Troubleshooting performance SCOM 2012 and SCOM 2007 agent with McAfee Antivirus

I got quite a number of questions on performance of the SCOM and related processes (Heathservice.exe, monitoringhost.exe and CSCRIPTS). High CPU load on the SCOM process is mostly related to antivirus software.

In most cases the culprit ends up being the incorrect setup of the antivirus software; specially McAfee is very tricky when it’s not configured well and when the exclusions are not in the right place.
See my blogpost on antivirus exclusions for SCOM 2012 management, gateway and SQL servers or SCOM 2012 and 2007 agents

Here is how to troubleshoot antivirus in combination with the SCOM agent. In this case we monitor McAfee in combination with SCOM. To troubleshoot I used Procmon from Sysinternals.
In my later post I will make a list of recommended exclusions.
Lot’s of servers with high CPU load specially on the SCOM process; healthservice.exe, cscripts and more.

Troubleshooting the process with “Sysinternals Process Monitor”
1. Lets start with downloading the Process Monitor on http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
2. Stop the monitoring, go to Filter, Enable Advanced Output

3. Go to Filter, Process name, is, Mcshield.exe and click Add, OK

4. Click on the magnifyingglass to start the capture
Ok, we see that the McShield.exe process is scanning the OpsMgr data. This is not good.
After checking we noticed that the antivirus exclusions aren’t configured properly.

We’ve changed the exclusions to the best practice settings.
See my post for the working best practice for Antivirus Exclusions in combination with SCOM 2012 and 2007.

Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server

Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server

The following post are based on how to monitor SCOM clients which are not member of the Kerberos domain. To monitor these “non-domain member” servers it requires some steps. This is the first of my series about monitoring.

Use the procedures in this topic to obtain a certificate from a stand-alone Windows Server 2008–based computer hosting Active Directory Certificate Services (AD CS). You will use the CertReq command-line utility to request and accept a certificate, and you will use a Web interface to submit and retrieve your certificate.

In this serie of posts we cover the following steps:
Part 1. – Monitor Untrusted Agents with SCOM 2012: Install the Enterprise CA on Windows 2012
Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM

Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server

Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server

The high-level process to obtain a Gateway server is as follows:
1. Copy Microsoft.EnterpriseManagement.GatewayApprovalTool.exe to management servers
2. Registering the Gateway with the Management Group
3. Installing Gateway Server
5. On the Gateway Server – Lets install the Root CA certificate
6. On the Gateway Server – Install the client certificates
7. Optional Configuring Gateway Servers for Failover Between Management Servers

Step 1. To copy Microsoft.EnterpriseManagement.GatewayApprovalTool.exe to SCOM management servers
1. From a target management server, open the Operations Manager installation media \SupportTools directory.
2. Copy the Microsoft.EnterpriseManagement.GatewayApprovalTool.exe from the installation media to the Operations Manager installation directory.

Step 2. Registering the Gateway with the Management Group on the SCOM management servers
This procedure registers the gateway server with the management group, and when this is completed, the gateway server appears in the Discovered Inventory view of the management group.

To run the gateway Approval tool
-1. On the management server that was targeted during the gateway server installation, log on with the Operations Manager Administrator account.
-2. Open a command prompt, and navigate to the Operations Manager installation directory or to the directory that you copied the Microsoft.EnterpriseManagement.gatewayApprovalTool.exe to.
-3. At the command prompt, run
Microsoft.EnterpriseManagement.gatewayApprovalTool.exe /ManagementServerName=<managementserverFQDN> /GatewayName=<GatewayFQDN> /Action=Create
-4. If the approval is successful, you will see The approval of server <GatewayFQDN> completed successfully.
-5. If you need to remove the gateway server from the management group, run the same command, but substitute the /Action=Delete flag for the /Action=Create flag.
-6. Open the Operations console to the Monitoring view. Select the Discovered Inventory view to see that the gateway server is present.

