SCOM Datawarehouse-Event31551 Failed to store data in the Data Warehouse

March 15, 2017

After I updated the SQL management pack to latest release we did saw below error related to SCOM DW system

Failed to store data in the Data Warehouse. The operation will be retried. Exception ‘SqlException’: Login failed for user ‘SCOMAccount’

image

since the latest SQL management pack update there are now new SQL RunAs profiles and one which is called “Data Warehouse SQL Server Authentification Account”. In my case the SCOM Action account was entered here and this is no permission on SQL to login so above error is correct. adding the right account fixed the issue and DW was back healthy state and data now gets pushed out of the OperationalDB to DW

image

image

again and again but reading the SQL management pack is a must for having a healthy SQL monitoring which is usually business critical databases

Microsoft System Center Management Pack for SQL Server
https://www.microsoft.com/en-US/download/details.aspx?id=10631

…Stay tuned and happy SCOM’ing!

SCOM Reporting Services-rslogon failed

March 15, 2017

After you change password for your service accounts for SCOM you can hit below issue if you have custom reports

image

There are few areas where passwords has to be updated in SCOM. beside the RunAs accounts you also have to update SQL reporting services credentials stored on your SQL server. Run the SQL reporting services configuration manager to update the credentials for RS (see below article to get more detailed steps)

image

If you still hit report error like below, highly like you have stored separate credentials credentials to accessing data sources. so I verified the new RunAsProfiles for SQL and make sure password is correct. Still I couldn’t get my reports. In this environment we also have lots of own custom reports which have do store own credentials for accessing databases.

so lets verify this Smile 

Open http://SCOMRS/Reports and select the report which failed above with “rsLogonFailed” –> Data Sources –> Test Connection

image

Gotcha! this report is using separate credentials to access databases. if possible, you should avoid this and use the shared datasource option for your reports

image

as a key in SCOM, review the management guide for SQL to get better understanding around security. sometimes the permissions to monitor SQL instances have to be granular and restricted to the minimum to monitor health of an SQL server (a.e. highly secure networks like DMZ). I do highly recommend to checkout the SQL server management pack guide especially since the latest release there are new RunAs profiles which allow better and granular control

Microsoft System Center Management Pack for SQL Server
https://www.microsoft.com/en-US/download/details.aspx?id=10631

Below are some useful resources related to this topic

How to Change the Windows Service Account Password for the SQL Server Reporting Service
https://technet.microsoft.com/en-us/library/hh456426(v=sc.12).aspx

How to Change the Credentials for the Action Account
https://technet.microsoft.com/en-us/library/hh456432(v=sc.12).aspx

How to Change Credentials for the System Center Management Configuration service and System Center Data Access service
https://technet.microsoft.com/en-us/library/hh456438(v=sc.12).aspx

How to Change the Reporting Server Execution Account Password
https://technet.microsoft.com/en-us/library/hh456428(v=sc.12).aspx

Windows Server 2016 Scalability

August 26, 2016

For those of you who haven’t been able to keep up with all of the new scenarios and features Windows 2016 is introducing, no worries! here are just a few of the top scenarios and features I have been asked about in Windows Server 2016

image

Scale Out File Server with Storage Spaces Direct (RDMA) for Hyper-converged infrastructure

this will be a tradition broker! Windows Server 2016 Datacenter introduces Storage Spaces Direct, which enables building highly available (HA) storage systems with local storage. This is a significant step forward in Microsoft Windows Server software-defined storage (SDS), as it simplifies the deployment and management of SDS systems and also unlocks the use of new classes of disk devices, such as SATA and NVMe disk devices, that were previously not possible with clustered Storage Spaces with shared disks. Windows Server 2016 provides a hyper-converged solution by allowing the same set of servers to provide SDS through Storage Spaces Direct (S2D), and also by serving as the hosts for virtual machines using Hyper-V.

For more information on this area, please reference Storage Spaces Direct in Windows Server 2016 Technical Preview.

