SCOM 2016 – Monitor Changes to the Domain Administrators Group

Standard

In this blog post I am going to take you thru the steps I took to monitor changes made to the Domain Administrators Group inside a Active Directory.

First step is to create a management pack where we store the WMI-Discovery, the Monitors and the Views. A manual on how to create a management pack using the system center operations manager console can be found here

  1. Start the “System Center Operations Manager Console” and navigate to “Authoring
  2. In the “System Center Operations Manager Console” in the “Authoring” section expand “Management Pack Object” and select “Attributes
  3. In the “System Center Operations Manager Console” in the “Attributes” section right click “Attributes” and click “Create a New AttributeAttribute01 
  4. In the “Create Attribute Wizard”in the “General Properties” section  give the attribute the name  “Running Domain Controller Service” and click “Next
    Attribute02
  5. In the “Create Attribute Wizard” in the “Discovery Method” section, change the following settings:
    • Change the "Discovery Type" to "WMI Query"
    • Change the "Target" to "Windows Server"
    • Change the "Management Pack" to "Group Member Changes"

    In the “Create Attribute Wizard” in the “Discovery Method” section click “Next”. The result should look something like this:
    Attribute03

  6. In the “Create Attribute Wizard” in the “WMI Configuration” section change the following settings:
    • Change the "WMI Namespace" to "root\cimv2"
    • Change the "Query" to "select * from Win32_OperatingSystem where (ProductType = "2""
    • Change the "Property Name" to "ProductType"
    • change the "Frequency" to "900"

    In the “Create Attribute Wizard” in the “WMI Configuration” section click “Finish”. The result should look something like this:
    Attribute04

Now that we created the attribute we need to create a Group.

  1. Start the “System Center Operations Manager Console” and navigate to “Authoring
  2. In the “System Center Operations Manager Console” in the “Authoring” section select “Groups
  3. In the “System Center Operations Manager Console” in the “Authoring” section right click “Groups” and click “Create a New Group
    Group01
  4. In the “Create Group Wizard” in the “General Properties” section change the following settings: 
    • Change the "Name" to "Servers Running Domain Controller Service"
    • Change the "Management Pack" to "Group Member Changes"

    In the “Create Group Wizard” in the “General Properties” section click "Next". The result should look something like this.
    Group02

  5. In the “Create Group Wizard” in the “Explicit Members” section click “Next
  6. In the “Create Group Wizard” in the “Dynamic Members” section click “Create/Edit Rules
  7. In the “Create Group Wizard -  Query Builder” wizard, set the following settings: 
    • Change the "Select the Desired class and click add button to begin building the formule" to "Windows Server_Extended" click "Add"
    • From the Pull down list select "Running Domain Controller Service"
    • Set the Operator to "Greater"
    • Change the Value to "2" and click "Ok"

    In the “Create Group Wizard” in the “Dynamic Members” section click "Next". The result should look something like this.:
    Group04

  8. In the “Create Group Wizard” in the “Subgroups” section click "Next".
  9. In the “Create Group Wizard” in the “Excluded Members” section click "Create".

When you look at which servers are managed by the above created groups

Group05

Now its time to create a custom rule to monitor the changes made to the Domain Admins Groups

  1. Start the "System Center Operations Manager Console" and navigate to “Authoring
  2. In the “System Center Operations Manager Console” in the “Authoring” section expand “Management Pack Object” and select “Rules
  3. In the “System Center Operations Manager Console” in the “Attributes” section right click “Attributes” and click “Create a New Rule
    Rule01
  4. In the “Create Rules Wizard” in the “Rule Type” section, set the following settings:
    • In the "Select the type of rule to create" expand "Alert Generating Rules", "Event Based" and select "NT Event Log (Alert)"
    • In the "Management pack" section select the "Group Member Changes" management pack

    In the “Create Rule Wizard” in the “Rule Type” section click "Next". The result should look something like this.:
    Rule02

  5. In the “Create Rule Wizard”, in the “General” section, set the following settings:
    • Enter the "Rule Name" "Security Group Alert – User Added to Group"
    • Change the "Rule Category" to "Alert"
    • Change the "Rule Target" to "Windows Server"
    • Uncheck "Rule is enabled"

    In the “Create Rule Wizard” in the “General” section click "Next". The result should look something like this.:
    Rule03

  6. In the “Create Rule Wizard” in the “Event Log Type” section change the log name to “Security” and click “Next
  7. In the “Create Rule Wizard” in the “Build event Expression” section., change Event-ID Value to “4782”, change the event source to “Parameter 3” whit the value “Domain Admins”. Click “Next” The result should look something like this:
    Rule04
  8. In the “Create Rule Wizard” in the “Configure Alerts” section. Click “Create.
    Rule05

When you now add a user to the Domain Admins group the following alert is generated.

