Opalis Active Directory Integration Pack cannot work in Windows Server 2008 R2?

If you all are planning to deploy have Active Directory related policies to be executed on Opalis running on Windows 2008 R2 server, chances are; you will be dissapointed because the Integration Pack that ships with it only supports 32 bit OS.

We all know that Windows Server 2008 R2 runs on 64 bit and this MS Active Directory v2 Integration Pack would not run.

Nevertheless, there is a similar Active Directory Integration Pack available in CodePlex authored by randofer.

It should work.

http://opalisadextension.codeplex.com/

Unable to access SCOM Web Console

If you install your Web Console on a server which is not an RMS, chances are you might get hit with this issue.

When you try to access the Web Console, you will be asked to enter your credentials even though you have configured your Web Console IIS settings access as Integrated Windows Authentication.

You will notice after entering your credentials 3 times, your web  browser will show

“You do not have have permission to view this directory or page”

To resolve this:

- Launch the Active Directory Users And Computers MMC Snap-In

- Open the Computer Object for the Web Console server,

- Click on the Delegation tab

Check the “Trust this computer for delegation to any service (Kerberos only)”

 

Try to access your web browse and it should work now

Introducing System Center AVICode

It has finally arrived! Ladies and Gentleman … it is official. AVICode is now the latest addition in the System Center solution suite.

AVICode has been a leading application monitoring system that enables you to monitor your application up to code level … yes you read it correct … CODE LEVEL … will now be made available under the System Center Management Suite.

In the next couple of weeks, I will share my experience on the latest AVICode which runs on version 5.7 on how it monitors .NET application.

AVICode also provides a Management Pack that can pump the monitoring data to be viewed by System Center Operations Manager console thus giving you a total end-to-end application monitoring covering both the infrastructure as well as the development end!

Stay Tuned !!!

Troubleshooting Certificates Errors when you install Cross Platform Agents in SCOM

Objective:Install Cross Platform agent to a Red Hat Linux Enterprise Server v5.4

Issue Faced: When you are about the install your agent into the Linux server … and you get hit with a failed installation with the following error.

The SSL certificate contains a common name (CN) that does not match the hostname.

 

Potential Cause: There are many reasons for such an error. But we can pretty much be sure that this revolves around hostname for the Linux server.

 

Troubleshoot the Issue:

From the Linux server, launch your terminal console and type the following

openssl x509 -noout -in /etc/opt/microsoft/scx/ssl/scx.pem -subject -issuer –dates

Now you can clearly see that the problem here is that the CN is webproxy.contoso.com

(A bit of history, I have previously used this Linux server in another environment and have installed Cross Platform in it but since then I have changed the FQDN for the server)

 

Resolution:

To resolve this, we will need to change the Subject Name in the certificate to RHEL.SystemCenter.local

To do this, execute the following command

/opt/microsoft/scx/bin/tools/scxsslconfig -f –v

(This will change the host name and re-create the certificate and private key)

Re run the query of the certificate CN

Let’s retry the re-installation of the agent.

Voila ! Worked like a charm

Opalis Integration Pack for SharePoint

This Integration Pack which was released a couple of back provides the integration with SharePoint that you manipulate SharePoint Lists and Libraries.

For more information, have a look at:

http://opalis.codeplex.com/releases/view/56094

Integrating Opalis with SCVMM

Though I openly profess my love for Opalis, I got to say there are still much room for improvements and if you ask me … the first thing in my mind would be documentation.

Yes, we were given powerful orchestration objects that integrates with different management systems but what lacks is the documentation on how to set things up. Well, I am not going to whine alot here but to concentrate on just blogging on how to get Opalis to integrate with SCVMM.

Out of the box, the SCVMM Integration Packs offers a rich set of VMM functionalities ranging from creating VM to Remove VM as depicted below.

Now in my previous postings, I have shared with you on installing Opalis and deploying Integration Packs. This posting basically revolves around getting those Integration Packs to work and I am going to start with SCVMM, not that this is the first that I have tried but the first that actually gave me some time to crack my head and get it working !