Shielded virtual machines

Virtualization security is a major investment area in Windows Server 2016 Hyper-V. In addition to protecting hosts or other virtual machines from a virtual machine running malicious software, we also need to protect virtual machines from a compromised host. Since a virtual machine is just a file, we need to protect it from attacks via the storage system, the network, or while it is backed up. This is a fundamental need for every virtualization platform today, whether it’s Hyper-V, VMware, or any other. Quite simply, if a virtual machine gets out of an organization (either maliciously or accidentally) that virtual machine can be run on any other system. Protecting high value assets in your organization such as domain controllers, sensitive file servers, and HR systems is a top priority, which is why we’ve made this scenario a top priority in Windows Server 2016. Quite simply, nothing like it exists in the market.

Containers

Windows Containers provide operating system-level virtualization that allows multiple isolated applications to be run on a single system. Two different types of container runtime are included with the feature, each with a different degree of application isolation. Windows Server Containers achieve isolation through namespace and process isolation while Hyper-V Containers encapsulate each container in a lightweight virtual machine. Curious to learn more? Be sure to reference this documentation piece on Windows Containers

stay tuned and happy testing… more to come soon on that end Winking smile

F5 BIGIP–java.lang.OutOfMemoryError

August 19, 2016

BIGIP one of the best hardware load balancers I used but sometimes the default configuration can’t fit with the way how you do utilize the BIGIP. java.lang.OutOfMemoryError – To mitigate receiving this message, you can use the provision.tomcat.extramb database variable to increase the maximum amount of Java virtual memory available to the tomcat process

Note: F5 recommends an initial increase of 20 MB, but it may not resolve all instances of the error message. If the java.lang.OutOfMemoryError errors continue, repeat this procedure, gradually increasing the value of <MB> until you no longer view the error message

https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9719.html

Impact of procedure: Allocating additional memory to Apache Tomcat may impact the performance and stability of the BIG-IP system. You should perform this procedure only when directed by F5 Support after considering the impact to Linux host memory resources.

image

Azure Powershell Part 2-Create VM

June 7, 2016

in previous post “Azure Powershell Part 1” we setup and establish a connection to Azure through Powershell, now we try to create a new VM in Azure

after we established the connection and entered relevant subscription information my your session you will be able to run from here

Step 1: Determine the ImageFamily
First you need to determine the ImageFamily or Label value for the specific image corresponding to the Azure virtual machine you want to create. You can get the list of available ImageFamily values with this command.

there is a bunch of Images out there and total list of ImageFamily you can get with Get-AzureVMImage | select ImageFamily –Unique

image

Once you identified the image you want to deploy, copy the ImageFamily name for next step

$family="<ImageFamily value>"
$image=Get-AzureVMImage | where { $_.ImageFamily -eq $family } | sort PublishedDate -Descending | select -ExpandProperty ImageName -First 1

In my scenario I will use “Windows Server 2012 R2 Datacenter” please pay attention

image

Please note in some cases, the image name is in the Label property instead of the ImageFamily value. If you didn’t find the image that you are looking for using the ImageFamily property, list the images by their Label property with this command –> Get-AzureVMImage | select Label –Unique

Step 2: Build your command set for VMDeploy
Build the rest of your command set by copying the appropriate set of blocks below into your new text file or the ISE and then filling in the variable values and removing the < and > characters

$vmname="<machine name>"
$vmsize="<Specify one: Small, Medium, Large, ExtraLarge, A5, A6, A7, A8, A9>"
$vm1=New-AzureVMConfig -Name $vmname -InstanceSize $vmsize -ImageName $image

the value vmsize basically defines the instance class with which you classify the hardware properties of your VM. more details on “Sizes for Cloud services” 

now I want to connect this VM to a existing VMSubnet and assign also a static IP. Get-AzureVNetConfig returns back a XML structure, to get more data you can use fl to see what contains inside the XML

image

here I see I have a VMSubnet called “MyLabNetwork” and CIDR is 10.0.0.0/8 (Class A). checking which IPs are available you can use Test-AzureStaticVNetIP run following query

image

good state, so we now know VMSubnet name, subnet range and we confirmed the IP is available

so all together total script to deploy new VM would look like this

###Step1 Add your Account
$userName = "<your organizational account user name>"
$securePassword = ConvertTo-SecureString -String "<your organizational account password>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword)
Add-AzureAccount -Credential $cred
###Step1 END

