Author Archives: Tao Yang

Using Royal TS for PowerShell Remote Sessions

Written by Tao Yang

Background

I have used many Remote Desktop applications in the past. I have to say Royal TS is the one that I like the most! Recently, I showed it to one of my colleagues, after a bit of playing around, he purchased a license for himself too.

Today, my colleague asked me if I knew that Royal TS is also able to run external commands, and he thought it’s pretty cool that he’s able to launch PowerShell in the Royal TS window. Then I thought, if you can run PowerShell in Royal TS, we should be able to establish PS remote sessions in Royal TS too. Within 10 minutes, we managed to create few connections in Royal TS like these:

SNAGHTML1c209a8d

SNAGHTMLa497d178

image

SNAGHTML1c2e5543

In this post, I’ll go through the steps I took to set them up.

Connections to Individual Servers

To create a connection to an individual server,

01. Choose add->External Application:

image

02. Enter the following Details:

Display Name: The name of the server you want to connect to.

Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Arguments: -NoExit -Command “Enter-PSSession $CustomField1$”

Working Directory: C:\Windows\System32\WindowsPowerShell\v1.0

On the icon button next to the display name, choose “Use Application Icon” if you want to.

image

image

03. Choose a Credential if you want to connect using an alternative credential

SNAGHTML1c5136c4

If you choose to use an alternative credential,  you must also tick “Use Credentials” box under Advanced tab:

image

04. Enter the remote server name in Custom Field 1:

image

Note: in the arguments field from step 01, I’ve used a Royal TS variable $CustomField1$ as the name of the computer in the Enter-PSSession command. It is more user friendly to use the Custom Field for the computer name, rather than modifying the argument string for each connection that you wish to create.

Create An Ad-Hoc Connection

You can also create a connection in Royal TS for Ad-Hoc connections. In this scenario, you will need to enter the remote computer that you wish to connect to:

image

After the the computer name has been entered, the connection is then established:

image

To create this connection in Royal TS, instead of using the Custom Field 1 for the computer name, I’ve added an additional PowerShell command in the Arguments:

Arguments: -NoExit -Command “$Computer = Read-Host ‘Please enter the Computer Name'; Enter-PSSession $Computer”

image

The Custom Field 1 is no longer required in this scenario. Everything else is the same as the previous sample (for individual computers).

Other Considerations

Maximised PowerShell Window

You may have noticed from the screenshots above, that the PowerShell windows are perfectly fitted in the Royal TS frame. this is because I am also using a customised PS Module that I’ve written in the past to resize the PoewerShell window. Without this module, the PowerShell console would not automatically fit into the Royal TS frame:

image VS image

If you like your console looks like the left one rather than one on the right, please follow the instruction below.

01. Download the PSConsole Module and place it under C:\windows\system32\WindowsPowerShell\v1.0\Modules

image

02. Modify the “All Users Current Host” profile from a normal PowerShell window (NOT within PowerShell ISE). If you are not sure if this profile has been created, run the command below:

image

After the profile is created, open it in notepad (in PowerShell window, type: Notepad $Profile.AllUsersCurrentHost) and add 2 lines of code:

image

After saving the changes, next time when you initiate a connection in Royal TS, the console will automatically maximise to use all the usable space.

Note: Because most likely you will be using an alternative (privileged credential) for these PS remote sessions. therefore the resize console commands cannot be placed into the default profile (current user current host). It must be placed into an All users profile. And also because the resize command only works in a normal PowerShell console (not in PowerShell ISE), therefore the only profile that you can use is the “All Users Current Host” profile from the normal PowerShell console.

Alternatively, if you do not wish to make changes to the All Users Current host profile, you can also add the above mentioned lines into the Royal TS connection arguments field:

i.e.

Arguments: -NoExit -Command “import-module psconsole; resize -max; Enter-PSSession $CustomField1$”

image

Duplicating Royal TS Connections

If you want to create multiple connections, all you need to do is to create the first one manually, and then duplicate it multiple times:

image

When duplicating connections, the only fields you need to change are the Display Name and CustomField1.

WinRM configuration

Needless to say, WinRM must be enabled and properly configured for PS remoting to work. this is a pre-requisite. I won’t go through how to configure WinRM here. Someone actually wrote a whole book on this topic.

Conclusion

I’d like to thank Stefan Koell (blog, twitter), the Royal TS developer (and also my fellow SCCDM MVP) for such an awesome tool. This is now probably THE most used application on all my computers Smile.

If you haven’t tried Royal TS out, please give it a try. Other than the obvious Windows version, there are also a Mac version, an iOS version and an Android version.