Warning

I created a management pack which is also monitoring the “Domain Admins”, “Schema Admins”, “Enterprise Admins”. The only difference. is that a warning is generated and that the rules are enabled. You can download the management pack from here

SCOM 2016 – Install System Center Operations Manager 2016 – Part 6

Standard

In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

  • Microsoft Windows Server 2016 – Download from here
  • Microsoft SQL Server 2016 – Download from here
  • System Center Operations Manager 2016 – Download from here

My Test environment consist of the following servers,

  • DC01 – Domain Controller
  • SQL01 – Microsoft SQL 2016 server
  • DATA01 – Data Server
  • MS01 – Scom Management Server 01
  • MS02 – Scom Management Server 02
  • MS03 – Scom Management Server 03 | Audit Collection Service
  • SQLRPS01 – SQL Reporting Service 01
  • WEB01 – Scom Web Console Server,
  • WAP01 – Web Applications Proxy.

 

Here you can find the previous blogposts

In this part we are going to install System Center Operations Manager Audit Collections Services. I installed a third management server in my environment. On how to install a management server please have a look at Part 2.

When the management server is installed. Let’s start by installing audit collection service.

  1. On the “Operations Manager” page, click “Audit Collection Services
    acs01

  2. On the “Audit Collection Services Collector Setup” page, in the “Welcome to the audit collection Service setup Wizard” section click “Next
    acs02

  3. On the “Audit Collection Services Collector Setup” page,  in the “Microsoft Software License Terms” section click “I accept the license terms” and click “Next
    acs03

  4. On the “Audit Collection Services Collection Setup” page in the “Database Installation Options” section select “Create a new database” and click “Next
    acs04

  5. On the “Audit Collection Services Collection Setup” page, in the “Data Source” section click “Next
    acs05

  6. On the “Audit Collection Services Collector Setup” page, In the “Database” section select “Remote database Server” and enter the name of you SQL server. In my configuration it looks like this:
    acs06

  7. On the “Audit Collection Services Collector Setup” page, in the “Database Authentication” section select “Windows Authentication” and click “Next
    acs07

  8. On the “Audit Collection Services Collector Setup” page, in the “Database Creation” section select “Use SQL Servers default data and log file directories” and click “Next
    acs08

  9. On the “Audit Collection Services Collector Setup” page, in the “Event Retention Schedule” section click “Next
    acs09

  10. On the “Audit Collection Services Collector Setup” page, in the “ACS Stored Timestamp Format” section, select “Local” and click “Next
    acs10

  11. On the “Audit Collection Services Collector Setup” page, in the “Summary” section click “Next
  12. On the “Audit Collection Services Collector Setup” page, in the “Audit collection services has been successfully installed” click “Finish
    acs11

When you start the System Center Operations Manager Console and you expand Microsoft Audit Collection Services, Collector and click the state view you should see something like this:

acs12

Next we need to deploy the ACS reporting Services.

  1. On your reporting server in my case "SQLRP01" create a temporary folder "C:\ACS"
  2. On the Installation Media browse to “ReportModels\acs” and copy all the files and directories to the above created directory
  3. Open a command prompt window by using "Runs as Administrator" and change the directory to the "Acs" directory
    acs13
  4. Enter the following command “UploadAuditReports “SQLRP01\MSSQLSERVER” “http://sqlrp01/ReportServer$MSSQLSERVER” “D:\ACS”
    acs14

When finished the results should look something like this:

acs16

This completes this part off the series installing System Center Operations Manager 2016. In the next part we are going to install the Gateway

SCOM 2016 – Install System Center Operations Manager 2016 – Part 5

Standard

In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

  • Microsoft Windows Server 2016 – Download from here
  • Microsoft SQL Server 2016 – Download from here
  • System Center Operations Manager 2016 – Download from here

My Test environment consist of the following servers,

  • DC01 – Domain Controller
  • SQL01 – Microsoft SQL 2016 server
  • DATA01 – Data Server
  • MS01 – Scom Management Server 01
  • MS02 – Scom Management Server 02
  • SQLRPS01 – SQL Reporting Service 01
  • WEB01 – Scom Web Console Server,
  • WAP01 – Web Applications Proxy.

Here you can find the previous blogposts

In this part we are going to install System Center Operations Manager Reporting Service.

Before we can start installing the reporting service module we need to make sure that our SQL reporting server is member of SQL group “SG – SQL2016” that we created in part 1 

First we need to install “Active Directory Module for Windows PowerShell” this can be done using the following steps:

  1. Start the "PowerShell" command line ad administrator and enter the following command:
     Install-WindowsFeature RSAT-AD-PowerShell

    The result should look something line this:

    reporting01

  2. In the “Powershell” command line enter the following command:
      Get-ADServiceAccount Sql2016Report

    The result should look something line this: 
    reporting02

If the values are true then its time to install the SQL Server Reporting Services. I took the following steps:

  1. In the "SQL Server Installation Center" wizard on the "Planning" page click "Installation"
  2. In the "SQL Server Installation Center" Wizard on the "Installation" page, click "New SQL Server Stand-Alone installation or add features to an existing installation"
  3. In the “SQL Server 2016 Setup” Wizard on the “Product key” page, enter a product key and click “Next
  4. In the “SQL Server 2016 Setup” Wizard, on the “License Terms” page check “I accept the license terms” and click “Next
  5. In the “SQL Server 2016 Setup” Wizard, on the “Microsoft Update” page click “Next
  6. In the “SQL Server 2016 Setup” Wizard, on the “Product Update” page click “Next
  7. In the “SQL Server 2016 Setup” Wizard, on the “Install Setup files” page click “Next
  8. In the “SQL Server 2016 Setup” Wizard, on the “Install Rules” page click “Next
  9. In the “SQL Server 2016 Setup” Wizard, on the “Feature Installation” select “Report Services Native” and click “Next

    reporting03

  10. In the “SQL Server 2016 Setup” Wizard, on the “Instance Configuration” page, click “Next
  11. In the “SQL Server 2016 Setup” Wizard, on the “Service Account” page add managed service account and click “Next

    reporting04

  12. On the “SQL Server 2016 Setup” Wizard, on the “Reporting Service Configuration” page, click “Next
  13. On the “SQL Server 2016 Setup” Wizard, on the “Ready to Install” page, click “Install
  14. On the “SQL Server 2016 Setup” Wizard, on the “Complete” page click “Close

Now we need to configure the reporting service

    1. On the “SQLRP01 server” start the “Report Service Configuration Wizard

      reporting05

    2. On the “Reporting Services Configuration Connection” page, click “Connect
    3. On the “Reporting Services Configuration Manager” page, click “Database” and connect to your SQL server. In my case “SQL01”. The end result should look something like this:

      reporting06

Now its time to install the reporting Services for System Center Operations Manager

  1. On the "System Center Operations Manager 2016" install page click "Install"
  2. On the “Operations Manager Setup” page, in the “Select Features to Install” section select “Reporting Server” and click “Next

    reporting07

  3. On the “Operations Manager Setup” page in the “Select Installation location” section change the location to where you want to install the reporting Service and click “Next

    reporting08

  4. On the “Operations Manager Setup” page, in the “Proceed with Setup” section, click “Next
  5. On the “Operations Manager Setup” page, in the “Please read the License terms” section, check “I have read, understood, and agree with the license terms” and click “Next

    reporting09

  6. On the “Operations Manager Setup” page, in the “Specify Management Server” section enter the management server you want to use and click “Next

    reporting10

  7. On the “Operations Manager Setup” page, in the “SQL Service for reporting Services” section, make sure that the right reporting server is selected and click “Next

    reporting11

  8. On the “Operations Manager Setup” page, in the “Configure Operations manager Accounts” section enter the data reader account and password and click “Next

    reporting12

  9. On the “Operations Manager Setup” page, in the “Diagnostic and Usage Data” section click “Next
  10. On the “Operations Manager Setup” page, in the “Installations Summary” section click “Install
  11. On the “Operations Manager Setup” page, in the “Setup is Completed” section click “Close

    reporting12

When you start the System Center Operations Manager Console the end result should look something like this

reporting14

In the next part we are going to install Audit collection services.

SCOM 2016 – Install System Center Operations Manager 2016 – Part 4

Standard

In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

  • Microsoft Windows Server 2016 – Download from here
  • Microsoft SQL Server 2016 – Download from here
  • System Center Operations Manager 2016 – Download from here

My Test environment consist of the following servers,

  • DC01 – Domain Controller
  • SQL01 – Microsoft SQL 2016 server
  • DATA01 – Data Server
  • MS01 – Scom Management Server 01
  • MS02 – Scom Management Server 02
  • WEB01 – Scom Web Console Server,
  • WAP01 – Web Applications Proxy.

Here you can find the previous blogposts

In this part we are going to install the System Center Operations Manager web-console and going to publish it using the Web Application Proxy Server.

I took the following steps to install the Web Application Proxy Service. Before you can start installing you need to make sure that you have a Certificate. I bought mine wildcard certificate using Xolphin. Also make sure that on you firewall you forward 443 traffic to you Web Application Proxy server and create a DNS entry web01.domain.com

