Tag: System Center 2012

Microsoft System Center 2012, VMM , DPM , Cloud , Private

SCOM 2012 SP1 Installation Steps (Powershell)

Demo servers:

SCOM: scom01.demo.local
SQL+Reporting: sql01.demo.local
AD: ad01.demo.local

Accounts for SCOM:

demo\scom.aa – Action service account
demo\scom.dw – Data Writer
demo\scom.dr – Data Reader
demo\scom.das – Data Action Service Account

Prepare SQL Server:

SCOM requires at least SQL Server 2008 R2 (for SCOM 2012) and 2008 R2 SP1 (SCOM 2012 SP1)
Using a different version of SQL Server for different Operations Manager features is not supported
SQL Server collation settings for all databases must be one of the following: SQL_Latin1_General_CP1_CI_AS, French_CI_AS, Cyrillic_General_CI_AS, Chinese_PRC_CI_AS, Japanese_CI_AS, Traditional_Spanish_CI_AS, or Latin1_General_CI_AS. No other collation settings are supported

For SCOM Operational Database you must have:

Supported version of SQL Server
Installed Database Services with SQL Server Full Text Search feature!

For SCOM Reporting:

Supported version of SQL Server
Installed and configured Reporting Services

Important: if you planning SCOM Reporting component you MUST install one locally on SQL Server with Reporting services. Don’t try to install Reporting remotely to SQL instance. (honestly, I tried :)).  You will receive: NO SSRS Instances on SCOM MS Server.

I won’t show you how to install SQL Server. Just don’t forget to meet all requirements above.

Prepare SCOM server:

1) Install supported server OS (in my case, server 2012 Std)
2) Join to domain

Add-Computer -DomainName demo.local -Credential demo\demoadm
Restart-Computer

3) Update the server
4) Install required software (D is drive, where Server 2012 has mounted)

Install-WindowsFeature RSAT-AD-Powershell,Web-Asp-Net,Web-Asp-Net45,Net-Framework-Core,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Metabase,Web-Windows-Auth,Web-CGI,Web-ISAPI-Ext,Web-ISAPI-Filter,Net-WCF-HTTP-Activation45 -Source D:\Sources\SxS
Set-Location C:\Windows\Microsoft.NET\Framework64\v4.0.30319
.\aspnet_regiis.exe -r

4) Open TCP ports 5723,5724,80,443 in firewall. Ports 5723,5724 are for Management Server , 80 and 443 are for Web Console.

New-NetFirewallRule -Name "SCOM MS" -DisplayName "SCOM MS" -Profile Domain -Direction Inbound -LocalPort 5723,5724 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SCOM WS" -DisplayName "SCOM WS" -Profile Domain -Direction Inbound -LocalPort 80,433 -Protocol TCP -Action Allow

5) Create required services accounts.

Basically, SCOM uses the management server action account (scom.aa) and System Center Data Access service account (scom.das). You can use one account for both services, but Microsoft recommends to use two separate accounts for the best security. If you install Reporting SCOM component , you are prompted for two additional accounts, the Data Warehouse Write account (scom.dww)  and the Data Reader account (scom.dr). Scom.aa and scom.das must be added to the local Administrators group on Management server and Operational Database. Scom.dww and scom.dr must have logon rights on SQL server where operational and reporting databases located.

$adcn=(Get-ADDomain).DistinguishedName
$ouname=read-host "Type OU where you want to create users:"
New-AdUser SCOMDataAccessAccount -SamAccountName scom.aa -AccountPassword (ConvertTo-SecureString -AsPlainText "Password1" -Force) -PasswordNeverExpires $true -Enabled $true -Path "CN=$ouname,$adcn"
New-AdUser SCOMDataAccess -SamAccountName scom.das -AccountPassword (ConvertTo-SecureString -AsPlainText "Password1" -Force) -PasswordNeverExpires $true -Enabled $true -Path "CN=$ouname,$adcn"
New-AdUser SCOMDataReader -SamAccountName scom.dr -AccountPassword (ConvertTo-SecureString -AsPlainText "Password1" -Force) -PasswordNeverExpires $true -Enabled $true -Path "CN=$ouname,$adcn"
New-AdUser SCOMDataWriteWareHouse -SamAccountName scom.dww -AccountPassword (ConvertTo-SecureString -AsPlainText "Password1" -Force) -PasswordNeverExpires $true -Enabled $true -Path "CN=$ouname,$adcn"
New-AdGroup -Name SCOMLocalAdm -GroupScope Global -GroupCategory Security
Add-AdGroupMember SCOMLocalAdm scom.aa,scom.das

6) I believe you already installed SQL Server instance and we are ready to add some changes for supporting communication between SCOM and SQL. The main goal my article to show you how we can use powershell and why it’s so cool. The first answer is we can do evertything without additional connections (RDP or something) to management servers.  Just create Powershell remote session and go!go!go! 🙂 .

