In Part 1 and Part 2, I've explained how to download and install the DotNetNuke .NET application, configure System Center 2012 Operations Manager (SCOM) Application Performance Monitoring (APM) and detailed the creation of an APM monitor that will allow us to deep-dive into the application for troubleshooting and performance data. You will need to review both of these previous posts before continuing with this one as they form the foundation for configuring SCOM APM. It is also presumed that you have the SCOM Web Console with the APM Application Advisor and Application Diagnostics features deployed onto one of your Management Servers.
In this final blog post of the series, I will discuss the Client-Side Monitoring configuration of APM and will show how to generate alerts within your demo/lab environment to test the APM features of SCOM.
Client Side Monitoring
Now that we have created our server-side monitor, we need to configure the client-side monitoring for our application. Client-Side Monitoring uses JavaScript scripts that are automatically added to each managed web application that you configure for monitoring. To ensure these scripts can run properly and safely against your application, we need to check it for compatibility.
Click on the Monitoring tab on the SCOM console wunderbar, expand the Application Monitoring folder and then click on the ASP.NET Web Application Inventory view to see your applications listed.
We can use the ‘Check Client-Side Monitoring Compatibility’ task from the Tasks pane on the right hand side to verify that the web application can be safely monitored using client side monitoring.
I recommend running this task as part of your initial application monitoring configuration to confirm that it can be monitored without any issues. The screen below shows the output from this task
Once we have a successful return from the Client-Side monitoring compatibility task, we can then go ahead and add the client-side monitoring feature to the newly created APM monitor.
To do this, go back to the Authoring tab on the wunderbar, expand Management Pack Templates, click on the .NET Application Performance Monitoring view and then double click on your new APM monitor (in this case it’s the DotNetNuke one as below) and then select the Client-Side Monitoring tab from the resultant window
From the screen above, enable the check box beside your application component and then click on the Customize button over on the right hand side to review the various customizations that you can apply to your monitor
The screens below show examples of some of the customizations you can make to your APM monitor
Once you are happy with your changes, click on the OK button twice to return to the main SCOM console. This will now enable some additional views within the Monitoring tab of the console and we can click back over here to take a look at what we have now for our .NET application.
Staying in the Monitoring pane, scroll down the list of folders on the left hand side and expand the Operations Manager folder. Now expand the ‘APM Agent Details’ folder and take a look at some of the alerts that have been raised in here. These alerts will normally indicate that you need to restart IIS or recycle an application pool on the server that you have configured APM monitoring for. See below for an example of these alerts
With this knowledge, it’s a good time to logon to your IIS server that is hosting the .NET application and take a look in the ‘services.msc’ snap-in and you will notice that the ‘System Center Management APM’ service is now Started and set to Manual. This service is installed by default as Disabled and only changes to Started when you configure the Client-Side monitoring functionality of SCOM APM.
It would also be a good time now to restart IIS on this server if you can. I’ve simply opened the IIS Management Console, clicked on the Server Name and then chose the ‘Restart’ option from the Manage Server pane on the right hand side
Testing APM
So, what do you do if you have followed the steps in these posts to the letter and have configured your APM perfectly but there are no issues within your application to test if your setup is working or not?
Simple, we create a bogus page within our application that when called on, will throw up an error for SCOM APM to deal with!
(Thanks to Paul Keely - System Center Cloud and DataCenter Management MVP for this tip!)
Simply copy the text below into notepad and save it as test.aspx into the root folder directory of your .NET application:
<%@ Page language="c#" %>
<%@ Assembly Name="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<form id="Form1" action="Default.aspx" method="post" runat="server">
<%
using (SqlConnection connection = new SqlConnection("Server=server;Database=database;User ID=user;Password=password;"))
{
connection.Open();
}
%>
</form>
The root folder of my .NET IIS based application is: C:\inetpub\wwwroot\dotnetnuke
When I copied the file to the above location, I simply browse to the following URL:
http://IIS-LAB/dotnetnuke/test.aspx
This will then throw up an error page like the one below
Which in turn, will manifest itself within SCOM as
If you click on the blue URL link within the alert, it will open up the AppDiagnostics console (which is installed when you deploy the SCOM Web Console), and you will see the results of the error diagnostics as below
You can also review Performance counters from the screen below
This concludes your configuration of the APM feature in System Center 2012 Operations Manager. Although we've covered a lot in these three posts, there's still a huge amount that wasn't talked about. If you've gotten to the point where you have APM working and at least a demo application being monitored, then you will be in a great position to explore deeper into the different thresholds and customisations that are available for your application monitoring.
