Saturday, March 10, 2012

Monitoring Windows Server 8 / 2012 BETA with SCOM 2012 Part 2

In Part 1 of this two part blog series, I walked through the process of installing the Windows Server 8 BETA onto a virtual Hyper-V machine. In this post, I'll describe how to install the SCOM 2012 agent onto it and show it being managed and monitored within the SCOM console.

Before you start on the SCOM side of things, a couple of points to note. The Windows Server 8 machine is best off being a member of an Active Directory domain as it avoids having to manually install the SCOM agent.

Note: It is a pre-requisite to have the .NET Framework 3.5 feature installed first before you go and install the agent. Quite a few people have been commenting (see below) on coming across errors with agent deployment and the solution is to install this feature.

Post Update 12.03.2012: A good friend of mine (whose technical opinion I've a lot of respect for), commented to me that there's no point in having this shiny new secure operating system if you're gonna go disabling the windows firewall and UAC on it as it wouldn't be something we'd do in a production environment anyway for obvious security reasons. I totally agree with him and put my initial suggestion of disabling both these security features down to a combination of eagerness to get the solution working and tiredness when I orginally wrote up the post. As a result, I've amended the following sections below that state there's a need to turn off the firewall and I've added in the correct steps to take to get it working in a secure and firewalled environment.

When I tried to initially install the SCOM agent on a vanilla install of Windows Server 8 (with the server in a domain)it failed. I had to turn of User Account Control first and then disable the Windows Firewall in the Windows Server 8 OS. The screens below show the UAC and firewall settings needed to make the agent install work. The reason for this failure was the secure out-of-box configuration of the windows firewall and some modifications need to be made to allow the agent to install.

You can leave User Account Control (UAC) turned on as it doesn't affect the agent deployment. The screens below show the windows firewall enabled and the default UAC setting within the Windows Server 8 Operating System.

Firewall turned on


UAC configured


To configure the Windows Server 8 firewall to allow the specific ports for SCOM 2012, open the Windows Firewall Advanced Configuration window from the control panel and then right mouse click on Inbound Rules to open the New Inbound Rule Wizard


Select Port from the first screen, then click Next


Select TCP and then type in the specific ports that you want to allow - in this example, I've used 5723,5724,80 and 51909 as I will most likely be installing the SCOM Console on this server at some point so want to provision for that now. Click Next once you're finished your selection.


Select All the connection, then click Next


Choose whether or not the rule applies to your domain, private or public profiles, then click Next


Type a description, then click Finish


At this point, you have your inbound rule created, but if you run the SCOM Agent installer wizard, you will receive an error message like the one below


The final step you need to take here (and this is what catches people out when trying to configure this-I know it caught me!), is to enable the already created rules for File and Print Sharing and WMI from within the Firewall Console. Although these rules are already existent in your firewall configuration, they are disabled by default and need to be turned on for the SCOM push installer to actually run.

The screen below shows the File and Print Sharing rules to be enabled


This screen shows the WMI rules that need to be enabled


Note: If you want a full list of all the required ports that SCOM needs, check out this link for more information-paying particular attention to the 'Operations Manager Feature Firewall Exceptions' section: http://technet.microsoft.com/en-us/library/hh205990.aspx

Once you have UAC and the firewall turned off configured the firewall with the relevant ports allowed, you can then start the installation of the SCOM agent.

To begin installing the SCOM agent, click on the Administration tab in the SCOM console and then select the 'Discovery Wizard' option located at the menu on the left hand side.

This will open up the 'Computer and Device Management Wizard' as shown below. Select Windows Computers and click Next


Leave the discovery at Servers and Clients and choose your SCOM management server, then click Next


Either type the name of your Windows Server 8 or browse for it in the following screen, then click Next


Type the credentials for a domain admin account and then click Next


If the credentials you entered are correct and your firewall and UAC are disabled, you should see the computer object being discovered by the wizard. Just click on the server name and then select Next to continue


Leave the settings in the screen below as they are and click Finish


The Agent Management Task Status window should display a Success message if all went well with the deployment as below


If we wait a few minutes for discovery, we can then see the Windows Server 8 object in the Operations Manager Agent Managed console view as below


We can also see it in the Monitoring tab of the console showing a health state (hopefully!)


