Had an interesting call with a customer.  He had a working SCOM 2012 RTM environment, and applied SP1, and the service pack upgrade appeared to immediately break the web console with the following error:

In the Application log on the web console server, we saw the event at the end of this article, dealing with a “Could not load type 'System.ServiceModel.Activation.HttpModule'“

This was caused by a prerequisite in SP1, that was not a blocking prerq in RTM.  When he applied the SP1 upgrade, he was prompted to add “HTTP Activation” to the role services of the OS.  Once added, he was able to continue the upgrade.

HOWEVER – this leaves IIS in a semi-broken state, and requires a re-registration of ASP NET in IIS to correct. 

On Server 2008 R2 – run the following in an elevated CMD:  C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i -enable  

On Server 2012 - run the following in an elevated CMD:  C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -r  

Offending event:

 

Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Date:          1/11/2013 10:33:19 AM
Event ID:      1310
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERVERNAME.DOMAIN.COM
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 1/11/2013 10:33:19 AM
Event time (UTC): 1/11/2013 4:33:19 PM
Event ID: 3c5b3b4438db4c52992734b9f5ef157b
Event sequence: 1
Event occurrence: 1
Event detail code: 0
Application information:
    Application domain: /LM/W3SVC/1/ROOT/OperationsManager-2-130023955997091166
    Trust level: Full
    Application Virtual Path: /OperationsManager
    Application Path: C:\Program Files\System Center 2012\Operations Manager\WebConsole\WebHost\
    Machine name: SERVERNAME
Process information:
    Process ID: 4600
    Process name: w3wp.exe
    Account name: IIS APPPOOL\OperationsManager
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
   at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
   at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName)
   at System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
   at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
Request information:
    Request URL: http://localhost/OperationsManager
    Request path: /OperationsManager
    User host address: ::1
    User: 
    Is authenticated: False
    Authentication Type: 
    Thread account name: IIS APPPOOL\OperationsManager
Thread information:
    Thread ID: 10
    Thread account name: IIS APPPOOL\OperationsManager
    Is impersonating: False
    Stack trace:    at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Custom event details:

System Center 2012 Service Pack 1 has hit the GA (General Availability) milestone.

The best place to see what impact this has in new features and fixes will be here:

http://blogs.technet.com/b/systemcenter/archive/2013/01/15/system-center-2012-sp1-is-generally-available.aspx

There is already a very good deployment guide posted on TechNet here:  http://technet.microsoft.com/en-us/library/hh457006.aspx  The TechNet deployment guide provides an excellent walkthrough of installing OpsMgr 2012 SP1 for the “all in one” scenario, where all roles are installed on a single server.  That is a very good method for doing simple functionality testing and lab exercises.

The following article will cover a basic install of System Center Operations Manager 2012.   The concept is to perform a limited deployment of OpsMgr, only utilizing as few servers as possible, but enough to demonstrate the new roles and capabilities in OM2012 SP1.  For this reason, this document will cover a deployment on 3 servers. A dedicated SQL server, and two management servers will be deployed.  This will allow us to show the benefits of the RMS removal, and the management server pools concepts.  This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Definitions:

• MS - Management Server
• SRS - SQL reporting services

Server Names\Roles:

• DB1               SQL Database Services, Reporting Services
• SCOMMS1    Management Server, Web Console server
• SCOMMS2    Management Server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 will be the base standard for all database and SQL reporting services. 

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\OMAA                 OM Server action account
• DOMAIN\OMDAS               OM Config and Data Access service account   
• DOMAIN\SQLSVC               SQL service account
• DOMAIN\OMAdmins          OM Administrators security group

2.  Add the “OMAA” account and the “OMDAS” account to the “OMAdmins” global group.

3.  Add the domain user accounts for yourself and your team to the “OMAdmins” group.

4.  Install Windows Server 2012 to all server role servers.

5.  Install Prerequisites and SQL 2012.

6.  Install the Management Server and Database Components

7.  Install the Reporting components.

8.  Deploy Agents

9.  Import Management packs

10.  Set up security (roles and run-as accounts)

Prerequisites:

1.  Install Windows Server 2012 to all Servers

2.  Join all servers to domain.

3.  Install the Report Viewer controls to all Management Servers. Install them from http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6442

4.  Install all available Windows Updates.

5.  Add the “OMAdmins” domain global group to the Local Administrators group on each server.

6.  Install IIS on any management server that will also host a web console:

Open PowerShell (as an administrator) and run the following: 

Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –Restart

After installing these roles/features, you must register ASP.NET with IIS.  The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -r 

7. Install SQL 2012 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • Reporting Services - Native
• Optionally – consider adding the following to ease administration:
  • Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
• On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Setup will complete.
                