  1. Start the “Server Manager” and click “Manage” and click “Add Roles and Features
  2. On the “Add roles and Features wizard” page, in the “Before you begin”  section,  click “Next
  3. On the “Add roles and Features Wizard” page in the “Select Installation type” section, select “Role-based or feature-based installation” and click “Next
  4. On the “Add Roles and Features Wizard” page, in the “Select Destination Server” section, select the server where you want to install Web Application Proxy and click “Next
  5. On the “Add Roles and Features Wizard” page, in the “Select Server Roles” section select “Remote Access” and click “Next
    wap01
  6. On the “Add Roles and Features Wizard” page, in the “Features” section click “Next
  7. On the “Add Roles and Features Wizard” page, in the “Remote Access” section click “Next
    wap02
  8. On the “Add Roles and Features Wizard” page, in the “Role Services” section, select “Web Application Proxy”. In the popup “Add Roles and Features” click “Add Features”. In the “Add Roles and Features Wizard” page, in the “Role Services” section click “Next
    wap03
  9. On the “Add Roles and Features Wizard” page, in the “Confirm Installation Selection” section, check “Restart the destination server automatically if required” and click “Install
    wap04
  10. On the “Add Roles and Features Wizard” page, in the “Installation process” section, click “Close” when completed
  11. Login into your Active Directory Federation Server and start the Microsoft Management Console using the command “MMC
  12. On the “Console1 – [Console Boot]” screen go to “File”,  “Add/Remove Snap-ins” select “Certificates” then click “Add
    wap05
  13. On the “Certificate Snap-in” page, select “Computer account” and click “Next
    wap06
  14. On the “Select Computer” page, select “Local Computer (The computer this Console is running on)” and click “Finish
    wap07
  15. On the “Add Remove Snap-in” page click “OK
  16. On the “Console1 – [Console Root\Certificates (Local Computer)\Personal\Certificates]” page, expand “Certificates (Local Computer)”, “Personal”, “Certificates” right click the certificate you used to setup you Active Directory Federation Server and go to “All Tasks”, “Export
    wap09
  17. On the “Certificate Export Wizard” page click “Next
  18. On the “Certificate Export Wizard” page select “Yes, Export Private Key”and click “Next
  19. On the “Certificate Export Wizard” page, select “Personal Information Exchange – PCKS #12 (.pfx) ” and check “Include all Certificates in the certification path if possible” and click “Next
  20. On the “Certificate Export Wizard” page, in the “Password” section enter a password and click “Next
  21. On the “Certificate Export Wizard” page click Browse and find a location to save the .pfx file to. Type in a name such as "mydomain.pfx" and then click Next.
  22. On the “Certificate Export Wizard” page and click “Finish
  23. Login into your Web Application Proxy Server and start the Microsoft Management Console using the command “MMC
  24. On the “Console1 – [Console Boot]” screen go to “File”,  “Add/Remove Snap-ins” select “Certificates” then click “Add
  25. On the “Console1 – [Console Root\Certificates (Local Computer)\Personal\Certificates]” page, expand “Certificates (Local Computer)”, “Personal” right click the certificate you used to setup you Active Directory Federation Server and go to “All Tasks”, “Import
    wap10
  26. On the “Certificate Import Wizard” page click “Next
  27. On the “Certificate Import Wizard" page, Browse to the Certificate you exported. and click “Next
    wap11 
  28. On the “Certificate Import Wizard” page, Enter the “password” and click “Next
  29. On the “Certificate Import Wizard” page, leave the default certificate store as Personal. Click Next 
  30. On the “Certificate Import Wizard” page, click “Finish” The end result should look something like this
    wap12
  31. In  “Server Manager” under ”Notifications” click the message “Open the Web Application Proxy Wizard
  32. On the “Web Application Proxy Configuration Wizard” screen in the “Welcome” section, click “Next
    wap13
  33. Optional Configuration if you have ADFS Running On the “Web Application Proxy Configuration Wizard” page, in the “Federation Server ” section enter the “adfs.ms-opsmgr.eu” and the Service Account you created during AD FS setup. Click Next:
    wap14
  34. On the “Web Application Proxy Configuration Wizard” page, in the “AD FS Proxy Certificate” section on the drop down menu select the certificate you imported from your AD FS server. Click Next:
    wap15
  35. On the “Web Application Proxy Configuration Wizard” page, in the “Confirmation” section click “Configure
    wap16
  36. On the “Web Application Proxy Configuration Wizard” page, in the “Results” section click “Close
    wap17
  37. When you start the “Remote Access Management Console” result shoulld look something like this:
    wap18

Now that we have the Active Directory Federation Server and Web Application Proxy installed we can start installing the System Center Operations Manager Web Console.

Before we can install the System Center Operations Manager Web Console we must install the following Software. Report viewer which can be downloaded from here and the Microsoft System CLR Types for SQL Server 2014 which can be downloaded from here. Il be using the Group Policy’s to deploy the software I already wrote down the steps you need to take to accomplish this in “SCOM 2016 – Install System Center Operations Manager 2016 – Part 3” which can be found here. Also make sure you imported your certificate.

    1. On server “Web01 ” start “PowerShell” command line utility as administrator to install the IIS-Components that are needed for the web-console. I ran the following command:
      Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs -restart

                   

    2. On Server “Web01” start “PowerShell” command line utility as administrator to install the NET components that are needed for the web-console. I ran the following command:

      Add-WindowsFeature NET-WCF-HTTP-Activation45

      Web02

    3. Check of the "Report Viewer" and the "Microsoft System CLR Types for SQL Server 2014" are installed
    4. On server “WEB01” start the “Internet Information Services (IIS) Manager” console and expand “WEB01 (ms-opsmgr\administrator)”, “Sites” and click “Default Web Site

      IIS01

    5. On server “WEB01” in the “Internet Information Services (IIS) Manager” select the “Default Web Site” and from the “Actions” pane click “Bindings
    6. On server “WEB01” on the “Bindings” screen click “Add
    7. On server “WEB01” on the “Add Site Bindings” screen change type to “https” and select certificate you imported. When finished click “OK” The result should look something like this:

      IIS02

    8. On server “WEB01” on the “Bindings” screen click “Close
    9. On server “WEB01” in the “Internet Information Services (IIS) Manager” select the “Default Web Site”  and double click the “SSL Setting” and check “Require SSL” and click “Apply” 
      IIS03

    10. On server “WEB01” start the “Setup.exe
    11. In the “Operations Manager” Screen click “Install

      Web03

    12. On the “Operations Manager Setup” page in the “Select Features to Install” section select “Web Console” and click “Next

      Web04

    13. On the “Operations Manager Setup” page in the “Select Installation Location” section click “Next

      Web05 

    14. On the “Operations Manager Setup” page in the “Proceed whit Setup” section click “Next

      Web06

    15. On the “Operations Manager Setup” page in the “Read License Term” section select “I have read, understood and agree whit the license terms” and click “Next

      Web07

    16. On the “Operations Manager Setup” page, in the “Specify a management Server” section enter a management server that will be used for the web console and reporting features only I entered my first management server “ms01.ms-opsmgr.eu” and click “Next

      Web08

    17. On the “Operations Manager Setup” page, in the “Specify a website for use whit the web console” section check “Enable SSL” and click “Next 
      Web09
    18. On the “Operations Manager Setup” page, in the “Select an authentication mode for use whit the web console” section select “Use Mixed Authentication (Forms Authentication)” and click “Next

      Web10

    19. On the “Operations Manager Setup” page, in the “Diagnostic and Control” section click “Next

      Web11

    20. On the “Operations Manager Setup” page, in the “Microsoft Update” section select “Off” and click “Next

      Web12 

    21. On the “Operations Manager Setup” page, in the “Installation Summary” section click “Install

      Web13

    22. On the “Operations Manager Setup” page, in the “Completed” section click “Close

      Web14blis

    Now that the System Center Operations Manager Web Console is installed its time to publish the web console using the Web Applications Proxy.

    1. On the "WAP01" server, start the “Remote Access Management Console
    2. On the “WAP01” server from the “Remote Access Management Console” from the “Task” pane click “Publish

      wap19

    3. On the “Publish New Application Wizard” screen in the “Welcome” section click “Next

      wap20

    4. On the “Publish New Application Wizard” screen in het “Preauthentication” section click “Pass-Through” and click “Next

      wap21

    5. On the “Publish New Application wizard” screen in the “Publishing Settings” enter the following settings and click “Next

      • Name: "Web01"
      • External URL: "https://web01.ms-opsmgr.eu/"
      • External Certificate: "Select the certificate you installed on de Web Application"
      • Check "Enable Http to Https redirection"

      The result should look something like this:

      wap22

    6. On the “Publish New Application wizard” screen in the “Confirmation” section click “Publish

      wap23

    7. On the “Publish New Application Wizard” screen in the “Results” section click “Close” 

    Now that the Web Application Proxy publishing rule is created we can test it using internet explorer. When we browse “https://web01.ms-opsmgr.eu/operationsmanager” you should a get an authentications challenge. When you login using your admin credentials  the result should look something like this:

    webconsolefinished

     

    This concludes Part 4 on Installing System Center Operations Manager. In the next part we are going to install and configure System Center Reporting Services.

    SCOM 2016 – Install System Center Operations Manager 2016 – Part 3

    Standard

    In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

    • Microsoft Windows Server 2016 – Download from here
    • Microsoft SQL Server 2016 – Download from here
    • System Center Operations Manager 2016 – Download from here

    My Test environment consist of the following servers,

    • DC01 – Domain Controller
    • SQL01 – Microsoft SQL 2016 server
    • DATA01 – Data Server
    • MS01 – Scom Management Server 01
    • MS02 – Scom Management Server 02
    • WEB01 – Scom Web Console Server,

    Here you can find the previous blogposts

    In this part we are going to install the second Management Server and the System Center operations Manager Console.

    First we are going to install the System Center Operations Manager Console. The System Center Operations Manager Console will be installed on Windows 10 domain joined machine. Before we can install the System Center Operations Manger console we need to install Report Viewer Controls. These can be download from here. I am using a Group Policy to deploy the Report Viewer Controls.