7) Create firewall rules on SQL Server. Standart ports pack for SQL Server : 1433- database service, 1434 – sql browser, 4020 – sql broker. Additionally, we have to enable on WMI-WINMGMT-In-TCP rule. Then we add SCOMLocaladm group to Administrators group on SQL Server and create SQL logins for SCOM Data reader and SCOM Data Write accounts

$sqlsrv = read-host "Type FQDN of SQL Server:"
$cred = Read-Host "Define credential for connection fo SQL Server(Domain\user):"
$psrem = New-PSSession -ComputerName $sqlsrv -Credential $cred
Invoke-Command -Session $psrem -ScriptBlock{
Insall-WindowsFeature RSAT-AD-Powershell
$sqld=(Get-AdDomain).Name
Set-NetFirewallRule -Name WMI-WINMGMT-In-TCP -Enabled True
New-NetFirewallRule -Name "SQL Broker" -DisplayName "SQL Broker" -Profile Domain -Direction Inbound -LocalPort 4020 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL DB" -DisplayName "SQL Database" -Profile Domain -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL Browser" -DisplayName "SQL Browser" -Profile Domain -Direction Inbound -LocalPort 1434 -Protocol TCP -Action Allow
net localgroup administrators $dname\SCOMLocalAdm /add
Invoke-SQLCmd -Query "CREATE LOGIN [$sqld\scom.dr] FROM WINDOWS"
Invoke-SQLCmd -Query "CREATE LOGIN [$sqld\scom.dww] FROM WINDOWS" }

Install SCOM MS,Web and Operations Consoles

Open wizard, next, next,type something, next,next,wait and blablabla . So boring…

Let’s use unattended installation!

setup.exe /silent /install
/components:OMServer,OMConsole,OMWebConsole
/ManagementGroupName: DemoManagementGroup
/SqlServerInstance: sql01\MSSQLSERVER
/DatabaseName: OperationalDatabase
/DWSqlServerInstance: sql01\MSSQLSERVER
/DWDatabaseName: SCOMDWDATABASE
/UseLocalSystemActionAccount /UseLocalSystemDASAccount
/DatareaderUser: demo\scom.dr
/DatareaderPassword: Password1
/DataWriterUser: demo\scom.dww
/DataWriterPassword: Password1
/AcceptEndUserLicenseAgreement
/WebSiteName: DefaultWebSite
/WebConsoleAuthorizationMode: Mixed
/SendODRReports: 0
/EnableErrorReporting: Never
/SendCEIPReports: 0
/UseMicrosoftUpdate: 1

Install SCOM Reporting

Before installation check your SSRS configuration (see my pictures)

ssrs_config_1
If you don’t database , click on “Change Database” and create new one
ssrs_config_2
Check Web Services URL and verify that it work from IE
ssrs_config_3
…and this URL

ssrs_config_4

To install Reporting use the following command:

setup.exe /silent /install /components:OMReporting

/ManagementServer: SCOM01.DEMO.LOCAL

/SRSInstance: SQL01\MSSQLSERVER

/DataReaderUser: demo\scom.dr

/DataReaderPassword: Password1

/SendODRReports:0

/UseMicrosoftUpdate: 1

After installation

If you use a domain account for scom data access service, you must register an SPN for each management server. Use the SETSPN command line tool.

setspn -a demo\scom01 demo\scom.das
setspn -a demo\scom01.demo.local demo\scom.das

P.S. Now you have got everything to create your first Powershell script. Go ahead! 🙂

Upgrading VMM 2012 on Server 2008 R2 to VMM SP1

VMM 2012 became the most powerful in the System Center product line. In my own, I use VMM to organize my private cloud, dynamic optimization cluster nodes and power optimization.With AppC (Application Controller) VMM gives you and your clients everything!

Does anyone use bare-metal deployment with VMM? Believe me, it’s the most useful feature. Just imagine,you have about 10 servers from box and your task – create a HA cluster. How are you going to complete your task? Write in the comments please! Thanks. 