To demonstrate some of the custom tasks I have running against the Windows Server 8 agent, I need to enable the Remote Desktop Protocol (RDP) on the new server. This can be enabled from the new Server Manager window by clicking on the 'Remote Desktop' link as below


We can now enable RDP for the new Windows Server 8 as shown


Once RDP is enabled on the server, back in the SCOM console at the Monitoring tab, if I click on an alert that is relevant to the new Windows Server 8 machine, I will see my custom '01-Run Remote Desktop' task in the Actions pane on the right hand side. If I click on the alert, then select this action,


I should get prompted for my credentials to initiate an RDP session and then it'll logon to the new server as the screen below shows


Obviously, there will be a number of things not working on this agent and when we go into the Health Explorer for it, we can see that all of the Operating System rollups are in a Not Monitored state. This is to be expected when we haven't yet got a management pack released for Windows Server 8.



This concludes the installation of Windows Server 8 and the deployment of the SCOM 2012 agent to it. Hopefully you've enjoyed this short exploratory series!

9 comments:

  1. As a Dell employee I think your post is really intersting. I think windows servers are more powerful versions of their desktop operating system counterparts and are designed to more efficiently handle corporate networking, Internet/intranet hosting, databases, enterprise-scale messaging and similar functions.

    ReplyDelete
  2. Just to inform you, for successful agent installation on server 8, a .net 3.5 feature is required, otherwise it just fails the installation with error that it cannot install performance counters.

    ReplyDelete
    Replies
    1. Good point Pixa,

      It's nearly standard practice to always install .NET onto your servers these days but you're right in saying that if the .NET Framework isn't present, then the agent deployment will fail.

      Thanks!

      Kevin.

      Delete
    2. Thank you. I struggled with the installation for a few hours. Installed .NET 3.5 and it worked. The error isn't very good and searching on the error code doesn't give this fix.

      Delete
    3. Thanks for that. This saved my day.
      Gunter

      Delete
    4. Thanks Gunter - I've added in an additional note to the post as I'm sure you guys aren't the only ones having this problem!

      Kevin.

      Delete
    5. Hello Kevin.

      I can't install SCOM 2012 R2 agent on Windows Server 2012R2.
      First i tried to install it from Console but failed with "Access denied". I resolve that.
      Second installation from Console failed with "Fatal error during install".
      I tried to install agent manual on server but it return error.
      The error is:25211.Failed to install performance counters (the parameter is incorrect).
      After some investigation i found out that .NET 3.5 is required.Install that, restart server but still unable to install agent manual. Same error.
      Tried almost everything what could be found on web, but nothing helps.
      I can install agent only with NOAPM switch.
      Any suggestions what could be the problem?
      Thanks for help.

      Delete
    6. Hi Johan,

      There should be no blockers to installing the SCOM 2012 R2 agent onto a Windows Server 2012 R2 server. If the manual deployment is failing, then you can rule out any firewall or network issues.

      Is your WS2012R2 server physical? If so, you might have some corruption on the OS disk. If it's virtual, you could encounter corruption too.

      I'd recommend trying it on a completely new build of Windows Server 2012 R2 (not from a previously built VM template) and if it deploys fine there, then you'll know the original server has corruption or disk problems. If it doesn't deploy to a brand new WS2012R2 build, then I'd suggest re-downloading the SCOM media again as there might be an issue there (or even try this first).

      HTH,

      Kevin.

      Delete
  3. Thanks for posting about the .NET 3.5 install; the error code led me down the wrong path of investigation for several hours.

    ReplyDelete