Step by step deployment guide:

1.  Install the Management Server role on SCOMMS1. You can also refer to: http://technet.microsoft.com/en-us/library/hh301922.aspx

• Log on using your personal domain user account that is a member of the OMAdmins group.
• Run Setup.exe
• Click Install
• Select the following, and then click Next:
  • Management Server
  • Operations Console
  • Web Console
• Accept or change the default install path and click Next.
• You might see an error from the Prerequisites here. If so – read each error and try to resolve it. Common errors:
  • Report Viewer controls are not installed. Install them from http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6442
  • ISAPI/ASP.NET errors. Simply run the following command to resolve, from an elevated command prompt: “C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r” After you run this – you might have to cancel and restart setup for the installed to recognize this.
• On the Proceed with Setup screen – click Next.
• On the specify an installation screen – choose to create the first management server in a new management group.  Give your management group a name. Don’t use any special or Unicode characters, just simple text. Click Next.
• Accept the license.  Next.
• On the Configure the Operational Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
• On the Configure the Data Warehouse Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.  
• On the Web Console screen, choose the default web site, and leave SSL unchecked. If you have already set up SSL for your default website with a certificate, you can choose SSL.  Click Next.
• On the Web Console authentication screen, choose Mixed authentication and click Next.
• On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation (Data Access, Reader, and Writer accounts). Click Next.
• Choose Yes or No to send Customer Experience and Error reports.
• On the Microsoft Update screen – choose to use updates or not.  Next.
• Click Install.
• Close when complete.
• The Management Server will be very busy (CPU) for several minutes after the installation completes. Before continuing it is best to give the Management Server time to complete all post install processes, complete discoveries, configuration, etc. 10 minutes is typically sufficient.

2.  Install the second Management Server on SCOMMS2. You can also refer to: http://technet.microsoft.com/en-us/library/hh284673.aspx

• Log on using your domain user account that is a member of the OMAdmins group.
• Run Setup.exe
• Click Install
• Select the following, and then click Next:
  • Management Server
  • Operations Console
• Accept or change the default install path and click Next.
• Resolve any issues with prerequisites, and click Next.
• Choose “Add a management server to an existing management group” and click Next.
• Accept the license terms and click Next.
• Input the servername\instance hosting the Ops DB. Select the correct database from the drop down and click Next.
• On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS accounts we created previously.  Click Next.
• Choose Yes or No to send Customer Experience and Error reports. Next.
• Turn Microsoft Updates on or off for SCOM, Next.
• Click Install.
• Close when complete.

3.  Install OM12 Reporting on the SQL server. You can also refer to: http://technet.microsoft.com/en-us/library/hh298611.aspx

• Log on using your domain user account that is a member of the OMAdmins group, and has System Administrator (SA) rights over the SQL instances.
• Run Setup.exe. Click Install.
• Select the following, and then click Next:
  • Reporting Server
• Accept or change the default install path and click Next.
• Resolve any issues with prerequisites, and click Next.
• Accept the license and click Next.
• Type in the name of a management server, and click Next.
• Choose the correct local SQL reporting instance and click Next.
• Enter in the DOMAIN\OMDAS account when prompted. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
• Choose Yes or No to send ODR information to Microsoft. This is very important to assist Microsoft in getting good information to help improve the product.
• Click Install.
• Close when complete.

4.  Deploy an agent to the SQL DB server.

• This process has not changed from OpsMgr 2007 R2, so you would use the typical mechanism to push or manually install. You can also refer to: http://technet.microsoft.com/en-us/library/hh230731.aspx
• You could also deploy any additional agents at this point.