Update March 2014: Check out the following links to some other posts that I've written if you want to learn more about APM:
SCOM 2012 - APM CSM vs. GSM and Web Application Monitoring....Confused?
SCOM 2012 - The APM Consoles Part 1 - Application Diagnostics
Application Insights Deep Dive - Getting Started
Enjoy!
Saturday, March 24, 2012
SCOM 2012 - Configuring Application Performance Monitoring (APM) Part 2
In Part 1, I walked through the process of downloading and deploying the DotNetNuke application which is a free community .NET based website that we will be using for our testing of the Application Performance Monitoring functionality within System Center 2012 Operations Manager.
Once we have our .NET applications ready to be monitored, we now need to deploy the SCOM agent to the IIS servers that host them.
Use the Administration tab from the Wunderbar in the SCOM console to start the Discovery Wizard and deploy a Windows Agent to your IIS server. The screen below shows confirmation that the agent has been deployed successfully
Once the agent deployment is complete, go to the Monitoring tab in the console again and check the Application Pool State view under the Microsoft Windows Internet Information Services folder to confirm that the .NET application has been discovered. You should see a screen similar to the one below (You may need to wait a little while for discovery to complete)
Note: The IIS 7 discovery rules are all set to discover objects after 14400 seconds (4 hours) and if you haven’t got the time to wait for these discoveries to occur, you can tweak temporarily the discovery rule for the IIS 7 ASP.NET Application Endpoint to allow full discovery of your application. Without this rule being fired properly, you won’t be able to discover your app in the Web Application and Services object search later on.
When you have confirmation that your .NET application is discovered within SCOM, we will now move on to actually creating the APM template that will give us the granular information that we need to troubleshoot issues on a deep dive level
It’s good practice to create a custom group and management pack specifically for the application that you wish to monitor. To do this, go to the Authoring tab of the Wunderbar in the SCOM console, expand the Authoring view and then right mouse click on Groups. Choose the ‘Create a new Group’ option from the resultant menu, give the group a name and create a new unsealed management pack that reflects the application that you want to monitor - see the screen below for an example
Add the Windows Server objects for the servers that host the application(s) that you want to monitor as below
Move through the rest of the Create Group Wizard and click Create at the end to finish the process.
At this point, we have the .NET application configured on an IIS 7 server, we have deployed the SCOM agent to this server and ensured that the new .NET application and website have been discovered. We have also just created a custom group and unsealed management pack for which we are going to save any customisations and rules to for this application.
The next step is to create the Application Performance Monitoring component using the built in templates provided. To do this, click on the Authoring tab in the SCOM console, expand Management Pack Templates and then right mouse click on .NET Application Performance Monitoring. Now select the ‘Add Monitoring Wizard’ option. This will open up a wizard as shown below
Leave the .NET Application Performance Monitoring option selected, then click Next to continue
Enter a name and description for your monitor and then choose the new unsealed management pack that we created previously to store the monitor in. Click Next to continue once you have entered all required information
From the What to Monitor window, click on the Add button to open up the Object Search window and from here, search for and add the .NET application that you wish to monitor
Note: If you haven’t imported the two management packs outlined in Part 1 of this series, then you will not be able to find your application in the ‘Web Applications and Services’ list here. This is a common pitfall when people try to configure APM.
Once you have added your application, choose an Environment tag and targeted group from which you want to run the monitor under. I’ve chosen the ‘Test’ environment and selected the custom group I created earlier for this application. See the screenshot below for an example
Leave the Server-Side Configuration settings as they are for now and click Next
From the final screen in the Add Monitoring Wizard, you can review your configuration and then click on the Create button when you’re happy to continue.
