Opsmgr 2007 r2 DNS 2008/R2 Resolution Time Alert

Standard

I frequently getting the alert: DNS Server xxxxxxxxx is experiencing performance issues.

1

The reason why this alert is generated is that often the server is busy executing scripts we run to check how the local DNS server is responding. When you check the default threshold you can see it is set to 1 Second.

Because this are generated by a monitor which is changing his state frequently. These alert get auto-resolved and get back to a healthy state by design.

The best thing to do is changing the default threshold from 1 to 3 seconds.

  1. Open the “Operations Manager Console” and open the health explorer for the sever that is giving problem’s
  2. Open “Performance” and right click “DNS 2008/R2 Resolution Time – xxxxxxxxxxxxx (DNS 2008/R2 server)” click “Monitor Properties
     2
  3. Under “DNS 2008/R2 Resolution Time properties” click the tab “Override
  4. Under the “Override” tab click “Override”, “For all objects of class: DNS Server
     3
  5. Check “Threshold Seconds” and change the override value to 3 seconds, Select the management pack for you customizations click “Apply” and “OK
     4

Operational Data Reporting Failed

Standard

I ran into the following alert in my System Center Operations Manager 2007 r2 Environment. The Alert is generated Daily

1

During the setup of Operations manager 2007 r2 reporting, on the Operational Data Reports page, you had the option to join the CEIP (The Microsoft Customer Experience Improvement Program). If you chose to join the CEIP, the Operations Manager 2007 Reports collect information about your installation and sends it to Microsoft on a weekly basis.

The alert above is generated because I enabled ODR reporting during my installation.

To Solve the Issue:

  1. Start “Operations Manager Console
  2. Go to “Administration”, “Security”, “User Roles
  3. Open the “Profile: Report Operator
     2
  4. Under the “Operations Manager Report Operators – User Role Properties” Page click “Add
  5. Add the user account mentioned in the alert.
     3
  6. Click “Apply” and “OK

    AD Replication Monitoring – Access Denied

    Standard

    During the implementation of the Active Directory Management Pack I ran into the following issue.
    When you want to monitor replication between domain controllers inside a Forest, the Active directory Management Pack Guide tells you to configure a domain account that will be used for replication monitoring.

    1

    To ensure the replication monitoring account has the rights to modify the object under the container “OpsMgrLatencyMonitors

    1. Start “Adsiedit.msc” and click “connect to
    2. Under “Connetion Point”, select “Select or type a Distinguished Name or Naming Context:”, fill in “DC=Domain,DC=Domain_Extension
       2
    3. Locate and right click “CN=OpsMgrLatencyMonitors,DC=domain,DC=domain_extension” click “properties
    4. In the “Security” tab click “advanced
       3
    5. Click “Advanced” and click “Add
    6. Under “Select Users, Computers, or Groups” and enter the “Active Directory Management Pack Run As” account and click “OK
    7. Under the “Permission Entry for OpsMgrLatencyMonitors” check the apply to is “This object and all descendant objects
    8. Under permissions, allow “Read all properties”,“ Write all properties”  and “Create All child Objects
       4
    9. Click “OK”, “Apply” and “OK” (twice)
    10. In the adsiedit console click “Action”, “Connect to
    11. Under “Connetion Point”, select “Select or type a Distinguished Name or Naming Context:”, fill in “DC=DomainDNSZones,DC=Domain,DC=Domain_Extension
       5
    12. Locate and right click “CN=OpsMgrLatencyMonitors,DC=DomainDNSZones,DC=domain,DC=domain_extension” click “properties
    13. In the “Security Tab” click “Advanced
    14. Click “Add
    15. Under “Select Users, Computers, or Groups” and enter the “Active Directory Management Pack Run As” account and click “OK
    16. Under the “Permission Entry for OpsMgrLatencyMonitors” check the apply to is “This object and all descendant objects
    17. Under permissions, allow “Read all properties”,“ Write all properties”  and “Create All child Objects
    18. Click “OK”, “Apply” and “OK” (twice)
    19. In the adsiedit console click “Action”, “Connect to
    20. Under “Connetion Point”, select “Select or type a Distinguished Name or Naming Context:”, fill in “DC=ForestDNSZones,DC=Domain,DC=Domain_Extension
       6
    21. Locate and right click “CN=OpsMgrLatencyMonitors,DC=ForestDNSZones,DC=domain,DC=domain_extension” click “properties
    22. In the “Security Tab” click “Advanced
    23. Click “Add
    24. Under “Select Users, Computers, or Groups” and enter the “Active Directory Management Pack Run As” account and click “OK
    25. Under the “Permission Entry for OpsMgrLatencyMonitors” check the apply to is “This object and all descendant objects
    26. Under permissions, allow “Read all properties”,“ Write all properties”  and “Create All child Objects
    27. Click “OK”, “Apply” and “OK” (twice)

    Opsmgr 2007 r2 Run As account Cannot Logon Locally

    Standard
     
    When importing the Active Directory management Pack and creating the RunAs account. I Ran into the following issue.
    1
     
