Connect System Center Configuration Manager to OMS sync device collection data #MSOMS #sysctr #Azure #ARM

When using System Center Configuration Manager current branch Build 1610, you can extend it to OMS and you don’t need the OMS portal or the Classic portal. All from the Azure Resource Manager portal.

When opening the SCCM Manager it maybe that the OMS Connector option is not available, This connector is currently in preview and therefore you need to enable this option by hand. All the SCCM servers need to have a OMS Agent (at least the service connection point site system role Server)

image image

In the Option can be enabled in Consent to Use Pre-Release Features.

Navigate to the Administration workspace in your Config Manager console, expand Site Configuration and select Sites.

Click on the Hierarchy Settings tab at the top of your screen.

select the General tab, and read the disclaimer under the Consent to use Pre-Release features.

After that You need to enable the feature in update and servicing. Right Click and turn it on.

image

Close and open the Management console and the option is there.

image

But before we can use this we need to configure the Web Api in Azure Resource Manager.

Logon to the Azure Portal and go the the Azure Active Directory and check the App registrations and ADD a new APP
image

Create a New APP Pick a name and Sign-on URL  as we are not using the url it does not Mather what name it is.

image

When created we can change some properties like a Custom Logo

image

Placing a custom logo is not needed but it looks nice when you search the app Winking smile

image

Next Step is creating a KEY for the APP SCCM is using this key to connect to OMS.

image image

Just choose a Name and a valid certificate expire date and a value and check save else the key is not saved.

Now to give the application the proper permissions in OMS we need to give the APP rights on the Resource Group where OMS based.

imageimage

Go to the OMS resource group and pick Access Control IAM and add a new USER.

Select the Contributor Role and add this to the Just create application.

image

Now the Azure part is ready the next step is Creating the Connector in SCCM.

image

In the Cloud Services open the OMS connection Click on “Create connection to Operations Management Suite”

image

Now you’ll need to enter the details of your Azure AD tenant (The name) and the Client ID and Key from the Azure AD Application created previously then click Verify to ensure the details are correct and finally click Next.

The Tenant is your Tenant azure Account.

the Application ID is the Client ID

and the Client Secret is the Key that you created.

image 

If you are using the Classic portal you should use the Client ID

imageimage

With this we are almost ready just pick the groups that you want to populated in the OMS site.

imageimageimage

Selecting the Groups and you are ready. In the OMS site you can see the SCCM option connected.

image

It could take some time to connect to all the groups. and only Groups with an agent are connected to azure so empty groups will not be used or seen in OMS. the connector runs every 6 hours so just wait.

Type=ComputerGroup (GroupSource=”SCCM”) | measure count() by Group

Type=ComputerGroup GroupSource=SCCM

image

As I just set this up I did not have any results. and this is also the option for a Part 2 SCCM with OMS. But with the results you can create a custom dashboard to show the status.

image

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

System Center 2016 VMM Place template VM in Custom OU #sysctr #Cloud #Deploy #VM

when using VMM and deploying templates you not always want to place them in the default OU computers

image

But instead you want the Template Server 2016 places in OU TP5 and Hyper-V server directly placed in the OU Hyper-v.

Default there is no Gui item in the VMM console to do this. Say on the domain join tab place this VM in the Hyper-V OU

 image

Instead of this you need to fill in the Value in Powershell. and Make a custom OU field.

image

You can Add Custom Properties as you like.

But first we are creating a Custom Guest OS profile this profile is the basis for the new build template and the Custom OU Placement.

image

Now that the Custom OS profile is in place we can check it there is a domain OU field

Get-SCGuestOSProfile

image

this shows us the field that we must fill in to get the right OU placement.

Get-SCGuestOSProfile |select Name

image

Get-SCGuestOSProfile -name "Guest OS 2016TP5"

Setting this in the OS profile

Get-SCGuestOSProfile -name "Guest OS 2016TP5" |Set-SCGuestOSProfile -DomainJoinOrganizationalUnit "OU=SCVMM16,DC=MVP,DC=local"

image

Now when I create a new template with this OS profile the VM is place in the SCVMM16 OU but it is not anywhere visible in the GUI.

and what if I have already build templates how to place them in Custom OU.

Yes you can do this. First I select all the templates to pick the right one

Get-SCVMTemplate |select name

image

 

$template = Get-SCVMTemplate | where {$_.Name -eq "ws2016G2"}
$template |select name

image

As I made the OU a variable :

$ou = "OU=SCVMM16,DC=MVP,DC=local"

Set-SCVMTemplate -VMTemplate $template -DomainJoinOrganizationalUnit $ou

 

image

So now the Template has a custom OU also.