A Free Management Pack Catalog for Everyone

Written by Tao Yang

In the 2 most recent post, I have blogged my experience setting up a Microsoft OpsMgr MP catalog using SharePoint and SMA. I managed to produce 2 versions:

  • On-Premise Version: Using SharePoint 2013 and SMA (System Center Service Management Automation)
  • Off-Premise (Cloud) Version: Using Office 365 SharePoint Online and Azure Automation

As I mentioned at the end of the second post, I was working with my SCCDM MVP friend Dan Kregor to create this MP catalog on Sparq Consulting’s public SharePoint site – Free for everyone.

I am pleased to announce, everyone can now access this catalog from this URL:

http://sharepoint.sparqconsulting.com.au/mpcatalog

image

This catalog is publicly available, no login is required. Consider it as a Christmas gift from us Smile.

This catalog is hosted on SharePoint Online, and I have scheduled the Azure Automation runbook to run daily at 9:00pm of my local time to Synchronise with Microsoft’s MP Catalog (It’s Australia Eastern Standard Tiime).

If you like what we’ve done for the System Center community, please help us by spreading the words around, and we will be much appreciated if you want to link to this URL from your websites.

Lastly, other than Dan Kregor, I’d also like to thank all OpsMgr focused MVPs who’s been involved in this discussion since beginning. Thank you for all your input and feedback.

Merry Christmas, everyone.

Using Azure Automation to Build Your Own Microsoft OpsMgr MP Catalog on SharePoint Online

Written by Tao Yang

Background

Previously, I have posted how to build your own Microsoft OpsMgr MP Catalog on SharePoint 2013 using SMA. It is a solution that you can implement on-prem in your own environment if you have existing SharePoint 2013 and SMA infrastructure in place. As I mentioned at the end of the previous post, I have also developed a solution to populate this MP catalog on a Office 365 SharePoint Online site using Azure Automation – a 100% cloud based solution. Because of the differences in APIs between on-prem SharePoint 2013 and SharePoint online, one of the runbooks is completely different than the on-prem version. In this post, I will go through how I’ve setup the MP catalog on SharePoint Online using Azure Automation.

01. Create a List on the SharePoint Online site

The list creation and customization process is exactly the same as the On-Prem SharePoint 2013 version. I won’t go through this again. please refer to Step 1 and the customizing SharePoint List sections in my previous post.

02.  Create a Runbook to Retrieve Microsoft MP info

Again, this runbook is unchanged from the On-Prem version. Simply import it into your Azure Automation account.

Download Get-MSMPCatalog

SNAGHTML803890ed

03. Prepare the SMA Integration Module SharePointOnline

In order to authenticate to SharePoint Online sites, We must use a SharePointOnlineCredentials instance in the script. In my previously post, I wrote a runbook called Populate-OnPremMPCatalog. That runbook utilize Invoke-RestMethod PowerShell cmdlet to interact with SharePoint 2013’s REST API. Unfortunately, we cannot pass a SharePointOnlineCredentials object to this Cmdlet, therefore it cannot be used in this scenario.

Additionally, the SharePointOnlineCredentials class comes from the SharePoint Client Component SDK. In order to create a SharePointOnlineCredentials object in PowerShell scripts, the script need to firstly load the assemblies from 2 DLLs that are part of the SDK. Because I can’t install this SDK in the Azure Automation runbook servers, I needed to figure out a way to be able to load these DLLs in my runbook.

As I have previously written SMA Integration Modules with DLLs embedded in. This time, I figured I can do the same thing – Creating a PowerShell / SMA Integration module that includes the required DLLs. Therefore, I’ve created a customised module in order to load the assemblies. But since the SDK also consists of other goodies, I have written few other functions to perform CRUD (Create, Read, Update, Delete) operations on SharePoint list items. These functions have made the runbook much simpler.

I called this module SharePointOnline, it consists of 5 files:

  • Microsoft.SharePoint.Client.dll – One of required DLLs from the SDK
  • Microsoft.SharePoint.Client.Runtime.dll – One of required DLLs from the SDK
  • SharePointOnline.psd1 – Module Manifest file
  • SharePointOnline.psm1 – PowerShell module file
  • SharePointOnline-Automation.json – SMA Integration Module Meta File (where the connection asset is defined).

image

Download SharePointOnline Module

Note:

The zip file you’ve downloaded from the link above DOES NOT contain the 2 DLL files. I am not sure if Microsoft is OK with 3rd party distributing their software / intellectual properties. So, just to cover myself, you will need to download the SDK (64-bit version) from Microsoft directly (https://www.microsoft.com/en-us/download/details.aspx?id=35585), install it on a 64-bit computer, and copy above mentioned 2 DLLs into the SharePointOnline module folder.

Once the SDK is installed, you can find these 2 files in “C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\” folder.

