production documentation (TechNet): http://blogs.technet.com/wemd_ua_-_sms_writing_team/
  
  
  • Adam Meltzer – ConfigMgr Developer (MSDN): http://blogs.msdn.com/ameltzer/
  
  


• ConfigMgr KB Article RSS Feed: http://support.microsoft.com/common/rss.aspx?rssid=12769&ln=en-us


• Tools:
  • System Center Update Publisher (tool used to publish custom updates) TechCenter: http://technet.microsoft.com/manageability/bb741049.aspx
  
  
  • Acresso (formerly InstallShield) AdminStudio Configuration Manager Edition: http://technet.microsoft.com/en-us/configmgr/bb932316.aspx.
  
  

• Catalogues:
  • Desired Configuration Monitoring, Configuration Catalogues: http://technet.microsoft.com/en-us/configmgr/cc462788.aspx
  
  
  • 3^rd Party Custom Catalogues for Updates: http://technet.microsoft.com/en-us/configmgr/bb892875.aspx
  
  


• System Center Partners (3^rd Party): http://www.microsoft.com/systemcenter/en/us/alliance-members.aspx
  • Dell:
    • Dell & System Center: http://www.dell.com/content/topics/global.aspx/sitelets/solutions/management/microsoft_sms
    
    
    • Dell ConfigMgr Wiki: http://www.delltechcenter.com/page/SCCM+-+System+Center+Configuration+Manager
    
    
    • OSD Extension, Dell Deployment Pack for ConfigMgr: http://www.delltechcenter.com/page/Dell+Deployment+Pack+for+Configmgr+%28Server+Deployment%29
    
    
  
  
  • HP:
    • HP Management Integration Solutions for Microsoft: http://h18013.www1.hp.com/products/servers/management/integration/ms_integration.html
    
    
    • OSD Extension, HP Insight Control Suite for System Center: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPICE-SC
    
    
  
  
  • IBM:
    • Microsoft System Management Solutions for IBM Servers: http://www.ibm.com/systems/management/director/partners/microsoft/
    
    
    • OSD Extension, IBM Deployment Pack for Microsoft System Center Configuration Manager 2007: http://publib.boulder.ibm.com/infocenter/toolsctr/v1r0/topic/dpsccm/dpsccm_ic_product_page.html
    
    
  
  


• ConfigMgr Community (including sites like myitforum.com that have community content): http://technet.microsoft.com/configmgr/bb625749.aspx


• Product Information (Sales/Business Content): http://www.microsoft.com/systemcenter/configurationmanager/en/us/default.aspx

ConfigMgr Design Resources

• Configuration Manager Planning and Deployment Overview: http://technet.microsoft.com/en-us/library/bb693806.aspx


• Planning and Deploying the Server Infrastructure for Configuration Manager 2007: http://technet.microsoft.com/en-us/library/bb680397.aspx


• Planning and Deploying Clients for Configuration Manager 2007: http://technet.microsoft.com/en-us/library/bb680373.aspx


• Configuration Manager Supported Configurations: http://technet.microsoft.com/en-us/library/bb680717.aspx


• Configuration Manager Sample Configurations and Common Performance Related Questions: http://go.microsoft.com/fwlink/?LinkID=113136.

OS Deployment

• Desktop Deployment TechCenter on TechNet: http://technet.microsoft.com/en-us/desktopdeployment/default.aspx


• Microsoft Desktop Deployment Toolkit: http://www.microsoft.com/downloads/details.aspx?familyid=3bd8561f-77ac-4400-a0c1-fe871c461a89&displaylang=en
  • Microsoft Deployment Toolkit 2010 is the newest version of Microsoft Deployment Toolkit, a Solution Accelerator for operating system and application deployment. MDT 2010 supports deployment of Windows 7 and Windows Server 2008 R2 in addition to deployment of Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP.
  
