SCOM 2007 R2 – workgroup/DMZ server notes

This is harder than it should be. Here are my notes on doing this.

1. On cert server go here: http://blah/certsrv/

2. request cert. choose type other and paste in the below OID

3. OID = 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2

4. Make sure to check key exportable. Make sure to use FQDN of server for name and common name.

5. Open up server mgt for certificate manager and approve.

6. Go back to website, install the cert.

7. Mmc, certificates for personal. Export the cert. make private key exportable.

8. Copy cert to client server.

9. On server do mmc for client, import cert, mark as exportable.

10. Run momcertimport on client, choose cert.

11. Restart system center manager service on client.

12. Wait a min and go to mom console, administration, pending management. Approve it.

13. Done!

Dear SCOM. You blew it

In case you weren’t aware, for SCOM to work against a non domain machine, all manner of certificates is required between the RMS and the agents in order for this to work. Not only is it required, but you have to use the fairly archaic tools provided with certificates, oh, and you will need your own certificate authority too. This is such a complete and utter #FAIL that I don’t really know where to start. Mainly my issue is that it doesn’t need to be this hard.. if someone wants to see the CPU time on my webserver, then by all means, hack in, but damn if I care enough to go through this level of work for it. And that brings me to my second issue, the shit just doesn’t work. Sure you could say this is a “rush it out the door” kinda thing, but this happened back in 2007 and there have been plenty of releases including an R2 version, yet still this useless and archaic process is still in place.

So in short, the SCOM guys failed by over-complicating something that isn’t needed, and then making it 10 times more difficult than necessary. FAIL.

scom 2007 r2 cumulative update 2 (cu2) update notes

Download it here

Microsoft’s KB article on it

Installing it

Applying update to a clustered RMS

If the install fails and you need to run it again, this is where it installs it (on an x64 system)

C:Program Files (x86)System Center 2007 R2 Hotfix Utility

If the install fails and you need to run it again, this is where it installs it (on a 32bit system)

C:Program FilesSystem Center 2007 R2 Hotfix Utility

If the install fails, this is probably why

windows dns server and EDns – update (added namebench info/link)

I have had an issue with DNS server in Windows 2003 server previously that’s covered pretty well in this article by my buddy Marcus. The short version is that EDNS is enabled by default on 2003 server, and this doesn’t play well with the rest of the internet, so it’s best to turn it off if you are using windows 2003 for external (internet) DNS.

Right now I’m working on a Windows 2008 R2 server and was having similar problems that made me check for EDNS many moons ago on 2003 server. This link came up in a search and it says that they made EDNS off in 2008 RTM, but it’s back on again in R2. He includes a link to Microsoft’s KB article about EDNS. 

Luckily this is pretty easy to turn off. All you do is run this command:

dnscmd /config /enableednsprobes 0

I wanted to update this post with a link to a cool tool I have been using. It’s called name bench and it’s a DNS benchmarking tool. Works good, does exactly what you want, and the price is right.

Solarwinds Orion MP for System Center Operations Manager 2007 r2 – where’s the logfile?

I was trying to run the configure utility for the Solarwinds Orion MP for System Center Operations Manager 2007 r2 and getting a failure that told me to check the logfile. Where is the logfile? (It doesn’t say!) After much looking I found it in the .config in the folder for the management pack which is:

C:Program FilesSolarWindsOrion Management Pack for OpsManager 2007OrionSCOMConfigApp.exe.config

Since they are using logforj for a standard .net app, it was easy to see. The value was:

<file value="${ALLUSERSPROFILE}DocumentsSolarWindsOrion Management Pack for OpsManager 2007ConfigurationWizard.log" />

On my system this translated to:

C:UsersPublicDocumentsSolarWindsOrion Management Pack for OpsManager 2007ConfigurationWizard.log

In our particular instance, the problem was:

Could not allocate space for object ‘dbo.ManagementPackStaging’.’PK_ManagementPackStaging’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

This was resolved by opening the Microsoft SQL Server Management Studio and going to databases/OperationsManager, then properties, files, and increasing the initial size on the “PRIMARY” database file. Once I did this, I was able to configure the management pack successfully.