In this article I will try to describe all the possible ways to upgrade to VMM 2012 SP1.One of the most notable changes appeared in the requirements for VMM SP1. VMM Management Server SP1 only supports Server 2012! So, if you want to upgrade from VMM 2012, that is installed on Server 2008 R2 SP1, you have to do in-place migration to the Server 2012, and then update the existing VMM configuration database.

What’s new in VMM SP1

In System Center 2012 Service Pack 1 (SP1), the VMM Self-Service Portal has been removed.  = Use AppController

Integration with Server 2012 = support Server 2012 new features such as SMB 3.0, storage based on Server 2012, Hyper-V 3.0 / vhdx disks

Integration with third-party SANs = Creating LUNs and etc from VMM it’s great feature. Microsoft has expanded list of supported SANs for management.

Support for physical network adapter configuration as follows: … NIC teaming (!)

Reasons for upgrading:

1) Evaluation copy of VMM has expired.

vmm-error-evaluation

In that case, you cannot open VMM console and cmdlet Register-SCVMMAccessLicense doesn’t work too. There is the only one way to continue working with existing VM infrastructure .Yes,you are right.. it’s upgrading

2) You have Hyper-V hosts based on Server 2012. Now VMM SP1 supports Server 2012.
3) What’s new in VMM SP1
4) Stability 🙂

Main requirements for VMM 2012 SP1*:

1) Server 2012 Standard or Datacenter
2) Windows Assessment and Deployment Kit (ADK) for Windows 8
3) SQL Server 2008 R2 SP1 or higher
*requirements for Management Server and Database

In my test environment I have VMM 2012 installed on Server 2008 R2 SP1 and dedicated SQL Server 2008 R2 SP1 with existing VMM configuration database.VMM is up to date.

Upgrade steps:

Uninstall VMM with the Retain Data option

vmm-uninstall-1vmm-uninstall-2vmm-uninstall-3

In-Place upgrade Server 2008 R2 SP1 to Server 2012

1) Mount your Server 2012 ISO to your VM
2) Click on Setup
3) Click Next
4) Wait while wizard updates Server 2008 R2

Download and install ADK

There are two options to install ADK: install ADK to local computer or downloading ADK to your folder and installing it on other server. Second option is useful when your server doesn’t have internet access.

adk_installation_1
Choose your option and click NEXT, join CEIP >Agree with license terms and click Next
Click Next and wait
Click Next and wait

Upgrade to VMM SP1

vmm 2012-upgrading-to sp1-1
Choose VMM Management Server and console, click Next
Type your name and organization, click Next
Type your name and organization, click Next

vmm 2012-upgrading-to sp1-3

vmm 2012-upgrading-to sp1-4vmm 2012-upgrading-to sp1-5

vmm 2012-upgrading-to sp1-6
Oops..I know. But it’s just demo
vmm 2012-upgrading-to sp1-7
Type your SQL Server name, leave Port blan (if you use a defult port for communication), click Next
vmm 2012-upgrading-to sp1-8
As we expected, VMM detects that we want to upgrade existing DB. Click Yes
vmm 2012-upgrading-to sp1-9
We already have encryption keys in AD. Just type your service account for VMM and click Next

vmm 2012-upgrading-to sp1-10

vmm 2012-upgrading-to sp1-11
Choose your library share
vmm 2012-upgrading-to sp1-12
Click NEXT
vmm 2012-upgrading-to sp1-13
Click Install
Woohooo!! =)
Woohooo!! =)

Update to rollup1

Check for updates (or download separately) and install updates for VMM Server and Consolevmm-sp1-updates

Edited (21.03.2014): If you want to implement new rollups such as rollup 5 , you don’t have to apply Rollup 1 for System Center 2012 Service Pack 1 If you have installed rollup 1 , uninstall it and install the latest rollup (for now it’s rollup 5)

Updating VMM agents

DON’T FORGET!  Some people sometimes forgets about updating agents after upgrading. If you forget ,in the node properties you will see the following status:vmm-agent-status

To resolve this go to Fabric – highlight your servers – on the tab choose Home- Update Agents and choose necessary account to do it.

vmm-agent-updating

OR use the following script for updading all managed servers

$Credential = Get-Credential 
Get-SCVMMManagedComputer | foreach { Update-SCVMMManagedComputer -VMMManagedComputer $_ -Credential $Credential -RunAsynchronously }

Check jobs vmm-agent-updating-check

Our VMM is upgraded and agents updated. Enjoy new functionality :). Thanks for your comments!