5.  Import management packs. Also refer to: http://technet.microsoft.com/en-us/library/hh212691.aspx

• Using the console – you can import MP’s using the catalog, or directly importing from disk.  Note – some MP’s should only be imported from disk.
• Import the Base OS and SQL MP’s at a minimum.

6.  Create a dashboard view:

• http://technet.microsoft.com/en-us/library/hh230752.aspx#bkmk_howtocreateadashboardview

7.  Manually grow your Database sizes and configure SQL

• When we installed each database, we used the default of 1GB (1000MB). This is not a good setting for steady state as our databases will need to grow larger than that very soon.  We need to pre-grow these to allow for enough free space for maintenance operations, and to keep from having lots of auto-growth activities which impact performance during normal operations.
• A good rule of thumb for most deployments of OpsMgr is to set the OpsDB to 30GB for the data file and 15GB for the transaction log file. This can be smaller for POC’s but generally you never want to have an OpsDB set less than 10GB/5GB.  Setting the transaction log to 50% of the DB size for the OpsDB is a good rule of thumb.
• For the Warehouse – you will need to plan for the space you expect to need using the sizing tools available and pre-size this from time to time so that lots of autogrowths do not occur.   http://www.microsoft.com/en-us/download/details.aspx?id=29270

8.  Continue with optional activities from the Quick Start guide on TechNet:

• http://technet.microsoft.com/en-us/library/hh230738.aspx

9.  Enable Agent Proxy

• I prefer to simply enable agent proxy for all agents.  You can do this by running a script on a schedule, either via scheduled task, Orchestrator, or embed into a management pack.
• http://blogs.technet.com/b/kevinholman/archive/2010/11/09/how-to-set-agent-proxy-enabled-for-all-agents.aspx

10.  Configure Notifications:

• http://blogs.technet.com/b/kevinholman/archive/2012/04/28/opsmgr-2012-configure-notifications.aspx

11.  Deploy Unix and Linux Agents

• http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx

12.  Configure Network Monitoring

• http://blogs.technet.com/b/kevinholman/archive/2011/07/21/opsmgr-2012-discovering-a-network-device.aspx

13.  Connect with VMM 2012:

• http://technet.microsoft.com/en-us/library/hh427287.aspx
• Make sure you have the IIS MP’s imported first, including IIS 2003.

14.  Configure your OpsMgr environment to accept manually installed agents.

• The default is to block manually installed agents.  I recommend setting this to “Review new manual agent installations”

15.  Configure your management group to support APM monitoring.

• http://technet.microsoft.com/en-us/library/hh543994.aspx
• Import supporting management packs for IIS 7 and 8, and APM Web for IIS 7 and 8.

16.  Deploy Audit Collection Services

• http://technet.microsoft.com/en-us/library/hh298613.aspx
• Install the audit collector on a management server, and create a database on a SQL server.
• Upload the reports for ACS, my command is:  UploadAuditReports.cmd “DB1” "http://db1/ReportServer""c:\acs"
• Create and set a filter:  http://technet.microsoft.com/en-us/library/hh230740.aspx 
• You will need to grant NETWORK SERVICE full control to the AdtServer registry key to set a filter at the command line:  http://social.technet.microsoft.com/Forums/en-US/operationsmanagerreporting/thread/ab22685e-36a1-49a9-b90e-d39ead31901f
• My initial filter for lab use is:   adtadmin /setquery /query:"SELECT * FROM AdtsEvent WHERE NOT (EventId=4768 OR EventId=4769 OR EventId=4624 OR EventId=4634 OR EventId=4672 OR EventId=4776)"

17.  Configure SQL MP RunAs Security:

• http://blogs.technet.com/b/kevinholman/archive/2010/09/08/configuring-run-as-accounts-and-profiles-in-r2-a-sql-management-pack-example.aspx

System Center Orchestrator 2012 SP1 is extremely easy to setup and deploy.  There are only a handful of prerequisites, and most can be handled by the setup installer routine.

The TechNet documentation does an excellent job of detailing the system requirements and deployment process:

http://technet.microsoft.com/en-us/library/hh420337.aspx

The following document will cover a basic install of System Center Orchestrator 2012 at a generic customer.  This is to be used as a template only, for a customer to implement as their own pilot or POC deployment guide.  It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

SCORCH can be scaled to match the customer requirements. This document will cover a typical two server model, where all server roles are installed on a single VM, and utilize a remote database server or SQL cluster.