Once the DLLs are placed into the folder, zip the SharePointOnline folder to SharePointOnline.zip file again, and the integration module is ready.

image

I’d like to also briefly go through this SharePointOnline module. This module contains the following functions:

  • Import-SharePointClientSDK: Load the Assemblies from the 2 DLLs included in the module
  • New-SPOCredential: Create a new SharePointOnlineCredentials object from the username and password provided.
  • Get-SPOListFields: Get all fields from a SharePoint Online list (return an array object)
  • Add-SPOListItem: Add an item to the SharePoint Online list (by passing in a hash table containing the value for each field)
  • Get-SPOListItems: Get all items from a SharePoint Online list (return an array object)
  • Remove-SPOListItem: Remove a list item from a SharePoint Online list (by providing the ID of the item)
  • Update-SPOListItem: Update a list item (by providing the list Item ID and a hash table containing updated values)

This module is made to be re-used for SharePoint Online operations that involves list items. I will write a separate post to go through this in details. But for now, all we need to do is to import it into Azure Automation.

 

04. Import SharePointOnline Module into Azure Automation and Create SharePoint Online Connection

Now that the integration module is ready, it needs to be imported into your Azure Automation account. This is done via the Import Module button under Assets tab.

Once the module is imported, a connection object must also be created.

SNAGHTML806ea00a

image

You must provide the following information when creating the SharePointOnline connection object:

  1. SharePointSiteURL – The URL to your SharePoint Online site (i.e. https//yourcompany.sharepoint.com)
  2. UserName – a User how should be part of the site members role (members group have contribute access). This username MUST be in the email address format. (i.e. yourname@yourcompany.com). I believe this account must be an account created in the Office 365 subscription. I have tried using an outlook.com account (added as a SharePoint site member), it didn’t work.
  3. Password – Password for the username you’ve specified.

i.e.

SNAGHTML80731611

 

05. Create a Runbook to Populate SharePoint List

This is equivalent to the previous runbook Populate-OnPremMPCatalog. I have named it Populate-SPOnlineMPCatalog.

Download Populate-SPOnlineMPCatalog Runbook

SNAGHTML8093a11f

This runbook is expecting 4 parameters:

  • SPOConnection: The name of the SharePointOnline connection that you’ve created earlier.
  • ListName: The list name of your MP catalog list.
  • NotifyByEmail: Specify if you’d like an email notification when new MPs have been added to the catalog.
  • ContactName: If NotifyByEmail is set to “true”, specify the SMAAddressBook connection name for the email notification recipient.

Note: If you’d like to receive email notifications, you also need to import and configure the SendEmail and SendPushNotification modules from my blog. Once the SMTP server connection and the Address book connection are created, please modify line 111 of the runbook with the name of your SMTP server connection:

image

Note: I have previously blogged the issues I have experienced using the SendEmail module in Azure Automation. You may find this post useful: Using the SendEmail SMA Integration Module in Azure Automation.

 

06. Executing Runbook Populate-SPOnlineMPCatalog

When executing the runbook, you need to fill out the parameters listed above:

image

image

Result:

image

Same as the On-Prem version using SMA, you can create a schedule to run this on a regular basis to keep the catalog in sync with Microsoft. I won’t go through the schedule creation again.

Azure Automation Fairshare

Currently, Azure Automation has a “Fairshare” feature, where the maximum allowed execution time for a job is 30 minutes. Fortunately, based on my multiple test runs against multiple Office 365 SharePoint online sites, the first executions of this runbook always complete JUST under 30 minutes. However, if you found your job in Azure Automation is terminated after 30 minutes, you should be able to just run it again to top up the list. But any subsequent runs should only take few minutes.

Conclusion

To me, this post completes the circle. I’m happy that I am able to provide solutions for people who wants to host the catalog On-Premise (by using SharePoint 2013 and SMA), as well as who’d like to hosted in on the cloud (Office 365 and Azure Automation).

The 2 different runbooks (and the additional integration module) are 100% based on what SharePoint are you going to use. There is also a 3rd possible combination: Using SMA to populate SharePoint Online list. In this scenario, the steps are the same as what I described in this post. I have also tested in my lab. it is working as expected.

Additionally, I am also working with my fellow System Center MVP Dan Kregor to make this MP Catalog publicly available for everyone on Sparq Consulting’s public SharePoint Online site. We will make a separate announcement once it is ready. – So even if you can’t setup one up on-prem or on the cloud, we’ve got you covered Smile.

Credit

Thanks for all the System Center MVPs who have provided feedback and input into this solution. Smile

Using SMA to Building Your Own Microsoft OpsMgr Management Pack Catalog On SharePoint 2013

Written by Tao Yang

Background

Over the years that I’ve been working with OpsMgr, for me, the Microsoft Pinpoint MP Catalog was a one stop shop for getting Microsoft management packs. More information about the Pinpoint MP Catalog can be found in Marnix’s post: http://thoughtsonopsmgr.blogspot.com.au/2010/07/pinpoint-management-pack-catalog.html

Based on the information came out in TechEd Europe 2014, looks like there will be changes introduced to the System Center Pinpoint site (http://channel9.msdn.com/Events/TechEd/Europe/2014/Ch9-34, from 09:00 onwards). And it seems the link from Marnix’s post https://pinpoint.microsoft.com/systemcenter is no longer valid.