Note: You will see from the screen below that there is a warning message stating: ‘IIS may need to be restarted’. This is always a recommendation when you configure APM for your application and if you are working in a production environment, you will need to plan for this IIS restart after hours to ensure that your monitor works.
This completes the creation of your .NET Application Performance Monitor and you should be able to see your new monitor listed under the Management Pack Templates\.NET Application Performance Monitoring view.
For Part 3 of this series, I will discuss Client-Side Monitoring and explain how to test your new APM monitor and review the alerts generated.
Once we have our .NET applications ready to be monitored, we now need to deploy the SCOM agent to the IIS servers that host them.
Use the Administration tab from the Wunderbar in the SCOM console to start the Discovery Wizard and deploy a Windows Agent to your IIS server. The screen below shows confirmation that the agent has been deployed successfully
Once the agent deployment is complete, go to the Monitoring tab in the console again and check the Application Pool State view under the Microsoft Windows Internet Information Services folder to confirm that the .NET application has been discovered. You should see a screen similar to the one below (You may need to wait a little while for discovery to complete)
Note: The IIS 7 discovery rules are all set to discover objects after 14400 seconds (4 hours) and if you haven’t got the time to wait for these discoveries to occur, you can tweak temporarily the discovery rule for the IIS 7 ASP.NET Application Endpoint to allow full discovery of your application. Without this rule being fired properly, you won’t be able to discover your app in the Web Application and Services object search later on.
When you have confirmation that your .NET application is discovered within SCOM, we will now move on to actually creating the APM template that will give us the granular information that we need to troubleshoot issues on a deep dive level
It’s good practice to create a custom group and management pack specifically for the application that you wish to monitor. To do this, go to the Authoring tab of the Wunderbar in the SCOM console, expand the Authoring view and then right mouse click on Groups. Choose the ‘Create a new Group’ option from the resultant menu, give the group a name and create a new unsealed management pack that reflects the application that you want to monitor - see the screen below for an example
Add the Windows Server objects for the servers that host the application(s) that you want to monitor as below
Move through the rest of the Create Group Wizard and click Create at the end to finish the process.
At this point, we have the .NET application configured on an IIS 7 server, we have deployed the SCOM agent to this server and ensured that the new .NET application and website have been discovered. We have also just created a custom group and unsealed management pack for which we are going to save any customisations and rules to for this application.
The next step is to create the Application Performance Monitoring component using the built in templates provided. To do this, click on the Authoring tab in the SCOM console, expand Management Pack Templates and then right mouse click on .NET Application Performance Monitoring. Now select the ‘Add Monitoring Wizard’ option. This will open up a wizard as shown below
Leave the .NET Application Performance Monitoring option selected, then click Next to continue
Enter a name and description for your monitor and then choose the new unsealed management pack that we created previously to store the monitor in. Click Next to continue once you have entered all required information
From the What to Monitor window, click on the Add button to open up the Object Search window and from here, search for and add the .NET application that you wish to monitor
Note: If you haven’t imported the two management packs outlined in Part 1 of this series, then you will not be able to find your application in the ‘Web Applications and Services’ list here. This is a common pitfall when people try to configure APM.
Once you have added your application, choose an Environment tag and targeted group from which you want to run the monitor under. I’ve chosen the ‘Test’ environment and selected the custom group I created earlier for this application. See the screenshot below for an example
Leave the Server-Side Configuration settings as they are for now and click Next
From the final screen in the Add Monitoring Wizard, you can review your configuration and then click on the Create button when you’re happy to continue.
Note: You will see from the screen below that there is a warning message stating: ‘IIS may need to be restarted’. This is always a recommendation when you configure APM for your application and if you are working in a production environment, you will need to plan for this IIS restart after hours to ensure that your monitor works.
This completes the creation of your .NET Application Performance Monitor and you should be able to see your new monitor listed under the Management Pack Templates\.NET Application Performance Monitoring view.
For Part 3 of this series, I will discuss Client-Side Monitoring and explain how to test your new APM monitor and review the alerts generated.
SCOM 2012 - Configuring Application Performance Monitoring (APM) Part 1
How often have you been in a position whereby a complaint comes to you about the slow performance of a .NET application and the development team are blaming the infrastructure team and the infrastructure team are blaming the development team?
