Anyone who has used WSUS 3.0 for software updates and then switched to the Essentials 2007 (SCE) software update functionality may be looking for some missing features in the integrated interface. Because SCE was designed for the mid-market (read smaller environments), the interface for patch management is somewhat simplified, and some WSUS 3.0 functionality was left out.
What you may not realize is that SCE actually relies on WSUS 3.0 for update management (and several other functions for that matter, but thats for another day). Over a couple posts, I want to touch on some workarounds you can use in safely in enhancing your update management experience with Essentials.(
continue at source)
Streaming multiple concurrent applications across a wide-area network presents potential issues in terms of application launch times and WAN availability. These issues can be mitigated by implementing Microsoft Systems Center Virtual Application Branch Servers. This document gives a basic orientation of the components and considerations necessary for such an architecture.
Download Microsoft System Center Virtual Application Server Branch Configuration Guide
Brian Madden: All of the big vendors are so focused on managing "systems" (virtual, local, remote, streaming, on-demand, snap-shotted) that they're forgetting the "other half" of what customers have to deal with each day: the users! What if they took user management as seriously as system management?(
continue at source)
System Center Virtual Machine Manager provides centralized administration of virtual machine infrastructure and enables increased physical server utilization and rapid provisioning of new virtual machines by the administrator and authorized end users.
Download Microsoft System Center Virtual Machine Manager 2007 VHD
Ryan Brennan: Ok so I know I blogged a few weeks about being able to deploy ACS Agents and infra without OpsMgr. I decided to write a script to allow folks to do this. The script will essentially let you deploy ACS without having to deploy an OpsMgr agent thus leveraging ACS functionality.
Please understand that you need to have OpsMgr Licensing to deploy ACS and this is not an MS supported install! Also the intent is to help MS OpsMgr customers who want to leverage ACS that already have MOM 2005 and are currently migrating to OpsMgr.(
continue at source)
Localized versions of the Exchange 10.1 MP's are now available for download from the
MP catalog
The Opsmgr07 version
The MOM 2005 version
Localized versions for Chinese (traditional), Chinese (simplified), French, German, Italian , Japanese, Korean, Portuguese (Brazil), Russian, Spanish
The
Microsoft Update Catalog site can be used with System Center Configuration Manager 2007 to deploy updates that are not automatically synchronized with WSUS. For example drivers, QFEs, or other optional updates can be downloaded from the site (more info
here). This is a great additional capability, but how exactly can you make it work with SCCM?
Jeff Wettlaufer: Hi everyone, I thought it might be interesting to post an article on the integration System Center has developed with the Windows Server 2008 NAP team. As we head towards
February 27th, and Los Angeles for
the launch of Windows Server, I thought it might be interesting to detail how NAP works, and how
System Center adds value to the core out of the box functionality
NAP in Windows Server 2008 delivers.
Today’s increasingly mobile workforce and the need for inter-connectivity present an entirely new set of challenges for IT departments. In addition to ensuring that the desktop computers on the network are up-to-date and meet the company’s requirements for system health, network perimeters must also protect networks from roaming devices that may be vulnerable to security exploits.(continue at source)
Microsoft Deployment Team: We have received a number of emails and questions on how to receive support from Premier Support for Microsoft Deployment. There have been several of you who have been routed to the incorrect support person while trying to receive support for Microsoft Deployment. We apologize for your frustration and inconvenience.
To get routed to the correct support person, follow these instructions. Please note that support for Microsoft Deployment is done on via callback with response times generally ranging between 1 and 4 hours depending on the severity of your issue and the other issues in the queue
To receive support:
a) Call the support number (1-800-936-3500)
http://www.microsoft.com/services/microsoftservices/srv_premier.mspx
or
b) Submit a web incident
http://support.microsoft.com/select/default.aspx?target=assistance&c1=508&
c) Clearly state that you have a BDD/MDT issue. (If you talk about deployment they will be routed to a different queue. ).
To enable Windows Update debug logging perfom the following. Verbose output goes to the%windir%\windowsupdate.log file.
a. Open regedit and navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
b. Create a New Key called Trace
c. In Trace, create a new DWORD value called Flags with a Data of 7
d. In Trace, create a new DWORD value called Level with a Data of 4
e. Close regedit
2. Navigate to %windir%, find the file named ‘WindowsUpdate.log’, rename it to ‘WindowsUpdate.old’.
3. Restart the Automatic Updates server and run the “wuauclt /detectnow” command to force an update detection cycle.
Greg Shields:
Last time we looked at how proactive management using Microsoft's Systems Center Essentials can improve the lives of administrators in the smallest of networks. This time, let's look at the how to handle the inventory process with SCE. With its regular inventory along with its reporting capabilities, you'll immediately get an understanding of the composition of servers and workstations on your network.
Once you've installed SCE into your network, one of the first things you'll want to do is run its discovery and agent installation process. That process will locate servers and workstations on your network and install the SCE client. Also possible under Advanced Discovery is the enumeration of network devices that have known "read" SNMP strings configured. The benefit here is the ability for SCE to notify you when network devices go down.(
continue at source)
Do you routinely troubleshoot issues with SMS clients? Issues such as WMI not functioning, CCMEXEC not running, Bits issues, etc. The place I always start my troubleshooting is with the client log files (C:\Windows\System32\ccm\logs) as they contain a wealth of information and usually quickly lead you down the road to problem resolution.
Recently I've begun using a tool called
Log Parser to quickly parse through SMS client log files on both local and remote locations. The beauty of using log parser is in it's simplicity, it provides query based access to numerous types of data. For this scenario the data we care about is in the SMS client log files, which it handles with ease.
Another option for utilizing log parser is to use
Visual Log Parser from SerialCoder.net. This is a front-end to Log Parser that makes searching log files even more user friendly.
Windows Vista SP1 will be released as an update on Microsoft Update (MU). The patch is very large and there is a bug in Windows Server 2003 in the WinVerifyTrust API that will cause signing validation to fail.