So I’ve decided to do some experiment, see if I can generate and maintain a Microsoft MP catalog on-premise, for myself – Something I’ve always wanted. It took me couple of days, and I managed to build a MP catalog on a SharePoint 2013 site using PowerShell, SMA, and some existing scripts from the System Center community. The End result looks like this:

SNAGHTML765cc0bc

Currently, this catalog contains 1404 entries, and it is generated by 2 SMA runbooks that I have developed. In this post, I will go through the steps I took to setup this solution.

01. Creating a SharePoint 2013 List

Firstly, I created a list on my SharePoint 2013 site and called it “MP Catalog”:
SNAGHTML7607e74d

image

Once the list is created, go to Site Settings then “Site libraries and lists”

SNAGHTML7609667a

SNAGHTML760b0e10

Choose Customize “MP Catalog” and click on column “Title”

image

Rename this column to “System Name”

image

Add the following additional columns:

  • Categories
  • Catalog Item Id
  • MP Version
  • Public Key
  • Version Independent GUID
  • Download Link
  • Release Date

image

For each of these additional columns, please make sure “Require that this column contains information” is set to “No”.

image

Note: the internal names of these columns would be different than these display names. The script in the SMA runbook will translate these display names to the actual internal names. So it doesn’t matter how you created these columns, as long as the display names are exactly the same as what I listed, it should be OK.

02. Create a Runbook to Retrieve Microsoft OpsMgr Management Packs Info

We have all used the “Download Management Packs” function in the OpsMgr console:

image

Michel Kamp has written a MP that checks updated management packs. This MP utilize the same web service as what “Download Management Packs” wizard uses. I have used some PowerShell code from Michel’s MP in this runbook. –  Thank you, Michel.

I called this runbook Get-MSMPCatalog:

Download Get-MSMPCatalog

SNAGHTML7630c779

This runbook will be called by another runbook, and it returns an arraylist as output.

03. Create a Runbook to Populate the SharePoint List

I created a second runbook to call the first runbook Get-MSMPCatalog, then workout which MPs are not on the SharePoint List, and add the missing ones. I called the second Runbook Populate-OnPremMPCatalog:

Download Populate-OnPremMPCatalog

SNAGHTML763e3f49

As you can see, this runbook is expecting 5 parameters:

  • SharePointSiteURL – URL of the SharePoint site (in my lab, its http://sharepoint01/sites/requests)
  • SavedCredentialName – A credential saved in SMA that has access to the SharePoint site. In my lab, I created an AD service account and assigned it as a member in the SharePoint site.
  • List Name – The list for the MP catalog. In my lab, it’s “MP Catalog”
  • NotifyByEmail – Specify if you’d like an email notification when new MPs have been added to the catalog.
  • ContactName – If NotifyByEmail is set to “true”, specify the SMAAddressBook connection name for the email notification recipient.

Note: If you’d like to receive email notifications, you also need to import and configure the SendEmail and SendPushNotification modules from my blog. Once the SMTP server connection and the Address book connection are created, please modify line 121 of the Populate-OnPremMPCatalog runbook with the name of your SMTP server’s SMA connection:

image

i.e. My SMTP connection and SMAAddress book connection:

SNAGHTML766a1bed

image

04. Execute Runbook Populate-OnPremMPCatalog

When executing this runbook, you will need to fill out some parameters as listed above:

image

image

The first run will take a long time (in my lab, over 1 hour), but any subsequent executions shouldn’t take long at all. i.e. I deleted 204 MPs from the SharePoint list, and execute it again:

image

SNAGHTML76510d6f

I have also created a schedule to execute this runbook daily. This is to make my catalog in sync with Microsoft’s, and notify me when new MPs are released.

image

Customizing the MP Catalog SharePoint List

You may not like the default view of the MP Catalog list. You may want to hide some of the columns. This can be easily done by customising the default view of the list, or creating new views.

image

Conclusion

I’ve always wanted a place where I can simply click on a link to download a particular management pack. I have made this possible by using SMA and SharePoint. The only downside is, only individual management packs are listed. They are not bundled, and no documentations available.

There is also a MP Catalog wiki page on TechNet: https://social.technet.microsoft.com/wiki/contents/articles/16174.microsoft-management-packs.aspx, it is maintained by Microsoft and few System Center MVPs. You should be able to find all the recent MS management packs from there as well.

I have also managed to populate this catalog on a SharePoint Online (Office 365) site using Azure Automation – a 100% cloud based solution. For the cloud based version, one of the runbooks is completely different due to the differences in SharePoint APIs (SharePoint 2013 vs. SharePoint Online). I will post it in few days.