Now in essence there are a couple of ways to integrate Opalis with SCVMM;

• Connect via WinRM (Remote)
• Connect locally (Requires VMM Console to be installed in the Action Servers)

Approach 1: Win RM

The first approach requires you to configure a couple of things on VMM Server as well as your Action Server.

• In your VMM Server, Open your command prompt and run the following command

winrm quickconfig

• Then launch Windows Powershell and run the following command

set-executionpolicy –ExecutionPolicy RemoteSigned

• Now for each of your Action Servers, run the following command in the command prompt

winrm quickconfig

• And followed by

WinRM set winrm/config/client @{TrustedHosts="RemoteHost"}

RemoteHost = FQDN of your VMM Server

• Once that is done, launch the Opalis client console and goto Options –> System Center Virtual Machine Manager

• In the Prerequisites configuration click Add and enter the necessary information.

• Computer Name = VMM Server name
• User: User Account which has administrator rights on VMM
• Domain:AD Domain
• Password: User Password
• VMM Server = VMM Server name

(Leave others as default)

• Now lets get it rolling …  to test whether your connection works drag an object from the VMM IP to the workbench and try to connect

• Now many of you might be wondering, how come my account does not have enough rights to access VMM (especially that account is the VMM admin !!!)
• Now let’s revisit the connection page again … this time remove the user credentials …

• And if we try things again … and this time it works … so much for entering the user credentials eh.

• Now I try to make a logical explanation behind this and yet I still can’t find any that makes sense … but hey … .as long as it works right !

Approach 2: Connecting Locally

• Unlike the previous approach, you just need to have VMM console installed in the Action Server and you are clear to go.
• You do not need to set WinRM configurations on your VMM as well as your Action Servers to do so.
• Nevertheless, the “rule” for setting up the connection settings to VMM still applies …

Hope this gets you guys rolling and have fun exploring Opalis-SCVMM !

 

Unable to load Active X Control in Self Service Portal–Request Software module

In Self Service Portal, when you try to request for a Software Request (Self Service Software Request) you will be prompted that Active X control cannot be loaded.

To resolve this, you need to install the PortalClient.msi file which is located in the installation CD

Once you have that install .. you are clear to go …

Service Level Management in Service Manager 2010 ? YEA ! You better believe it !!!

Noticed something different in my Incident Form? Yes, for those who have been playing with Service Manager 2010, you will surely noticed that … wait for it … wait for it … Yes ! an SLA component in the Incident form !!!

Many would be surprised that since when Service Manager has a SLA module?

Let me introduce SLA Management Pack for Service Manager from Cased Dimensions.

Like many SLA module, the SLA MP provides you to create the SLA policies to be attached to your Incidents, Change & Problems in Service Manager.

You can flexibly setup your working calendars for different business units to accurately measure your SLA against your official working hours in your organization.

Now with this Management Pack, Service Manager is ready to be join the big boys in  the ITSM realm … bring it on !!!

For more information about the SLA Management Pack for Service Manager, have a look at

http://www.caseddimensions.com/service_manager_SLA_management/

 

Installing Opalis Part 3 – Upgrading to Opalis 6.3

Let’s get straight into action shall we …

• Extract the Installation resource for Opalis 6.3
• Open the Management Server installation folder. By default, this is located in C:\Program Files\Opalis Software\Opalis Integration Server\Management Service. Browse to the Components\Objects folder.
• Copy the OpalisIntegrationServer_FoundationObjects.msi file provided in this release to the System Drive:\Program Files (x86)\Opalis Software\Opalis Integration Server\Management Service\Components\Objects directory. Replace the existing file.
• Uninstall the existing Foundation Objects via Add/Remove Programs
• Reinstall the Foundation Objects from the newly copied source.
• Run the OpalisIntegrationServer_ManagementService_630_PATCH.msp installer. Do not change any of the default values.

Now let’s deploy the Action Servers in our Opalis server

• Click Run, click Programs, click Opalis Software, click Opalis Integration Server, and then click Deployment Manager.