What this means is that once you approve this update on a System Center Essentials 2007 server on a Windows Server 2003 server, every time the server sync’s from MU it will redownload the package, fail the cert validation, and so the download will fail. The problem will continue until you install the WinVerifyTrust patch on the System Center Essentials server. This patch is a hotfix (not a public GDR), so is not intended to be widely distributed. We recommend it only be installed on the System Center Essentials server itself.
You can obtain this hotfix here:
Windows Server Update Services cannot download large Windows update files in Windows Server 2003
Summary: SMS and ConfigMgr, and possibly other systems, make a lot of logs available in case you have to troubleshoot a tricky problem. If you need to look at some of those logs on a lot of clients or sites, then doing so manually will be very labor intensive. Why not do it via script?
There are a wide variety of problems where you have to look at a lot of logs. For example, the problem might be rare but nasty. Or it might be fairly common but counterintuitive - some people may think that the problem is so unlikely that the small subset of logs you manually look at are not representative of the rest of your clients or servers. Maybe the problem comes and goes. Maybe it occurs under special circumstances but you don't know which ones, yet. Or maybe you're just a perfectionist and you want to find every last problem.
Some relatively simple scripting will allow you to get a computer to do the log analysis.(
continue at source)
Find yourself needing to test/prove the patch management features of System Center Configuration Manager 2007 in a disconnected lab environment? You’re not alone.
Thankfully, the Microsoft Update Catalog has provided an easy-to-use shopping basket type system for manually downloading the security update binaries. Couple this with the well-documented process for manually adding security updates to the SCCM Deploy Software Updates Wizard and your only a USB-drive away from having everything you need to begin your tests.
You can find out more from the following links:
Microsoft Update Catalog
How to Manually Download Software Updates
Satya Vel answers some questions about deploying System Center Operations Manager 2007.
What level of privileges are required to install the product?
Someone recently asked a question regarding what level of privileges are required to install the product and later they asked me why the accounts had to be what they were. I thought I would take some time to write this blogs and explain these accounts in a simple way.
The account doing the install on the server where the SQL server and Root Management Server are going to be installed needs to have local administrator privileges. To run MSI packages users must at a minimum have local admin privileges. In addition to this account would also require system administrator privileges on the instance of SQL where the Operations manager Database is going to be hosted. This would be required so that the setup can configure the necessary privileges for the SDK and Config service account and assign them the proper roles and rights on the Operations Manager Database as the SDK and the Config services read and write to the database Operations manager DB. The reason why we require the user installing to be an admin is because setup creates services, file/folders. It also creates SQL DB, SQL logins/roles so it needs to have necessary permission in order to do this.(
continue at source)
Configuration Packs are designed to be used for managing the configuration of Microsoft's various Windows Servers. These configuration packs were developed based on recommendations from the Microsoft Product Groups regarding the configuration of these server roles. It is recommended that users begin by evaluating their configuration against the Basic configuration pack, and then progress to the Intermediate and Comprehensive configuration packs as desired configurations are verified.
9 NEW Management Packs:
SharePoint Portal Server 2003
+
MSIT Basic Configuration Pack
+
MSIT Intermediate Configuration Pack
+
MSIT Comprehensive Configuration Pack
SharePoint Server 2007 Configuration Pack
SharePoint Server 2007 MSIT Basic Configuration Pack
SQL Server 2000
+
MSIT Basic Configuration Pack
+
MSIT Intermediate Configuration Pack
+
MSIT Comprehensive Configuration Pack
System Center Operations Manager 2007 Configuration Pack
Microsoft Deployment has been released for a little over three months and we now have had enough questions and support calls come in to generate a FAQ. You might want to bookmark this post because we plan on updating this list as additional questions are asked.
Visit the Microsoft Deployment Technical FAQ
The System Center Operations Manager 2007 Configuration Pack is designed to be used for managing the configuration of Operations Manager 2007 servers. This configuration pack defines recommended configurations based on a number of settings identified through best practice recommendations from the System Center Operations Manager Product Group.
Once imported into SCCM 2007, this configuration pack and its included configuration items can be targeted to collections of systems which are then audited for compliance with the recommended configurations. When settings are detected to be out of compliance, events will be generated and sent to the Configuration Manager server where the data is available for reporting. This enables early detection of potentially detrimental configuration changes and allows the administrator to correct the settings before they may cause downtime events.
Download the System Center Operations Manager 2007 Configuration Pack for Configuration Manager 2007
If you have a branch office with a limited number of servers, you may be faced with unique challenges. It may be necessary for you to isolate workloads – for example, your customer data may have to be isolated from your system data for regulatory compliance. It may be expensive or impractical to add physical machines to separate your workloads. You may have legacy applications that cannot be upgraded to a new operating system easily when new equipment is added. You may find that you have several underutilized servers; this adds unnecessary expense. Virtualization, the process of re-hosting applications in virtual machines, can help you address these challenges and help make your branch office more efficient.
This deployment cookbook is written for you, the IT generalist at the branch office. The goal of this guide is to provide all of the steps and guidance necessary for you to successfully install and configure Virtual Server 2005 R2 SP1 and System Center Virtual Machine Manager—and to migrate workloads to a virtual machine.
Download the Virtual Machine Manager Cookbook
The purpose of this document is to describe how to monitor the operational health of an OpsMgr 2007 management group. It will provide instructions for creating a collection of basic rules targeted to key performance objects and associated views and dashboards. Its purpose is to allow an Administrator to quickly measure and analyze the performance of a management group as a function of the performance of the disk subsystem hosting the OperationsManager database.(
continue at source)
Unified Reporting
Unified reporting based on the SQL 2005™ reporting engine is provided to help you easily run, review, save, print or email information about the status of your IT environment. Essentials 2007 provides you with more than 30 preconfigured reports upon installation to cover your reporting needs. These reports cover things like: asset inventory, status of your IT environment, capacity planning, software deployment, and update compliance. You can even configure Essentials 2007 to email you a comprehensive daily status report first thing in the morning.