Credit

Thanks for all the System Center MVPs who have provided input and feedback on this topic. You know who you are, much appreciated! Smile

Lastly, please feel free to contact me if you have anything to add on this topic. I’d love to hear from you.

Using the SendEmail SMA Integration Module in Azure Automation

Written by Tao Yang

Over the last couple of days, I’ve spent sometime on Azure Automation (SMA in Azure). The first thing I did was imported and configured the SendEmail and SendPushNotification SMA Integration Modules that I have posted earlier. I created a simple test runbook to send an email and a push notification to my android phone:

However, I found 2 issues related to the SendEmail module. I’ll go through both of the issues in this post.

Issue 1

When I executed this runbook, it failed to send the email message. I got this error:

Cannot find the ‘Send-Email’ command. If this command is defined as a workflow, ensure it is defined before the workflow that calls it. If it is a command intended to run directly within Windows PowerShell (or is not available on this system), place it in an InlineScript: ‘InlineScript { Send-Email }’

SNAGHTML6ef25ba9

I found the cause of this issue is because I did not have a PowerShell module manifest file (psd1) in this module:

image

Whereas the SendPushNotification module works because it has a manifest file:

image

I didn’t pick this one up when I released the modules because it worked in the On-Prem SMA environments when I wrote it. So, it’s easy to fix this issue. I generated a manifest file for SendEmail module, uploaded it to Azure Automation, the issue went away.

Issue 2

After fixing the first issue, I started receiving SMTP authentication errors. I have configured a Gmail account as the sender – same as how I setup in my lab’s SMA environment, but I got SMTP error 5.5.1:

Exception calling “Send” with “1” argument(s): “The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.

image

Because this Gmail account is linked to my another Gmail account, I soon received an email from Google telling me they’ve detected some suspicious sign in activities:

SNAGHTML6f0c1c8e

So, looks like a Google security feature has detected someone is trying to sign in not from my normal location (Australia), – because I’ve chosen East US region when I opened my Azure Automation account.

I then decided to use Outlook instead of Gmail. So I created an Outlook account, configured the connection and updated the runbook. Unfortunately, I received similar SMTP errors and the account was temporarily suspended because of these sign in activities.

Luckily, I could go adjust these security activity settings, and verify these sign in activities are mine:

SNAGHTML6f13122c

After adjusting these security settings, the runbook started working and I received the test notification email from the runbook:

SNAGHTML6f13fab7

Conclusion

Based on my experience, I’m guessing the module manifest file is a must-have in Azure Automation? I have updated the SendEmail module and re-uploaded to this blog. If you have already downloaded it, sorry but you will need to download again if you are planning to use it in Azure Automation (Here’s the download link).

And if you are using a public email service as the sender like me, the security features implemented by the service provider may prevent you from using the email account in Azure Automation. You may need to adjust the security settings of the email account (like what I did with the Outlook account).

Lastly, if you haven’t tried Azure Automation, I strongly recommend you to give it a try. You get 500 minutes job run time a month for free (http://azure.microsoft.com/en-us/pricing/details/automation/). This should easily get you started.

VMM 2012 Addendum Management Pack: Detect Failed VMM Jobs

Written by Tao Yang

Background

My MVP friend Flemming Riis needed OpsMgr to alert on failed VMM jobs. After discovering that the native VMM MPs don’t have a workflow for this, I have offered my help and built this addendum MP to alert failed and warning (Completed w/ Info) VMM jobs:

image

I thought it is going to be a quick task, turned out, I started writing this MP about 1 month ago and only able to release it now!

The actual MP is pretty simple, 2 rules sharing a same data source which executes a PowerShell script to detect any failed and warning jobs in VMM. I wrote the initial version in few hours and sent it to Flemming and Steve Beaumont  to test in their environments right before the MVP Summit. After the summit, we found out the MP didn’t work in their clustered VMM environments. We then spent a lot of time emailing back and forth trying to figure out what the issue was. In the end, I had to build a VMM cluster in my lab in order to test and troubleshoot it Smile.

So, BIG BIG “Thank You” to both Flemming and Steve for their time and effort on this MP. It is certainly a team effort!

MP Pre-Requisites

This MP has 2 pre-requisites:

  • PowerShell script execution must be allowed on VMM servers and the VMM PowerShell module must be installed on the VMM server (It should by default).
  • The VMM server must be fully integrated with OpsMgr (configure via VMM console). This integration is required because this integration creates RunAs account to run workflows in native VMM management pack. This Addendum management pack also utilise this RunAs account.