• In the Deployment Manager console, Right Click at Action Server and select Deploy New Action Server

• In the Service Information screen, enter the name of your Action Server and enter a user which will be the action account.
• 

• Proceed throughout the entire wizard setup by accepting the default values to kickstart the deployment

• After you deploy the clients from the Deployment Manager, copy the OpalisIntegrationServer_Client_630_PATCH.msp file included in this release to each client

CONGRATULATIONS !

YOU ARE NOW AT OPALIS v6.3

Installing Opalis Part 2 – Upgrading to Opalis 6.2.2 SP1

In Part I of my posting, I have shared with you on the steps to install Opalis 6.2.2.

In this part, I will share with you on the SIMPLE steps to upgrade to SP1

• Start off by extracting the installation source which is the \Opalis Integration Server 6.2.2 Service Pack 1_6.2.2.51310
• Execute the OpalisServicePack1.msi file
• Choose to unzip the installation files to a folder eg:C:\OpalisSP1
• Navigate to the installation folder of Opalis, eg:

C:\Program Files (x86)\Opalis Software\Opalis Integration Server\Management Service\Components\Objects

• Replace the existing OpalisIntegrationServer_FoundationObjects.msi file with the OpalisIntegrationServer_FoundationObjects.msi file provided in this service pack.
• In Add or Remove Programs, uninstall Opalis Integration Server - Foundation Objects.
• Run the OpalisIntegrationServer_FoundationObjects.msi installer. Do not change any of the default values on the installation screens.

Congrats, you have upgraded Opalis to SP1. As I said … Simple right

Installing Opalis Part I – Opalis 6.2.2

WARNING: This POST IS A LONG EXHAUSTIVE ONE AND YOU HAVE BEEN FOREWARNED

The recent release has created many waves throughout the entire System Center community and I wanted to share some of my experiences throughout my journey exploring Opalis since it joined the System Center familiy. And I would like to start my sharing with some postings on the installation steps for Opalis from 6.2.2 –> SP1 –> 6.3

Now in Part I, I will commence with the installation of Opalis 6.2.2, the very first version of Opalis since it joined the good old System Center family

• To kickstart things, my Opalis server runs on Windows 2008 R2 (x64) and has been installed with MS SQL Server 2008 SP1 (x64)
• You will also need Windows PowerShell 2.0 installed (to automate Operator Console installation)
• Once that is done, extract your installation resources
• The installation version would be \Opalis Integration Server 6.22_6.2.2.5229 as depicted in the picture below

• Kickstart Installation by executing the Setup.exe
• Click on Install Opalis Integration Server

• On the next screen, click on Install the Management Server

• Accept the Licensing Agreement and goes Next
• Proceed with defaults until you reach the Logon Information step. In this step, you need to provide a valid user account that will be used by the Opalis Management Service (basically that is your Service Account). Enter a valid user and proceed to commence installation of the Management Server.

• The next thing you need to do is to configure the datastore (which simply means configure the Opalis DB). Simply click Configure Datastore to commence the process

• The next screen will need your input the select which database will host the Opalis DB and since we LOVE Microsoft so much … I will choose MS SQL Server and proceed

• Now in the Server details, enter the DB server and the authentication method and proceed (In this case, my SQL is the same as the Opalis server and I have set to use Windows Authentication during the installation of SQL Server)

• Give the name for the Opalis DB and proceed to let installer do the rest.

• The next step is to import a license for Opalis. In the License Manager, click on Import. When prompted to Import license, enter the license key and the corresponding license file made available for you either as a customer or an evaluator. Once you are don, click Close

• The next thing that you want to do is to Install the client

• Accept the license terms and accept defaults and let the rest roll by itself.

AND YOU THOUGHT IT’S ALL DONE SO EASILY ??? THINK AGAIN … YOU HAVE JUST GONE THROUGH THE EASY PART.

