Month: August 2008

Installing An OpsMgr 2008 Agent on Windows Server 2008

I went about doing this today and to be honest, the instructions are non-existent.  You’ll need a bunch of updates.  Note that the hotfix rollup includes X64 and X86 updates and there are individual downloads for the x86 and x64 versions on the other KB’s.  Here’s how you can get an Operations Manager 2007 agent working on W2008:

  • Download and "install" KB954049 (a hotfix rollup).  This "install" is a messy extraction.  Note where it installs and copy the contents to somewhere safe.  You can "uninstall" the hotfix now.
  • Upgrade all of your OpsMgr server components to service pack 1.
  • Install KB951116, KB952664, KB953290 onto the W2008 server that you want to install an agent on to.
  • Reboot the destination agent server.
  • Install the OpsMgr Agent.  Make sure it is the SP1 agent!
  • Stop the OpsMgr Health Service.
  • Browse to where you saved the contents of KB954049.  Install the update.
  • Restart the server.

Your agent should now be able to communicate with the management server assuming that all the security side of things is OK (the same rules apply).

You’ll also find that you need to install the Windows Server 2008 Discovery Management Pack in order to be able to manage the OS on these new servers.  This management pack also appears to be a pre-requisite for role/feature management packs for Windows 2008, e.g. you’ll be unable to import those other management packs.  This is probably quite logical, i.e. there is a discovery dependancy for Windows Server 2008 objects.

Note that there’s a 4th fix (KB951327) required for any machine running a OpsMgr console on Windows Server 2008.

This is all a very manual thing.  You can probably script this pretty easily.  If you have System Center Configuration Manager 2007 (SCCM / ConfigMgr) or SMS then you can create a sequence of package programs with prerequisites to take care of this for you.  I’ve an example of this in my SCCM 2007 beta whitepaper on software management.

EDIT:

Remember that Windows Server 2008 has its firewall turned on by default and that it blocks both inbound and outbound traffic.  You’ll need to configure rules to allow your required traffic (e.g. TCP 5723) either manually, by script or by Group Policy.

Aidan Finn: Beware Anti-Virus and Hyper-V – Follow Up

This is quite a frustrating problem.  The origin was that some of the XML files that define my VM’s were locked by AV on a test Hyper-V server.  This caused Hyper-V to fail to load the VM’s.  OK.  That’s not a biggie  – fix the problem and then start up the VM’s is what you’d think.  Uh-uh!  Hyper-V had managed to unload all knowledge of those VM’s.  OK – maybe I could just reopen the VMs?  Hyper-V does not have an "open" function.  Finally, I tried setting up a new VM with the existing config and disks.  That’s a monotonous manual task.  The problem here is that I lost my saved snapshots.

I opened a call with MS.  I also tried using the TechNet forums.  Let’s see what I got there before I get back to the call.  The MS staff on there gave me comments such as "why were you scanning?" and "don’t use snapshots in production".  Hmm.  Most people put AV on their servers.  The reason is to PROTECT them.  I’m sure if the Hyper-V team talked to the ForeFront team they’d be told the same thing.  I had put an exception in for the VHD files but didn’t know to do the same for the XML’s until it was too late.  However, even if I had, there’s always a chance a junior member of staff could accidentally override that exception.  What am I to do then, lose half of the VM’s on all of my hosts?  Is that acceptable to MS? 

I nearly choked when I saw a video of Steve Riley at TechEd talking about the potential of scanning VM’s using AV.  DONT TRY IT!

And as for using snapshots: A big use of virtualisation is setting up test environments.  Whether it’s for software development or infrastructure deployments, virtualisation earned it’s acceptance this way and continues to be a strong player there.  MS should understand this seeing as they think everyone in IT is a programmer.  Snapshots are a convenient way to get a VM back to a known state.  No tester will want to use backups for this because it’s too cumbersome, expensive and slow.

Back to the call.  After the usual chain of mails to get the engineer to understand the problem I finally got him on board.  In case anyone from MS is reading, here’s the case number: SRX080721602387.  I learned something from this call.  Hyper-V knows what VM’s and snapshots exist via shortcuts:

  • %SYSTEMDRIVE%ProgramDataMicrosoftWindowsHyper-VVirtual Machines: This contains shortcuts to the XML files of each VM.
  • "%SYSTEMDRIVE%ProgramDataMicrosoftWindowsHyper-VSnapshots: This contains shortcuts to the XML files of each snapshot.

Here’s where it gets nutty.  The missing VM’s were defined in these locations.  Now we had no idea why Hyper-V wasn’t loading my VM’s (reboots and all).  We tried recreating this shortcuts via Explorer and via command prompt.  No joy.

I eventually gave up because the ticket was now running around in circles.  I needed a working test lab back, despite losing my snapshots which will eventually lead me having to recreate my lab environment from scratch.

What to learn from this?  Hyper-V badly needs a simple way to open an existing VM.  Virtual Server has it.  Virtual PC has it.  VMware has it.  Why doesn’t Hyper-V?