SNAGHTML42d92eab

Alert Rules:

This MP contains 2 alert rules:

  • Virtual Machine Manager Completed w/ Info Job Alert Rule (Disabled by default)
  • Virtual Machine Manager Failed Job Alert Rule (Enabled by default)

image

Both rules shares a same data source with same configuration parameters values (to utilise Cook Down). They are configured to run on a schedule and detects failed / warning jobs since the beginning of the rule execution cycle. i.e. by default, they run every 3 minutes, so they would detect any unsuccessful jobs since 3 minutes ago. An alert is generated for EVERY unsuccessful job:

SNAGHTML42e07b14

SNAGHTML42e1b950

Note: Please keep in mind, If you enable the “Completed w/ Info job alert rule”, because we utilise Cook Down in these 2 rules, if you need to override the data source configuration parameters (IntervalSeconds, SyncTime, TimeoutSeconds), please override BOTH rules and assign same values to them so the script in the data source module only need to run once in every cycle and feed the output to both workflows.

Download

Since it’s a really simple MP, I didn’t bother to write a proper documentation for this, it’s really straight forward, I think I have already provided enough information in this blog post.

Please test and tune it according to your requirements before implementing it in your production environments.

Download Link

Lastly, I’d like to thank Steve and Flemming again for their time and effort on this MP. If you have any questions in regards to this MP, please feel free to send me an email.

My Experience Manipulating MDT Database Using SMA, SCORCH and SharePoint

Written by Tao Yang

Background

At work, there is an implementation team who’s responsible for building Windows 8 tablets in a centralised location (we call it integration centre) then ship these tablets to remote locations around the country. We use SCCM 2012 R2 and MDT 2013 to build these devices using a MDT enabled task sequence in SCCM. The task sequence use MDT locations to apply site specific settings (I’m not a OSD expert, I’m not even going to try to explain exactly what these locations entries do in the task sequence).

SNAGHTML4d5244b

In order to build these tablets for any remote sites, before kicking off the OSD build, the integration centre’s default gateway IP address must be added to the location entry for this specific site, and removed from any other locations.

SNAGHTML4dbe1c0

Because our SCCM people didn’t want to give the implementation team access to MDT Deployment Workbench, my team has been manually updating the MDT locations whenever the implementation team wants to build tablets.

I wasn’t aware of this arrangement until someone in my team went on leave and asked me to take care of this when he’s not around. Soon I got really annoyed because I had to do this few times a day! Therefore I decided to automate this process using SMA, SCORCH and SharePoint so they can update the location themselves without giving them access to MDT.

The high level workflow is shown in the diagram below:

MDT Automation

Design

01. SharePoint List

Firstly, I created a list on one of our SharePoint sites, and this list only contains one item:

SNAGHTML52b1a8c

02. Orchestrator Runbook

I firstly deployed the SharePoint integration pack to the Orchestrator management servers and all the runbook servers. Then I setup a connection to the SharePoint site using a service account

SNAGHTML532bed6

The runbook only has 2 activities:

image

Monitor List Items:

SNAGHTML53742a6

Link:

SNAGHTML536dbb9

The link filters the list ID. ID must equal to 1 (first item in the list). This is to prevent users adding additional item to the list. They must always edit the first (and only) item on the list.

Start SMA Runbook called “Update-MDTLocation”:

image

image

This activity runs a simple PowerShell script to start the SMA runbook. The SMA connection details (user name, password, SMA web service server and web service endpoint) are all saved in Orchestrator as variables.

SNAGHTML53aaec0

03. SMA Runbook

SNAGHTML5413f3c

Firstly, I created few variables, credentials and connections to be used in the runbook:

Connections:

Credential:

  • Windows Credential that has access to the MDT database (we have MDT DB located on the SCCM SQL server, so it only accepts Windows authentication). I named the credential “ProdMDTDB”

Variables:

  • MDT Database SQL Server address. I named it “CM12SQLServer”
  • Gateway IP address. I named it “GatewayIP”

 

Here’s the code for the SMA runbook:

Putting Everything Together

As demonstrated in the diagram in the beginning of this post, here’s how the whole workflow works:

  1. User login to the SharePoint site and update the only item in the list. He / She enters  the new location in the “New Gateway IP Location” field.
  2. The Orchestrator runbook checks updated items in this SharePoint list every 15 seconds.
  3. if the Orchestrator runbook detects the first (and only) item has been updated, it takes the new location value, start the SMA runbook and pass the new value to the SMA runbook.
  4. SMA runbook runs a PowerShell script to update the gateway location directly from the MDT database.
  5. SMA runbook sends email to a nominated email address when the MDT database is updated.

The email looks like this:

SNAGHTML197a0f95

The Orchestrator runbook and the SMA runbook execution history can also be viewed in Orchestrator and WAP admin portal:

image

image

Room for Improvement

I created this automation process in a quick and easy way to get them off my back. I know in this process, there are a lot of areas can be improved. i.e.