This is not an architecture guide or intended to be a design guide in any way.

Definitions:

SCORCH          System Center Orchestrator

Server Names\Roles:

SCORCH          Orchestrator 2012 role server

• Management Server
• Runbook Server
• Orchestrator Web Service Server
• Runbook Designer client application

DB1                  SQL 2012 Database Engine Server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 will be the base standard for all database services. SCORCH only requires a SQL DB engine (locally or remote) in order to host SCORCH databases.

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

a.  DOMAIN\scorchsvc                       SCORCH Mgmt, Runbook, and Monitor Account

b.  DOMAIN\ScorchUsers                   SCORCH users security global group

c.  DOMAIN\sqlsvc                              SQL Service Account

2.  Add the domain user accounts for yourself and your team to the ScorchUsers group.

3.  Install Windows Server 2012 to all server role members.

4.  Install Prerequisites.

5.  Install the SCORCH Server.

Prerequisites:

1.  Install Windows Server 2012 on all servers.

2.  Join all servers to domain.

3.  Ensure SCORCH server has a minimum of 1GB of RAM.

4.  On the SCORCH server, .Net 3.5SP1 is required. Setup will not be able to add this feature on Windows Server 2012.  Open an elevated PowerShell session (run as an Administrator) and execute the following:

Add-WindowsFeature NET-Framework-Core

6.  On the SCORCH .Net 4.0 is required. This is included in the WS2012 OS (.NET 4.5)

7.  Install all available Windows Updates as a best practice.

8.  Add the “DOMAIN\scorchsvc” domain account explicitly to the Local Administrators group on the SCORCH server.

9.  Add the “DOMAIN\ScorchUsers” global group explicitly to the Local Administrators group on the SCORCH server.

10.  On the SQL database server, install SQL 2012.

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation> New SQL server stand-alone installation…..
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
• Additionally, the product documentation for SCVMM states to install the management tools – complete:
  • Management Tools– Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  I prefer to use a service account for SQL, so I will set the Agent and DB Engine to run under my DOMAIN\sqlsvc account and provide the password.  This is optional.
• On the Collation Tab – you can use the default of SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the ScorchUsers global group here. This will grant more rights than is required to all ScorchUser Admin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• Setup will complete.

Step by step deployment guide:

1.  Install SCORCH 2012:

• Log on using your domain user account that is a member of the ScorchUsers group.
• Run Setuporchestrator.exe
• Click Install
• Supply a name, org, and license key (if you have one) and click Next.  If you don't input a license key it will install Eval version.
• Accept the license agreement and click Next.
• Check all boxes on the getting started screen, for:
  • Management Server
  • Runbook Server
  • Orchestration Console and Web Service
  • Runbook Designer
• On the Prerequisites screen, check the boxes to remediate any necessary prerequisites, and click Next when all prerequisites are installed.
• Input the service account “scorchsvc” and input the password, domain, and click Test. Ensure this is a success and click Next.
• Configure the database server. Type in the local computer name if you installed SQL on this SCORCH Server, or provide a remote SQL server (and instance if using a named instance) to which you have the “System Administrator” (SA) rights to in order to create the SCORCH database and assign permissions to it. Test the database connection and click Next.
• Specify a new database, Orchestrator. Click Next.
• Browse AD and select your domain global group for ScorchUsers. Click Next.
• Accept defaults for the SCORCH Web service ports of 81 and 82, Click Next.
• Accept default location for install and Click Next.
• Select the appropriate options for Microsoft Update, Customer Experience and Error reporting. Click Next.
• Click Install.
• Setup will install all roles, create the Orchestrator database, and complete very quickly.

2. Open the consoles.

• Open the Deployment Manager, Orchestration Console, and Runbook designer. Ensure all consoles open successfully.

Post install procedures:

1.  Lets register and then deploy Integration Packs that enable Orchestrator to connect to so many outside systems.

Download the toolkit, add-ons, and IP’s for SCORCH 2012 SP1.