    1. Start the "Group Policy Management" console
    2. Right click on the Group Policy Object that is applied to all the workstation that you want to deploy the Report Viewer and click “Edit
      CreateGPO01
    3. In the “Group Policy Management Editor” navigate to “Computer Configuration – Policies – Software Settings – Software installation” then right click on “Software installation” then click on “New” then “Packages
      CreateGPO02
    4. Navigate to the path that you placed the installation files and select “Reportviewer.msi” then click “Open
    5. On the “Deployment Screen” select “Advanced” and click “OK
      CreateGPO03
    6. On the “Microsoft Report Viewer 2015 Runtime Properties” page, click “OK
      CreateGPO04
    7. Restart the client computer that is available in the Organizational Unit that you want to use. The result should look something like this:
      CreateGPO05
    8. On the “Windows Client” where you want to install the “System Center Operations Manager Console” click “Setup.exe
    9. On the “Operations Manager” screen click “Install
    10. On the “Operations Manager Setup” page, in the section“Select feature to Install” select “Operations Manager Console” and click “Next
      ConsoleInstall01
    11. On the “Operations Manager Setup” page, in the section “Select installation location” click “Next
      ConsoleInstall02
    12. On the “Operations Manager Setup” page, in the section “Proceed with Setup” screen click “Next
      ConsoleInstall03
    13. On the “Operations Manager Setup” page, in the section “Proceed read the license terms” Screen check “I have read, understood and agree with the license term” and click “Next
      ConsoleInstall04
    14. On the “Operations Manager Setup” page, in the section “Diagnostic and usage Data” screen click “Next
      ConsoleInstall05
    15. On the “Operations Manager Setup” page, in the section “Microsoft Update” screen select “Off” and click “Next
      ConsoleInstall06
    16. On the “Operations Manager Setup” page, in the section “Installation Summary” screen click “Install
      ConsoleInstall07
    17. On the “Operations Manager Setup” page, in the section “Setup is Complete” click “Close
      ConsoleInstall08
    18. The end result should look something like this
      ConsoleInstall09

    Now we are going to install the second management server. On the server is Windows Server 2016 Core edition installed.  I used the following script to install the management server:

    First we need to install the AuthManager for Windows Server 2016 using PowerShell:

    InstallMS01

    Next we can run the following command:

    When you start the “System Center Operations Manager” Console and you to “Administration” and expand “Device Management”, “Management Servers” you should see two Management servers.

    InstallMS02

    This completes the third part of these series. In the fourth part we are going to install the web-console.

    Big thanks’ to Tao Yang and Florent Appointaire for there information on there blogs on how to install System Center Operations Manager 2016 on Windows Server Core 2016

    SCOM 2016 – Install System Center Operations Manager 2016 – Part 2

    Standard

    In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

    • Microsoft Windows Server 2016 – Download from here
    • Microsoft SQL Server 2016 – Download from here
    • System Center Operations Manager 2016 – Download from here

    My Test environment consist of the following servers,

    • DC01 – Domain Controller 
    • SQL01 – Microsoft SQL 2016 server
    • DATA01 – Data Server
    • MS01 – Scom Management Server 01
    • MS02 – Scom Management Server 02
    • WEB01 – Scom Web Console Server,

    Here you can find the previous blogposts

    Before we can deploy System Center Operations Manager 2016 we need to create the Service accounts.

    Domain\Account Description
    ms-opsmgr\Srv-OpsmgrAction Unless an action has been associated with a Run As profile, the credentials that are used to perform the action will be those defined for the action account
    ms-opsmgr\Srv-OpsmgrDataAccess The System Center Configuration service and System Center Data Access service account is used by the System Center Data Access and System Center Management Configuration services to update information in the Operational database. The credentials used for the action account will be assigned to the sdk_user role in the Operational database.
    ms-opsmgr\Srv-OpsmgrSqlRead The Data Reader account is used to deploy reports, define what user the SQL Server Reporting Services uses to execute queries against the Reporting data warehouse, and define the SQL Reporting Services account to connect to the management server.
    ms-opsmgr\Srv-OpsmgrSqlWrite The Data Warehouse Write account is the account used to write data from the management server to the Reporting data warehouse, and it reads data from the Operations Manager database

    I also created a security group “SG – Opsmgr Administrators” where the user “Srv-OpsmgrDataAccess” and “Srv-OpsmgrAction” is added. I used the following script to create the accounts.

    You can find it here

    The next step that we need to make the group “SG – Opsmgr Administrators” local administrator on the two management Servers named “MS01” and “MS02” I am going to do this using Group Policy’s

    1. Start the “Group Policy Management Console
    2. On the Organization Unit where you moved the Management Server to right click “Create a GPO in this domain, and link it here

      InstallMSPrereq01

    3. In the “New GPO” windows enter the name that you want to give the GPO. I named mine “Default Opsmgr Policy
    4. Right click on the “GPO” and click “Edit

      InstallMSPrereq02

    5. In the “Group Policy Management Editor” browse tot the following location “<Gpo Name>\Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups

      InstallMSPrereq03

    6. In the “Group Policy Management Editor” select “Restricted Groups”. Right click on “Restricted Groups” and click “Add Group

      InstallMSPrereq04

    7. On the “Add Group” page. browse to the above create group. In my case “SG – Opsmgr Administrators” and click “Ok

      InstallMSPrereq05

    8. In the “Ms-opsmgr\SG – Opsmgr Administrators properties” screen in the “This group is member is off” click “Add” and add a Local “Administrators” group. and click “Ok

      InstallMSPrereq06

    9. Close the “Group Policy Management Editor
    10. On the clients “MS01” and “MS02” run the command “Gpupdate /force” and restart the Computer. The result should look something like this:

      InstallMSPrereq07

    Now that al prerequisites are installed it’s time to install the first management Server.

