Archive for the ‘OMS’ Tag
When using System Center Configuration Manager current branch Build 1610, you can extend it to OMS and you don’t need the OMS portal or the Classic portal. All from the Azure Resource Manager portal.
When opening the SCCM Manager it maybe that the OMS Connector option is not available, This connector is currently in preview and therefore you need to enable this option by hand. All the SCCM servers need to have a OMS Agent (at least the service connection point site system role Server)

In the Option can be enabled in Consent to Use Pre-Release Features.
Navigate to the Administration workspace in your Config Manager console, expand Site Configuration and select Sites.
Click on the Hierarchy Settings tab at the top of your screen.
select the General tab, and read the disclaimer under the Consent to use Pre-Release features.
After that You need to enable the feature in update and servicing. Right Click and turn it on.

Close and open the Management console and the option is there.

But before we can use this we need to configure the Web Api in Azure Resource Manager.
Logon to the Azure Portal and go the the Azure Active Directory and check the App registrations and ADD a new APP

Create a New APP Pick a name and Sign-on URL as we are not using the url it does not Mather what name it is.

When created we can change some properties like a Custom Logo

Placing a custom logo is not needed but it looks nice when you search the app 

Next Step is creating a KEY for the APP SCCM is using this key to connect to OMS.

Just choose a Name and a valid certificate expire date and a value and check save else the key is not saved.
Now to give the application the proper permissions in OMS we need to give the APP rights on the Resource Group where OMS based.


Go to the OMS resource group and pick Access Control IAM and add a new USER.
Select the Contributor Role and add this to the Just create application.

Now the Azure part is ready the next step is Creating the Connector in SCCM.

In the Cloud Services open the OMS connection Click on “Create connection to Operations Management Suite”

Now you’ll need to enter the details of your Azure AD tenant (The name) and the Client ID and Key from the Azure AD Application created previously then click Verify to ensure the details are correct and finally click Next.
The Tenant is your Tenant azure Account.
the Application ID is the Client ID
and the Client Secret is the Key that you created.
If you are using the Classic portal you should use the Client ID


With this we are almost ready just pick the groups that you want to populated in the OMS site.



Selecting the Groups and you are ready. In the OMS site you can see the SCCM option connected.

It could take some time to connect to all the groups. and only Groups with an agent are connected to azure so empty groups will not be used or seen in OMS. the connector runs every 6 hours so just wait.
Type=ComputerGroup (GroupSource=”SCCM”) | measure count() by Group
Type=ComputerGroup GroupSource=SCCM

As I just set this up I did not have any results. and this is also the option for a Part 2 SCCM with OMS. But with the results you can create a custom dashboard to show the status.

Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Http://nl.linkedin.com/in/robertsmit
Google Me : https://www.google.nl
Bing Me : http://tinyurl.com/j6ny39w
LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog
Like this:
Like Loading...
when using VMM and deploying templates you not always want to place them in the default OU computers

But instead you want the Template Server 2016 places in OU TP5 and Hyper-V server directly placed in the OU Hyper-v.
Default there is no Gui item in the VMM console to do this. Say on the domain join tab place this VM in the Hyper-V OU

Instead of this you need to fill in the Value in Powershell. and Make a custom OU field.

You can Add Custom Properties as you like.
But first we are creating a Custom Guest OS profile this profile is the basis for the new build template and the Custom OU Placement.

Now that the Custom OS profile is in place we can check it there is a domain OU field
Get-SCGuestOSProfile

this shows us the field that we must fill in to get the right OU placement.
Get-SCGuestOSProfile |select Name

Get-SCGuestOSProfile -name "Guest OS 2016TP5"
Setting this in the OS profile
Get-SCGuestOSProfile -name "Guest OS 2016TP5" |Set-SCGuestOSProfile -DomainJoinOrganizationalUnit "OU=SCVMM16,DC=MVP,DC=local"