###Step2 Set your subscription and storage account
$subscr="<subscription name>"
$staccount="<storage account name>"
Select-AzureSubscription -SubscriptionName $subscr –Current
Set-AzureSubscription -SubscriptionName $subscr -CurrentStorageAccountName $staccount

###Step2 END

###Step3 – Determine ImageFamily and Build VMDeploy CommandSet
$vmname="MyLAB2012R2"
$family="Windows Server 2012 R2 Datacenter"
$vmsize="Small"
$vm1=New-AzureVMConfig -Name $vmname -InstanceSize $vmsize -ImageName $image
$cred=Get-Credential -Message "Type the name and password of the local administrator account."

$vm1 | Add-AzureProvisioningConfig -Windows -AdminUsername $cred.Username -Password $cred.GetNetworkCredential().Password
Test-AzureStaticVNetIP –VNetName "MyLabNetwork" –IPAddress 10.0.0.50
$vm1 | Set-AzureStaticVNetIP -IPAddress 10.0.0.50
$vm1 | Set-AzureSubnet -SubnetNames "MyLabNetwork"

###Step3 END

image 
image

till here, we “only” passed the values but didn’t really create the VM, the final command New-AzureVM is required to kick on the real deployment in Azure

New-AzureVM –ServiceName "<short name of the cloud service>" -VMs $vm1

image

Once deployment started you will see it in your Azure dashboard

image

image

more parameters are available for New-AzureVM commandlet here

Parameter Set: ExistingService

New-AzureVM -ServiceName <String> -VMs <PersistentVM[]> [-DeploymentLabel <String> ] [-DeploymentName <String> ] [-DnsSettings <DnsServer[]> ] [-InternalLoadBalancerConfig <InternalLoadBalancerConfig> ] [-ReservedIPName <String> ] [-VNetName <String> ] [-WaitForBoot] [ <CommonParameters>]

Parameter Set: CreateService

New-AzureVM -ServiceName <String> -VMs <PersistentVM[]> [-AffinityGroup <String> ] [-DeploymentLabel <String> ] [-DeploymentName <String> ] [-DnsSettings <DnsServer[]> ] [-InternalLoadBalancerConfig <InternalLoadBalancerConfig> ] [-Location <String> ] [-ReservedIPName <String> ] [-ReverseDnsFqdn <String> ] [-ServiceDescription <String> ] [-ServiceLabel <String> ] [-VNetName <String> ] [-WaitForBoot] [ <CommonParameters>]

Password need to comply with following security standards else deployment will fail because of password policy, also only following usernames “Admin1, Administrator, Admin”"…” can be used. to use custom admin names you need to use Add-AzureProvisioningConfig -Windows -AdminUsername "<Custom Admin Username>" -Password <YOURPASSWORD>

if you modify $creds you have to pass that again to VMs config

$vm1 | Add-AzureProvisioningConfig -Windows -AdminUsername "<Custom Admin Username>" -Password <YOURPASSWORD>

image

Quick Tipp, in case you run into any issues during deployment of VM you can use –debug which helps to determine why deployment is failing to proceed

Windows Azure Management Cmdlets
http://msdn.microsoft.com/en-us/library/windowsazure/jj152841

Sizes for Cloud Services
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-sizes-specs/

Azure Limits and Quotas
https://azure.microsoft.com/en-us/documentation/articles/azure-subscription-service-limits/

Should I choose cloud services or something else?
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-choose-me/

there are tons of options available when you are creating Virtual Machine in Azure like a.e Domain Join, additional disk, StaticIP (DIP) for more details around configuration possibilities check out the commandlet “Add-AzureProvisioningConfig”

Azure Powershell Part 1-Setup and Start

June 7, 2016

Using Powershell in Azure is a powerful and quick way to script and automate frequent coming tasks. starting with Azure Powershell there some pre-requisites, I won’t go into much details here but basically how to load / install the Azure Powershell module can be found here

Once you successfully installed Azure Powershell on your machine you can do have a bunch of new commands available

image

To get a better overview of all commandlets related to a specific module you can use a.e. Get-Command -Module Azure

image

Now we have to connect to Azure and set up subscription data so we have a connection to Azure