  • Using a SMA runbook to monitor SharePoint list direct so Orchestrator is no longer required (i.e. using the script from this article. – Credit to Christian Booth and Ryan Andorfer).
  • User input validation
  • Look up AD to retrieve user’s email address instead of hardcoding it in a variable.

Maybe in the future when I have spare time, I’ll go back and make it better , but for now, the implementers are happy, my team mates are happier because it is one less thing off our plate Smile.

Conclusion

I hope you find my experience in this piece of work useful. I am still very new in SMA (and I know nothing about MDT). So, if you have any suggestions or critics, please feel free to drop me an email.

Installing VMM 2012 R2 Cluster in My Lab

Written by Tao Yang

I needed to build a 2-node VMM 2012 R2 cluster in my lab in order to test an OpsMgr management pack that I’m working on. I was having difficulties getting it installed on a cluster based on 2 Hyper-V guest VMs, and I couldn’t find a real step-to-step detailed dummy guide. So after many failed attempts and finally got it installed, I’ll document the steps I took in this post, in case I need to do it again in the future.

AD Computer accounts:

I pre-staged 4 computer accounts in the existing OU where my existing VMM infrastructure is located:

  • VMM01 – VMM cluster node #1
  • VMM02 – VMM cluster node #2
  • VMMCL01 – VMM cluster
  • HAVMM – Cluster Resource for VMM cluster

SNAGHTML14878767

I assign VMMCL01 full control permission to the HAVMM (Cluster resource) computer AD account:

SNAGHTML148c6725

IP Addresses:

I allocated 4 IP addresses, one for each computer account listed above:

image

Guest VMs for Cluster Nodes

I created 2 identical VMs (VMM01 and VMM02) located in the same VLAN. There is no requirement for shared storage between these cluster nodes.

Cluster Creation

I installed failover cluster role on both VMs and created a cluster.

image

image

image

image

image

VMM 2012 R2 Installation

When installing VMM management server on a cluster node, the installation will prompt if you want to install a highly available VMM instance, select yes when prompted. Also, the SQL server hosting the VMM database must be a standalone SQL server or a SQL cluster, the SQL server cannot be installed on one of the VMM cluster node.

DB Configuration

image

Cluster Configuration

image

DKM Configuration

image

Port configuration (left as default)

image

Library configuration (need to configure manually later)

image

Completion

image

Run VMM install again on the second cluster node.

As instructed in the completion window, run ConfigureSCPTool.exe –AddNode HAVMM.corp.tyang.org CORP\HAVMM$

Cluster Role is now created and can be started:

image

OpsMgr components

In order to integrate VMM and OpsMgr, OpsMgr agent and console need to be installed on both VMM cluster node. I pointed the OpsMgr agent to my existing management group in the lab, approved manually installed agent and enabled agent proxy for both node (required for monitoring clusters).

Installing Update Rollup

After OpsMgr components are installed, I then installed the following updates from the latest System Center 2012 R2 Update Rollup (UR 4 at the time of writing):

  • OpsMgr agent update
  • OpsMgr console update
  • VMM management server update
  • VMM console update

Connect VMM to OpsMgr

I configured OpsMgr connection in VMM console:

2014-11-19_22-29-43

 

Conclusion

The intention of this post is simply to dump all the screenshots that I’ve taken during the install, and document the “correct” way to install VMM cluster that worked in my lab after so many failed attempts.

The biggest hold up for me was without realising I need to create a separate computer account and allocate a separate IP address for the cluster role (HAVMM). I was using the cluster name (VMMCL01) and its IP address in the cluster configuration screen and the installation failed:

image

After going to through the install log, I realised I couldn’t use the existing cluster name:

image

When I ran the install again using different name and IP address for the cluster role, the installation completed successfully.

Visual Studio 2013 Community Edition

Written by Tao Yang

Nowadays, Visual Studio is definitely one of my top 5 most-used applications. I have also started using Visual Studio Online to store source codes few months ago. I have started migrating my management packs and PowerShell scripts into Visual Studio Online, and connect Visual Studio to my Visual Studio Online repository.

Microsoft has released a new edition of Visual Studio 2013 few days ago: Visual Studio 2013 Community Edition. This morning, in order to test it, I uninstalled Visual Studio Ultimate from one of my laptops, and installed the new community edition instead.

I tested all the features and extensions that I care about, I have to say I’m amazed all of them worked!

Visual Studio Online: I am able to connect to my Visual Studio Online and retrieved a Management Pack project that I’m currently working on.

