Week In Review : 06/01/2014

Another very productive week! Spent a lot of time on Operations Manager, and getting the Low-Privilege SQL Monitoring to work. There appears to be a problem with how the MP calculates PLE and is using data and advice that is now about 10yrs old, so I disabled that monitor.

We have about 20 SQL servers that are directly under our control, so trying to get those setup manually would have been painful. So I worked up a nice little SQL PowerShell module for automating some of that for me. Considering the number of servers in total we have, that code is really going to help out.

I didn’t spend all my time in Ops though, I did do a lot of Orchestrator this week. It’s been so nice having the network setup in such a way as to make this all so easy now. There are still some kinks that I need to work out, but otherwise it’s been really fun. One of things I did this week for Orchestrator was build a PowerShell module for it as well. I talked about that one Posted in IT, Orchestrator, Projects, Uncategorized, Windows PowerShell, WIR | Leave a reply

System Center Orchestrator PowerShell Module

This is one I’ve had on the back burner for a while, so yesterday morning I roughed up the basic framework for a PowerShell module. I have a few Runbooks at work, that it would be super cool to just run from PowerShell, and since lately I’ve been all up in the web services this was as good a time as any.

The Get cmdlets were all pretty simple, in fact there is really only one that does any real work Get-scoWebFeed. I probably could have used Invoke-WebService, but that’s no fun so I used .Net to make my own, and it’s really pretty simple. I just go ask the Orchestrator server (on a specially crafted url) to spit out the xml, then I just return it.

The individual functions for getting Runbooks, Jobs and Activities handle building the special URL,which isn’t really special as much as it is specific.

The Start-Runbook was the most complicated, I actually borrowed some code from MSDN, and another guys blog (Part 1, Part 2) to build mine. Turns out some of the xml you have to build to send up has to go in a certain way. I need to adjust my code to handle Runbooks with Parameters, but right now it’s good for what I need it do.

You can find the up to the minute code on GitHub, or you can find it in the TechNet Gallery.

Week In Review : 05/25/2014

Well it’s been forever since I’ve written anything interesting so now is as good a time as any. Recently we were informed we needed to start keeping track of time spent on projects and since this is something I did for a couple of years at the School of Engineering, it’s not too difficult for me to get back into the swing. Although this go around I went with more of a journal style, not sure I like it but we’ll see.

LOTS of programming this week. I wrote a virtual machine provisioning app a while ago, and while functional I’m not sure how many folks actually use it. But there has been some renewed interest lately, mainly around removing a lot of the paperwork involved. So I’ve gotten to get my hands dirty playing around with various web services.

While not terribly fleshed out right now what I’ve got works for what we need.

  • I can communicate with VMware to provision a server
  • I can send the vlan information over to Proteus (Bluecat) to ask for the next available IP in the network
  • I can submit the details of the server, ram, cpu, disk, network information over to ServiceNOW for inventory
  • I can automatically generate tickets for handling backups and Zenoss monitoring
  • I can also talk direct to Zenoss to get the server into the system

I find more and more that programming is becoming more important for administering servers than perhaps it once was, or I’m just going off the deep-end with programming 😉

Here are the projects on GitHub associated with i’m working on now

You will note that I have a hyper-v module, but I’ve not talked about doing hyper-v at work. We actually have a little test cluster that we spun up earlier this month to start kicking the tires.

I’ve also been talking a lot with Microsoft. We’re working through an issue where provisioning users for Lync sometimes fails. It’s incredibly intermittent and next to impossible to reproduce. I’ve taken to having the guys turning on PowerShell logging (start-transcript) before they do anything just in case they catch it so we can pass that on to Microsoft.

Spent a few hours talking with one of their SQL support guys and now when an error occurs during provisioning, in addition to sending the error out to file; I also run a query that grabs data from one of the system tables regarding communication.

What else…System Center Advisor preview is AWESOME! I’ve been talking with a program manager at Microsoft as well as one or two guys who develop it about some feedback I had given and some issues I was having. Gotta say that’s been super fun, would so love to work there!