Step 1: Add your account
1.At the PowerShell prompt, type Add-AzureAccount and click Enter.
2.Type in the email address associated with your Azure subscription and click Continue.
3.Type in the password for your account.
4.Click Sign in.

image

you can do this interactively or you can script that

$cred = Get-Credential 
Add-AzureAccount -Credential $cred

image

or to automate this in a script to avoid pop-up you can also use

$userName = "<your organizational account user name>" $securePassword = ConvertTo-SecureString -String "<your organizational account password>" -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential($userName, $securePassword) Add-AzureAccount -Credential $cred

Note: take security considerations into account when hard coding service accounts / passwords. consider decrypt/encrypt password in your scrip runtime

Step 2: Set your subscription and storage account

Set your Azure subscription and storage account by running these commands at the Windows PowerShell command prompt. Replace everything within the quotes, including the < and > characters, with the correct names.

$subscr="<subscription name>" $staccount="<storage account name>" Select-AzureSubscription -SubscriptionName $subscr –Current Set-AzureSubscription -SubscriptionName $subscr -CurrentStorageAccountName $staccount

You can get the correct subscription name from the SubscriptionName property of the output of the Get-AzureSubscription command. You can get the correct storage account name from the Label property of the output of the Get-AzureStorageAccount command after you run the Select-AzureSubscription command

Microsoft Azure

June 7, 2016

Microsoft Azure, formerly known as Windows Azure, is Microsoft’s public cloud computing platform. It provides a range of cloud services, including those for compute, analytics, storage and networking. Users can pick and choose from these services to develop/test/stage and scale up/down new applications, or run existing applications, in the public cloud.

Microsoft Azure is widely considered both a Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) offering.

I’m fascinated how fast and how quick the offerings are growing inside Microsoft Azure and also what fancy things you can do on a really easy and simple way. especially looking around the network section in Azure it is amazing how you can setup complex network scenarios without having deep networking knowledge.

Below are some quick links around Azure and I will start blogging around Azure Powershell, Azure Networks and Platforms soon, please stay tuned

Microsoft Contributes Next Generation Server Design to Open Compute Project:
http://blogs.technet.com/b/msdatacenters/archive/2014/10/31/microsoft-contributes-next-generation-server-design-to-open-compute-project.aspx   
Building and Managing Cloud-Scale Data Centers:
http://rt.ms-studiosmedia.com/events/2014/1403/106208/Cloud_Scale/Default.html  
How Microsoft Designs its Cloud-Scale Servers:
http://download.microsoft.com/download/5/7/6/576F498A-2031-4F35-A156BF8DB1ED3452/How_MS_designs_its_cloud_scale_servers_strategy_paper.pdf  
Azure Fault Domain and Upgrade Domain Explained for IT Pros:
http://blogs.technet.com/b/yungchou/archive/2011/05/16/window-azure-faultdomain-and-update-domain-explained-for-it-pros.aspx   
Manage the Availability of Azure Virtual Machines:
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-manage-availability/  
Azure Fabric Controller Internals: Building and Updating High-Availability Apps:
http://channel9.msdn.com/Events/Build/2014/3-627   
Azure Regions:
http://azure.microsoft.com/en-us/regions/   
Azure Services by Region:
http://azure.microsoft.com/en-us/regions/#services   
Developer Notes for Azure in China Applications:
http://msdn.microsoft.com/en-us/library/azure/dn578439.aspx   
Manage the Availability of Virtual Machines:
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-manage-availability/  
Traffic Manager and Availability:
http://msdn.microsoft.com/en-us/library/azure/hh744833.aspx   
Disaster Recovery and High Availability for Azure Applications:
http://msdn.microsoft.com/en-us/library/azure/dn251004.aspx   