• Make a directory on the local SCORCH server such as “C:\IntegrationPacks”
• Copy to this directory, the downloaded IP’s, such as the following:
  • SC2012SP1_Integration_Pack_for_Configuration_Manager.oip
  • SC2012SP1_Integration_Pack_for_Data_Protection_Manager.oip
  • SC2012SP1_Integration_Pack_for_Operations_Manager.oip
  • SC2012SP1_Integration_Pack_for_Service_Manager.oip
  • SC2012SP1_Integration_Pack_for_Virtual_Machine_Manager.oip
                   
• Open the Deployment Manager console
• Expand “Orchestrator Management Server”
• Right click “Integration Packs” and choose “Register IP with the Orchestrator Management Server”
• Click Next, then “Add”.  Browse to “C:\Integration Packs” and select all of the OIP files you copied here.  You have to select one at a time and go back and click “Add” again to get them all.
• Click Next, then Finish.  You have to accept the License Agreement for each IP. 
• Now when you select “Integration Packs” you can see these IP’s in the list.
• Right Click “Integration Packs” again, this time choose “Deploy IP to Runbook server or Runbook Designer”.
• Click Next, select all the available IP’s and click Next.
• Type in the name of your Runbook server role name, and click Add.
• On the scheduling screen – accept the default (which will deploy immediately) and click Next.
• Click Finish.  Note the logging of each step in the Log entries section of the console.
• Verify deployment by expanding “Runbook Servers” in the console.  Verify that each runbook was deployed.
• Open the Runbook Designer console.
• Note that you now have these new IP’s available in the designer for your workflows.

Additionally – you can download more IP’s at:

http://technet.microsoft.com/en-us/library/hh295851.aspx

Such as the VMware VSphere IP, or the IBM Netcool IP.

Additionally – check out Charles Joy’s blog on popular codeplex IP’s which have been updated for Orchestrator:

http://blogs.technet.com/b/charlesjoy/

This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Server Names\Roles:

• DB3               SQL Database Services, Reporting Services
• CM1              Primary Site Server  Management Server, Web Console server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 will be the base standard for all SQL database and reporting services. 

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\ConfigMgrAdmins           ConfigMgr Administrators security group
• DOMAIN\ConfigMgrLocalAdmin    ConfigMgr Client Push account

2.  Add the domain user accounts for yourself and your team to the “ConfigMgrAdmins” group.

3.  Install Windows Server 2012 to all server role servers.

4.  Install Prerequisites and SQL 2012.

5.  Install the Site Server and Database Components

6.  Install the Reporting components.

Prerequisites:

1.  Install Windows Server 2012 to all Servers 

2.  Join all servers to domain.

3.  Install all available Windows Updates.

4.  Add the “ConfigMgrAdmins” domain global group to the Local Administrators group on each server.

5.  On CM1, Install required prerequisites for the site system roles (this covers all site system roles combined on a single server):

Open PowerShell (as an administrator) and run the following:   

Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart

Note – if your machines are not internet connected, you might need to add a “–Source D:\sources\sxs” or whatever the path is to your Windows installation media.  By default Windows 2012 gets .NET 3.5 from Windows Update, but this doesn't always work, and will never work for machines without an internet connection.

After installing these roles/features, you must register ASP.NET with IIS.  The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r 

6.  On CM1 – Install the Deployment Tools, Windows PE, and the User State Migration tool from the Windows 8 ADK:   http://www.microsoft.com/en-us/download/details.aspx?id=30652

7.  On CM1 – add the WSUS feature from Server Manager.

8. Install SQL 2012 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • Reporting Services - Native
• Optionally – consider adding the following to ease administration:
  • Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
• On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Setup will complete.
• Apply SQL 2012 RTM, CU2 to the SQL server.  http://support.microsoft.com/kb/2703275
• Set a limit on SQL memory for the DB instance – to reserve memory for the OS and Reporting services.