    1.     On the domain controller open “Group Policy Management” console
    2.     Open the “Default Domain Controller Policy
    3.     Under “Computer Configuration”, “Policies”, “Windows Settings”, “Security Settings”, “User Rights Assignment” Open “Allow Log on Locally
    2
    4.     Under “Allow logon Locally Properties” click “Add User or Group
    5.     Add the “Operations Manager AD” run as account
    3
    6.     Click “Ok” to close the windows.
    7.     Open a command prompt
    8.     Type “gpupdate /force

    Opsmgr 2007 r2 Upgrading Management Packs

    Standard
     
    It is important to have up to date management packs. This is because updated management pack can contain new monitors, rules wich are not included in the old management pack. Bug fixes can also be included in the updated management packs.
    Upgrading Management pack’s
    1.     Start the Oprations Manager Console and go to the administration tab
    2.     Right click “Management Packs
    3.     Cick “Import Management Packs
     
    1
    4.     Click “Add” and click “Add from Catalog…”
    5.     Under “View”, select “Updates available for installed management packs
    6.     Click “Search
    2
    7.     Choose what management pack’s you want to update and click Add
    8.     Click “Install
    3
    9.     Click close when finished.

    (UN)sealing Management Packs

    Standard
     
    Most management packs are sealed from the vender and any changes to the management pack, or any rule, alerts and tasks that are created, will be included in an unsealed management pack.
    You could use the default management pack to store the objects or overrides, but doing that will not allow for efficient organization of the objects and overrides.
    You can create new Management pack’s using the operations manager console.
    When you create a management pack, the created management pack can be sealed so that other administrators are not being able to make changes to the management pack.
    Create a management pack using the Operation Manager Console
    1.     Start the System Center Operations Manager Console
    2.     Click “Administration
    3.     Select “Management packs
    4.     Right click “Management Packs”, and click “Create Management Pack
     
    1
    5.     Under “Name”, Name the management pack a logical name.
    6.     Under “Version”, Give the management pack a version
    7.     Under “Description” Give a description of the management pack
    2
    8.     Click Next and click “Create
    Unseal a Management Pack
    You cannot edit existing rules in sealed management packs. If you want to change scripts or rules in a sealed management Pack, the best practice is to create an override for the items you want to customize and create the item’s in a knew management pack.
    You can unseal an management pack and make changes to the management Pack. This is not a good idea:
    1.     When you unseal a management pack the management packs are no longer supported.
    2.     You cannot do upgrade of the management pack.
    So why do you want to unseal a management pack: To Learn
    1.     Download MPtoXML.ps1 script form here
    2.     Start the “Operations Manager Shell
    3.     Run the following example command:
     
    E:\MPtoXml.ps1 –mpFilePath:’d:\Program Files (X86)\System Center Management Packs\Active Directory Management Pack\Microsoft.Windows.Server.AD.2008.Monitoring.mp’ –outputDirectory:’E:\UnSealedMP’
     
    4.     Browse to “E:\UnSealedMP” and see the XML file that is created there
    Seal a Management Pack
    If you created your own management pack, you can seal the management pack.
    Make sure you install .Net Framework SDK
    1.     Create a KeyPar:
     
    C:\Program Files (x86)\Microsoft.NET\SDK\v2.0\bin\sn.exe –k E:\keypair\keypair.snk
     
    2.     Extract the Public key:
     
     C:\Program Files (x86)\Microsoft.NET\SDK\v2.0\bin\sn.exe –p E:\keypair\keypair.snk E:\keypair\Publickey
     
    3.     Display the token for the public key store:
     
    C:\Program Files (x86)\Microsoft.NET\SDK\v2.0\bin\sn.exe –tp E:\keypair\Publickey
     
    4.     Open the System center Operations manager 2007 r2 Authoring Console
    5.     Select “File”, “Save As”, “Sealed and Signed Management pack”
    6.     Give the Management Pack the suggested name
    7.     Specify the keypair you created earlier
     
     

    Opsmgr 2007 r2 Scheduling Reports

    Standard
     
    Reports can be run on a schedule so that an operator or user does not have to remember to run the report. These Reports will then be ready to view when the user wants to see them.
    Schedule a report to a share:
    1. Create a share \\servername\share
    2. Start the "Operations Manager Console" click "Reporting"
    3. Select the report you want to Schedule in my case "System Up Time Report" and click form the "Actions" "Open"
    4. Click "File" and "Schedule"
    1
    5. For the "Description" you can label it with the name you want to use. ‘Example: Server Uptime Share
    6. Under "Delivery method”, Choose the “Windows File Share” option.
    7. Under "File Name(required)", Specify the name of the file (Without the file extension)
    8. Under “Path (required)”, Specify the path to the share
    9. Under “Render Format (required)”, Select the format Acrobat (PDF) file
    10 Under “Write Mode” Select Auto increment
    11 Check “File Extension
    12. The user account (With domain) and password to write to the share.
     2
    13. Create a schedule. The schedule is stored as a new job in the SQL Server Agent.
    14. When the schedule is created. There should be a file in the directory you specified.
    E-mail a Scheduled report:
    1.  To Deliver a report via email start the “Reporting Service Configuration Manager
    3
    2. Under the “E-mail Settings” insert the “Sender Address” and the “SMTP Sever
    3. When you know op de the scheduled report. You can select the delivery method “E-mail
    4. Under settings you can configure the settings you want to use,
     4