Expert Knowledge
With Essentials 2007 you get a breadth of expert knowledge for managing your important platforms, applications and workloads. This knowledge includes support and diagnostic information for things like Windows Server and Client operating systems, Active Directory, Office, Exchange, SQL, and IIS.(
more)
J. Deva Gnanam made a visio drawing giving a good overview of the Exchange Server 2007 transport architecture.
Here you will find a listing of the Microsoft OpsMgr 2007 used Ports.
ACS forwarder to ACS collector: 51909
Agent to Root Management Server: 5723
Agent-less management: Uses RPC
Operations Console to Reporting Server: 80
Operations Console to Root Management Server: 5724
SQL Server 2005 (Default Instance): 1433
Web Console to Web Console server: 51908, 445
Introducing a new version of Windows Server in the role of a domain controller in an existing forest typically requires update to the forest schema. This is accomplished by running ADPREP command line utility (with /forestprep switch) on the domain controller functioning as the Schema Operation Master (FSMO). In order to avoid suprises during Active Directory Installation Wizard (DCPromo) on Windows Server 2003, Windows Server 2003 R2, or Window Server 2008 in an existing Active Directory forest, keep in mind the following rules:
- You can determine the current version of the schema by checking value of the objectVersion attribute of the cn=schema,cn=configuration,dc=
partition (where is the distinguished name of the root domain of your Active Directory forest - e.g. dc=myITforum,dc=com). This can be done using any utility that provides you with direct view of LDAP properties of Active Directory objects (such as LDP.EXE or ADSIEdit.msc, included with Windows Support Tools). Alternatively, on Windows Server 2003, you can also take advantage of DSQUERY command line utility by examining the output of the following command:
dsquery * cn=schema,cn=configuration,dc= -scope base -attr objectVersion
- The values of objectVersion attribute you might encounter are (including the corresponding version of the Windows Server):
13 Windows 2000 Server
30 Windows Server 2003 RTM and Windows Server 2003 SP1
31 Windows Server 2003 R2
44 Windows Server 2008 RC1
- Make sure that you use the ADPrep.exe utility included with the installation media. Note that, in case of the Windows Server 2003 R2, the updated file is located in the \CMPNENTS\R2\ADPREP folder on the second installation CD.
On the WSUS server, open Internet Information Services (IIS) Manager. Expand Web Sites, and then expand the Web site for the WSUS server. It is recommended that the WSUS Administration custom Web site be used, but the default Web site might have been chosen when installing WSUS. Perform the following steps on the WSUS Web site or on the APIRemoting30, ClientWebService, DSSAuthWebService, SelfUpdate, ServerSyncWebService, and SimpleAuthWebService virtual directory that reside under the WSUS Web site:
1. Right-click the Web site or virtual directory, and then click Properties.
2. Click the Directory Security tab, and then click Edit in the Secure Communications section.
3. Select Require secure channel (SSL), and then click OK.
4. Click OK to close the properties for the virtual root.
5. Close IIS Manager.
6. Run the following command from \Tools: WSUSUtil.exe configuressl .
Near Real Time Monitoring (NRTM) Connector of Disk Space uses the new Data Graphics feature of Visio 2007 to display the results of server monitoring. This application enables effective integration of Visio 2007 with the service management solution System Center Operations Manager 2007. The connector helps to view the results of monitoring servers as a clear, comprehensive Visio network diagram.
Download Near Real Time Monitoring (NRTM) Connector from Visiotoolbox.com
Stefan Stranger:
Have you ever wanted to send e-mail notifications with the high importance flag set?
It's possible but you have to start your favorite XML editor
Modifying Microsoft.SystemCenter.Notifications.Internal MP XML to Support Email Priority/Importance
(continue at source)
Exam 70-400: Microsoft System Center Operations Manager 2007, Configuring is live as of yesterday, Monday 21 January*, 2008. What this means is that you can now earn a certification called MCTS: System Center Operations Manager 2007, Configuration. A certification for System Center Configuration Manager will be available in March.
Hi everyone, my name is Jeff Wettlaufer, and I am the Sr. Technical Product Manager for System Center Configuration Manager. We have an incredibly big year ahead of us, and from a Technical perspective I wanted to highlight some things you can expect to be seeing from our team.
Being a management division - without client OS, servers, applications, or workloads our products are like a house with no furniture :) . So when things ramp up to launch, or get announced, the Technical Product guys get pretty jazzed. (ok well we also snicker at the work load it creates, but that's the fun bit). With our Wave 2 product line now running in the market (Configuration Management, Performance Management, Data Protection and Vitalization Management) we look towards what's next in the journey with our customers and partners. What a year this is going to be for System Center. I thought it might be cool to highlight from a technology perspective, our product release lineup and our technical content efforts (to support the releases) -to try and summarize how many things we have kicking off to look forward to in 2008. I am sure I might miss something here, but hey, its a blog, :). So in addition to the release plan for the System Center product lineup, check out the list of things we are working on to attach to, build support for, and generally provide solutions around this year.
We need to begin with Windows Server 2008 . It is such a massive product to launch, and there are so many facets of it to be aligned to. Most of my career was spent in the United Kingdom as an Infrastructure Consultant, and Windows Client Specialist, and seeing in the past 2 years how we launch Vista and Server is incredibly interesting. I'll try in this and future blogs to share what it's like being around the product guys, as it is truly a unique experience. From the dev engineering side to the Marketing and Business side, there are many moving parts. For products like System Center, we all are working with the Server team at different angles to help them, share our stories and share the attach messages on where we work together. This is where the team I sit in gets onto the ice. So, I have some cool topics ready to post on like Server Deployment, NAP, Configuration Baseline Management, and Datacenter Software Update strategies. Stay tuned, I hope they are interesting for you.(continue at source)
Omar van der Hoeven: It has been a while since Microsoft has released any information about System Center Service Manager. The product team of Ken van Hyning and Stefan Negritolu (ITIL integration lead) had released their first (and only) public beta in june 2007. I have been told that there has been 'a reset with the project' and more information will follow @ MMS 2008. Understandably, there was no much more elaboration on the reasons for this situation.