9.  On the SQL server – add the Computer Account in the domain to the local administrators group of the SQL database server (DOMAIN\CM1$)

10.  In Active Directory – extend the schema, create the System Management container, and assign permissions:  http://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_PrepAD

Step by step deployment guide:

1.  Install the Primary Site Server role on CM1.

• Log on using your personal domain user account that is a member of the ConfigMgrAdmins group.
• Run Splash.hta
• Click Install
• Read the “Before You Begin” Info and click Next.
• On the Available Setup Options, choose to install a primary site, but to NOT check the box for typical options.  We are going to configure each step for our site and use a remote SQL database server.
• Choose Eval or input your license key and click Next.
• Accept the Eula and click Next.
• Accept the additional license agreements and click Next.
• Provide a path to the prereq file downloads.  If you have not downloaded these recently then create a new folder for these, locally or on a remote path.
• Choose you language and click Next, on the server and client screens.
• Input a site code for your primary site.  Input a description.  Choose a path.  Make sure you are also installing the console.  Click Next.
• Choose to install a primary site as a stand alone site.  We can add a CAS later in ConfigMgr 2012 SP1.
• Input the SQL server name, instance, click Next.
• Accept the default for the SMS provider.  Next.
• Choose to configure the communication method on each site system role, and to use HTTPS in the check box.  Next.
• Choose HTTP for the MP and DP – we can change this to HTTPS with certs down the road.  Next.
• Choose to enable CEIP or not.  Next.
• Choose next to run prereq checker.  Resolve any issues.  Click Begin Install.

Post Deployment Configuration:

1.  Add Site System Roles:

• http://technet.microsoft.com/en-us/library/hh272770.aspx
• Application Catalog roles
• Asset Intelligence
• Endpoint protection
• Fallback status
• Software update

2.  Enable discoveries

• http://technet.microsoft.com/en-us/library/hh427340.aspx
• Enable AD Forest Discovery

This will bring in the AD site and IP boundaries.

• Enable AD system discoveries to bring in systems
• Enable User discovery

3.   Create boundary groups

• Create a boundary group and add your site boundaries and site servers to it, for site assignment.

4.  Assign a client Push account to Administration > Site Configuration > Sites

5.  Push a client/clients from discovered assets.

6.  Verify Hardware and software inventory for clients

7.  Enable Endpoint protection

• Client Settings – create a new client device setting.  Enable endpoint protection.
• Configure Client device settings to turn on Endpoint protection and deploy endpoints.
• Deploy new client policy to All Desktop and Server Clients Collection, or a custom collection
• Create automatic deployment rule for definition updates using Definition template.

The following article will cover a basic install of System Center Service Manager 2012 SP1.   The concept is to perform a limited deployment of SCSM, similar to our deployment guide on TechNet:  http://technet.microsoft.com/en-us/library/hh519675.aspx  The deployment guide on TechNet demonstrates Service Manager in a Two Server model (typical for lab and test environments), and a Four Server Model (More typical for a scaled out production environment).  However for this article, I will be choosing a 3 server model, where all the SQL components are installed on a single SQL server, with a dedicated SCSM Management server, and dedicated SCSM Data Warehouse management server.  I feel this is a more typical scenario for lab testing and pilot environments where we don't want to deploy SQL on the SCSM management servers themselves, but don't need two independent SQL servers.  This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Server Names\Roles:

• DB2               SQL Database Services, SQL Analysis Services, SQL Reporting Services.
• SCSM            Management Server
• SCSMDW      Data Warehouse Management Server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 Enterprise will be the base standard for all SQL Database, Analysis, and Reporting services. 

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\scsmsvc                 SM Server service account
• DOMAIN\scsmwf                  SM Mail Enabled Workflow account
• DOMAIN\scsmrep                 SM reporting and analysis account
• DOMAIN\SQLSVC                 SQL service account
• DOMAIN\SCSMadmins         SM Administrators security group

2.  Add the three SCSM service accounts, and the domain user accounts for yourself and your team to the “SCSMadmins” group.