  


• Application Compatibility Guidance: http://technet.microsoft.com/en-gb/desktopdeployment/bb414773.aspx


• Application Compatibility Toolkit: ACT is a collection of tools to inventory, assess and help fix applications for Windows Vista deployment projects. This update to ACT includes new tools to assess application compatibility with Internet Explorer 8 and detect potential application compatibility issues caused by Windows Vista or Windows Server 2008 security updates. http://technet.microsoft.com/library/cc507852.aspx

Out of Band Management

• · Configuring Out of Band Management: http://technet.microsoft.com/en-us/library/cc161822.aspx


• · Troubleshooting Out of Band Management: http://technet.microsoft.com/en-us/library/cc161834.aspx


• · Intel resources:
  • Infrastructure Prep Checklist for Microsoft SCCM: http://communities.intel.com/docs/DOC-2300
  
  
  • SCCM / vPro Common Issues and Potential Resolutions:
    • § SP1: http://communities.intel.com/docs/DOC-1627
    
    
    • § SP2: http://communities.intel.com/docs/DOC-4153
    
    
  
  

Moving SCCM to a New Server

There may come a time where you need to move you SCCM environment to a new server. This will help make that process as possible.
When needing to move SCCM to new hardware you must remember:

1. The side code cannot be renamed without uninstalling SCCM and reinstalling or standing up a new SCCM server (side-by-Side) migration.


2. You must keep the same server name as the existing SCCM server.


3. You must also keep the same drive structure as the existing SCCM server.

So what are the steps you need to take?

1. Backup the site settings and database of the SCCM Server


2. Backup local folders (if any) used for package sources: (source folder, drivers folder…etc). Make a note of the permissions as well.


3. Decommission the SCCM Server and remove from the domain.
   1. Note: Name, IP, site code, installation path,
   
   


4. Build the new server with the information from step 3.
   1. Install and configure all SCCM prerequisites
   
   
   2. If SQL was local before Install the same SQL version and any updates
   
   
   3. Install SCCM 2007 to the same patch level, directory, site code from the old SCCM server
   
   


5. Restore folders used for SCCM (Sources, drivers, packages, and set permissions


6. Restore the SCCM database from the old server using the Site repair wizard


7. Resolve any errors under the site status.

I hope this blog helps you with your transition

WSUS failed to sync some of the updates

I came across an issue where I was noticing errors in the SMS_WSUS_SyncUpdates Component. Every time the synchronization ran for windows updates, I would get the following:
SMS WSUS Synchronization failed.


Message: Failed to sync some of the updates.
Source: Microsoft.SystemsManagementServer.SoftwareUpdatesManagement.WSyncAction.WSyncAction.SyncUpdates.

This typically has to do with the EULA agreement with some updates. This error should clear up at the next synchronization. However in this case it did not.
Trying a reboot of the server, SCCM Services, WSUS did not help. This was happening with a handful of updates.
To resolve this issue:
I also added the network services account to the root of the WSUS folder as it was missing.
Next I ran a wsustuil -reset
I also uninstalled the SUP role, waited about 5 minutes then reinstalled the role. I then kicked off a synchronization which ran a full synchronization again.
I monitored the wsyncmgr.log file to ensure the updates are synchronizing.

It took some time to do the full synchronization but it completed successfully without reproducing the synchronization errors.

Of duplicate computer accounts in SCCM

Recently wrote a little script that deletes duplicate computer accounts in SCCM. This is because I have included the addition of computers from AD

#Region Description

#

# Name       : remove-DuplicateComputers.ps1

#

# Version    : 1.0

# Web        :

# Date       : 21-12-2010  

# Description: Find duplicate computer objects to SCCM and delete

#             

#EndRegion

#Region Functions

#EndRegion

[array]$ArrayComps=$null

$ConnStr="Provider=MSDASQL;DSN=SMS_TB1;"

$sSQL="select T.Name0, T.CountName

from (select dbo.v_R_System.Name0, count(*) as CountName

from dbo.v_R_System

Group By dbo.v_R_System.Name0 ) as T

where T.CountName > 1

ORDER BY T.Name0"

$adoSQL= New-Object -ComObject  ADODB.Connection

$rsSheet= New-Object -ComObject ADODB.Recordset

$adoSQL.ConnectionString=$ConnStr

$adoSQL.Open()