• When I first started to install Opalis, I dreaded the way they forced us to install the Operator Console because unlike the always easy Microsoft Wizard based approach, we are tasked to “install” the Operator Console by a series of copy & paste of java object which is SIMPLY PAINFUL
• Even preparing the installation for Operator Console is a bitch simply because you need to manually prepare the pre-requisites which would be:
• Download JDK 6 Update 4 from http://java.sun.com/products/archive/
• Download JBoss Application Server 4.2.3.GA from http://jboss.org/jbossas/downloads/
• Then you have a very long list of Pre-Requisites of Java Objects that is scattered all over the internet which I am kind enough to download and made available for you at my SKYDRIVE folder at http://cid-8b468d6e5c4e0782.office.live.com/browse.aspx/Opalis%20Pre-Req
• Well, apparently things have changed when SP1 was rolled out where our lives are made abit easier where Microsoft provides us with an installation script to automate the installation steps.
• Extract the Installation Resources for the following \Opalis 6.2.2\Opalis Operator Console Installer Script 1.0_1.0.0.0001
• Run the OpalisOperatorConsoleInstaller.msi file
• Create a new folder C:\Libraries

Copy all the pre-requisites file that you have downloaded from my skydrive into this folder

• Install Java Development Kit 6 Update 4 by using the default settings.
• Set the JAVA_HOME system variable to the directory of the local Java Development Kit. By default, the location is C:\Program Files\Java(x86)\Jdk1.6.0_04.
• Add %JAVA_HOME%\bin to the Path Environment variable.
• Extract the contents of the JBoss Application Server 4.2.3.GA to the folder where the JBoss Application Server will run. Eg C:\JBoss.
• Launch the command prompt, change to the C:\Libraries folder and run the command

java -jar JAXWS2.1.2-20070917.jar.

• A license dialog box appears.Accept the Sun Microsystems, Inc. License Terms. The JAXWS2.1.2-20070917.jar file will be unpackaged.
• Confirm that the \Jaxws-ri\Lib folder was created.
• Click Start, click Programs, click Accessories, click the Windows PowerShell folder, and then click the Windows PowerShell item.
• At the Windows PowerShell prompt, type

set-executionpolicy RemoteSigned.

• Type the full path to the location where you installed the InstallOpConsole.ps1 file. For example, C:\OpConsoleInstaller\installOpConsole.ps1

• Follow the on-screen prompts. You will be asked to provide configuration information, for example:

a. The full path to the location of the \JBoss folder.

b. The full path to the location of the \OperatorConsole folder.

c. The full path to the location of the \Libraries folder.

d. The database type (Microsoft SQL Server or Oracle).

e. The name of the database server, for example, localhost.

f. The database authentication type (Windows authentication or SQL Server authentication). For SQL Server, provide the user name and password.

g. The name of the Opalis database.

h. The user authentication type (Stand-alone or Active Directory). For Active Directory, provide the Active Directory root DN, Domain Controller, Port, and SAM account name for the administrator group.

• When the Operator Console installation complete message appears, click Close
• Start JBoss by executing the following command in the <JBOSS>\bin folder:

run.bat -b 0.0.0.0

Ladies and Gentleman, you will know that the Operators Console installation is successful when you see the following:

Now I will end the rather exhaustive post on this Part I and will continue with the next Part where I will share how do you patch Opalis to SP1.

Note: I will only deploy my Action Servers & Integration Pack once I am done with the installation up to version 6.3

Till then …. STAY TUNED.

What else do I need to do to protect my SharePoint 2010 Server

I got hit with this problem when I was trying to create a Protection Group in DPM to protect our SharePoint 2010 server in our R&D lab. I have already did the necessary pre-requisites on the SharePoint server such as:

• ConfigureSharepoint.exe –enableSharepointProtection
  
• ConfigureSharepoint.exe EnableSPSearchProtection
  

However I still got hit with the error of not meeting the pre-requisites when I tried to create a new protection group for SharePoint

I went over to the SharePoint Server and noticed that DPM agent could not find the registry key that denotes the SharePoint version:

HKLM\SOFTWARE\Microsoft\Share Tools\Web Server Extensions\14.0\Version

I immediately go to the Regedit and yes indeed that the registry key value is not there. I manually added a new String Value and named it as Version and give the value as 14.0.0.4762.