Design Azure virtual networks, networking services, DNS, DHCP, and IP addressing configuration
Virtual Network Overview:
https://azure.microsoft.com/en-us/documentation/services/virtual-network/
Configure a VNet-to-VNet connection by using Azure Resource Manager and PowerShell
https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-vnet-vnet-rm-ps/
Create a VNet with a Site-to-Site VPN connection using the Azure Portal and Azure Resource Manager
https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-howto-site-to-site-resource-manager-portal/
Configure a Point-to-Site connection to a virtual network using PowerShell
https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-howto-point-to-site-rm-ps/
How to manage DNS Zones using PowerShell
https://azure.microsoft.com/en-us/documentation/articles/dns-operations-dnszones/
Create DNS zones and record sets using the .NET SDK
https://azure.microsoft.com/en-us/documentation/articles/dns-sdk/
Create DNS record sets and records by using the Azure portal
https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset-portal/
Classless Inter-Domain Routing:
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing  
How to change TCP idle timeout settings for load balancer
https://azure.microsoft.com/en-us/documentation/articles/load-balancer-tcp-idle-timeout/
Log analytics for Azure Load Balancer (Preview)
https://azure.microsoft.com/en-us/documentation/articles/load-balancer-monitor-log/
Understanding Load Balancer probes
https://azure.microsoft.com/en-us/documentation/articles/load-balancer-custom-probe-overview/
Create and modify an ExpressRoute circuit
https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-circuit-portal-resource-manager/
Create and modify routing for an ExpressRoute circuit
https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-routing-portal-resource-manager/
Create a Virtual Network for ExpressRoute in the classic portal
https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-vnet-portal-classic/
Configure a virtual network gateway for ExpressRoute using Resource Manager and PowerShell
https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-add-gateway-resource-manager/

Introduction to Microsoft Azure Networking Technologies and What’s New:
https://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B227  
A Records, CNAME, and Using DNS with Windows Azure Web Sites (WAWS):
http://azure.microsoft.com/blog/2013/11/21/a-records-cname-and-usingdns-with-windows-azure-web-sites-waws/

Understanding Azure – A Guide For Developers – An Official eBook Guide from Microsoft

May 18, 2016

Microsoft has released the latest Developers Guides on Azure eBook –. It covers the latest Azure platform services such as Azure Functions, Azure Service Fabric and Azure IoT application development. It’s FREE and you can get it from the link below. It’s a very good resource for developers who want to learn and keep up with the latest Azure technologies and best practices!

Azure_Developer_Guide_eBook.pdf

more free ebooks around Azure

Developing big data solutions on Microsoft Azure HDInsight – eBook

Microsoft Azure Essentials – Fundamentals of Azure

Microsoft Azure Essentials – Migrating SQL to Azure

Microsoft Azure Essentials: Azure Machine Learning

Planning and Preparing for Microsoft SharePoint Hybrid

The Security Development Lifecycle

Microsoft System Center Data Protection for the Hybrid Cloud

any my favorite Smile 

TCP/IP Fundamentals for Microsoft Windows 

Full ebook Gallery around Microsoft Technologies can be found here

Free ebooks from the MVA Academy here

Recommended hotfixes for Windows 2012 R2 failover clusters

April 27, 2016

there is no more the need to keep your own lists of clustering patches as this is now summarized in KB2920151. this includes the recommended Failover Cluster and as well the Hyper-V patches

Windows Server 2012 Failover Cluster patches are covered in KB2784261 and the recommended patches for Windows Server 2012 Hyper-V can be found here

worth to take a look at it to keep your clusters healthy, stay tuned

Powershell-3rd Party modules

April 27, 2016

there are several 3rd party Powershell modules available which enables you to manage your devices like F5 BIG or Cisco UCS with Powershell. just from my experience, the functions are limited but at least if offers you ability to automate basic reoccurring stuff like a.e. backup configuration and also a good starter to develop your own crazy stuff. here are 2 which I use currently and which I can recommend to take a look at

F5 – BIGIP

https://devcentral.f5.com/questions/big-ip-configuration-backup-restore
https://devcentral.f5.com/d/microsoft-powershell-with-icontrol
https://support.f5.com/kb/en-us/solutions/public/11000/300/sol11318.html

Cisco UCS Powertool

https://communities.cisco.com/docs/DOC-37154

Around Cisco UCS you can also check out this site from joemar which provides lots of examples for management UCS centers

https://communities.cisco.com/people/joemar/content

there are many more out there so please share any 3rd party modules you would recommended and I will add them to this list

Thanks and stay tuned Winking smile

Ramazan