SNAGHTML730a5e

 

Visual Studio Authoring Extension (VSAE): I installed VSAE version 1.1.0.0, same as the previous installation on my laptop, all MP related options are still there:

image

I tried to build the MP in the solution I’m working on, and it was built successfully:

SNAGHTML7680c5

 

PowerShell Tools for Visual Studio 2013: This is a community extension developed by PowerShell MVP Adam Driscoll (More information can be found here). This extension enables Visual Studio as a PowerShell script editor. As expected, it works in the Community edition and my PowerShell script is nicely laid out:

SNAGHTML7b8c49

 

In the past, when Microsoft has discontinued development of OpsMgr 2007 R2 Authoring Console and replaced it with VSAE, in my opinion, it has made it harder for average IT Pros to start authoring management packs. One of the reasons is that VSAE is an extension for Visual Studio, it requires Visual Studio Professional or Ultimate edition, which are not cheap comparing with the old Authoring console (Free).  Therefore I am really excited to find out VSAE works just fine with the latest free Community edition. I’m hoping the community edition would benefit OpsMgr and Service Manager specialists around the world by providing us an affordable authoring solution.

Lastly, having said that, in terms of licensing for the community edition, there are some limitations. Please read THIS article carefully before using it. i.e. If you are working for a large enterprise and are developing a commercial application, you probably not going to able to use it.

Disclaimer: In this post, I’m only focusing the technical aspect based on my experience. Please don’t hold me responsible when you misused Visual Studio 2013 Community edition and violated the licensing condition. As I mentioned in the post, please read THIS article carefully to determine if you are eligible first!

A Simplified Way to Send Emails and Mobile Push Notifications in SMA

Written by Tao Yang

Background

For those who knows me, I’m an OpsMgr guy. I spend a lot of time in OpsMgr and I am very used to the way OpsMgr sends notifications (using notification channels and subscribers).

In OpsMgr, I like the idea of saving the SMTP configuration and notification recipients’ contact details into the system so everyone who has got enough privilege can use these configurations (when configuring alert subscriptions).

Over the last few months, I have spent a lot of time on SMA (Service Management Automation). As I started building more and more runbooks and integration modules, I really miss the simple way of sending notifications in OpsMgr. Although there is a built-in PowerShell cmdlet for sending emails (Send-MailMessage), it requires a lot of input parameters, and the runbook author needs to have all the SMTP information available. I thought it would be nice if I could save SMTP settings as connection objects (similar to notification channels in OpsMgr), and recipients’ contact details (email and mobile device push notification services’ api keys) also as connection objects (similar to subscribers in OpsMgr).

To achieve my goals, I have created 2 SMA Integration modules:

Module Name Connection Type Name PowerShell Functions
SendEmail SMTPServerConnection Send-Email
SendPushNotification SMAAddressBook Send-MobilePushNotification

SendEmail Module

This module defines a connection type where can be used to save all SMTP related information:

  • SMTP Server address
  • Port
  • Authentication Method (Anonymous, Integrate or Credential)
  • User name
  • Password
  • Sender Name
  • Sender Address
  • UseSSL (Boolean)

SNAGHTML1ba0bfc7

image

SNAGHTML1ba1992f

This module also provides a PowerShell function called “Send-Email”. Since when retrieving an automation connection in SMA, a hash table is returned, Not only you can pass individual SMTP parameters into the Send-Email function, you can also simply pass the SMA connection object that you have retrieved using “Get-AutomationConnection” cmdlet. for more information, please refer to the help topic of this function, and the sample runbook below.

SendPushNotification Module

This module provides a connection type called SMAAddressBook. It can be used like an address book to store recipient’s contact details:

  • Display Name
  • Email Address (optional)
  • NotifiyMyAndroid API Key (optional, encrypted)
  • Prawl (iOS push notification) API Key (optional, encrypted)
  • NotifyMyWndowsPhone API Key (optional, encrypted)

image

SNAGHTML1bb2b9d4

This module also provides a PowerShell function called Send-MobilePushNotification. It can be used to send push notification to either Prawl, NotifyMyAndroid or NotifyMyWindowsPhone.

Sample Runbook

As you can see from this sample, the runbook author does not need to know the SMTP server information (including login credentials), nor the contact details of the recipient. The runbook can simply pass the SMTP connection object (PowerShell Hash Table) into the Send-Email function.

After I executed this runbook, I received the notification via both Email and Android push notification:

SNAGHTML1bb9521f

image

Download

Please download from the download link below. Once downloaded, please import the zip files below into SMA:

image

Download Link

Related Posts

OpsMgr Alerts Push Notification to iOS (And Android, And Windows Phone) Devices

Authoring Integration Modules for SMA

Conclusion

As shown in the sample above, once the SMTP details are saved in SMTP connection objects, and recipients’ contact details are saved as SMAAddressBook connections, it is really simple to utilise the functions provided by these 2 modules to send notifications.

Also, I’d like to point out I had to create 2 integration modules instead of 1 because I need to create 2 kinds of connections. Having said that, these 2 modules do not depend on each other and can be used separately too.

As many people referring to SMA modules and runbooks as Lego pieces, I will definitely to share more and more my Lego pieces as they’ve been developed. In the meantime, please feel free to contact me if you have questions or suggestions.