But still there is no GUI property to show this. therefore go to the Template and create a Custom Property

image

go to the Manage custom Properties

image

Select Virtual Machine Template Properties give it a name “ custom OU “ and assign this to the template

image

Now that tis is assigned we can enable this in the GUI

imageimage

But before we get any value in this field we need match this with the PowerShell Value DomainJoinOrganizationalUnit

 

Get-SCVMTemplate | %{ Set-SCCustomPropertyValue -InputObject $_ -CustomProperty $(Get-SCCustomProperty -Name "Custom OU") -Value $_.DomainJoinOrganizationalUnit }

 

image

As you can see there is an error this is because one template has no value.

image image

 

Now With new deployments the VM’s will be places in the Custom OU

image

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

System Center 2016 VMM Current Updates installation | Cumulative Update 1 & 2

When testing with Windows Server 2016 and system Center 2016 you need to install the CU1 and CU2 update to get the best results. there are several fixes in these updates.

 

 

 

Issue 1: As a Delegated Administrator (DA), when you try to configure the load balancer on the Network Controller Service, the service crashes with a NULL pointer exception.

Issue 2: When you try to configure VPN connections that are running on a Network Controller-managed gateway, VMM does not display the VPNServerAddress object on the VMM Console.

Issue 6: Creating Shielded VMs on Guarded Hosts on an untrusted network or on a perimeter network fails.

To get more info on all the fixes and solutions and read the KB you may need to change something in the Database! So no hit and run on the System Center  cumulative Updates. 

image

As you can see only 86 days left on this evaluation.

image

After the updates make sure the Hyper-v servers have the latest Agent version!

 

How to obtain and install CU1 for System Center 2016 VMM Technical Preview 5

Download information

Update packages for VMM are available by manual download.

Manual download of the update packages

Go to the following websites to manually download the update packages from the Microsoft Download Center:

Installation instructions
 
How to obtain and install Cumulative Update 2 for System Center 2016 Virtual Machine Manager Technical Preview 5
 
Download information
Update packages for Virtual Machine Manager are available by manual download.
Manual download of the update packages
Go to the following websites to manually download the update packages from the Microsoft Download Center:

DownloadDownload the Server update package now.

Add your Azure Subscription v1 only to System Center Virtual Machine manager 2016 #SCVMM #Azure #MSCloud

When you are testing Virtual Machine Manager (VMM) in System Center 2016 and you want to connect your Azure Subscription connected you need a Certificate and publish this is the admin portal. But as you thought he cool I can access all my resource groups VM’s and my old VM’s eh no VMM 2016 Preview can only manage  the old VM’s.

To do this go to the VMM Console and Add Subscription

image

Easy as it is fill in the blanks

The Display name is the name you want and has no pointer to Azure

the Subscription ID is directly linked to Azure this is where your VM’s are

image

The Certificate we need to make this by hand.

First the Subscription ID go to the Azure.com portal and in the Subscriptions there is the ID.

image

image

Next we need a Certificate for a selfsigned certificate we can use Makecert but what fun is that .

Makecert.exe

https://robertsmit.wordpress.com/2015/05/01/manage-azure-with-system-center-2012-r2-virtual-machine-manager-scvmm-2012-r2-ur6/

 

Create a new self-signed certificate

You can use any tool available to create a self-signed certificate as long as they adhere to these settings:

  • An X.509 certificate.
  • Contains a private key.
  • Created for key exchange (.pfx file).
  • Subject name must match the domain used to access the cloud service. > You cannot acquire an SSL certificate for the cloudapp.net (or for any Azure related) domain; the certificate’s subject name must match the custom domain name used to access your application. For example, contoso.net, not contoso.cloudapp.net.
  • Minimum of 2048-bit encryption.
  • Service Certificate Only: Client-side certificate must reside in the Personal certificate store.

There are two easy ways to create a certificate on Windows, with the makecert.exe utility, or IIS.

Makecert.exe

This utility has been deprecated and is no longer documented here. Please see this MSDN article for more information.

Create a Certificate with Powershell

there is a new command in powershell : New-SelfSignedCertificate

this is how we create a certificate quick and easy and I also exported the Certificate

#Create new Certificate
$cert = New-SelfSignedCertificate -Subject AzureVMM01 -FriendlyName AzureVMM01 -Type Custom -CertStoreLocation "Cert:\currentuser\My" -KeyExportPolicy ExportableEncrypted -KeyLength 2048 -KeySpec KeyExchange

#set password for PFX
$password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText

#Export Certificate
Export-PfxCertificate -Cert $cert -FilePath "c:\cert\scvmm16azure.pfx" -Password $password

# to use this certificate in the Azure management portal export it to a .cer file
Export-Certificate -Type CERT -Cert $cert -FilePath "c:\cert\scvmm16azure.cer"

 

image

Now that the Certificate is exported I can upload this in the Old Azure V1 portal

image

Go to Settings and Management Certificates at the bottom there is a upload link.

image

Select the fresh created Certificate with the right subscription ( must be the same as the ID picked earlier )

image

Now that the Azure Certificate is in place I check browse and see the local certificate also.

image

After these steps we see the subscription in the console

image

here you can manage the VM’s with out the Azure v1 Portal.