When a situation like this arises people look to you as the System Center Operations Manager (SCOM) administrator to find out what the problem is and to get answers quickly!! If the issue is related to infrastructure or the databases and Operating System that the application is running on, then SCOM will very quickly highlight the problem using the relevant SQL/Oracle, Windows/Linux and Network Monitoring management packs and functionality.
If the problem was not related to these technologies however, and was an issue with bad coding from when the application was developed for example, then you need to go much deeper with your investigations to find the root cause. In SCOM 2007 R2, if you wanted to get this type of deep dive application monitoring, then you had to integrate with a product called AviCode. AviCode was the market leader in .NET application monitoring and in the year 2010, Microsoft acquired the company with a view to integrating it into a future release of System Center.
With SCOM 2012, Microsoft have integrated the AviCode product directly into it as the new Application Performance Monitoring (APM) functionality and it works really, really well for the type of scenario described above!
This three part blog series will describe what is needed to configure the APM functionality in the SCOM 2012 Release Candidate edition.
Update March 2014: If you want to learn about the future of APM or if you want to deploy a better .NET demo application than DotNetNuke, then check out my new 'Application Insights Deep Dive' blog series here:
Application Insights Deep Dive - Getting Started
The Release Candidate of SCOM 2012 will support only .NET web applications and web services and not .NET compiled applications but this should be addressed in future updates/service packs. You need to ensure that you have installed the SCOM Web Console feature into your environment as this installation comes with the Application Advisor and Application Diagnostics features of the new APM functionality.
As a result of the web application and services monitoring functionality, only applications running on IIS7 will be monitored and we need to ensure that this management pack is deployed first and foremost.
To download the IIS 7 Management Pack and accompanying guide (you do read the guide when installing all your management packs right.....?), click on the link below:
http://www.microsoft.com/download/en/details.aspx?displaylang=en%2cen&id=9815
Once you have downloaded the IIS7 Management Pack, follow the instructions contained within the MP Guide to deploy it into SCOM 2012.
Note: It's worth pointing out here that, if you are reading only SCOM 2007 R2 references in the MP Guides and downloads, don't worry, these Management Packs all work fine in SCOM 2012.
With the IIS 7 Management Pack deployed to SCOM, you then need to manually add one more management pack from the SCOM 2012 installation media - this is the only APM management pack that is not automatically installed on deployment of your first SCOM Management Server.
This management pack file is titled ‘Microsoft.SystemCenter.Apm.Web.IIS7.mp’ and is located in the ‘Management Packs’ folder of the installation media.
The screenshots below show its location and also what it looks like when being manually imported into the console
Note: If you don’t import the above management pack into SCOM 2012, you will be presented later on with a warning message when trying to create the APM monitor. This warning is as follows:
To select ASP.NET applications or services for monitoring you need to import the following management packs:
Operations Manager APM Web IIS7 management pack
Once you have these two management packs imported, you then need to ensure you have some .NET applications that you can monitor! If you are looking to deploy this functionality for testing/demo purposes, then you can download some of the free .NET applications that are available from the general community such as ‘DotNetNuke’, ‘DinnerNow’ and ‘BlogEngine’.
The link below will allow you to download a free version of DotNetNuke:
http://www.microsoft.com/web/gallery/install.aspx?appid=dotnetnuke_iis
During the installation wizard, we can choose the IIS website that we want to deploy the application to or even create our own website as part of the process - nice and handy!
All going to plan, you should be finished the DotNetNuke application installation in around 5-10 minutes and then be presented with the screen below
Once the Web Platform Installer has completed, browse to the new DotNetNuke website URL, in my case I’ve installed it into the default website so my URL would be:
http://localhost/dotnetnuke/
Once the web page opens up, you will be presented with the actual DotNetNuke Installation Wizard which is a configuration installer for the application itself
The easiest way to assist you with this part of the installation is to direct you to the following link which has an online video of this part of the deployment. It’s 6 minutes long and if you follow the instructions outlined - particularly the piece on SQL user permissions, then you will be up and running in now time:
http://www.dotnetnuke.com/Resources/Training/Training-Videos/Installation.aspx
If you choose the Typical option and click through the wizard, you might come to the screen below where it is asking you to choose your SQL database type. If you try to click Next whilst leaving the default settings specified, you will get the error message below - which is kind of cryptic to us non-developer types!
