Connect System Center Configuration Manager to OMS sync device collection data #MSOMS #sysctr #Azure #ARM

When using System Center Configuration Manager current branch Build 1610, you can extend it to OMS and you don’t need the OMS portal or the Classic portal. All from the Azure Resource Manager portal.

When opening the SCCM Manager it maybe that the OMS Connector option is not available, This connector is currently in preview and therefore you need to enable this option by hand. All the SCCM servers need to have a OMS Agent (at least the service connection point site system role Server)

In the Option can be enabled in Consent to Use Pre-Release Features.

Navigate to the Administration workspace in your Config Manager console, expand Site Configuration and select Sites.

Click on the Hierarchy Settings tab at the top of your screen.

select the General tab, and read the disclaimer under the Consent to use Pre-Release features.

After that You need to enable the feature in update and servicing. Right Click and turn it on.

Close and open the Management console and the option is there.

But before we can use this we need to configure the Web Api in Azure Resource Manager.

Logon to the Azure Portal and go the the Azure Active Directory and check the App registrations and ADD a new APP

Create a New APP Pick a name and Sign-on URL as we are not using the url it does not Mather what name it is.

When created we can change some properties like a Custom Logo

Placing a custom logo is not needed but it looks nice when you search the app Winking smile

Next Step is creating a KEY for the APP SCCM is using this key to connect to OMS.

Just choose a Name and a valid certificate expire date and a value and check save else the key is not saved.

Now to give the application the proper permissions in OMS we need to give the APP rights on the Resource Group where OMS based.

Go to the OMS resource group and pick Access Control IAM and add a new USER.

Select the Contributor Role and add this to the Just create application.

Now the Azure part is ready the next step is Creating the Connector in SCCM.

In the Cloud Services open the OMS connection Click on “Create connection to Operations Management Suite”

Now you’ll need to enter the details of your Azure AD tenant (The name) and the Client ID and Key from the Azure AD Application created previously then click Verify to ensure the details are correct and finally click Next.

The Tenant is your Tenant azure Account.

the Application ID is the Client ID

and the Client Secret is the Key that you created.

If you are using the Classic portal you should use the Client ID

With this we are almost ready just pick the groups that you want to populated in the OMS site.

Selecting the Groups and you are ready. In the OMS site you can see the SCCM option connected.

It could take some time to connect to all the groups. and only Groups with an agent are connected to azure so empty groups will not be used or seen in OMS. the connector runs every 6 hours so just wait.

Type=ComputerGroup (GroupSource=”SCCM”) | measure count() by Group

Type=ComputerGroup GroupSource=SCCM

As I just set this up I did not have any results. and this is also the option for a Part 2 SCCM with OMS. But with the results you can create a custom dashboard to show the status.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

System Center 2016 VMM Place template VM in Custom OU #sysctr #Cloud #Deploy #VM

when using VMM and deploying templates you not always want to place them in the default OU computers

But instead you want the Template Server 2016 places in OU TP5 and Hyper-V server directly placed in the OU Hyper-v.

Default there is no Gui item in the VMM console to do this. Say on the domain join tab place this VM in the Hyper-V OU

Instead of this you need to fill in the Value in Powershell. and Make a custom OU field.

You can Add Custom Properties as you like.

But first we are creating a Custom Guest OS profile this profile is the basis for the new build template and the Custom OU Placement.

Now that the Custom OS profile is in place we can check it there is a domain OU field

Get-SCGuestOSProfile

this shows us the field that we must fill in to get the right OU placement.

Get-SCGuestOSProfile |select Name

Get-SCGuestOSProfile -name "Guest OS 2016TP5"

Setting this in the OS profile

Get-SCGuestOSProfile -name "Guest OS 2016TP5" |Set-SCGuestOSProfile -DomainJoinOrganizationalUnit "OU=SCVMM16,DC=MVP,DC=local"

Now when I create a new template with this OS profile the VM is place in the SCVMM16 OU but it is not anywhere visible in the GUI.

and what if I have already build templates how to place them in Custom OU.

Yes you can do this. First I select all the templates to pick the right one

Get-SCVMTemplate |select name

$template = Get-SCVMTemplate | where {$_.Name -eq "ws2016G2"}
$template |select name

As I made the OU a variable :

$ou = "OU=SCVMM16,DC=MVP,DC=local"

Set-SCVMTemplate -VMTemplate $template -DomainJoinOrganizationalUnit $ou

So now the Template has a custom OU also.