$rsSheet.Open($sSQL,$adoSQL)

if(!$rsSheet.EOF)

{

 $meter=0

 while (!$rsSheet.EOF){

  $ArrayComps+=@{Name=$rsSheet.Fields.Item("Name0").Value;Count=$rsSheet.Fields.Item("CountName").Value; BadID="";LastDate=$null;}

  $rsSheet.MoveNext()

 }

}

if (!$adoSQL)

{

 $adoSQL.Close()

}

$adoSQL=$null

$meter=0

$meter2=0

foreach ($Comp in $ArrayComps)

{

 Get-WmiObject -Namespace "Root\SMS\site_TB1" -Query  ("select * from SMS_R_System where Name = '"+$Comp.Name+"' ") | %{

  if (!$_.Client -and !$_.Active)

  {

   $Comp.BadID=$_.ResourceId

   #$_.Delete()

   Write-Host "№"($meter++)" Computer " $Comp.Name "with ID="$_.ResourceId "Deleted!!!" -ForegroundColor Red

  }

  else

  {

   if ($Comp.LastDate)

   {

    if ($_.SMSUUIDChangeDate -ge $Comp.LastDate)

    {

     Write-Host "---№"($meter2++)" Computer " $Comp.Name "with ID="$Comp.BadID "Deleted!!!" -ForegroundColor Red

    }

    else

    {

     Write-Host "---№"($meter2++)" Computer " $Comp.Name "with ID="$_.ResourceId "Deleted!!!" -ForegroundColor Red

    }

   }

   else

   {

    $Comp.LastDate=[double](($_.SMSUUIDChangeDate).split("."))[0]

    $Comp.BadID=$_.ResourceId

   }

  }

   

 }

}

#$ArrayComps | ?{!$_.BadID}

SCOM: Monitoring Windows Event Logs Using SCOM

Problem



Step: 1 Create a Monitor
Open “Authoring” Pane, select “Monitors”


Right click on “Monitors”, choose “Create a Monitor” and choose “Unit Monitor”

Expand “Windows Events” then expand “Simple event detection” and choose “Manual Reset” then choose you management pack where you are planning to save this “Monitor”

Type “Name” for this Monitor i am using “failure of Differential backup” and write a brief “Description” and in “Monitoring Target” i am choosing “Windows Server Operating System” because in my environment “Symantec backup exec” in installed on windows 2003 and 2008 servers, not click Next

choose the “Log Name” where your application write “event logs” in my case “Symantec Backup Exec” writes event in “Application Log” that’s why i choose “Application” now click on Next

Now we need to provide the Event ID and Event Source in Expression Builder so that is any event log matched this criteria created SCOM can alert us. In My case “Event ID is 34113” and Event Source is “Backup Exec” , now click on NEXT

Now we need to “Configure Health Conditions” so If “Event is Raised” then the status is “Warning” otherwise it is “Healthy” now click on “Next”

We need an alert when is Event is Created , so click on “Generate Alerts for this Monitor” and click on “Create”


Step: 2 Create a subscription
I am creating a New Subscription for it so that whenever this Event ID creates or Backup Job Fails then it should send an alert "our “Backup Administrators”
Click on “Administration” and Select “Subscriptions”

Right click on “Subscriptions” and choose “New Subscriptions”

Now Type “Subscription Name” and Description and click Next

In “Subscription Criteria” click on “Created by Specific rules or Monitors” and choose our previously created “Monitor” “Failure of Differential backup” and click on Next

Add users which intended to receive the alerts, after adding users click on NEXT
 
Choose Channels by which you are going to send an alerts, in my case I am sending alerts using an email. click NEXT

Click on “Enable this notifications subscription” and click on Finish.


Step: 3 Testing
Now its time to test the monitor, I used Logevent.exe to create an demo alert in window Application Log. See this link to know more about Logevent utility.


Step: 4 Result
Bingo !!! It shows warning in SCOM Alert window.

and it also send me an email about this alert :-)