Step 3. Installing Gateway Server
This procedure installs the gateway server. The server that is to be the gateway server should be a member of the same domain as the agent-managed computers that will be reporting to it.
Note: An installation will fail when starting Windows Installer (for example, installing a gateway server by double-clicking MOMGateway.msi) if the local security policy User Account Control: Run all administrators in Admin Approval Mode is enabled.

To run Operations Manager Gateway Windows Installer from a Command Prompt window
-1. On the Windows desktop, click Start, point to Programs, point to Accessories, right-click Command Prompt, and then click Run as administrator.
-2. In the Administrator: Command Prompt window, navigate to the local drive that hosts the Operations Manager installation media.
-3. Navigate to the directory where the .msi file is located, type the name of the .msi file, and then press ENTER.
-4. From the Operations Manager installation media, start Setup.exe.
-5. In the Install area, click the Gateway management server link.
-6. On the Welcome screen, click Next.
-7. On the Destination Folder page, accept the default, or click Change to select a different installation directory, and then click Next.
-8. On the Management Group Configuration page, type the target management group name in the Management Group Name field, type the target management server name in the Management Server field, check that the Management Server Port field is 5723, and then click Next.
-9. On the Gateway Action Account page, select the Local System account option, unless you have specifically created a domain-based or local computer-based gateway Action account. Click Next.
-10. On the Microsoft Update page, optionally indicate if you want to use Microsoft Update, and then click Next.
-11. On the Ready to Install page, click Install.
-12. On the Completing page, click Finish.

 

Step 4. On the Gateway Server – Lets install the Root CA certificate
This step has only be executed the first time if you have ran this in the past skip this step
1. From the untrusted agent start the Internet Explorer
2. Go to the certificate server website (in our case http://demo-dc01/certsrv)

-3. Click on Download CA certificate, certificate chain, or CRL
4. Click Download CA Certificate chain and save it on the machine.
-5. Once the certificate is downloaded, Open an MMC connect to Local Computer and load the certificates snap-in (Local Computer)
-6. Go to Trusted Root Certification Authorities right click, all tasks, import and import the Root CA.

 

Step 5. On the Gateway Server – Install the client certificates
1. From the untrusted agent start the Internet Explorer
2. Go to the certificate server website (in our case http://demo-dc01/certsrv)

-3. Click on Request a certificate, choose Advanced certificate request next click Create and submit a request to this CA
4. Choose the OpsMgr Certificate template, in the name tab choose the FQDN name of the machine and fill in the same name in the friendly name.
-5. Click Finish and Install the Certificate

Once the certificate it is stored in the personal certificate store. The OpsMgr certificate need to be in the Computer store so we have to do the following steps:

-6. Click Start, click Run, type MMC,
-7. On the File menu, click Add/Remove Snap-in Click Add Click Certificates, and then click Add Select Personal Store and Computer account, and then click Finish
-8. Export the certificate from the personal store and import it to the Local Computer Store (NO DRAG AND DROP)
-9. Remove the certificate from the local user store.
-10. Make sure that both the agent managed machine and the SCOM server are reachable on hostname (just ping). If it’s not working add the machines in DNS or in the Hostfile (C:\Windows\System32\Drivers\ETC\Host).
-11. From the host which you are going to monitor make sure port 5723 and 5724 is open to the SCOM management server

Once the certificate it is stored in the personal certificate store. The OpsMgr certificate need to be in the Computer store so we have to do the following steps:
Import the Certificate on the SCOM Management servers
-12. Go to the copied support tools directory and run MOMCertimport.exe
-13. Select the imported certificate and click OK
-14. Make sure the import was successful

Step 6. Optional Configuring Gateway Servers for Failover Between Management Servers
Although gateway servers can communicate with any management server in the management group, this must be configured. In this scenario, the secondary management servers are identified as targets for gateway server failover.

Use the Set-ManagementServer-gatewayManagementServer command in Operations Manager Shell, as shown in the following example, to configure a gateway server to failover to multiple management servers. The commands can be run from any Command Shell in the management group.