As the the Resource Group option is still unavailable you can Vote for this in the user https://systemcentervmm.uservoice.com

Add Azure Resource Manager Stack based Azure VMs to the subscription view

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Install the OMS agent using GPO automation with Powershell OMS WorkSpace lookup #MSOMS #Azure

Suppose you want to deploy the OMS ( Microsoft Operations Management Suite ) Agent but you don’t want to do this by hand. Well Supposed you could run a Powershell script that installs the Agent. But in this case it is about deployments and a lot of VM’s are getting deployed and removed and you don’t want to put the Agent in the Template VM. I recently had to build a poor man’s lightweight deployment solution. As there is noting yet in the Cloud I used the good Old Active Directory.

https://www.microsoft.com/en-us/cloud-platform/operations-management-suite

Microsoft Operations Management Suite

So Old Skool deployment by GPO as you could use this for any file or solution. and yes Powershell could also be handy but in this case the VM’s can be remote controlled as the remote Port is firewalled.

https://robertsmit.wordpress.com/

Create a GPO in my case “ Deploy-OMS”

Edit the GPO

image

and Go to the Computer Settings right Click on the folder choose New and folder 

image I use Update the folder Pick a name

Now the GPO Creates a folder on all targeted Machines I did place this GPO on top be carful with that!

 

image

Next same as on the Folder new file

image

In this new file I’ll use the Source and destination keep in mind the destination is on the machine where the agent needs to be.

imageimage

Do this for both files or if you have more then do this per file and If you want to limited this a bit there a a few options to do that.

the Apply once option and the Item-Level targeting based on your Query the GPO will Execute or Not. (this is not needed but it is optional )

image

As I used a CMD batch file you need to create one with your task

I used this one liner to install the OMS Agent use your own key and save this file as a CMD file

"c:\Package-deploy\MMASetup-AMD64.exe" /C:"setup.exe /qn ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=d69d8969-1111-4586-80f0-4a11bc111199c OPINSIGHTS_WORKSPACE_KEY=3zNTcggsfsfsdgjhkldsaOyQ0/dgMwsbdtrgQVPXqu== AcceptEndUserLicenseAgreement=1"

 

image image

In case you can’t find the Workspace ID check your portal and go to the settings Dashboard. and get your info.

image

But In case you want to do a little bit of Powershell.  OMS Powershell

First let me check if the Modules are installed if not Install the modules.

 

Find-Module AzureRM.OperationalInsights | Install-Module
Install-Module AzureRM.OperationalInsights -Scope CurrentUser
Get-Module AzureRm.OperationalInsights

https://robertsmit.wordpress.com/

Next we need to login to your Subscription

Login-AzureRmAccount
Get-AzureRmSubscription

If you have Multiple subscriptions pick the right one

Select-AzureRmSubscription –SubscriptionId

#Get your WorkSpace ID
Get-AzureRmOperationalInsightsWorkspace |select Name,ResourceGroupName,CustomerId

image

I use these two as variable

$ResourceGroupName = "OI-Default-East-US"
$WorkSpaceName = "clustermvp"

Now we get the key that we needed.

Get-AzureRmOperationalInsightsWorkspaceSharedKeys -ResourceGroupName $ResourceGroupName -Name $WorkSpaceName

image

See how easy Powershell is just take baby steps find the info and you will learn every day step by step.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

#MOM is back but with more and better options #MOMS Microsoft Operations Management Suite #OMS #MSIgnite #Azure

Announcing Microsoft Operations Management Suite. At Ignite Microsoft called the OMS this will be the mother of all Monitoring in and around the clouds. With a lot of Free options so why paying for Monitoring as you can see the state of your servers a a great view or custom dashboard. As OMS is a great too the get quick insight info and check if the Configuration is followed by the best practice guidance.

Microsoft Operations Management Suite
 

Operations Management Suite webpage :

The Microsoft Operations Management Suite is the IT management solution for the era of the cloud; a single solution, built to manage your entire enterprise environment regardless of location, operating system, hypervisors, or cloud provider choices. Operations Management Suite manages your Windows and Linux workloads across your datacenter, Azure, Amazon Web Services (AWS), OpenStack, and VMware environments, incorporating cloud-scale resources to unlock new, faster ways to solve and prevent problems building. Through this rich platform powered by Azure, Operations Management Suite delivers a unified IT management solution enabling you to:

  • Gain visibility across your hybrid enterprise cloud: Collect and analyze log data from virtually any source, and turn it into real-time operational intelligence.
  • Orchestrate complex and repetitive operations: Automate manual and frequently repeated tasks for more efficient and cost-effective hybrid cloud management.
  • Ensure data integrity and application availability: Backup and enable integrated recovery for all your servers and applications, no matter where they reside.
  • Secure your workloads, servers, and users: Identify malware status and missing system updates. Collect security-related events for analysis.

Microsoft Operations Management Suite

As you can see OMS is not only bound to the Microsoft cloud.

Complements your System Center investment to unleash new management scenarios. As System Center continues to drive faster time to value, OMS extends its capability to deliver a full hybrid management experience across any datacenter or cloud. Integrate with ease, and use the power of your System Center environment to access new management technologies faster.

 

Happy clustering

Robert Smit

follow me : @clusterMVP

https://robertsmit.wordpress.com

MVP Profile : http://mvp.microsoft.com