Monthly Archives: March 2012
I ran into an issue today. I have updated a report in a management pack. After I updated the version number, sealed it and imported the updated management pack into SCOM, the report that I have modified did not get updated in SQL Reporting Service (SRS).
Generally, once a new MP is imported into a management group, within few minutes, the reports within the MP should be deployed to SRS. This was the case when I updated the very same MP in Development environment, but in Production, I waited few hours and nothing has happened.
After few hours, I finally fix the issue.
For any reports that have been deployed as part of a MP, there should be a .mp file in the SRS folder, like this one:
In the production environment, the .mp file name from my management pack folder in SRS is different than the one in development environment. I checked other management packs in both Prod and Dev and they all have the same .mp file name.
To fix the issue: I deleted the .mp file from SRS, restarted the SRS service. Within one minute, the updated report got deployed to SCOM SQL Reporting Service and the .mp file got recreated as well.
Over the last few days, it seems my blog has been hacked. some suspicious malware codes have been injected into the WordPress PHP pages.
I have just reinstalled WordPress, changed all the passwords and ran another scan. it came out clean. I have manually checked infected pages, the suspicious codes have bee removed.
If you are using Google Chrome and saw the warning page when trying to access my blog:
I have requested Google to review my site again. Hopefully I’ll get my site removed from the blacklist within few days.
12/08/2012: This MP has been updated. Please refer to this post for more details of the update. The download link in this post has also been updated.
Over the time, I have seen some issues and challenges for SCCM administrators to effectively and proactively managing SCCM clients. I have personally seen and experienced some challenging issues. For example:
- Silent clients due to the SMS agent host service not running.
- SCCM Clients are reporting to the incorrect site due to the combination of overlapping boundaries and auto site assignment.
- SCCM Clients missing new functionalities due to Missing SCCM hotfixes (i.e. Power Management in SCCM 2007 R3)
- Advertisement executions failures
- SCCM clients unable to connect to Management Points
- BDP configurations inconsistent (A SCCM client is listed as a BDP on the site server but it is not actually configured as BDP)
- Newly installed software are not promptly updated in SCCM site database as the hardware inventory only runs weekly by default.
During last year’s Christmas period, some of my employers production servers were assigned to an incorrect SCCM site and as a result, some applications were pushed out to these servers during a change freeze period. We only founded it out after the fact and realised some of these servers were reporting to the wrong SCCM sites for months!
This has triggered me to implement a solution so we can proactively monitor the configurations and activities of SCCM 2007 clients so we are alerted before anything bad happens!
I started writing a SCOM management pack for SCCM 2007 clients. It took me few weeks to cover all the issues that my team is facing. Over the last couple of weekends, I have spent a lot of time to re-write / re-brand it and document it so I can actually post this management pack in my blog.
This management pack provides some proactive monitoring and automations for all of above mentioned issues /challenges. Does this sound interesting to you? If so, please continue reading. The documentation and the management pack download link is at the bottom of this article.
So here are some details of the management pack.
System Center Configuration Manager (SCCM) 2007 Client Management Packs 22.214.171.124 provides basic monitoring of SCCM 2007 clients.
This set of management packs is intended fill the gap of the official Microsoft System Center Configuration Manager 2007 management pack and focus monitoring the SCCM clients in SCCM infrastructures. These managements pack also provides ability to implement customised monitors to monitor the configurations and baselines of SCCM clients in your organisation’s SCCM infrastructures according to your organisation’s standard. i.e.
· Monitors SCCM site assignment, make sure SCCM clients are assigned to the correct primary site in a multi-sites environment.
· Monitors SCCM client versions to make sure all required SCCM client hotfixes are applied.
· Monitors and make sure any SCCM clients that should be configured as Branch Distribution Points (BDP) are actually configured as BDP.
· Make sure SCCM Client cache size is configured according to your company’s standard.
There are 2 separate sealed management packs (.MP) in this set:
· TYANG System Center Configuration Manager 2007 Library
- Custom Data Source, Probe Action and Write Action modules
- Custom monitor types
- SCOM console actions for SCCM clients
- SCCM client object discovery
· TYANG System Center Configuration Manager 2007 Monitoring
- Pre-Configured monitors and rules
- Folders and Views
Management Pack Overview
The System Center Configuration Manager 2007 Client Management Packs not only provides various out-of-box preconfigured monitors / rules, but also provides some custom modules / workflows which allow you to build your own monitors to suit your System Center Configuration Manager 2007 environments. These management packs extends what Microsoft System Center Minotoring Pack For Configuration Manager 2007 SP2 v6.0.6000.3 has to offer for SCCM client monitoring. This includes:
· Recreated the SMS Agent Host service monitor and included diagnostic and recovery task to automatically restart the service when it has stopped.
· Checks the availability of Management Point of which the SCCM client connects to via HTTP response. The SCCM Management Point HTTP Response Monitor runs hourly to check the HTTP response of the active MP for the SCCM client and generates alerts if HTTP error responses received over 2 consecutive times.
· Checks the version of SCCM clients and generates alert if the version number is lower than 4.00.6487.2157 (KB977384, prerequisite for SCCM 2007 R3)
· Checks SCCM Clients Advertisement Execution history every 30 minutes. If there were any advertisements have been executed over the last 30 minutes, trigger Hardware Inventory so any newly installed applications will be inventoried and stored in SCCM site database. Additionally, if any failed advertisement executions are found, a Critical alert is generated.
1. SCCM Client Property Value Check 2-State Monitor Type. This monitor type can be used to build monitors to monitor SCCM client properties. (i.e. Monitor any SCCM clients that are not assigned to the correct site or Cache Size is not configured according to your organisation’s standard, etc..)