At MMS 2007 it looked like if the SM team (and I do hope that MSFT does not change the product name) had their stuff together. but I remember the discussion at the thursday session (it was about the database) where the 'techies' were confronted with the 'process' people. After a quite well executed presentation, a young lady came up to the Microphone and asked: "What do you consider to be the configuration database?" - The presenters looked startled and there was applause from the audience...
In basic: SCSM will use (or would? Let's go on in present tense) a single database for storing process information (eg. the call logged from the SD rep, RfC's, Asset information) and it's own operational information (e.g. workflows how to get from a software request to automaticly deploy the software using SC ConfigMan). The core of the question was: who owns the process information an can it - from a formal standpoint - be contained in one database? This caviat could become a mayor issue if you want to implement SCSM in an ITIL compliant organization.
While you’ve been getting to grips with the new features and options in Configuration Manager, I’ve been busy learning about yet another great feature coming out in SP1 – out of band management. "Out of band" here means management below the operating system layer - you can manage computers even in the following scenarios:
* The Configuration Manager client isn’t installed.
* The computer stops responding – perhaps the disk is corrupt or the operating system has hung.
* The computer does not have an operating system installed.
* The computer is turned off.
That’s pretty powerful! You can see how it’s ideally suited to extreme troubleshooting scenarios, but being able to power up computers also helps with routine maintenance tasks such as reconfiguration and upgrades, not to mention catching those last few computers that are preventing you from achieving your compliance levels for security updates.(continue at source)
If you have looked at Operations Manager to any extent, you know management packs have changed significantly since MOM 2005. For one thing, they tend to be "sealed" - so you can't change them. They also no longer use the AKM format, they are now actually XML documents.
Since not everyone may want to code in XML, how does one create a management pack? Like many questions in IT, the answer is, It depends. It depends on what you what to accomplish, and the technique(s) you are most proficient with. Management packs range from doing something simple to extremely complex, so a tool you may use for a simple management pack may not always meet your needs.(continue at source)
Active Directory is a hierarchical database that holds information about the network’s resources such as computers, servers, users, groups and more. The main purpose of Active Directory is to provide central authentication and authorization services. Normal administrative tasks when working with Active Directory include creating, managing, moving, editing and sometimes – deleting – various objects such as user accounts, computer accounts, groups, contacts and other objects. The Active Directory database is stored on Domain Controllers (or DCs), in a file called NTDS.DIT (continue at source)
Ian Blyth:
I was chatting with my friend who specialises in SharePoint and we were discussing what you need to ask you get designs going on our respective technologies. Apparently SharePoint is quite complex. I was saying that SCOM is quite easy and that got me thinking.. What are the questions that I ask that help me narrow down the design options and help me work out how long the project will take. Here is what I would ask a customer as to help establish a design. Based on discussions around these questions I can quickly establish what the SCOM design should be for that organisation.
(continue at source)
Microsoft Exchange support was the number-one feature request of users of DPM 2006—and Microsoft listened. As Calvin Keaton describes in our January issue, the new version of Data Protection Manager introduces support for both Exchange Server 2003 and Exchange Server 2007. Moreover, DPM 2007 adds support for other business-critical Microsoft applications such as SQL Server and SharePoint, and offers many new features to deliver a powerful and flexible solution for managing your backups. Take a look at our overview of how the enhancements in this release can bring a new level of protection for your organization.
For more on protecting your data, see Simplify File Recovery with Data Protection Manager. And be sure to visit the System Center Essentials TechCenter to take a proactive approach to managing your environment.
As described in this KB article, OpsMgr2007 is using ETW/WPP tracing which was not very customer consumable. The conversion to readable text was required with the use of TMF files which did not ship with RTM version of the product. So decision was made and things changed with SP1 release (and such were also present with SP1 RC).
Tracing changes:
1. Trace is started automatically with level ERR (see this article for tracing levels).
2. Trace can be formatted by executing FormatTracing.cmd and results are offered for automatic review right after formatting completes.
3. Trace can be stopped and restarted without stopping HealthService.exe, but default trace level is used once again after HealthService.exe restarts. Also, right upon its start, HealthService backups last tracing (previous trace file) where this backed-up trace will be formatted into readable form after executing FormatTracing.cmd too.(continue at source)
Savision has published an 11 minute webcast that shows you how easy it is to extend System Center Operations Manager 2007 with Live Maps. You will see that everyone can now transform existing visio diagrams, geographical maps or datacenter floor plans into nested context aware monitoring maps that are fully integrated in the System Center Operations Manager 2007 operations console.
If you want to try Live Maps yourself you can also download a 60 day evaluation version.
Doug Gowans: The DPM 2007 Storage Calculator for Exchange Server was released last year and the blog that accompanied the release of the calculator provided a load of information about what the results actually mean but I thought I would attempt to deconstruct some of the calculations to understand a bit better for myself where the results have come from. For the purposes of this blog I am going to focus on the two main factors that are going to concern most large scale DPM designs; the number of DPM servers that should be deployed and the storage capacity required for each DPM server. There are numerous other calculations that the calculator produces including the number of storage groups per protection group and RAM and processor core sizing guidelines but I will not go into these here. I am not going to make any recommendations about how to size DPM either but I hope this article will be of use when you are involved in discussions over designing for DPM...(continue at source)
The documentation (not the MP's themselves) for the following management packs has been refreshed.
Windows Client 2000/XP OS Management Pack System Center Operations Manager 2007 Management Pack Update
Windows Server 2000/2003 OS Management Pack
WSS 2.0 (2003) Management Pack
Terminal Services 2000/2003 Management Pack
Microsoft Information Worker Management Pack
SPS 2003 Management Pack
IIS 2000/2003 Management Pack
Exchange 2003 Management Pack
AD Management Pack 2000/2003 Management Pack
Most of the MP Guides now contain a revision list. The Monitors and Overrides for Management Packs being the common theme for these MP Guide updates. Several of the MP guides contain further revisions or corrections.