The error above basically means that the credentials being used to connect to the database (in this case the SQL Express database) do not have sufficient permissions to it.
Follow the instructions in the video that I’ve linked above to allow your account permissions on the DB and you should be able to continue on.
Note: Even though I was using an SQL 2008 R2 Express instance locally on my lab IIS server, I had to select the ‘SQL Server 2005/2008 Database’ option, create an account using the SQL Management Studio that had permissions to the database, un-tick the Integrated Security option and then specify the username and password in the appropriate fields before the wizard above would continue
All going well, you should see the screen below stating that the database configuration was a success
Click Next from the screen above and you will be presented with the Configure Host Account window where you need to specify a SuperUser account that will have full admin access to your new website.
Give the new website a name, choose a template and then click Next to continue
Once the wizard is finished, you will be presented with your newly created website like the screen below - complete with a backend .NET application that we will configure for Application Performance Monitoring with SCOM 2012.
When a situation like this arises people look to you as the System Center Operations Manager (SCOM) administrator to find out what the problem is and to get answers quickly!! If the issue is related to infrastructure or the databases and Operating System that the application is running on, then SCOM will very quickly highlight the problem using the relevant SQL/Oracle, Windows/Linux and Network Monitoring management packs and functionality.
If the problem was not related to these technologies however, and was an issue with bad coding from when the application was developed for example, then you need to go much deeper with your investigations to find the root cause. In SCOM 2007 R2, if you wanted to get this type of deep dive application monitoring, then you had to integrate with a product called AviCode. AviCode was the market leader in .NET application monitoring and in the year 2010, Microsoft acquired the company with a view to integrating it into a future release of System Center.
With SCOM 2012, Microsoft have integrated the AviCode product directly into it as the new Application Performance Monitoring (APM) functionality and it works really, really well for the type of scenario described above!
This three part blog series will describe what is needed to configure the APM functionality in the SCOM 2012 Release Candidate edition.
Update March 2014: If you want to learn about the future of APM or if you want to deploy a better .NET demo application than DotNetNuke, then check out my new 'Application Insights Deep Dive' blog series here:
Application Insights Deep Dive - Getting Started
The Release Candidate of SCOM 2012 will support only .NET web applications and web services and not .NET compiled applications but this should be addressed in future updates/service packs. You need to ensure that you have installed the SCOM Web Console feature into your environment as this installation comes with the Application Advisor and Application Diagnostics features of the new APM functionality.
As a result of the web application and services monitoring functionality, only applications running on IIS7 will be monitored and we need to ensure that this management pack is deployed first and foremost.
To download the IIS 7 Management Pack and accompanying guide (you do read the guide when installing all your management packs right.....?), click on the link below:
http://www.microsoft.com/download/en/details.aspx?displaylang=en%2cen&id=9815
Once you have downloaded the IIS7 Management Pack, follow the instructions contained within the MP Guide to deploy it into SCOM 2012.
Note: It's worth pointing out here that, if you are reading only SCOM 2007 R2 references in the MP Guides and downloads, don't worry, these Management Packs all work fine in SCOM 2012.
With the IIS 7 Management Pack deployed to SCOM, you then need to manually add one more management pack from the SCOM 2012 installation media - this is the only APM management pack that is not automatically installed on deployment of your first SCOM Management Server.
This management pack file is titled ‘Microsoft.SystemCenter.Apm.Web.IIS7.mp’ and is located in the ‘Management Packs’ folder of the installation media.
The screenshots below show its location and also what it looks like when being manually imported into the console
Note: If you don’t import the above management pack into SCOM 2012, you will be presented later on with a warning message when trying to create the APM monitor. This warning is as follows:
To select ASP.NET applications or services for monitoring you need to import the following management packs:
Operations Manager APM Web IIS7 management pack
Once you have these two management packs imported, you then need to ensure you have some .NET applications that you can monitor! If you are looking to deploy this functionality for testing/demo purposes, then you can download some of the free .NET applications that are available from the general community such as ‘DotNetNuke’, ‘DinnerNow’ and ‘BlogEngine’.