To configure gateway server failover between management servers
1. Log on to the management server with an account that is a member of the Administrators role for the management group.
2. On the Windows desktop, click Start, point to Programs, point to System Center Operations Manager, and then click Command Shell.
3. In Command Shell, follow the example that is described in the next section.

The following example can be used to configure gateway server failover to multiple management servers.

Copy
$GatewayServer = Get-SCOMGatewayManagementServer –Name “ComputerName.Contoso.com”
$FailoverServer = Get-SCOMManagementServer –Name “ManagementServer.Contoso.com”,”ManagementServer2.Contoso.com”
Set-SCOMParentManagementServer -GatewayServer $GatewayServer -FailoverServer $FailoverServer

That’s it; you can now rollout agents with the gateway server

Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server

Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server

The following posts are based on how to monitor SCOM clients which are not member of the Kerberos domain. To monitor these “non-domain member” servers it requires some steps. This is the third of my series about monitoring.
The description which is provided ‘from the ground up’.

This section explains how to install SCOM certificates, configure SCOM and monitor an untrusted agent.

In this serie of posts we cover the following steps:
Part 1. – Monitor Untrusted Agents with SCOM 2012: Install the Enterprise CA on Windows 2012 
Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM
 
Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server

Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server

Five steps to complete this operation:
1. Open TCP ports 5723 from the target server to the MS server.
2. Install the Root CA certificates
3. Install the Client certificates
4. Manual install of agents and run the momcertimport on servers to be monitored
5. Import the Certificate on the Management servers
6. Approve agents in SCOM console

– Rollout an agent to a untrusted server; without a gateway server.
This scenario describes how to install an untrusted agent on Windows 2008 R2 X64 The environment is an un-trusted domain.

Step 1. Open TCP ports 5723 from the target server to the management server
-1. Open the port 5723 from the client machine to the Management server
-2. Go to the untrusted machine and open the command prompt
-3. In the command prompt type telnet x.x.x.x 5732 (note that x.x.x.x must be the ip address of the management server)
If everything is working continue to the next step, if not, be sure that the firewall is open and is passing port 5723 to the SCOM server.

Step 2. On the unmanaged Server – Lets install the Root CA certificate
This step has only be executed the first time if you have ran this in the past skip this step
1. From the untrusted agent start the Internet Explorer
2. Go to the certificate server website (in our case http://demo-dc01/certsrv)

-3. Click on Download CA certificate, certificate chain, or CRL
4. Click Download CA Certificate chain and save it on the machine.
-5. Once the certificate is downloaded, Open an MMC connect to Local Computer and load the certificates snap-in (Local Computer)
-6. Go to Trusted Root Certification Authorities right click, all tasks, import and import the Root CA.

Step 3. On the unmanaged Server – Install the client certificates
1. From the untrusted agent start the Internet Explorer
2. Go to the certificate server website (in our case http://demo-dc01/certsrv)

-3. Click on Request a certificate, choose Advanced certificate request next click Create and submit a request to this CA
4. Choose the OpsMgr Certificate template, in the name tab choose the FQDN  name of the machine and fill in the same name in the friendly name.


-5. Click Finish and Install the Certificate

Once the certificate it is stored in the personal certificate store. The OpsMgr certificate need to be in the Computer store so we have to do the following steps:

-6. Click Start, click Run, type MMC,
-7. On the File menu, click Add/Remove Snap-in Click Add Click Certificates, and then click Add Select Personal Store and Computer account, and then click Finish
-8. Export the certificate from the personal store and import it to the Local Computer Store (NO DRAG AND DROP)
-9. Remove the certificate from the local user store.
-10. Make sure that both the agent managed machine and the SCOM server are reachable on hostname (just ping). If it’s not working add the machines in DNS or in the Hostfile (C:\Windows\System32\Drivers\ETC\Host).
-11. From the host which you are going to monitor make sure port 5723 is open to the SCOM management server

Step 4. Lets install the Root CA certificate
– This step has to be executed on every non domain monitored server.
– NOTE: Also run this step (Step 4) once – on all the SCOM management servers this because the SCOM management servers need an client certificate.