But still there is no GUI property to show this. therefore go to the Template and create a Custom Property

go to the Manage custom Properties

Select Virtual Machine Template Properties give it a name “ custom OU “ and assign this to the template

Now that tis is assigned we can enable this in the GUI

But before we get any value in this field we need match this with the PowerShell Value DomainJoinOrganizationalUnit

Get-SCVMTemplate | %{ Set-SCCustomPropertyValue -InputObject $_ -CustomProperty $(Get-SCCustomProperty -Name "Custom OU") -Value $_.DomainJoinOrganizationalUnit }

As you can see there is an error this is because one template has no value.

Now With new deployments the VM’s will be places in the Custom OU

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

System Center 2016 VMM Current Updates installation | Cumulative Update 1 & 2

When testing with Windows Server 2016 and system Center 2016 you need to install the CU1 and CU2 update to get the best results. there are several fixes in these updates.

Issue 1: As a Delegated Administrator (DA), when you try to configure the load balancer on the Network Controller Service, the service crashes with a NULL pointer exception.

Issue 2: When you try to configure VPN connections that are running on a Network Controller-managed gateway, VMM does not display the VPNServerAddress object on the VMM Console.

Issue 6: Creating Shielded VMs on Guarded Hosts on an untrusted network or on a perimeter network fails.

To get more info on all the fixes and solutions and read the KB you may need to change something in the Database! So no hit and run on the System Center cumulative Updates.

As you can see only 86 days left on this evaluation.

After the updates make sure the Hyper-v servers have the latest Agent version!

How to obtain and install CU1 for System Center 2016 VMM Technical Preview 5

Download information

Update packages for VMM are available by manual download.

Manual download of the update packages

Go to the following websites to manually download the update packages from the Microsoft Download Center:

Download the Virtual Machine Manager Server update package now.

Download the Administrator Console (amd64) update package now.

Download the Administrator Console (i386) update package now.

Installation instructions

How to obtain and install Cumulative Update 2 for System Center 2016 Virtual Machine Manager Technical Preview 5

Download information

Update packages for Virtual Machine Manager are available by manual download.
Manual download of the update packages

Go to the following websites to manually download the update packages from the Microsoft Download Center:

Download Download the Server update package now.

Download the Administrator Console (amd64) update package now.

Download the Administrator Console (i386) update package now.

Add your Azure Subscription v1 only to System Center Virtual Machine manager 2016 #SCVMM #Azure #MSCloud

When you are testing Virtual Machine Manager (VMM) in System Center 2016 and you want to connect your Azure Subscription connected you need a Certificate and publish this is the admin portal. But as you thought he cool I can access all my resource groups VM’s and my old VM’s eh no VMM 2016 Preview can only manage the old VM’s.

To do this go to the VMM Console and Add Subscription

Easy as it is fill in the blanks

The Display name is the name you want and has no pointer to Azure

the Subscription ID is directly linked to Azure this is where your VM’s are

The Certificate we need to make this by hand.

First the Subscription ID go to the Azure.com portal and in the Subscriptions there is the ID.

Next we need a Certificate for a selfsigned certificate we can use Makecert but what fun is that .

Makecert.exe

https://robertsmit.wordpress.com/2015/05/01/manage-azure-with-system-center-2012-r2-virtual-machine-manager-scvmm-2012-r2-ur6/

Create a new self-signed certificate

You can use any tool available to create a self-signed certificate as long as they adhere to these settings:

An X.509 certificate.
Contains a private key.
Created for key exchange (.pfx file).
Subject name must match the domain used to access the cloud service. > You cannot acquire an SSL certificate for the cloudapp.net (or for any Azure related) domain; the certificate’s subject name must match the custom domain name used to access your application. For example, contoso.net, not contoso.cloudapp.net.
Minimum of 2048-bit encryption.
Service Certificate Only: Client-side certificate must reside in the Personal certificate store.

There are two easy ways to create a certificate on Windows, with the makecert.exe utility, or IIS.

Makecert.exe

This utility has been deprecated and is no longer documented here. Please see this MSDN article for more information.