This monitor type Supports the following Properties:
- SiteCode (SCCM Client Site Code)
- Version (SCCM Client version)
- GUID (SCCM client GUID)
- ManagementPoint (MP that SCCM client is connected to)
- ProxyMP (Proxy MP that SCCM client is connected to)
- InternetMP (Internet MP that SCCM client is connected to)
- LogsLocation (path to SCCM client log files)
- CacheLocation (path to SCCM client cache)
- CacheSize (The maximum size of SCCM client cache folder in MB)
- HTTPPort (The HTTP Port for SCCM Client)
- EnableAutoAssignment (if auto site assignment is enabled (true or false)
- AllowLocalAdminOverride (if the SCCM client allows local admin override (true or false))
- IsBDP (If the client is a branch distribution point (true or false))
This monitor type Supports the following Comparison Operators:
- eq (Equal to)
- ne (Not equal to)
- gt (Greater-than)
- lt (Less-than)
- ge (Greater-than or equal to)
- le (Less-than or equal to)
- IsNull (Is Null value)
- NotNull (Not Null value)
2. Write Action module to initiate SCCM client actions
3. Write Action module to repair SCCM client
4. Other Probe Action modules and Data Source modules that were used by pre-configured monitors and rules.
This SCCM client object discovery in this management pack discovers pretty much every SCCM client properties that are visible in the industry well-known utility SCCM Client Center.
Below is a comparison of the properties that SCCM Client Center can check VS. SCCM Client properties been discovered by this management pack VS. what are been discovered from Microsoft’s official management pack:
SCCM Client Center 126.96.36.199:
System Center Configuration Manager 2007 Client Management Pack v188.8.131.52:
Microsoft Official Configuration Manager 2007 SP2 Management Pack v6.0.6000.3:
A number of SCCM Client actions have been built into this management pack. The following SCCM client actions can be initiated via SCOM Operations Console and Web Console:
· Discovery Data Collection
· File Collection
· Hardware Inventory
· Machine Policy Retrieval Evaluation
· Software Inventory
· Software Metering Usage Report
· Software Updates Agent Assignment Evaluation Cycle
· Software Updates Scan
· SCCM Client Repair
The detailed guide for this MP can be downloaded HERE.
Management Pack Downloads:
From below link, you can download a zip file which contains:
- Sealed version of TYANG System Center Configuration Manager 2007 Library management pack(.mp)
- Sealed version of TYANG System Center Configuration Manager 2007 Monitoring management pack(.mp)
- Unsealed version of TYANG System Center Configuration Manager 2007 Monitoring management pack(.xml)
The reason I’m offering the unsealed version of TYANG System Center Configuration Manager 2007 Monitoring management pack is that if you wish to create additional monitors / rules using the workflows in the library MP, you can just build them into the unsealed MP without creating a separate MP (and saves you time to unseal it).
Management Pack Download HERE.
As always, if you have any issues / questions / concerns or suggestions, email me! I’ll try to get back to you as soon as I can (even though recently I’ve been pretty busy at work and in my personal life. And that’s why it took me so long to write a blog article for this management pack!)
System Center Data Protection Manager is not something I normally play with. Recently, I’ve been dobbed in to troubleshoot an issue with remote sites network performance at work and the issue ended up was caused by Auto Discovery in DPM 2010.
So basically, DPM has this built-in function called “Auto Discovery” which queries the domain controller of its’ own home domain and stores every single domain member servers in its database. This job runs once a day, you can choose the time window of this job, but you can’t really disable it.
One of my colleagues has posted this issue in DPM TechNet forum: http://social.technet.microsoft.com/Forums/en-US/dpmsetup/thread/df3dc4ae-200a-4778-8a91-1d7e68d564f2/ and I also logged a premier support call with Microsoft. We got 2 very different solutions from TechNet forum and the Microsoft support engineer in China. After evaluating both solutions, I have decided to go with the solution from the TechNet forum since it’s more robust, but make some modifications.
I have made 3 modifications from the original SQL scripts from TechNet forum:
- The solution from TechNet forum involves creating a custom SQL agent job called ‘Cancel DPM Auto Discovery’ that runs once a day, prior to the DPM Auto Discovery job. I noticed if you manually change the Auto Discovery start time from DPM console, a new SQL agent job for Auto Discovery is created. So I can’t really guarantee that the original schedule for ‘Cancel DPM Auto Discovery’ job is still valid. Therefore, I changed the schedule from daily to hourly, and runs at the 55th minutes of each hour(i.e. 12:55am, 1:55am, 2:55am, etc.). Because the Auto Discovery job can only run at the full hour (1:00am, 2:00am, 3:00am), by changing the schedule, I can make sure no matter what time the Auto Discovery is scheduled to run, the SQL agent job that I have created will always disable it 5 minutes prior to it.
- As I mentioned in the forum thread, I had to change the SQL job category to something other than DPM otherwise DPM will delete my job.
- Since we have over 2000 DPM servers in the environment, manually running the SQL script on each DPM server is impossible. Therefore I created a PowerShell script to run the SQL scripts and use SCCM to push it out. During testing, I found the SQL script works if I manually run it from SQL management studio, but when running in PowerShell using either System.Data.SqlClient.SqlConnection object or COM ADO object, the script complained about not able to find @owner_sid at the step of creating the job. I fixed it by changing the job owner from “MICROSOFT$DPM$Acct” to “sa”.
Below is the SQL Script and the PowerShell script after my modifications.
Note: Both SQL script and Powershell script assume the DPM database is configured as default (which is located locally on the DPM server and the SQL instance name is left as default of ‘MSDPM2010’). If your DPM server is located elsewhere, please modify the SQL script and the SQL connection string in the Powershell script accordingly.