Before you start on the SCOM side of things, a couple of points to note. The Windows Server 8 machine is best off being a member of an Active Directory domain as it avoids having to manually install the SCOM agent.
Note: It is a pre-requisite to have the .NET Framework 3.5 feature installed first before you go and install the agent. Quite a few people have been commenting (see below) on coming across errors with agent deployment and the solution is to install this feature.
Post Update 12.03.2012: A good friend of mine (whose technical opinion I've a lot of respect for), commented to me that there's no point in having this shiny new secure operating system if you're gonna go disabling the windows firewall and UAC on it as it wouldn't be something we'd do in a production environment anyway for obvious security reasons. I totally agree with him and put my initial suggestion of disabling both these security features down to a combination of eagerness to get the solution working and tiredness when I orginally wrote up the post. As a result, I've amended the following sections below that state there's a need to turn off the firewall and I've added in the correct steps to take to get it working in a secure and firewalled environment.
When I tried to initially install the SCOM agent on a vanilla install of Windows Server 8 (with the server in a domain)it failed.
You can leave User Account Control (UAC) turned on as it doesn't affect the agent deployment. The screens below show the windows firewall enabled and the default UAC setting within the Windows Server 8 Operating System.
Firewall turned on
UAC configured
To configure the Windows Server 8 firewall to allow the specific ports for SCOM 2012, open the Windows Firewall Advanced Configuration window from the control panel and then right mouse click on Inbound Rules to open the New Inbound Rule Wizard
Select Port from the first screen, then click Next
Select TCP and then type in the specific ports that you want to allow - in this example, I've used 5723,5724,80 and 51909 as I will most likely be installing the SCOM Console on this server at some point so want to provision for that now. Click Next once you're finished your selection.
Select All the connection, then click Next
Choose whether or not the rule applies to your domain, private or public profiles, then click Next
Type a description, then click Finish
At this point, you have your inbound rule created, but if you run the SCOM Agent installer wizard, you will receive an error message like the one below
The final step you need to take here (and this is what catches people out when trying to configure this-I know it caught me!), is to enable the already created rules for File and Print Sharing and WMI from within the Firewall Console. Although these rules are already existent in your firewall configuration, they are disabled by default and need to be turned on for the SCOM push installer to actually run.
The screen below shows the File and Print Sharing rules to be enabled
This screen shows the WMI rules that need to be enabled
Note: If you want a full list of all the required ports that SCOM needs, check out this link for more information-paying particular attention to the 'Operations Manager Feature Firewall Exceptions' section: http://technet.microsoft.com/en-us/library/hh205990.aspx
Once you have UAC and the firewall turned off configured the firewall with the relevant ports allowed, you can then start the installation of the SCOM agent.
To begin installing the SCOM agent, click on the Administration tab in the SCOM console and then select the 'Discovery Wizard' option located at the menu on the left hand side.
This will open up the 'Computer and Device Management Wizard' as shown below. Select Windows Computers and click Next
Leave the discovery at Servers and Clients and choose your SCOM management server, then click Next
Either type the name of your Windows Server 8 or browse for it in the following screen, then click Next
Type the credentials for a domain admin account and then click Next
If the credentials you entered are correct and your firewall and UAC are disabled, you should see the computer object being discovered by the wizard. Just click on the server name and then select Next to continue
Leave the settings in the screen below as they are and click Finish
The Agent Management Task Status window should display a Success message if all went well with the deployment as below
If we wait a few minutes for discovery, we can then see the Windows Server 8 object in the Operations Manager Agent Managed console view as below
We can also see it in the Monitoring tab of the console showing a health state (hopefully!)
To demonstrate some of the custom tasks I have running against the Windows Server 8 agent, I need to enable the Remote Desktop Protocol (RDP) on the new server. This can be enabled from the new Server Manager window by clicking on the 'Remote Desktop' link as below
We can now enable RDP for the new Windows Server 8 as shown
Once RDP is enabled on the server, back in the SCOM console at the Monitoring tab, if I click on an alert that is relevant to the new Windows Server 8 machine, I will see my custom '01-Run Remote Desktop' task in the Actions pane on the right hand side. If I click on the alert, then select this action,
I should get prompted for my credentials to initiate an RDP session and then it'll logon to the new server as the screen below shows
Obviously, there will be a number of things not working on this agent and when we go into the Health Explorer for it, we can see that all of the Operating System rollups are in a Not Monitored state. This is to be expected when we haven't yet got a management pack released for Windows Server 8.
This concludes the installation of Windows Server 8 and the deployment of the SCOM 2012 agent to it. Hopefully you've enjoyed this short exploratory series!