    1. Log in to the first management server "MS01" that is member of the "SG – Opsmgr Administrators"
    2. Run "Setup.exe"
    3. On the “Operations Manager” screen click “Install

      ScomInstallMS01-1

    4. On the “Operations Manager” screen, in the “Select features to install” section select “Management Server” and click “NextScomInstallMS01-2
    5. On the “Operations Manager” screen, in the “Select Installation location” section click “Next

      ScomInstallMS01-3

    6. On the “Operations Manager” screen, in the “Proceed with setup” section click “Next

      ScomInstallMS01-5

    7. On the “Operations Manager” screen, in the “Specify an installation option” section, select “Create a first management server in a new management group” and enter “Management group name” in my case I entered “Ms-opsmgr” and click “Next

      ScomInstallMS01-6

    8. On the “Operations Manager” screen, in the “Please read the license term” section, check the “I have read, understood, and agree with the license terms” and click “Next

      ScomInstallMS01-7

    9. On the “Operations Manager” screen, in the “Configure the Operational Database” enter the “Server Name and Instance” press “Tab”. When the connection is made click “Next

      ScomInstallMS01-8

    10. On the “Operations Manager” screen, in the “configure the data warehouse database” section enter the “Server name and instance name” and click “Next

      ScomInstallMS01-9 

    11. On the “Operations Manager” screen, in the “Configure Operations Manager Accounts” section enter the accounts that you created above and click “Next”. The result should look something like this: 
      ScomInstallMS01-10
    12. On the “Operations Manager” screen, in the “Diagnostic and Usage data” section click “Next

      ScomInstallMS01-11

    13. On the “Operations Manager Setup” screen, in the “Windows Update” section, check “Off” and click “Next

      ScomInstallMS01-12

    14. On the “Operations Manager Setup” screen, on the “Installation Summary” section click “Install

      ScomInstallMS01-13

    15. On the “Operations Manager Setup” screen, on the “Setup complete” screen click “Close

      ScomInstallMS01-14 

    When finished installing Systeem Center Operations Manager 2016 om MS01 its time to enter the License key. This is done by taking the following steps:

    1. Start the "Operations Manager Shell" as "Administrator"
    2. Type the following command and press "Enter":

    In the Next Part we are going to install the second management server and the console.

    SCOM 2016 – Install System Center Operations Manager 2016 – Part 1

    Standard

    In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

    • Microsoft Windows Server 2016 – Download from here
    • Microsoft SQL Server 2016 – Download from here
    • System Center Operations Manager 2016 – Download from here

    My Test environment consist of the following servers,

    • DC01 – Domain Controller
    • SQL01 – Microsoft SQL 2016 server
    • DATA01 – Data Server
    • MS01 – Scom Management Server 01
    • MS02 – Scom Management Server 02
    • WEB01 – Scom Web Console Server,

    Here you can find the rest of the blogposts.

    Before we can deploy System Center Operations Manager 2016 we need to deploy a instance of Microsoft SQL Server 2016. This instance will be located on a separated computer.

    Before we can install Microsoft SQL Server 2016 we need to create group managed service accounts. I used the following steps to create the managed service accounts:

    1. Start “Active Directory Users and Computers” and create a “Group” whit a Group Scope “Global” and the  Group type “Security”. Give the group a logical name In my case “SG- Sql2016Agents", and click “OK
      Install and Configure SQL for System Center Operations Manager 2016
    2. Open the properties off the above created group and add the domain member servers that will be hosting the SQL Server instances that will be using the group managed service accounts.
      Install and Configure SQL for System Center Operations Manager 2016
    3. On your “Domain Controller” run a “PowerShell” command prompt as administrator and run the following command:

      Install and Configure SQL for System Center Operations Manager 2016

       

    4. On your “Domain Controller” run a “PowerShell” command prompt as administrator and enter the following command: 

      Install and Configure SQL for System Center Operations Manager 2016

    5. Next we need to grand the created group managed service account the right to “Validated write to service principal name” permission:
      • In “Active Directory Users and Computers”, click “View” and check “Advanced Features”.Install and Configure SQL for System Center Operations Manager 2016
      • In “Active Directory Users and Computers”, right click on the domain and go to “Properties” and click on the “Security” tab.
      • On the “Security” tab click “Advanced
      • On the “Advanced Security settings for <Domain>”  page, on the “Permissions” tab click “Add
      • On the “Permission Entry for <Domain>” page, at the top, click the “Select a principal” link
      • On the “Select User, Computer, Service Account, or Group” page, click “Object Types
      • On the “Object Types” page, select “Service Accounts” and click “OK
      • On the “Select User, Computer, Service Account or Group” page, enter the name of de service you created above and press “Enter
      • On the “Permission Entry for <Domain>” in the “Applies to” section select “Descendant Computer Objects
      • On the “Permission Entry for <Domain>” page in the “Permissions” section select “Validated write to service principal name” and click “OKInstall and Configure SQL for System Center Operations Manager 2016
      • Click “OK” three times to close all dialogs

      After completing the the above steps the result should look something like this:

      Install and Configure SQL for System Center Operations Manager 2016

       

    6. On your “Domain Controller” run a “PowerShell” command prompt as administrator and enter the following command:

    7. Next we need to grand the created group managed service account the right to “Validated write to service principal name” permission. See "Step 5"
    8. On your “Domain Controller” run a “PowerShell” command prompt as administrator and enter the following command:

    9. Next we need to grand the created group managed service account the right to “Validated write to service principal name” permission. See "Step 5"
    10. On your “SQL Server” install the AD module for PowerShell.