Go back to DPM console and Voila ! it works !!!

Opalis 6.3 is released

I have been following on Opalis since it was bought over by Microsoft earlier this year and has been impressed by what it can do since. And with the recent release of Opalis, the version 6.3 now supports Opalis installation running on Windows Server 2008 R2 (Yes, unfortunately as at Opalis 6.22 SP1 we can only run them from Windows 2003 which some of my customers gives the evil grin smile). Another noteworthy addition is the introduction of Integration Packs to support Microsoft Sytem Center Suite of products namely:

• System Center Configuration Manager 2007 (which supports SCCM 2007, SCCM 2007 R2 & SCCM 2007 SP2)
  
• System Center Operations Manager 2007 (Support for OpsMgr 2007, OpsMgr 2007 R2 has already been there since Opalis 6.2.2 and as of installation on 6.3 I have not seen additional objects)
  
• System Center Data Protection Manager
  
• System Center Virtual Machine Manager
  
• System Center Service Manager 2010
  

Those who are interested can download the 180 day trial from

http://www.microsoft.com/systemcenter/en/us/opalis.aspx

I have been lucky enough the be able to participate in the BETA testing of version 6.3 and honestly I feel that the new IPs are extremely interesting to explore on. Honestly, Don't expect the IPs can do wonders and and able to automate/integrate with all the functionalities of the System Center products as its still V1.0.

As I am working on Opalis for quite some time, I do have some thoughts that I hope to share … stay tuned.

OMG !!! I can't monitor new servers in OpsMgr

Recently I bumped into this problem. Apparently every new servers (that is being installed with SCOM monitoring agent) cannot be monitored by SCOM. You can clearly see from the OpsMgr console that I have tons of servers with the status of Not Monitored.

Bad News + Tension = ~non stop sweating~

I checked all my agent communication ports and nothing is wrong. My Management Server event logs doesn't show any significant errors. The only thing I got was heaps of


Event 20070
The OpsMgr Connector connected to (RMS FQDN), but the connection was closed immediately after authentication occured. The most likely cause of this error is that the agent is not authorized to communicate with the server, or the server has not received configuration. Check the event log on the server for the presence of 20000 events, indicating that agents which are not approved are attempting to connect.

Event 21023
OpsMgr has no configuration for management group (managementgroupname) and is requesting new configuration from the Configuration Service.

Event 21402
Operations Manager has discarded 1 items in management group (managementgroupname) , which came from $$ROOT$$. These items have been discarded because no valid route exists at this time. This can happen when new devices are added to the topology but the complete topology has not been distributed yet. The discarded items will be regenerated.

Not long after that, my RMS starts to generate heaps of Warning in the Event Viewer. I get tons of
Event 29106 indicating problem writing data into the OpsMgr database. Somehow I got an impression that something is not right the Management Pack.

I made a query to the OpsMgr database to look for which Management Pack that was affected and apparently something is amiss with the Windows Server 2003 MP in my case.

I quickly look back at the Management Pack and the Windows Server 2003 MP is not updated whilst the Windows Server Operating System library has been updated. Maybe certain objects was removed from the data structure when the new Base OS library was updated but then the Windows Server 2003 MP was not updated to tally with the changes done.

I updated the Windows Server 2003 Management Pack and all is well. The new servers have successfully reported back to the system and problem solved !

Synthetic Transaction: Cannot find Web Recorder in Internet Exploer

Issue:
When you start to capture a web session (for the application that you want to monitor, the browser does not load the Web Recorder component hence you could not capture the web session that you intend to monitor.
























Cause:
This happens if you try to record/capture the session on a x64 machine. This is because you need to launch Internet Explorer (x64) to get Web Recorder loaded.The default path of Internet Explorer is actually the x86 version hence the Web Recorder component could not be loaded.

Resolution:
Change the default path of Internet Explorer by changing the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\(Default)

The key value should be - C:\Program Files\Internet Explorer\IEXPLORE.EXE


Note: Internet Explorer needs to be close and reopen (if its open existingly). Once you are done, click on Start Capture from the Web Application Editor and the browser will now

Service Manager Authoring Console 2010 is Released

The long awaited release of Service Manager Authoring Console has been released. With authoring console, we can now easily create & customize forms and workflows in Service Manager.