Several industry sources have confirmed to TG Daily that a very early version of Windows 7, previously code-named Blackcomb Vienna, already has been shipped to “key partners” as a “Milestone 1” (M1) code drop for validation purposes. A roadmap received by TG Daily indicates that the new operating system will be introduced in the second half of 2009.
While it has generally been believed that Windows 7 was scheduled for a 2010 debut, Microsoft has revised the roadmap and apparently moved up the release date by a few months: A recently distributed roadmap of the OS lists a release to manufacturing in H2 2009. Microsoft declined to comment on this date.(continue at source)
So let's say I have a functional OpsMgr 2007 infrastructure in place and then for whatever reason have to reinstall/replace the Root Management Server (RMS), but I didn’t backup my RMS encryption key. What are the exact ramifications of this and what would I need to do to correct it?
Prior to Service Pack 1 (SP1), if something happened to your RMS and it had to be replaced, and you didn't backup your key, you were basically out of luck. Your only recourse was to rebuild from scratch - not a pretty picture. That's why we always told people to make sure they backed up their key as soon as they installed:
Backing up your RMS encryption key: http://technet.microsoft.com/en-us/library/bb309563.aspx.
Now with SP1, we have a new CREATE_NEWKEY command line switch that can make recovering from a situation like this potentially much easier. We also made running the encryption key backup process a mandatory process of setup, just so you'll have a friendly reminder.(continue at source)
Looking for the complete list of Resource Kit tools for System Center Operations Manager 2007? Here you go:
Name: Sample Vista Gadget
Link
Description: A Vista Gadget that enables you to view the active alerts and health states for a specified set of objects from a computer running Windows Vista.
Name: Operations Manager Inventory
Link
Description: A command-line utility that captures the configuration of your Operations Manager 2007 Management Servers and stores it in a .cab file that can be sent to Microsoft support to assist in problem analysis.
Name: Operations Manager Cleanup Tool
Link
Description: A command-line utility that enables you to remove any or all of the components of Operations Manager from a local computer in cases where the normal method of uninstallation has failed.
Name: AEM Validation
Link
Description: A command line utility that will allow you to perform end-to-end validation of Agent-less Exception Monitoring to verify that AEM is properly configured and operational.
Name: AEM Management Pack
Link
Description: A Management Pack that enables you to identify generic errors sent by Windows Error Reporting (WER) clients to Management Servers that are AEM-enabled. Without this mapping function these errors appear in Operations Manager as "unknown application" and "unknown version".
Name: Active Directory Integration Sample Script
Link
Description: A sample script that enables you to extract a list of computer names from your custom SQL Server database and add them to an Active Directory security group. The security group can then be referenced in the Agent Assignment and Failover Wizard to automate agent assignments to Management Servers.
Name: Effective Configuration Viewer
Link
Description: A tool that displays the set of rules and monitors that are running on a computer, distributed application, or any other managed entity after any configured overrides have been applied.
Name: Action Account Tool
Link
Description: A PowerShell script that allows you to set the action account on groups of computers.
Remember back in the SMS 2003 days we had nice tools that enabled right-click on computers/collections to ping/force policy refresh etc. You will find that now extending the SCCM console is easier. It all comes down to an XML file placed in a proper folder. We can soon expect many extensions (also those from SMS) to be ported to SCCM console.(continue at source)
It´s very hard to find a dokumentation for a Vista Deployment with the Windows Deployment Services (WDS) in a domain
I want to summerize the importants points in the deployment process: - Import BOOT.WIM into WDS Server
If you implement WDS on a windows 2008 Server, use the BOOT.WIM from the Windows Server 2008 CD
Because only with this BOOT.WIM it´s possible to use mulitcast
- Images, Catalog on Windows System Image Manager
Do not select a Image in the Windows System Manager, because it uses a lot of discspace.
Before you create the unattended Files, use CREATE CATALOG to build a catalog of an image and use this catalog to build the unattend Files.
- If you receive an Error message that the File WIMGAPI.DLL was not found, add the Directory of this DLL (normally C:\Program Files\Windows Imaging) to the Path-Variable and restart the Server (path=%path%+C:\Program Files\Windows Imaging)
- You can find a sample unattend.xml and a Sample ImageUnattend.Xml File here.
- Some important settings for the ImageUnattend.XML File:
Computername %MACHINENAME%
If you preconfigure a computer in Active Directory with it´s GUID, you need this setting, that the computer gets the predefined name
CopyProfile TRUE
With this seting WDS uses the Profile from the User, who startet SYSPREP as the default User Profile.
So you can prepare the computer (start Applications to accept various EULAS (Office, Adobe, ..)) as you need it and take the settings for the default Profile
SkipMachineOOBE must be empty !
- If you modify one of these two files and you save them with a new name (which is always a good idea), remeber to configure your images with the new files !
(Boot Image: WDS, Properties of WDS Server, Client, Enable unattended installation)
(ImageUnattend.xml: WDS, Property of Vista Image, Allow image to install in unattended mode)
- Add computer to Active directory
If you want to preconfigure your computers in AD, you have to add them with their GUID. You can do this with this commandline:
wdsutil /add-device /device:Student1 /ID:AABBCCDD-0000-11DC-BBDA-C4874884001C /OU:"OU=Clients,DC=quartz,DC=msft"
- Remove the second F12 at PXE Boot
If you boot your computer with PXE, you have to press F12 two times.
Rename the file pxeboot.n12 in E:\RemoteInstall\Boot\x64 to pxeboot.com (and before this, save the old file with a new name) and you need only 1 F12...
System Center Virtual Machine Manager 2007 is a new solution that provides a consolidated interface for managing your entire virtual infrastructure. Virtual Machine Manager (VMM)
can manage existing Microsoft® Virtual Server 2005 installations, and it can also install Virtual Server 2005 R2 SP1 on new virtual machine (VM) hosts. With VMM, the traditional Virtual Server 2005 administrative tasks can now be performed far more efficiently through a centralized interface, with management access across multiple Virtual Server installations.