This step has only be executed the first time if you have ran this in the past skip this step
1. From the untrusted agent start the Internet Explorer
2. Go to the certificate server website (in our case http://demo-dc01/certsrv)
-3. Click on Download CA certificate, certificate chain, or CRL
4. Click Download CA Certificate chain and save it on the machine.
-5. Once the certificate is downloaded, Open an MMC connect to Local Computer and load the certificates snap-in (Local Computer)
-6. Go to Trusted Root Certification Authorities right click, all tasks, import and import the Root CA.

-7. From the untrusted agent start the Internet Explorer
-8. Go to the certificate server website (in our case http://demo-dc01/certsrv)
-9. Click on Request a certificate, choose Advanced certificate request next click Create and submit a request to this CA
-10. Choose the OpsMgr Certificate template, in the name tab choose the FQDN  name of the machine and fill in the same name in the friendly name.
-11. Click Finish and Install the Certificate

Once the certificate it is stored in the personal certificate store. The OpsMgr certificate need to be in the Computer store so we have to do the following steps:

-12. Click Start, click Run, type MMC,
-13. On the File menu, click Add/Remove Snap-in Click Add Click Certificates, and then click Add Select Personal Store and Computer account, and then click Finish
-14. Export the certificate from the personal store and import it to the Local Computer Store (NO DRAG AND DROP)
-15. Remove the certificate from the local user store.
-16. Make sure that both the agent managed machine and the SCOM server are reachable on hostname (just ping). If it’s not working add the machines in DNS or in the Hostfile (C:\Windows\System32\Drivers\ETC\Host).
-17. From the host which you are going to monitor make sure port 5723 is open to the SCOM management server
-18. Next step is make sure new agents are not rejected. We go to the SCOM console, Administration, Settings, Security

Import the Certificate on the SCOM Management servers
-20. Go to the copied support tools directory and run MOMCertimport.exe
-21. Select the imported certificate and click OK
-22. Make sure the import was successful

Step 5. On the unmanaged Server – Manual install of agents and run the momcertimport on servers to be monitored
-1. From the Windows untrusted machine go to the OpsMgr agent installation directory (Default) \\DISK\Program Files\System Center 2012\Operations Manager\Server\AgentManagement\ in the AMD64 or i386 or if not available copy the directory to the untrusted machine. Open Momagent.MSI and install the agent.
-2. Also copy the support tools directory from the SCOM ISO to the local machine.
-3. Fill in the proper settings for the monitoring group (we used the settings below.

-3. We prefer using the Local System account. Choose Next and Install
4. If necessary update the agent with the required updates.
-5. Next on the client machine open the Command Prompt (Run As Administrator)
-6. Go to the copied support tools directory and run MOMCertimport.exe

-7. Select the imported certificate and click OK
8. Make sure the import was successful


Step 6. Approve agents in SCOM console
Just a quick note that it can take a while before the machine shows op in the console
-1. Open the SCOM Console, Administration, Pending Management
-2. Right click the machine and click Approve

That’s it; the server/workstation is now monitored.

Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server

Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM

Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM

The following posts are based on how to monitor SCOM clients which are not member of the Kerberos domain. To monitor these “non-domain member” servers it requires some steps. This is the second of my series about monitoring.

The description which is provided ‘from the ground up’. If you have already steps installed you can skip and go to the next section.

This section explains how to make a SCOM certificate template in Windows 2012 Server.

In this series of posts we cover the following steps:
Part 1. – Monitor Untrusted Agents with SCOM 2012: Install the Enterprise CA on Windows 2012
Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM

Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server

Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server

1. To Configure the SCOM Certificate Template
In my Lab I installed the Root CA on the Domain Controller
-1. Open Server Manager, click Tools, click Certificate Authority

-2. Select the Enterprise CA, right click Certificate Templates, Right click Manage,
-3. Console click with right click on IPSec (Offline request) and select Duplicate Template
4. Leave the default to Windows Server 2003 and Windows XP/ Server 2003. This way we are always backwards compatible

-5. Go to the General tab and type a logical Template Display name and Template Name (we used OpsMgr Certificate and OpsMgrCertificate) and we changed the validity period to 5 years

-6. Go to the tab Request Handling.   Checkmark the option Allow private key to be exported

7. Go to Cryptography and choose the minimum key size we selected 2048. This is sufficient and takes less cpu time to process. Further check the Microsoft Enhanced Cryptographic Provider v1.0 button.