Download link is provided below.

http://www.microsoft.com/downloads/details.aspx?FamilyID=40b8f1b7-da63-46ae-9ca4-ef007fc3cb29&displaylang=en

Remote Configuration Manager Console cannot view advertisements

When you install Configuration Manager console on a remote machine, you will not be able to view the advertisements from the console.












Thanks to the following article which enlightened me on what I should do to rectify this issue.
http://blogs.technet.com/b/configurationmgr/archive/2010/03/11/fix-no-advertisements-are-listed-in-the-sccm-console-on-a-remote-machine-but-they-do-show-up-on-the-site-server-itself.aspx

Apparently, a file AdminConsole.xml which defines the viewing rules for the SCCM console has an incorrect query to retrieve the Advertisements.

Incorrect Query :
SELECT * FROM SMS_AdvertisementInfo WHERE NOT (AssignmentID = NULL) ORDER BY AdvertisementName

Correct Query :
SELECT * FROM SMS_AdvertisementInfo WHERE NOT (AssignmentID IS NULL) ORDER BY AdvertisementName

Now instead of installing the hotfix, I did it in a much faster way since it's just modifying the xml file.

• Open the XML folder location eg:C:\Program Files\Microsoft Configuration Manager Console\AdminUI\XmlStorage\ConsoleRoot

• Edit the AdminConsole.xml file (by opening it via NotePad)
  
• Search for the Incorrect Query (as mentioned above)
  
• Replace it with the Correct Query (as mentioned above too)
  
• Save the XML file
• Restart your console

Voila' ... the advertisement is being listed now.

Root Management Server unavailable

This is more of a nooby posts, nevertheless I would still try to share it out to starters who have encountered this issue in their environment.


Got hit with this problem recently where out of sudden my RMS went unavailable and before you know it I got this alert .


A quick check on my Event Viewer shows that I got tons of Event 2115 .


After a quick check on things, I noticed that something is amiss and it proved to be caused by my OpsMgr DB settings. Apparently by default, my OperationsManager DB has a file growth restriction and it seems that my DB hit the limit and thus no new monitoring data could be inserted into the Database.



Just go over and set the File Size to unrestricted growth and that did the trick.

Error Accessing ACS Reports: Cannot create connection to data source

This is something that I wanted to share out for quite some time but it just flew out of my mind until I got hit with this problem recently that I force myself to blog it NOW before I suffer from memory lapse syndrome.

Now, a bit of background here; the OpsMgr environment that I am working in has RMS, DB, DW + Reporting, ACS Collector & ACS DB all deployed into 5 different servers. Now with best practice in mind you would normally have a Data Reader/Data Write account created for your Data Warehouse action accounts. However the same was not stressed with the ACS Database. So what entails then?

So now you have successfully uploaded the ACS reporting components to the Reporting Server you would thought that you are ready to generate the ACS reports? Well, not exactly because you will most likely hit with your report giving you the following error.











From the looks of things, it seems that your report has problems creating a connection to the data source. Now what could be the problem?

Because you have a specific Data Reader account that accesses your Data Warehouse tables/views but this does not apply to ACS Database and because your Data Reader does not have access rights to the ACS Database, your connection will fail.

What would be the workaround for this?
The workaround for this is relatively simple, you would just need to access the SQL Server Reporting Services for the Reporting Server via your internet browser.
For example: http://reportingservername/reports

• From the SQL Server Reporting Services Home page, click on Audit Reports
• Inside Audit Reports, click on Show Details. You shall see DB Audit appears on the screen
  
• Click on DB Audit to launch the setting properties
• Scroll down to Connect Using, and select Credentials stored securely in the report server
• Enter the User credentials that has access to the ACS Database.
  
• Click Apply to store the settings.

Once you have saved the settings, exit browser. Relaunch the OpsMgr console and now you will be able to access the ACS reports without much problem.