The link below will allow you to download a free version of DotNetNuke:
http://www.microsoft.com/web/gallery/install.aspx?appid=dotnetnuke_iis
If you already have in place your .NET applications to be monitored, then you can skip past the DotNetNuke deployment section and move to Part 2 of this series.
Deploying DotNetNuke
I really like this application simply because the installation of it is so easy as it uses the Microsoft Web Platform Installer 3.0.
The screenshot below shows the installer window for the DotNetNuke application web infrastructure. When you click on the Install button, you will be presented with a number of options and pre-requisite checks.
If you don’t have SQL installed, then the installer will download SQL Express and deploy it to your server.
Deploying DotNetNuke
I really like this application simply because the installation of it is so easy as it uses the Microsoft Web Platform Installer 3.0.
The screenshot below shows the installer window for the DotNetNuke application web infrastructure. When you click on the Install button, you will be presented with a number of options and pre-requisite checks.
If you don’t have SQL installed, then the installer will download SQL Express and deploy it to your server.
During the installation wizard, we can choose the IIS website that we want to deploy the application to or even create our own website as part of the process - nice and handy!
All going to plan, you should be finished the DotNetNuke application installation in around 5-10 minutes and then be presented with the screen below
Once the Web Platform Installer has completed, browse to the new DotNetNuke website URL, in my case I’ve installed it into the default website so my URL would be:
http://localhost/dotnetnuke/
Once the web page opens up, you will be presented with the actual DotNetNuke Installation Wizard which is a configuration installer for the application itself
The easiest way to assist you with this part of the installation is to direct you to the following link which has an online video of this part of the deployment. It’s 6 minutes long and if you follow the instructions outlined - particularly the piece on SQL user permissions, then you will be up and running in now time:
http://www.dotnetnuke.com/Resources/Training/Training-Videos/Installation.aspx
If you choose the Typical option and click through the wizard, you might come to the screen below where it is asking you to choose your SQL database type. If you try to click Next whilst leaving the default settings specified, you will get the error message below - which is kind of cryptic to us non-developer types!
The error above basically means that the credentials being used to connect to the database (in this case the SQL Express database) do not have sufficient permissions to it.
Follow the instructions in the video that I’ve linked above to allow your account permissions on the DB and you should be able to continue on.
Note: Even though I was using an SQL 2008 R2 Express instance locally on my lab IIS server, I had to select the ‘SQL Server 2005/2008 Database’ option, create an account using the SQL Management Studio that had permissions to the database, un-tick the Integrated Security option and then specify the username and password in the appropriate fields before the wizard above would continue
All going well, you should see the screen below stating that the database configuration was a success
Click Next from the screen above and you will be presented with the Configure Host Account window where you need to specify a SuperUser account that will have full admin access to your new website.
Give the new website a name, choose a template and then click Next to continue
Once the wizard is finished, you will be presented with your newly created website like the screen below - complete with a backend .NET application that we will configure for Application Performance Monitoring with SCOM 2012.
In Part 2 of this series, I will go through the process of monitoring the new application with SCOM 2012.
Saturday, March 10, 2012
Monitoring Windows Server 8 / 2012 BETA with SCOM 2012 Part 2
In Part 1 of this two part blog series, I walked through the process of installing the Windows Server 8 BETA onto a virtual Hyper-V machine. In this post, I'll describe how to install the SCOM 2012 agent onto it and show it being managed and monitored within the SCOM console.
Before you start on the SCOM side of things, a couple of points to note. The Windows Server 8 machine is best off being a member of an Active Directory domain as it avoids having to manually install the SCOM agent.
Note: It is a pre-requisite to have the .NET Framework 3.5 feature installed first before you go and install the agent. Quite a few people have been commenting (see below) on coming across errors with agent deployment and the solution is to install this feature.