8. Go to the tab Extensions. Select the option Applications Policies and click Edit. Remove IP security IKE intermediate and add the following policies: Client Authentication and Server Authentication and click OK

9. Go to the tab Security. Authenticated Users need to have Read access. Click Apply and OK, the template is now created.

10. Click Apply and OK, the template is now created.

Now that we have created the template it’s time to make it available

-11. Open Server Manager, click Tools, click Certificate Authority, Right click Certificate Templates, New, Certificate Template to Issue

-12. Choose the OpsMgr Certificate, and click OK

After these steps the OpsMgr Certificate template is displayed in the certificate templates.
Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server

Part 1. Monitor Untrusted Agents with SCOM 2012: Install the Enterprise CA on Windows 2012; the complete story

Part 1. Monitor Untrusted Agents with SCOM 2012: Install the Enterprise CA on Windows 2012

The following posts are based on how to monitor SCOM clients which are not member of the Kerberos domain.
To monitor these “non-domain member” servers require some steps. This is the first of my series blogs about monitoring untrusted clients.
The description which is provided is ‘from the ground up’. If you have already steps installed you can skip and go to the next section.

NOTE: If there is already a Enterprise CA in place continue to Part 2!

In this serie of posts we cover the following steps:
Part 1. – Monitor Untrusted Agents with SCOM 2012: Install the Enterprise CA on Windows 2012
Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM
Part 3. – Monitor Untrusted Agents with SCOM 2012: Rollout a certificate to a untrusted server
Part 4. – Monitor Untrusted Agents with SCOM 2012: Implementation of a gateway server


– Install a Root Certification Authority
For most organizations, a root certification authority (CA) certificate is the first Active Directory Certificate Services (AD CS) role service that you install.
These steps describe how to install a Enterprise Root Certificate Authority on Windows 2012.

– To install a root CA 
1. Open Server Manager,click Add Roles and Features, click Next,and click Active Directory Certificate Services. Click Next two times.
2. Select the server where you want to install the role on; click Next

3. On the Select Role Services page, click Active Directory Certification Authority. Click Next three times.
4. Choose the following Features; Certificate Authority, Certificate Enrollment Web Service and Certificate Authority Web Enrollment. Click Next three times

5. On the last page check settings and choose Install
6. After the installation finished successfully restart the machine
– To Configure the root CA 
1. Open Server Manager, click AD CS
2. On the Configuration Required for AD Certificate Services; choose More
3. Choose Configure Active Directory Certificate Service on the destination server

4. Check the credentials and click Next
5. Select Certificate Authority and Certification Authority Web Enrollment end click Next(we will cover the web enrollment later)

6. Choose Enterprise Root CA, click Next
7. On the CA Type section choose Root CA and click Next
8. Choose Create a new private key and click Next
9. Specify the Certificate Server Cryptographic options (we left if default and click Next

10. Fill in the Common name for this CA; tip use a logical name. (we used Enterprise-CA), click Next
11. Choose the Validity Period and choose Next two times (we left it default)
12. Check the Confirmation page and choose Configure
13. In the “Do you want to configure additional Role Services” choose Yes
14. Choose Next and now choose the Certificate Enrollment Web Service
15. Click Next three times and on the Specify the Service account section choose the service user which is member of the IIS_IUSRS group (this group is in the Active Directory) and choose Next
16. Select the Enterprise CA and click Next
17. Check the Confirmation page and choose Configure
OK we finished installing the Enterprise Root CA.
Now we are going to make the certificate site secure because it’s necessary for web enrolment.
18. Click on Server Certificates, Create self signed certificate

19. Give it a friendly name (in our case we used demo-dc01) and click OK

We now can continue to the second part:
Part 2. – Monitor Untrusted Agents with SCOM 2012: Configure a certificate template for SCOM

 

 

 

 

 

Configure the ONTAP/Netapp Management pack with SCOM

ApplianceWatch PRO is a free management pack for Microsoft System Center Operations Manager (SCOM) 2007 R2 that enables you to discover, monitor, and generate reports for your storage systems running Data ONTAP.