Now when I create a new template with this OS profile the VM is place in the SCVMM16 OU but it is not anywhere visible in the GUI.
and what if I have already build templates how to place them in Custom OU.
Yes you can do this. First I select all the templates to pick the right one
Get-SCVMTemplate |select name

$template = Get-SCVMTemplate | where {$_.Name -eq "ws2016G2"}
$template |select name

As I made the OU a variable :
$ou = "OU=SCVMM16,DC=MVP,DC=local"
Set-SCVMTemplate -VMTemplate $template -DomainJoinOrganizationalUnit $ou

So now the Template has a custom OU also.
But still there is no GUI property to show this. therefore go to the Template and create a Custom Property

go to the Manage custom Properties

Select Virtual Machine Template Properties give it a name “ custom OU “ and assign this to the template

Now that tis is assigned we can enable this in the GUI


But before we get any value in this field we need match this with the PowerShell Value DomainJoinOrganizationalUnit
Get-SCVMTemplate | %{ Set-SCCustomPropertyValue -InputObject $_ -CustomProperty $(Get-SCCustomProperty -Name "Custom OU") -Value $_.DomainJoinOrganizationalUnit }

As you can see there is an error this is because one template has no value.

Now With new deployments the VM’s will be places in the Custom OU

Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Http://nl.linkedin.com/in/robertsmit
Google Me : https://www.google.nl
Bing Me : http://tinyurl.com/j6ny39w
LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog
Like this:
Like Loading...
Like this:
Like Loading...
When you are testing Virtual Machine Manager (VMM) in System Center 2016 and you want to connect your Azure Subscription connected you need a Certificate and publish this is the admin portal. But as you thought he cool I can access all my resource groups VM’s and my old VM’s eh no VMM 2016 Preview can only manage the old VM’s.
To do this go to the VMM Console and Add Subscription

Easy as it is fill in the blanks
The Display name is the name you want and has no pointer to Azure
the Subscription ID is directly linked to Azure this is where your VM’s are

The Certificate we need to make this by hand.
First the Subscription ID go to the Azure.com portal and in the Subscriptions there is the ID.


Next we need a Certificate for a selfsigned certificate we can use Makecert but what fun is that .
Makecert.exe
https://robertsmit.wordpress.com/2015/05/01/manage-azure-with-system-center-2012-r2-virtual-machine-manager-scvmm-2012-r2-ur6/
Create a new self-signed certificate
You can use any tool available to create a self-signed certificate as long as they adhere to these settings:
- An X.509 certificate.
- Contains a private key.
- Created for key exchange (.pfx file).
- Subject name must match the domain used to access the cloud service. > You cannot acquire an SSL certificate for the cloudapp.net (or for any Azure related) domain; the certificate’s subject name must match the custom domain name used to access your application. For example, contoso.net, not contoso.cloudapp.net.
- Minimum of 2048-bit encryption.
- Service Certificate Only: Client-side certificate must reside in the Personal certificate store.
There are two easy ways to create a certificate on Windows, with the makecert.exe
utility, or IIS.
Makecert.exe
This utility has been deprecated and is no longer documented here. Please see this MSDN article for more information.
Create a Certificate with Powershell
there is a new command in powershell : New-SelfSignedCertificate
this is how we create a certificate quick and easy and I also exported the Certificate
#Create new Certificate
$cert = New-SelfSignedCertificate -Subject AzureVMM01 -FriendlyName AzureVMM01 -Type Custom -CertStoreLocation "Cert:\currentuser\My" -KeyExportPolicy ExportableEncrypted -KeyLength 2048 -KeySpec KeyExchange
#set password for PFX
$password = ConvertTo-SecureString -String "P@ssw0rd" -Force -AsPlainText
#Export Certificate
Export-PfxCertificate -Cert $cert -FilePath "c:\cert\scvmm16azure.pfx" -Password $password
# to use this certificate in the Azure management portal export it to a .cer file
Export-Certificate -Type CERT -Cert $cert -FilePath "c:\cert\scvmm16azure.cer"

Now that the Certificate is exported I can upload this in the Old Azure V1 portal

Go to Settings and Management Certificates at the bottom there is a upload link.