Post Update 12.03.2012: A good friend of mine (whose technical opinion I've a lot of respect for), commented to me that there's no point in having this shiny new secure operating system if you're gonna go disabling the windows firewall and UAC on it as it wouldn't be something we'd do in a production environment anyway for obvious security reasons. I totally agree with him and put my initial suggestion of disabling both these security features down to a combination of eagerness to get the solution working and tiredness when I orginally wrote up the post. As a result, I've amended the following sections below that state there's a need to turn off the firewall and I've added in the correct steps to take to get it working in a secure and firewalled environment.
When I tried to initially install the SCOM agent on a vanilla install of Windows Server 8 (with the server in a domain)it failed.I had to turn of User Account Control first and then disable the Windows Firewall in the Windows Server 8 OS. The screens below show the UAC and firewall settings needed to make the agent install work. The reason for this failure was the secure out-of-box configuration of the windows firewall and some modifications need to be made to allow the agent to install.
You can leave User Account Control (UAC) turned on as it doesn't affect the agent deployment. The screens below show the windows firewall enabled and the default UAC setting within the Windows Server 8 Operating System.
Firewall turned on
UAC configured
Select Port from the first screen, then click Next
Select TCP and then type in the specific ports that you want to allow - in this example, I've used 5723,5724,80 and 51909 as I will most likely be installing the SCOM Console on this server at some point so want to provision for that now. Click Next once you're finished your selection.
Select All the connection, then click Next
Choose whether or not the rule applies to your domain, private or public profiles, then click Next
Type a description, then click Finish
At this point, you have your inbound rule created, but if you run the SCOM Agent installer wizard, you will receive an error message like the one below
The final step you need to take here (and this is what catches people out when trying to configure this-I know it caught me!), is to enable the already created rules for File and Print Sharing and WMI from within the Firewall Console. Although these rules are already existent in your firewall configuration, they are disabled by default and need to be turned on for the SCOM push installer to actually run.
The screen below shows the File and Print Sharing rules to be enabled
This screen shows the WMI rules that need to be enabled
This will open up the 'Computer and Device Management Wizard' as shown below. Select Windows Computers and click Next
Leave the discovery at Servers and Clients and choose your SCOM management server, then click Next
Either type the name of your Windows Server 8 or browse for it in the following screen, then click Next
Type the credentials for a domain admin account and then click Next
If the credentials you entered are correct and your firewall and UAC are disabled, you should see the computer object being discovered by the wizard. Just click on the server name and then select Next to continue
Leave the settings in the screen below as they are and click Finish
The Agent Management Task Status window should display a Success message if all went well with the deployment as below
If we wait a few minutes for discovery, we can then see the Windows Server 8 object in the Operations Manager Agent Managed console view as below
We can also see it in the Monitoring tab of the console showing a health state (hopefully!)
To demonstrate some of the custom tasks I have running against the Windows Server 8 agent, I need to enable the Remote Desktop Protocol (RDP) on the new server. This can be enabled from the new Server Manager window by clicking on the 'Remote Desktop' link as below
We can now enable RDP for the new Windows Server 8 as shown
Once RDP is enabled on the server, back in the SCOM console at the Monitoring tab, if I click on an alert that is relevant to the new Windows Server 8 machine, I will see my custom '01-Run Remote Desktop' task in the Actions pane on the right hand side. If I click on the alert, then select this action,
I should get prompted for my credentials to initiate an RDP session and then it'll logon to the new server as the screen below shows
Obviously, there will be a number of things not working on this agent and when we go into the Health Explorer for it, we can see that all of the Operating System rollups are in a Not Monitored state. This is to be expected when we haven't yet got a management pack released for Windows Server 8.
This concludes the installation of Windows Server 8 and the deployment of the SCOM 2012 agent to it. Hopefully you've enjoyed this short exploratory series!
Before you start on the SCOM side of things, a couple of points to note. The Windows Server 8 machine is best off being a member of an Active Directory domain as it avoids having to manually install the SCOM agent.
Note: It is a pre-requisite to have the .NET Framework 3.5 feature installed first before you go and install the agent. Quite a few people have been commenting (see below) on coming across errors with agent deployment and the solution is to install this feature.