Oh! Finally got the monitoring VLAN all setup and started moving my servers into it. Had some fun issues there, first I couldn’t get to DNS so no name resolution, no accessing servers by names…fun times! Then, I forgot to file the change paperwork for changing the IP addresses of the servers, so the firewall rules never got updated…sigh

I’ve spent a fair amount of time getting Operations Manager all happy and cleaning up the various Management Pack issues that I’ve not dealt with since I’ve not been able to communicate with the servers. One of the more challenging parts for me lately has been getting the Low Privilege SQL monitoring working, I think I’ve got it all worked out now though so we’ll see how that goes next week.

In addition to being able to access the servers from the monitoring VLAN it also appears we have just about the same level of access from our desktops! No more RDP’ing into a dozen servers to do something like tweak a registry setting or stop a service!

Oh well, that’s it for this past week. I hope to start doing some more writing but I’ve decided to at least do these Week In Review posts.

Operations Manager, Orchestrator and PowerShell Remoting

It’s been a very long time since I last posted, the primary reason is most likely laziness on my part and secondly I’ve not had a lot to write about. Recently I’ve been messing around with Orchestrator and automation as a means of passing information off to Zenoss. On the face of it, it seemed a rather trivial task, but it took much longer than I anticipated.

The first go round with this was a very simple runbook. It had two activities, Monitor Alert and Run .Net Script. The Monitor Alert activity was configured to look for alerts that were not Information alerts. Once an alert occurred that met that criteria it was passed off to the Run .Net Script. The Run .Net Script activity simply created a simple log entry with PowerShell.


New-EventLog -LogName 'SCOM Alerts' -Source Category
Write-EventLog -LogName 'SCOM Alerts' -Source Category -EntryType Severity -EventId 1 -Message Name

Note : I didn’t include all the gibberish typically seen when copying a runbook into notepad, so you can assume that Category, Severity and Name are prefixed by a big nasty GUID.

The first hurdle I had to get around was creating new sources. Since I didn’t know in advance what they would be, it seemed to me it would be easier to have them created programmatically. That’s what the first line does, but the context under which this runs didn’t have the ability to do that. So I created a group and added the service account to that group, and then added that group to the local Administrators group on the server. Finally I needed to disable UAC which was preventing this from happening, if someone has a better way of doing this I’m all ears.

The nice part about this stage is I was able to get some alerts generated and have them show up in the newly created log. For testing I picked a server that I was monitoring and then stopped the HealthService service. This would generate a failed heartbeat alert similar to a computer going offline unexpectedly. With some sample log entries I was able to configure the Zenoss server to pull in the specific log and start generating alerts with Zenoss.

While this worked well enough to get started I wasn’t satisfied with the quality of the data being returned. Specifically I noted that while some alerts contained the name of the computer with the problem, not all did. Looking at the data returned by the Monitor Alert activity it didn’t seem to me I was getting as many of the details as I needed.

So I decided that some remoting might do the trick for me. With remoting I’m able to use the

links
http://blog.tyang.org/2012/05/09/using-scom-powershell-snap-in-and-sdk-client-with-a-powershell-remote-session/
http://blogs.msdn.com/b/powershell/archive/2008/06/05/credssp-for-second-hop-remoting-part-i-domain-account.aspx
http://blogs.technet.com/b/stefan_stranger/archive/2010/11/02/using-powershell-remoting-to-connect-to-opsmgr-root-management-server-and-use-the-opsmgr-cmdlets.aspx
http://blogs.technet.com/b/jonathanalmquist/archive/2009/03/19/resolve-all-open-alerts-generated-by-specific-agent.aspx
http://www.systemcentercentral.com/BlogDetails/tabid/143/IndexID/70177/Default.aspx

my thread
http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/360f3a42-9153-4e2e-b060-73740e8ffe4f/#360f3a42-9153-4e2e-b060-73740e8ffe4f