Select the fresh created Certificate with the right subscription ( must be the same as the ID picked earlier )

Now that the Azure Certificate is in place I check browse and see the local certificate also.

After these steps we see the subscription in the console

here you can manage the VM’s with out the Azure v1 Portal.
As the the Resource Group option is still unavailable you can Vote for this in the user https://systemcentervmm.uservoice.com
Add Azure Resource Manager Stack based Azure VMs to the subscription view
Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Http://nl.linkedin.com/in/robertsmit
Google Me : https://www.google.nl
Bing Me : http://tinyurl.com/j6ny39w
LMGTFY : http://lmgtfy.com/?q=robert+smit+mvp+blog
Like this:
Like Loading...
Suppose you want to deploy the OMS ( Microsoft Operations Management Suite ) Agent but you don’t want to do this by hand. Well Supposed you could run a Powershell script that installs the Agent. But in this case it is about deployments and a lot of VM’s are getting deployed and removed and you don’t want to put the Agent in the Template VM. I recently had to build a poor man’s lightweight deployment solution. As there is noting yet in the Cloud I used the good Old Active Directory.
https://www.microsoft.com/en-us/cloud-platform/operations-management-suite

So Old Skool deployment by GPO as you could use this for any file or solution. and yes Powershell could also be handy but in this case the VM’s can be remote controlled as the remote Port is firewalled.

Create a GPO in my case “ Deploy-OMS”
Edit the GPO

and Go to the Computer Settings right Click on the folder choose New and folder
I use Update the folder Pick a name
Now the GPO Creates a folder on all targeted Machines I did place this GPO on top be carful with that!

Next same as on the Folder new file

In this new file I’ll use the Source and destination keep in mind the destination is on the machine where the agent needs to be.


Do this for both files or if you have more then do this per file and If you want to limited this a bit there a a few options to do that.
the Apply once option and the Item-Level targeting based on your Query the GPO will Execute or Not. (this is not needed but it is optional )

As I used a CMD batch file you need to create one with your task
I used this one liner to install the OMS Agent use your own key and save this file as a CMD file
"c:\Package-deploy\MMASetup-AMD64.exe" /C:"setup.exe /qn ADD_OPINSIGHTS_WORKSPACE=1 OPINSIGHTS_WORKSPACE_ID=d69d8969-1111-4586-80f0-4a11bc111199c OPINSIGHTS_WORKSPACE_KEY=3zNTcggsfsfsdgjhkldsaOyQ0/dgMwsbdtrgQVPXqu== AcceptEndUserLicenseAgreement=1"

In case you can’t find the Workspace ID check your portal and go to the settings Dashboard. and get your info.

But In case you want to do a little bit of Powershell. OMS Powershell
First let me check if the Modules are installed if not Install the modules.
Find-Module AzureRM.OperationalInsights | Install-Module
Install-Module AzureRM.OperationalInsights -Scope CurrentUser
Get-Module AzureRm.OperationalInsights

Next we need to login to your Subscription
Login-AzureRmAccount
Get-AzureRmSubscription
If you have Multiple subscriptions pick the right one
Select-AzureRmSubscription –SubscriptionId
#Get your WorkSpace ID
Get-AzureRmOperationalInsightsWorkspace |select Name,ResourceGroupName,CustomerId

I use these two as variable
$ResourceGroupName = "OI-Default-East-US"
$WorkSpaceName = "clustermvp"
Now we get the key that we needed.
Get-AzureRmOperationalInsightsWorkspaceSharedKeys -ResourceGroupName $ResourceGroupName -Name $WorkSpaceName

See how easy Powershell is just take baby steps find the info and you will learn every day step by step.
Follow Me on Twitter @ClusterMVP
Follow My blog https://robertsmit.wordpress.com
Linkedin Profile Http://nl.linkedin.com/in/robertsmit
Google Me : https://www.google.nl
Bing Me : http://tinyurl.com/j6ny39w
Like this:
Like Loading...