In addition, VMM brings new capabilities to Virtual Server, including Physical-to-Virtual (P2V) conversions, Virtual-to-Virtual (V2V) conversion of VMware Virtual Machine Disk Format (VMDK) disks to Virtual Server Virtual Hard Disks (VHDs), and rapid VM deployments from templates and pre-configured VHDs via a centralized library of virtual infrastructure objects.
In the following pages, I'll explore VMM and the powerful set of features it provides to IT administrators. I will then look at the requirements and steps for creating a VMM installation. Finally, I'll take a deeper dive into a handful of the more exciting features of VMM and leave you with some helpful tips on getting started.(continue at source)
Sander Berkouwer: Now that we have Hyper-V available as a Server Role on Windows Server 2008 Server Core I feel it's time to explain why Server Core would be the ideal Windows Server 2008 Installation method to install Hyper-V on, instead of the Full Installation method.
Note:
In this post I use 'Root Partition', while others may prefer to use 'Parent Partition'. These are actually the same, although 'Parent Partition' is considered more of a Virtual Server (Hypervisor Type 2) phrase, whilst 'Root Partition' more accurately describes the Hyper-V (Hypervisor Type 1)implementation.
(continue at source)
Ever want an easy way to have an email notification sent whenever a specific alert occurs? Back in the MOM 2005 days this was pretty simple but today with System Center Operations Manager 2007, while the functionality is still there, the UI is somewhat limited in this regard. As a proof of concept, I created a PowerShell script and MP that when used together will allow you to quickly and easily subscribe to future occurrences of an alert in the OpsMgr console.(continue at source)
Installing SCCM 2007 RTM on Server 2008 RC1 is not supported. I know. But having just taken a Server 2008 class and falling in love with the OS, I don’t want to go back to Server 2003. Also, by the time my production servers for SCCM are in place, SCCM 2007 SP1 should be in place, so why not try to play with this in the lab now?
So can it be done? Based on today’s results, I’d say yes. And no.(continue at source)
For a Configuration Manager 2007 site to function successfully in native mode, you must have all the required certificates installed in a Configuration Manager 2007 site before migrating the site to native mode.
To help you determine if Configuration Manager 2007 clients have a valid certificate for successful native mode communication before you migrate the site into native mode, run a utility called the "Configuration Manager Native Mode Readiness Tool". The utility is installed with Configuration Manager 2007 clients, in the folder %windir%\system32\CCM or “X:\Program Files\SMS_CCM” (depending on your site server role configuration) and should be run with local administrator privileges. To run the utility, run Sccmnativemodereadiness.exe from the CCM folder.
Scott Swigart: As I've said in my other tips, I'm looking to come up to speed on the System Center products as quickly as possible. Webcasts are a great way to check out a product without downloading and installing big products. The Technet Webcast: Introduction to System Center Configuration Manager 2007 did what I needed and brought me up to speed quickly.
Right off the bat, I could see that this Webcast was going to be heavy on demos, which is the best way for me to learn. The first demo jumped right into the management console and I got a really good understanding of how it's changed since SMS 2003.
We all know how annoying UAC can get, especially when you’ve just installed Windows Vista and you have a dozen of programs and security apps ready to install. A small program called TweakUAC gets rid of this annoyance by putting UAC into “quiet mode.” What it actually does is without turning off UAC, it doesn’t display any prompts for administrators when attempting to do an administrative task.
However, all other features of UAC will still be enabled, meaning that UAC will continue to run with the standard user permissions by default. You can find more info on TweakUAC as well as download it by clicking here.
If you've had to restore part of your environment or do a disaster recovery plan, you know how important it is to understand your current configuration. Wave 1 of the Operations Manager Resource Kit includes a tool for inventorying the components on each computer where you installed an OpsMgr component. The Operations Manager Inventory tool collects information about your installation and saves it to a XML-formatted .cab file. Data collected includes the following:
- Windows Installer logs for Operations Manager 2007
- Registry information for Operations Manager 2007
- Operations Manager 2007 configuration information
- Management packs
- All running processes
- All Windows NT event logs on that system
- The report produced by the Prerequisite Checker when you installed Operations Manager 2007
The inventory tool (MOMInventory.exe) must be run locally on each computer. The computer must have Microsoft .NET 3.0 installed.
You can download the OpsMgr 2007 Resource Kit utilities from the System Center Operations Manager TechCenter.
Assumption: The user has a NLB MP cluster and the "setspn.exe" tool
• Create a domain user account for IIS 6.0. For example, on the domain controller, run net user /add where is the user name and is the password. Example: Net user /add IISID_NLB password
• Register the service principal name (SPN) that will be used by the client to identify the service on the domain user account created in step 1 using the setspn.exe tool. Open the command line, navigate to the where the tool lives and execute the below command. Example: Setspn –a host/nlb.vmhost2dom.net IISID_NLB (“nlb.vmhost2.dom.net” is the example FQDN of the NLB MP cluster, and IISID_NLB is the account created in step 1)
(continue at source)
So you have created an application or script that requires a policy evaluation before it can continue, how can you tell that the policy evaluation request has completed?
Fortunately there are events provided via WMI that can tell you when policy evalution is complete. Thats how the Policy Spy tool from the SMS 2003 Toolkit events tab works.
To illustrate with wbemtest:
- On a test client, open wbemtest, connect to the root\ccm\events namespace.
- choose "Notification Query" button
- use this query: "SELECT * FROM CCM_PolicyAgent_Event"
- while the dialog with the query results is running go to the control panel applet
and refresh policy. - wait a few minutes for the query results to come in as the events are generated.
Check here for an example of how to do subscribe to WMI event notifications with VBScript.