Note:
This application has to be installed on a management server, if possible, avoid installing it on the root management server.

Lets start:
Prior to execute the setup I have each of the controller discovered as SNMP device using the SNMP discovery wizard in SCOM. They appear under “Network Devices” in SCOM.

Step 1: Discovering the NetApp Network devices
1. Login to the SCOM console, go to Administration, Configure Computers and devices to manage
2. Choose Network Devices

3. Specify the IP address information of the NetApp device (start and end range) and choose the community string (we used public), Next

4. Select the devices, choose next and finish.
5. Check if the devices are discovered and displayed in the network devices settings under Administration

Step 2: Configuring the NetApp Management pack
1. Download and Execute the OnCommand-PlugIn-Microsoft_3.1_x64_NetApp.exe, Next

2. We are only going to monitor the Storage and do not have Hyper-V or an Metro Cluster. Therefore we only select Storage Monitoring, click Next

3. OnCommand Plug-In 3.1 installs a Web Service which needs a local administrator account.
Create a new or select an existing account, Note that is account needs to be in the Local Admin group and click Next

4. Check Install and Finish, after the installation check if the installation was successful.

The installation installs the Management packs automatically:

5. Next got to Authoring, Rules, change the scope to Management Server, search for Data Ontap: Discovery RuleRight click, OverridesOverride the Rule, For all objects of class Management Server

6. Select the rule and change the Override value to True, click apply, OK

6. Go to monitoring, Data ONTAP, Storage Systems, Management Server and click in the actions pane on Data ONTAP: manage Controller Credentials

7. Insert the credentials

Note: If the Data ONTAP Manage Controller Credentials fails with the following error:

You can run “C:\Program Files\NetApp\OnCommand\MS_Plugin\OC.OM.Management.Controller.Credentials.exe”

7. Finally you get a green check mark if the authentication went successfully

8. Go to the task pane and run the Data ONTAP: Run Discovery Task
If the permission for the task are set properly your task will end successfully. Short after all the NetApp objects will be discovered

Views
After a successful installation you will get several views as you can see in the monitoring pane
Dashboard view

Diagram Overview

Reports
The NetApp Management Pack also deploys several reports.

How to backup all SCOM management packs

Very simple powershell script to backup all management packs to disk.
Launch the System Center Operations Manager, Command Shell:

OpsMgr 2007 R2
get-managementpack | export-managementpack -path D:\mgmt\MPBackups

OpsMgr 2012
Get-SCManagementPack | Export-SCManagementPack -path D:\mgmt\MPBackups

The difference in the code above in comparison to the OpsMgr 2007 R2 code is that the ‘get-managementpack’ and ‘export-managementpack’ commands have been modified in SCOM 2012 to become ‘get-scmanagementpack” and ‘export-scmanagementpack’

 

SQL Agent Job Discovery in SCOM is empty

Issue:
When implementing the SQL management pack the “SQL Agent Job state” is empty. Therefore there is no overview which jobs have ran successfully or have failed.

Cause:
The SQL Server Management Pack includes an option to discover and monitor SQL Server Agent Jobs for SQL 2005/2008/2012.  The Discovery for this is disabled by default.

Solution:
To use an override to change the setting for automatic discovery
1. In the Authoring pane, expand Management Pack Objects, and then click Object Discoveries.
2. On the Operations Manager toolbar, click Scope, and then filter the objects that appear in the details pane to include only SQL Server objects.
3. In the Operations Manager toolbar, use the Scope button to filter the list of objects, and then click SQL Server Agent Job.
4. On the Operations Manager toolbar, click Overrides, click Override the Object Discovery, and then click For all objects of class: SQL 20xx Agent

5. In the Override Properties dialog box, click the Override box for the Enabled parameter.
6. Under Management Pack, click New to create an unsealed version of the management pack or use an existing one, and then click OK, or select an unsealed management pack that you previously created in which to save this override. As a best practice, you should not save overrides to the Default Management Pack.