Post Update 12.03.2012: A good friend of mine (whose technical opinion I've a lot of respect for), commented to me that there's no point in having this shiny new secure operating system if you're gonna go disabling the windows firewall and UAC on it as it wouldn't be something we'd do in a production environment anyway for obvious security reasons. I totally agree with him and put my initial suggestion of disabling both these security features down to a combination of eagerness to get the solution working and tiredness when I orginally wrote up the post. As a result, I've amended the following sections below that state there's a need to turn off the firewall and I've added in the correct steps to take to get it working in a secure and firewalled environment.
When I tried to initially install the SCOM agent on a vanilla install of Windows Server 8 (with the server in a domain)it failed.
You can leave User Account Control (UAC) turned on as it doesn't affect the agent deployment. The screens below show the windows firewall enabled and the default UAC setting within the Windows Server 8 Operating System.
Firewall turned on
UAC configured
To configure the Windows Server 8 firewall to allow the specific ports for SCOM 2012, open the Windows Firewall Advanced Configuration window from the control panel and then right mouse click on Inbound Rules to open the New Inbound Rule Wizard
Select Port from the first screen, then click Next
Select TCP and then type in the specific ports that you want to allow - in this example, I've used 5723,5724,80 and 51909 as I will most likely be installing the SCOM Console on this server at some point so want to provision for that now. Click Next once you're finished your selection.
Select All the connection, then click Next
Choose whether or not the rule applies to your domain, private or public profiles, then click Next
Type a description, then click Finish
At this point, you have your inbound rule created, but if you run the SCOM Agent installer wizard, you will receive an error message like the one below
The final step you need to take here (and this is what catches people out when trying to configure this-I know it caught me!), is to enable the already created rules for File and Print Sharing and WMI from within the Firewall Console. Although these rules are already existent in your firewall configuration, they are disabled by default and need to be turned on for the SCOM push installer to actually run.
The screen below shows the File and Print Sharing rules to be enabled
This screen shows the WMI rules that need to be enabled
Note: If you want a full list of all the required ports that SCOM needs, check out this link for more information-paying particular attention to the 'Operations Manager Feature Firewall Exceptions' section: http://technet.microsoft.com/en-us/library/hh205990.aspx
Once you have UAC and the firewall turned off configured the firewall with the relevant ports allowed, you can then start the installation of the SCOM agent.
To begin installing the SCOM agent, click on the Administration tab in the SCOM console and then select the 'Discovery Wizard' option located at the menu on the left hand side.
This will open up the 'Computer and Device Management Wizard' as shown below. Select Windows Computers and click Next
Leave the discovery at Servers and Clients and choose your SCOM management server, then click Next
Either type the name of your Windows Server 8 or browse for it in the following screen, then click Next
Type the credentials for a domain admin account and then click Next
If the credentials you entered are correct and your firewall and UAC are disabled, you should see the computer object being discovered by the wizard. Just click on the server name and then select Next to continue
Leave the settings in the screen below as they are and click Finish
The Agent Management Task Status window should display a Success message if all went well with the deployment as below
If we wait a few minutes for discovery, we can then see the Windows Server 8 object in the Operations Manager Agent Managed console view as below
We can also see it in the Monitoring tab of the console showing a health state (hopefully!)
To demonstrate some of the custom tasks I have running against the Windows Server 8 agent, I need to enable the Remote Desktop Protocol (RDP) on the new server. This can be enabled from the new Server Manager window by clicking on the 'Remote Desktop' link as below
We can now enable RDP for the new Windows Server 8 as shown
Once RDP is enabled on the server, back in the SCOM console at the Monitoring tab, if I click on an alert that is relevant to the new Windows Server 8 machine, I will see my custom '01-Run Remote Desktop' task in the Actions pane on the right hand side. If I click on the alert, then select this action,
I should get prompted for my credentials to initiate an RDP session and then it'll logon to the new server as the screen below shows
Obviously, there will be a number of things not working on this agent and when we go into the Health Explorer for it, we can see that all of the Operating System rollups are in a Not Monitored state. This is to be expected when we haven't yet got a management pack released for Windows Server 8.
This concludes the installation of Windows Server 8 and the deployment of the SCOM 2012 agent to it. Hopefully you've enjoyed this short exploratory series!
Subscribe to:
Posts (Atom)