Back From Norway and Back On The Air

It was a successful photography trip.  And wow, Oslo is one screwed up airport!  Transfers there are a nightmare: (A) They’re different to everywhere else (think like entering the USA but worse when it comes to logistics) and (B) there’s no signs.  Still, nice people and fantastic countryside.  I can’t remember when I last sat somewhere and couldn’t hear the sounds we associate with mankind – people, machinery or traffic.

And I got to get up close to White-Tailed Sea Eagles!

OK … back to our regularly scheduled programming …

Mark Russinovich Live Meeting on Vista Performance

This just came in the mailbox:

"Join Mark Russinovich and a panel of industry experts for a LIVE virtual roundtable to explore your top of mind performance issues, common misconfigurations, and tips on how to fix them. From boot times and applets to disk performance and battery life, find out how to optimize Windows Vista and what you can do to improve overall system performance. 

Submit your performance questions live during the event or send them in advance to vrtable@microsoft.com.

Wednesday, September 24, 2008
9:00am Pacific Standard Time".

OpsMgr 2007: Windows Local Application Health Rollup Showing Warning/Error

I had a problem with a faulty health status showing up on my System Center Operations Manager 2007 console.  An agent (the SCOM server itself) was telling me the "Local Application Health Rollup" under "Performance" was unhealthy.  There health in the underneath objects was healthy.  There were also no associated alerts on the server itself and performance was OK.  Therefore there was a glitch in the health status rollup.  I tried to reset and refresh the health but that did nothing for me.

I did two things to resolve this glitch and get everything back to green:

  1. I navigated to the Computers view in Monitoring and double-clicked on "Health Service" on the affected agent.  This opened a new window showing the state of the health service on this agent.  On the Actions menu, I selected "Health Service Tasks -> Flush Health Service and Cache".
  2. I restarted the OpsMgr Health Service.

A few minutes later I the health status in Health Explorer was reset to green.

BTW, it’s strange that the MS spell checker in Windows Live Writer does not recognise the word "Rollup".  It’s valid in MS Word.

Service Level Dashboard Management Pack for System Center Operations Manager 2007

As techies, we tend to look at business applications as components, e.g. disks, CPU’s, servers, services, etc.  However, the owners and consumers of those applications see them very, very differently.  My first experience of this was when an old boss wanted to bring in some of the concepts of ITIL into the organisation.  ITIL is a British government standard for guaranteeing the quality of IT services.  I used the Wikipedia link instead of the official site because the official site does a bad job in describing the standard – a common fault of web sites!  It has gained acceptance from organisations globally and Microsoft has tailored it for MS centric networks in the form of the Microsoft Operations Framework or MOF.

ITIL gets us to view everything as services.  A CRM application is a service.  It consists of web applications running on web servers, databases on servers, networks and storage.  If one component fails or performs poorly then the service fails or performs poorly.  That’s all that the customer or consumer of the service cares about!  They don’t care about a CPU running at 100% because it means nothing to them because they are not techies.  They only know that they are losing productivity or profit because a service is performing poorly.

OpsMgr 2007 was designed to allow the ITIL/MOF view of services to be modelled in the form of distributed applications.  You can either use one of a number of templates or create your own distributed application to drop in monitored components to model your service(s).  This is great for operators or more tech savvy people to monitor.  However, how about the business or service owners?

Microsoft recently released the Service Level Dashboard for SCCM 2007.  This allows you to define Service Level Agreements (SLA’s) for your applications, measure and report on them.  The dashboard allows you to use historical data on your defined distributed applications to see how those applications measure up against your agreed SLA’s.  There’s more information on TechNet about the service.

Operations Manager Certificate Generation Wizard

I manage a growing number of OpsMgr agents on un-trusted networks.  This means I have to assign these agents the CA cert and an OpsMgr cert instead of using Kerberos authentication.  It’s a painful manual process but once it’s done I don’t have to go back to it for several years to replace the certs.

Someone in MS just came up with a wizard to "simplify" the process.  To be honest, reading the page made it sound like things just got more complicated.  Feel free to have a look but I think I’ll stick to the CertSrv web page.

System Center Updates Publisher (SCUP) 4.0

Microsoft has released SCUP 4.0.  This allows you to create and maintain your own catalogue of updates for software update maintenance.

"Update Publisher enables administrators to do the following:

  • Import catalogs created by non-Microsoft organizations or created from within the administrator’s organization
  • Create applicability and deployment metadata for software updates.
  • Export software update catalogs so that they can be imported by Updates Publisher at another location, or export a test catalog to verify that the rules for the updates work as expected.
  • Manage software updates information

New in version 4.0

  • Ability to import and publish the following update types: bundle, driver, detectoid and updates with pre-requisites.
  • New “Software Update Details” view with “Dependencies” tab that displays update dependencies (prerequisites for a single update or children of an update bundle).
  • Note: none of the above update types can be duplicated or edited in the SCUP console (only export ,import, flag for publish, expire, delete and publish is available)"