Create a Certificate with Powershell

there is a new command in powershell : New-SelfSignedCertificate

this is how we create a certificate quick and easy and I also exported the Certificate

#Create new Certificate
$cert = New-SelfSignedCertificate -Subject AzureVMM01 -FriendlyName AzureVMM01 -Type Custom -CertStoreLocation "Cert:\currentuser\My" -KeyExportPolicy ExportableEncrypted -KeyLength 2048 -KeySpec KeyExchange

#set password for PFX
$password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText

#Export Certificate
Export-PfxCertificate -Cert $cert -FilePath "c:\cert\scvmm16azure.pfx" -Password $password

# to use this certificate in the Azure management portal export it to a .cer file
Export-Certificate -Type CERT -Cert $cert -FilePath "c:\cert\scvmm16azure.cer"

Now that the Certificate is exported I can upload this in the Old Azure V1 portal

Go to Settings and Management Certificates at the bottom there is a upload link.

Select the fresh created Certificate with the right subscription ( must be the same as the ID picked earlier )

Now that the Azure Certificate is in place I check browse and see the local certificate also.

After these steps we see the subscription in the console

here you can manage the VM’s with out the Azure v1 Portal.

As the the Resource Group option is still unavailable you can Vote for this in the user https://systemcentervmm.uservoice.com

Add Azure Resource Manager Stack based Azure VMs to the subscription view

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Bing Me : http://tinyurl.com/j6ny39w

LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog

Install the OMS agent using GPO automation with Powershell OMS WorkSpace lookup #MSOMS #Azure

Suppose you want to deploy the OMS ( Microsoft Operations Management Suite ) Agent but you don’t want to do this by hand. Well Supposed you could run a Powershell script that installs the Agent. But in this case it is about deployments and a lot of VM’s are getting deployed and removed and you don’t want to put the Agent in the Template VM. I recently had to build a poor man’s lightweight deployment solution. As there is noting yet in the Cloud I used the good Old Active Directory.

https://www.microsoft.com/en-us/cloud-platform/operations-management-suite

So Old Skool deployment by GPO as you could use this for any file or solution. and yes Powershell could also be handy but in this case the VM’s can be remote controlled as the remote Port is firewalled.

Create a GPO in my case “ Deploy-OMS”

Edit the GPO

and Go to the Computer Settings right Click on the folder choose New and folder

I use Update the folder Pick a name

Now the GPO Creates a folder on all targeted Machines I did place this GPO on top be carful with that!

Next same as on the Folder new file

In this new file I’ll use the Source and destination keep in mind the destination is on the machine where the agent needs to be.

Do this for both files or if you have more then do this per file and If you want to limited this a bit there a a few options to do that.

the Apply once option and the Item-Level targeting based on your Query the GPO will Execute or Not. (this is not needed but it is optional )

As I used a CMD batch file you need to create one with your task

I used this one liner to install the OMS Agent use your own key and save this file as a CMD file

"c:\Package-deploy\MMASetup-AMD64.exe" /C:"setup.exe /qn ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=d69d8969-1111-4586-80f0-4a11bc111199c OPINSIGHTS_WORKSPACE_KEY=3zNTcggsfsfsdgjhkldsaOyQ0/dgMwsbdtrgQVPXqu== AcceptEndUserLicenseAgreement=1"

In case you can’t find the Workspace ID check your portal and go to the settings Dashboard. and get your info.

But In case you want to do a little bit of Powershell. OMS Powershell

First let me check if the Modules are installed if not Install the modules.

Find-Module AzureRM.OperationalInsights | Install-Module
Install-Module AzureRM.OperationalInsights -Scope CurrentUser
Get-Module AzureRm.OperationalInsights

Next we need to login to your Subscription

If you have Multiple subscriptions pick the right one

Select-AzureRmSubscription –SubscriptionId

#Get your WorkSpace ID
Get-AzureRmOperationalInsightsWorkspace |select Name,ResourceGroupName,CustomerId

I use these two as variable

$ResourceGroupName = "OI-Default-East-US"
$WorkSpaceName = "clustermvp"

Now we get the key that we needed.

Get-AzureRmOperationalInsightsWorkspaceSharedKeys -ResourceGroupName $ResourceGroupName -Name $WorkSpaceName

See how easy Powershell is just take baby steps find the info and you will learn every day step by step.