31 December 2012

Orchestrator vs Powershell … I win!


Wow! it has been a long time since I last blog on my findings. I made a vow to be more active in 2013 in the blogging world so that I can share my System Center experience with the folks out there.

Now, lets get straight to the point. One of the biggest news (at least for me) with System Center Configuration Manager 2012 SP1 is the fact that it now has Powershell cmdlets that let you automate and scripts CM tasks. In short, this got me more excited than SCCM 2012 itself!

Well, Orchestrator does have it’s own capabilities to automate CM tasks via the Integration Pack for SCCM 2012. Nevertheless, as much as I like the Activities made available through the Integration Pack, there are still some functionalities which is missing. For example, there isn’t any activity for Delete CM Deployment.

In order to do that, I have decided to use Powershell scripts to automate that. You can view the cmdlets reference from MyITForum


Now, one should note that the SCCM cmdlets only runs on Powershell 3.0. If you are running Windows Server 2012, you are good to go.

Unfortunately, good old Orchestrator will give you problems if you thought of using “Run .NET Script” because by default it will load the Powershell 2.0 which will fail when you import the SCCM module

To resolve this, we need to “force” Orchestrator to run the Powershell scripts on Powershell 3.0.

How do you do this?

Well, I call it calling a “Powershell from a Powershell approach” where we encapsulate our powershell scripts in another powershell command.

eg: If let say our Powershell script is

Import-Module “C:\Program Files (x86)\Microsoft Configuration …..


Remove-CMDeployment …….


We just need to do this

Powershell {

Import-Module “C:\Program Files (x86)\Microsoft Configuration …..


Remove-CMDeployment …….


Now you are ready to go.


29 October 2011

The Story of The Great Battle with the Security Hardening Policy

It’s been a while since I last posted on my blog. I am reigniting my blog posting initiative and to kickstart things off, I have changed the blog template to something which I hope to be more refreshing. Hope you liked it.

Lets get serious and back to business.

Recently, me and a colleague of mine encounters an problem with our OpsMgr installation setup. We have problems launching our Web Console as well as RMS having problem communicating with Data Warehouse.

When you launch your Web Console, you will get an error with the following description:

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

The workaround to resolve this was to

  • Goto the SCOM Web Console folder
  • Edit Web.Config with a text editor
  • Locate the <system.web> section and add the following into the section
    <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

  • Save the Web.Config file

  • Restart IIS

    Note: Repeat the steps above with the SSRS folder in your server that hosts the SQL Reporting Services

    More information available from: http://support.microsoft.com/kb/911722 

  • 04 June 2011

    Announcement: SCOM 2007 R2 Admin Reskit Released

    The Administrator Resource Kit for SCOM 2007 R2 has just been released. It provides SCOM administrators with the following features

      - Scheduled Maintenance Mode- Ability to schedule and manage maintenance mode in the management group.
      - Clean Mom - Helps remove all installed R2 components.
      - MP Event Analyzer - MP Event Analyzer tool is designed to help a user with functional and exploratory testing and debugging of event based management pack workflows like rules and monitors.

    This is a must have for SCOM administrators especially for those who wants to schedule maintenance mode for their servers during scheduled maintenance windows

    For more details about the release, please visit the SCOM Team Blog


    16 May 2011

    Of Property Bags & Custom Performance Rules

    This might not be the best kept secret with OpsMgr especially for those who had experience creating custom monitors/performance in OpsMgr.

    Although OpsMgr provides many avenue to collect monitoring information on monitored systems (either via WMI, Perfmon etc), nevertheless at times there are still a need for us to collect information that is not available directly … or maybe the collected data needs a bit of manipulation before sending it to OpsMgr.

    In this example, I will just share a simple scenario where we need to collect % Disk Utilization for a Logical Disk in a server. (Albeit OpsMgr already collects % Free Space, but I am going to flip things around in this scenario)

    Let’s start things by exploring how do we get the necessary information to compute % Disk Utilization?

    This is where our good friend Windows Management Instrumentation (WMI) comes into the picture. Many would know that WMI is a big repository class which stores the management information on the systems host and in this case, we need to query WMI to retrieve the information related to Logical Disk utilization.

    There are many ways to achieve this (e.g Powershell, Scripts etc.) but being an old school VB guy, I will resort to VBScripts to do this.

    The following are the excerpts for my code.

    Const HARD_DISK = 3
    Dim counter, strComputer
    strComputer = "."

    ‘ Connect to the WMI class of root\cimv2 (which provides the systems information that we need)

    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

    ‘ Query WMI to retrieve all Logical Disks in the local computer

    Set colDisks = objWMIService.ExecQuery _
        ("Select * from Win32_LogicalDisk Where DriveType = " & HARD_DISK )

    ‘ Iterate each Logical Disk (e.g C:\ D:\  etc & Provide the Size of the Disk)

    For Each objDisk in colDisks   

    ‘Compute Disk Utilization = (Size – Free Space)/Size
        l_pct_util = ((objDisk.Size  - objDisk.FreeSpace)/objDisk.Size) * 100) 


    Now we have the script to collect Disk Utilization, my next posting will show how we will modify this script to collect performance data to OpsMgr using Property Bag.

    05 May 2011

    Creating SNMP Performance Collection Rule

    Many folks out there will bump into this problem when they tried to create a Performance Collection Rule and target it to a custom SNMP Device Group.

    Let me give you an example here:

    I have a group of Extreme Network Switches that I need to collect the temperature for these devices. Hence I created a Group that consist only the Extreme Network switches.


    Then like most people, you will just go over to create an SNMP collection rule to collect the performance and will target the rule to the SNMP device –> Only to encounter error when you try to Create the rule.



    How to resolve this:

    One workaround that I tried was this. When you create the rule, instead of targeting the custom Group, target to the SNMP device. But DO NOT enable the rule.


    This will create a Rule that is Disabled by default. Now you just need to Override this rule and target back at the Extreme Network Switch and set to Enable it.


    This should get things working.