After you change the override setting, the object type is automatically discovered and appears in the Monitoring pane under SQL Server.

NOTE: The script runs every 14400 seconds so it can take up to 4 hours before the discovery takes place. You can shorten this by changing the discovery interval to for example 120 seconds. Don’t forget to change it back to default.

After the discovery the SQL Agent Job State

 

 

 

 

Why download management packs manually instead of from the catalog

When updating OpsMgr management packs the easiest way to do this is to show “Updates available for Installed Management Packs” in the console.

When doing this only the existing imported MP’s are updated.
If the MP is updated with new additional monitoring features it will not show up as needing an update. So if you use the console you will miss new ones.
Because of this I do not recommend using the console update feature but download the MSI from the catalog on the web at http://systemcenter.pinpoint.microsoft.com and extract them, if not you will end up missing MP’s you need.

 

Updating the Exchange 2010 Management Pack in OpsMgr 2007 and OpsMgr 2012

This is a step by step guide on how to update the Exchange Server 2010 management pack with System Center Operations Manager 2007 and 2012.

Installing a fresh installation of the Exchange 2010 MP see http://www.toolzz.com/?p=63

NOTE!
Operations Manager 2007 R2 requires a restart!
Operations Manager 2012 does not require a restart!
The Exchange Monitoring will have downtime during the upgrade of the correlation engine

This article is discusses how to update the Exchange 2010 management pack the proper way.

Step 1 – Checking the current version of the Exchange 2010 MP
1. Log on to the computer with an account that is a member of the Operations Manager Administrators role for the Operations Manager 2012 management group.
2. In the Operations console, click Administration.
3. Choose the Management Packs node,
4. Type Exchange in the search box and check if it is an older version and not already updated.

Step 2 – Updating the Exchange correlation Engine
The correlation update must run on from the server where it is successfully installed. Most likely (and recommended) the Correlation Engine will be installed and updated on the root management server (emulator).

Do the following steps on the RMS Emulator
1. Download the MP software from the Microsoft site http://www.microsoft.com/downloads/details.aspx?FamilyID=7150bfed-64a4-42a4-97a2-07048cca5d23&displaylang=en
2. Choose the proper version (X64)
3. Launch the MSI Package and run the installation and follow the installation


4. As mentioned before
Operations Manager 2007 R2 requires a restart after that you can continue to step 3
Operations Manager 2012 continue to step 3.

Step 3 – Import the Exchange 2010 Management Pack
1. Log on to the computer with an account that is a member of the Operations Manager Administrators role for the Operations Manager 2012 management group.
2. In the Operations console, click Administration.
3. Right-click the Management Packs node, and then click Import Management Packs.
4. The Import Management Packs wizard opens. Click Add, and then click Add from disk.
5. If prompted to connect to the online catalog, click No.
6. The Select Management Packs to import dialog box appears. Go to the directory where your management pack file is located as extracted in Step 1. By default, the location is C:\Program Files\System Center Management Packs.
7. Select both management pack files to import from that directory, and then click Open.
8. On the Select Management Packs page, the management packs that you selected for import are listed.

9. You will receive a prompt indicating that the management pack presents a security risk. This is due to the management pack’s use of agent proxying. Click Yes to allow the import.
10. The Import Management Packs page appears and shows the progress for each management pack. Each management pack is downloaded to a temporary directory, imported to Operations Manager, and then deleted from the temporary directory. If there is a problem at any stage of the import process, select the management pack in the list to view the status details. Click Close.
11. Check the C:\Program Files\Microsoft\Exchange Server\v14\Bin directory content if the update ran successfully

That’s all !
Note:
Because the configuration already took place during the initial installation of the MP the update does not require any adjustments.