The first wave of OpsMgr 2007 SP1 specific training videos are now live on TechNet.
http://technet.microsoft.com/en-us/opsmgr/bb986763.aspx
The original set of 25 for RTM are located at:
http://technet.microsoft.com/en-us/opsmgr/bb498237.aspx
A couple of months back we released a Presentation Server Configuration Pack for Microsoft System Center Configuration Manager (SCCM) 2007. You can use this tool to evaluate each Presentation Server's configuration against predefined security and best practice guidelines. Our Configuration Pack is designed to be used in conjunction with the Microsoft System Center Configuration Manager (SCCM) 2007 Desired Configuration Management (DCM) 2.0 module.
The DCM can generate reports containing detailed information about which Presentation Servers are out of compliance and how to correct each configuration setting. Using this information, Citrix administrators can rectify the configuration issues on each reported Presentation Server, thus bringing the entire PS farm back into compliance with Citrix Best Practices. The security and best practice guidelines are a collection of configuration settings assembled from sources such as the Citrix Presentation Server Administrator's Guide, Citrix Presentation Server Advanced Concepts Guide, Citrix Best Practices Webinar, and Citrix Access Security for IT Administrators. The pack has tons of settings for locking down desktops (computer and user configuration) and other PS best practice settings. There is also an option for creating custom configuration items.
The pack supports Presentation Server 4.0 (32-bit & 64-bit) & Presentation Server 4.5 (32-bit & 64-bit) product versions. For details, download the zip file that has the pack and the administrators guide. Also, Christopher Fife from our advanced products team created a dedicated support forum for this pack. Don't forget to leave your blog comments to help us improve this pack in the future.
Do you know we also have a Presentation Server management pack for System Center Operations Manager 2007 (the link needs mycitrix login)?
Citrix support just releases a new utility called, "CtxLicPath". It is a graphical user interface (GUI) utility that checks the Citrix license file path on Citrix license servers.
When attempting to run lmstat.exe to obtain current license usage from a Citrix license server, you may receive the following error message:
Error getting status: Cannot find license file (-1,359:2 "No such file or directory")"
CtxLicPath can be used to resolve this problem by configuring a valid license file path for lmstat.exe to read.
For more information and to download the Citrix License Path Utility please refer to the following Citrix support article: CTX111344 - Citrix License Path Utility - Citrix Knowledge Center
In this post Brett Flegg mentions some ways to troubleshoot SCCM 2007:
- Error Codes
- Enable the Debug Shell on your boot image
- Client Log Files
- Task Sequence Reports
(continue at source)
Satya Vel from the Operations Manager Team Blog
I wanted to update everyone on our plans to support Windows Server 2008 for MOM 2005, OpsMgr 2007 and SCE. Below, I refer to “all roles” which includes DB, DW, RMS, MS, Console, Gateway, Reporting Server, Web Console, ACS DB and ACS Collector. For most of the support statement below we mention 90 days after the of Windows Server 2008 the reason for this is in the past the OS team has made last minute changes that have broken our installs which have required us to ship a QFE. So far, I do not believe we will need any QFE’s or SP to support W2K8 but we are waiting on the final build to run our full test pass. So there is a good possibility especially for our agent that we will support W2K8 earlier than the 90 days after they ship which we have committed.
Recommendations for MOM 2005: I would not waste my time trying to install MOM 2005 SP1 on W2K8. There are a number of architectural changes in the operating system such as the way IIS works in W2K8 that I don’t see MOM 2005 SP1 working on W2K8. This given I haven’t tried to run MOM 2005 SP1 on W2K8 so if anyone has tried and was successful please let us know. The agent currently runs on W2K8 but we are waiting on the official RTM build to run a final test pass.
Recommendations for OpsMgr 2007: I have tried this out myself and was able to install the DB, DW, RMS, Gateway and Console without any issues I had to use a hack for installing the Reporting Server role which I have blogged about in one of my previous articles.
Recommendations for SCE: Make sure to get a beefy box to run SCE and W2K8. I don’t recommend using anything under 4GB of RAM if you are running SCE and W2K8.
Like MOM 2005, without a doubt, the single biggest influence of performance in OpsMgr 2007 is I/O (IOPs). Specifically, the I/O of the disk subsystem hosting the OperationsManager database ( OperationsManager.mdf)
When discussing I/O, there are two functions that must be considered. In addition to the number of read/write operations per second, it is critical to consider how fast data is read from the disk as well as how fast it is written to the disk.
OpsMgr 2007 has an I/O split of approximately 85/15; 85% reads and 15% writes. Anyone who has experienced the pain of a console that feels like it is running on an Atari 2600 is almost certainly doing executing read intensive operations; Other than Administrators and Authors in the traditional sense, the Operators are working with views. Imagine chasing down a performance issue? Dashboards, state views, event views, alert views…all read intensive. (continue at source)
Every Windows Server has a page file and Windows Server 2008 Server Core installations are no exception. Neither should they be an exception when it comes to tuning the page file for optimal performance and reliability.
What the page file is
The page file is usually described as a file that allows to use disk storage for data that do not fit into physical RAM. Other names for the page file are the 'swap file' and the 'paging file'. Most administrators wouldn't mind their page file settings, since they stuffed the server with RAM. Windows will always use the page file however, regardless of the amount of physical RAM.
The page file is located on the boot partition (or volume) by default, represented with the C:\pagefile.sys file. After a clean install the initial size of the file varies with the amount of physical RAM in the server.(continue at source)
In the RTM release of Operations Manager 2007, you have likely noticed that the Enable Audit Collection task does not appear in the Actions pane when the RMS or a Management Server is selected. This task enables the Audit Collection Forwarder service (which is disabled on agent-managed computers by default) and sets the appropriate values in the registry.
In fact, the Audit Collection Forwarder service is not even installed on a Management Server.