      Install and Configure SQL for System Center Operations Manager 2016

    11. When rebooting the “SQL Server” the Group Managed Service accounts are configured on the Server. You can check if the Group managed Service accounts are installed using the following command:

      The result should look something like this:

      Install and Configure SQL for System Center Operations Manager 2016

       

    Know that the Service accounts for SQL are created lets start by installing SQL Server 2016

    1. On the “SQL Server Installation Center” page click “Installation” and click “New SQL Server Stand-Alone installation or add features to an existing Installation

      Install and Configure SQL for System Center Operations Manager 2016

    2. On the “SQL Server 2016 Setup” page, in the “Product Key” section enter a Product key click “Next

      Install and Configure SQL for System Center Operations Manager 2016

    3. On the “SQL Server 2016 Setup” page,, in the “License Terms” section click “I Accept the license terms” and click “Next

      Install and Configure SQL for System Center Operations Manager 2016

    4. On the “SQL Server 2016 Setup” page, on the “Microsoft update” section click “Use Microsoft Update to check for Updates (Recommended)” and click “Next

      Install and Configure SQL for System Center Operations Manager 2016

    5. On the “SQL Server 2016 Setup” page, in the “Product Updates” section click “Next

      Install and Configure SQL for System Center Operations Manager 2016

    6. On the “SQL Server 2016 Setup” page, on the “Install Rules” section click “`Next

      Install and Configure SQL for System Center Operations Manager 2016

    7. On the “SQL Server 2016 Setup” page, in the “Feature Selection” select the following and click “Next”:
      • Database Engine Service
      • Full-Text Extraction for fast text search
      • Reporting Services – Native

      In my environment I changed the paths to where I wanted to install SQl. Install and Configure SQL for System Center Operations Manager 2016

    8. On the “SQL Server 2016 Setup” page, in the “Feature Rules” section click “NextInstall and Configure SQL for System Center Operations Manager 2016
    9. On the “Sql Server 2016 Setup” page, in the “Server Configuration” section on the “Service Accounts Tab” add the above created service accounts to wright service. The result should look something like this:Install and Configure SQL for System Center Operations Manager 2016
    10. On the “Sql Server 2016 Setup” page, in the “Server Configuration” section on the  “Collation” tab make sure that “SQL_Latin1_General_CP1_CI_AS” is selected and click “NextInstall and Configure SQL for System Center Operations Manager 2016
    11. On the “SQL Sever 2016 Setup” page, in the “Database Engine Configuration” section click “Next” In my environment I added a group off SQL Administrators which are allowed off managing the SQL Server.Install and Configure SQL for System Center Operations Manager 2016
    12. On the “SQL Server 2016 Setup” page, on the “Reporting Services Configuration” section make sure “Install and Configure” is selected and click “NextInstall and Configure SQL for System Center Operations Manager 2016
    13. On the “SQL Server 2016 Setup” page, on the “Ready to Install” section click “InstallInstall and Configure SQL for System Center Operations Manager 2016
    14. On the “SQL Server 2016 Setup” page, on the “Complete” section click “CloseInstall and Configure SQL for System Center Operations Manager 2016

    This completes the first post in a series of post where we install System Center Operations Manager 2016. In the next post we are going the install all the prerequisites and create all the service accounts.

    Software Update: VSAE Supporting Visual Studio 2015

    Standard

     

    On 21-October-2016Microsoft released  an software update of the System Center Visual Studio Authoring Extensions (VSAE) to version: 1.2.0.1

    Before installing this software update in your production environment make sure you test these software update in your test environment

    SCOM 2016: Network Monitoring Management Pack generator Tool

    Standard

    On 12-October-2016 Microsoft released the System Center 2016 sweet. With the release of System Center Operations Manager 2016 Microsoft created the “Network Monitoring Management Pack generator tool” which provides you with extended monitoring for your SNMP-enabled devices by generating your own custom Management Pack.

    The following features are included:

    • SNMP_MpGenerator tool has a inbuilt MIB Browser. Users can load MIB files, search through the Object Identifiers (OIDs) of the component they wish to add workflows for and create rules and monitors
    • Users can add monitors and rules for device components such Processors, Memory, Fan, Temperature Sensor, Power Supply, Voltage Sensor and Custom device components
    • This tool would also support custom devices in addition to already supported devices like switch, Router, Firewall and Load Balancer
    • Users can define monitors and rules for multiple devices in a single project file and generate a single Management Pack for all of their devices.
    • As mentioned above, this tool would also include the command line executive NetMonMPGenerator.exe for users who wish to generate MP through command line interface.

    The best part of the tool is that it’s free and that it is well documented. You can download the Network Management Pack generator tool form here