Antivirus exclusions for Operations Manager 2012; Management, Gateway and SQL servers

SCOM 2012 Antivirus exclusions; Management, Gateway and SQL servers

For information on exclusions on the SCOM 2012 and 2007 agents click here.

This question comes up all of the time in new environments; so I decided to make a blog about exclusions to let the SCOM 2012 and the SQL 2008 R2 servers run efficiently.

Note: replace %programfiles% to the fysical location like C:\Program Files\System Center Operations…. do this for all entries below. Make also sure the path you use is correct ! !

Excluded Processes
Forefront – Excluded processes
McAfee – On Access Low risk processes
SCOM 2012
%programfiles%\System Center Operations Manager\Agent\HealthService.exe
%programfiles%\System Center Operations Manager\Agent\MonitoringHost.exe
-%programfiles%\Microsoft\Exchange Server\v14\Bin\Microsoft.Exchange.Monitoring.CorrelationEngine.exe
-%programfiles%\System Center 2012\Operations Manager\Console\Microsoft.EnterpriseManagement.Monitoring.Console.exe

%programfiles%\System Center 2012\Operations Manager\Server\Microsoft.Mom.Sdk.ServiceHost.exe
%programfiles%\System Center 2012\Operations Manager\Server\APMDOTNETAgent\InterceptSvc.exe
-%programfiles%\System Center 2012\Operations Manager\Server\cshost.exe

SQL 2008 R2
-%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
-%ProgramFiles%\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
-%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe


Excluded Directory’s
Forefront – Excluded files and locations
McAfee – Exclusions
SCOM 2012
-%programfiles%\System Center Operations Manager\Agent\Health Service State\*

SQL 2008 R2
-%ProgramFiles%\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\DATA\*
-%ProgramFiles%\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\BACKUP\*
-%ProgramFiles%\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\FTDATA\*

Excluded file types
Forefront – Excluded File Types
McAfee – Exclusions
SCOM 2012

SQL 2008 R2 Server data and backup files

SQL Agent Job Discovery in SCOM is empty

When implementing the SQL management pack the “SQL Agent Job state” is empty. Therefore there is no overview which jobs have ran successfully or have failed.

The SQL Server Management Pack includes an option to discover and monitor SQL Server Agent Jobs for SQL 2005/2008/2012.  The Discovery for this is disabled by default.

To use an override to change the setting for automatic discovery
1. In the Authoring pane, expand Management Pack Objects, and then click Object Discoveries.
2. On the Operations Manager toolbar, click Scope, and then filter the objects that appear in the details pane to include only SQL Server objects.
3. In the Operations Manager toolbar, use the Scope button to filter the list of objects, and then click SQL Server Agent Job.
4. On the Operations Manager toolbar, click Overrides, click Override the Object Discovery, and then click For all objects of class: SQL 20xx Agent

5. In the Override Properties dialog box, click the Override box for the Enabled parameter.
6. Under Management Pack, click New to create an unsealed version of the management pack or use an existing one, and then click OK, or select an unsealed management pack that you previously created in which to save this override. As a best practice, you should not save overrides to the Default Management Pack.

After you change the override setting, the object type is automatically discovered and appears in the Monitoring pane under SQL Server.

NOTE: The script runs every 14400 seconds so it can take up to 4 hours before the discovery takes place. You can shorten this by changing the discovery interval to for example 120 seconds. Don’t forget to change it back to default.

After the discovery the SQL Agent Job State





Configure/open Firewall ports for MS SQL 2008 R2/Windows 2008 (R2)

By default, installing SQL Server 2008 R2 on a brand new Windows Server 2008 R2 server does not open the required Windows Firewall ports.
I always wonder why they don’t give you the option during the installation of SQL and let MS make the changes for you. Anyway, MS has a tool to “Fix It” but on my Windows Server 2008 it runs but doesn’t apply to the Windows 2008 R2 setup.

You can of course follow Microsoft’s KB articles and manually add the Windows Advanced Firewall rules. For me, a script to do this was the way to go. Don’t forget to run the script as Administrator in the CMD box.

@echo =========  SQL Server Ports  ===================
@echo Enabling SQLServer default instance port 1433
netsh firewall set portopening TCP 1433 "SQLServer" 
@echo Enabling Dedicated Admin Connection port 1434
netsh firewall set portopening TCP 1434 "SQL Admin Connection" 
@echo Enabling conventional SQL Server Service Broker port 4022  
netsh firewall set portopening TCP 4022 "SQL Service Broker" 
@echo Enabling Transact-SQL Debugger/RPC port 135 
netsh firewall set portopening TCP 135 "SQL Debugger/RPC" 
@echo =========  Analysis Services Ports  ==============
@echo Enabling SSAS Default Instance port 2383
netsh firewall set portopening TCP 2383 "Analysis Services" 
@echo Enabling SQL Server Browser Service port 2382
netsh firewall set portopening TCP 2382 "SQL Browser" 
@echo =========  Misc Applications  ==============
@echo Enabling HTTP port 80 
netsh firewall set portopening TCP 80 "HTTP" 
@echo Enabling SSL port 443
netsh firewall set portopening TCP 443 "SSL" 
@echo Enabling port for SQL Server Browser Service's 'Browse' Button
netsh firewall set portopening UDP 1434 "SQL Browser" 
@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE

Check if the ports are opened successfully (see the picture).