Enabling the ACS Forwarder service on a Mgmt Server is a new feature in SP1, but it turns out, there is actually a way to do this in the RTM release. Credit Jeff Skelton for working through how to do this when MS Support told him it was not possible. While obviously unsupported, I did work through Jeff’s solution in the lab and it seems to work as expected.(continue at source)
Maintenance mode expired, monitored server is still down, but there is no alert in the alert view of OpsMgr 2007 console indicating server being offline. This scenario is happening too often with current implementation of availability monitoring. What our customer face and fear is that if server which undergo maintenance mode each night is not rebooted successfully, there is no indication about its unavailability and this could lead to at least bad user experience if not more …
As described in this knowledge base article, one needs to put computer, health service hosted by maintained computer as well as watcher monitoring this health service remotely into maintenance mode to avoid unexpected unavailability alerts. But “unfortunately”, this is also a direct reason why alert is not generated when maintenance mode terminated.(continue at source)
Note:Marius also provides another solution here
Some of you may know already that with Operations Manager SP1 RC we allow for overriding alert severity and priority. What is little unfortunate is inconsistency between creating alert generating rule and overriding especially as first uses string describing severity or priority used, while later simply expects integer value. Mapping between string and integer is what this post will try to explain.(continue at source)
Windows Error Reporting (WER) is a Windows feature we know since Windows XP. (2001) Microsoft loves the feature enough to continue offering it in Windows Vista and Windows Server 2008 and Server Core installations are no exception.
In Server Core installations of Windows Server 2008 you won't see the Error Reporting message window. Since Server Core installations actually don't rely on explorer.exe as their shells it's not possible to show these messages. (yet) Instead you can choose to let your Windows installations send error reports every time it wets its diaper in two distinct flavors, or not.
In Windows Server 2008 Server Core Windows Error Reporting is 'off' by default.(continue at source)
Deleting files that are in use and particularly WFP-protected files can be a pain and the methods vary with each version of Windows.
X-Out is a simple utility that makes the process more consistent by deleting files using a native application that runs very early in the Windows boot process (the same place where autochk runs). At this point there are no file permissions or applications to get in the way. Even Windows won’t stop you from deleting the files you want.
When Windows starts, it will see that those files are not there and therefore will not configure WFP to monitor those files.
Download X-Out from Xato.net
This is a visual diagram of how computer discovery works in OpsMgr 2007. The list of prerequisites required to discover servers and install an agents are listed below as well:
Description: RPC endpoint mapper
Port number: 135
Protocol: TCP/UDP
Description: NetBIOS name service
Port number: 137
Protocol: TCP/UDP
Description: NetBIOS session service
Port number: 139
Protocol: TCP/UDP
Description: SMB over IP
Port number: 445
Protocol: TCP
Display Name: Netlogon
Started: True
State: Running
Description: MOM Channel
Port number: 5723
Protocol: TCP/UDP
Display Name: Windows Installer
Started: True
State: Running
Here are a few of our more popular posts related to installation, configuration and troubleshooting on System Center Essentials 2007. Great reading to help get you up and running if you’ve recently installed or are about to install System Center Essentials 2007. Be sure to download the ReSearch This! Mgmt Pack for OpsMgr and Essentials 2007 as well
Planning, Installation, Configuration
Troubleshooting and Tuning
After you have successfully installed Microsoft System Essentials (SCE) 2007 the install opens to the SCE Overview page where you are presented with the Essential Configuration Incomplete page. Here you will find a list of tasks that must be completed. (continue at source)
Steve Rachui outlines some interesting topics on what's new in SCOM2007.
- Maintenance Mode
- Objects and Targeting
- Intel vPRO NIC capabilities
(continue at source)
If you've been watching Microsoft's evolution of products that is coinciding with the release of Windows Server 2008, you have probably noticed some changes in the company's server products. You won't find Systems Management Server 4.0 (SMS) or a new version of Microsoft Operations Manager (MOM). Instead you'll find a new group of products under the System Center product suite.
Microsoft provides a nice marketing description of System Center with a listing of the new products in the suite. Unfortunately, like most marketing descriptions, by the time you sort through the buzzwords, it's difficult to understand exactly what these products do. This article will put System Center in technical terms that administrators can relate to, with future articles drilling down into each product.(continue at source)
After you have successfully installed Microsoft System Essentials (SCE) 2007 the install opens to the SCE Overview page where you are presented with the Essential Configuration Incomplete page. Here you will find a list of tasks that must be completed. (continue at source)
Systems Management Server (SMS) and Microsoft Operations Manger (MOM) have long been great tools for managing a large Windows infrastructure, but I have noticed that as networks get more complex, basic security best practices are the first to suffer.
With Systems Center Operations Manager 2007, security is so pervasive that it becomes a natural part of the process rather than a burdensome add-on. I recently watched a TechNet webcast by John Baker, and IT Pro Evangelist at Microsoft, that goes into great detail on these new security features. You can view the webcast, Security and Enterprise Features of System Center Operations Manager 2007.
Wow, the new year brings some major changes for the Microsoft Most Valueable Professional (MVP) program, specifically for the Operations Manager competence. Here's my summary:
Stefan Stranger is no longer a MOM-MVP. He joined Microsoft's Services department in The Netherlands today.
Kerrie Meyler, author of the OpsMgr 2007 Unleashed book and blogging for the OpsMgr "live space", got awarded as a new MOM-MVP!
Cameron Fuller, also author of the OpsMgr 2007 Unleashed book, blogger and all-round OpsMgr expert, got re-awared the MOM-MVP title another year.
Arie de Haan, my partner in crime for the dutch System Center User Group and many-year MOM/OpsMgr guru, also got re-awared the MOM-MVP title for another year.
I would like to welcome Kerrie and congratulate Arie and Cameron with their achievements. I also wish Stefan the best of luck with his new career and I am sure that we will continue to hear great things from him, through his weblog.
UPDATE: As Kerrie points out in the comments section, Andy Dominey also got re-awarded for the third time in row! It's great to be part of such a fantastisch team ..
We, the crew from Techlog wish you, our readers a happy 2008.
We hope that you keep visiting our blog this year, and in return we will try to bring you the news that make reading our blog interesting.
Let us know who you (our readers) are, leave a comment!
| 30 Jan '08 - 19:13 | kenneth van surksum | 
no comments | news source ~ Technet Blogs (via WinBeta) 