3.  Install Windows Server 2012 to all server role servers.

4.  Install Prerequisites and SQL 2012.

5.  Install the Management Server

6.  Install the Data Warehouse Server

7.  Post install configurations 

Prerequisites:

1.  Install Windows Server 2012 to all Servers

2.  Join all servers to domain.

3.  Add the “SCSMAdmins” domain global group to the Local Administrators group on each server.

4.  On the SCSM and SCSMDW server, Open Powershell as an administrator, and install .NET 3.5 by running:  “Install-WindowsFeature NET-Framework-Core”

5.  On the SCSM and SCSMDW server, install the SQL 2012 Native Client, and the SQL 2012 Analysis Management Objects, from http://www.microsoft.com/en-us/download/details.aspx?id=29065

6.  Install all available Windows Updates.

7. Install SQL 2012 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • Analysis Services
  • Reporting Services - Native
• Optionally – consider adding the following to ease administration:
  • Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, Analysis, and Reporting.
• On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the SCSMAdmins global group here. This will grant more rights than is required to all SCSMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Analysis Services screen, add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the SCSMAdmins global group here. This will grant more rights than is required to all SCSMAdmin accounts, but is fine for testing purposes of the POC.  Customize data directories for Analysis file locations if needed, and click Next.
• On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Continue accepting defaults until you reach Install.  Installation will run then complete.
               

Step by step deployment guide:

1.  Install the Management Server role on SCSM. You can also refer to: http://technet.microsoft.com/en-us/library/hh519668.aspx

• Log on using your personal domain user account that is a member of the SCSMAdmins group.
• Run Setup.exe
• Click Install > Service Manager Management Server
• Provide a Name, Org, and a product key, or select to install the 180 day evaluation.  Accept the license agreement and click Next.
• The Prereq checker runs.  Observe any critical or warnings.  At this point you should install the Report Viewer from the link in the checker, as that ships with the SCSM media.  Check prereqs again.  Common issues at this point will be memory and CPU checks throwing a warning.  This is fine for a lab, but should be corrected for any pilots or production work.  Click Next.
• For the Management Server role, we will use a remote database server.  Input the DB server name and choose an instance.  You must be logged on with an account that has SA rights over to remote SQL server in order to create and configure the DB.  If you get an error about the collation, click OK.  This is normal for SQL_Latin1_General_CP1_CI_AS.  See:  http://blogs.technet.com/b/momteam/archive/2012/05/25/clarification-on-sql-server-collation-requirements-for-system-center-2012.aspx  Select to create a new database, accept default size, and modify the path for the DB files if necessary.  Click Next.
• Choose a Service Manager Management group name.  If you also have OpsMgr in the environment, its a best practice to always use distinct MG names.  Choose your group DOMAIN\SCSMAdmins.  Click Next.
• Input the Service manager service account we created above.  Test the credentials, then click Next.
• Input the Service manager workflow account we created above.  Test the credentials, then click Next.
• Join the customer experience program, or not.  Next.
• Choose to leverage Microsoft Update, or not.  Next.
• Click Install.  When setup Completes.  Backup and save the encryption key for this management group.

2.  Install the Data Warehouse Management Server role on SCSMDW. You can also refer to: http://technet.microsoft.com/en-us/library/hh519780.aspx.

• The first step for the DW install, is to prepare the SRS server.  We must perform this anytime the SQL Reporting server is installed remotely, on a different server than the SCSM Data Warehouse Management server.  See the following for instructions:  http://technet.microsoft.com/en-us/library/hh519664.aspx
• Once you have prepared the remote SRS server, log on to the SCSMDW server using your domain user account that is a member of the SCSMAdmins group.
• Run Setup.exe
• Click Install > Service Manager Data Warehouse Management Server
• Provide a Name, Org, and a product key, or select to install the 180 day evaluation.  Accept the license agreement and click Next.
• The Prereq checker runs.  Observe any critical or warnings.  Common issues at this point will be memory and CPU checks throwing a warning.  This is fine for a lab, but should be corrected for any pilots or production work.  Click Next.
• For the DW Management Server role, we will use a remote database server.  Input the DB server name for each database and choose an instance.  You must be logged on with an account that has SA rights over to remote SQL server in order to create and configure the DB.  If you get an error about the collation, click OK.  This is normal for SQL_Latin1_General_CP1_CI_AS.  See:  http://blogs.technet.com/b/momteam/archive/2012/05/25/clarification-on-sql-server-collation-requirements-for-system-center-2012.aspx  Select to create a new database, accept default size, and modify the path for the DB files if necessary.  Click Next.  This wizard allows us to scale out service manager across multiple SQL servers for the best performance, but for this purpose, we will be deploying to a single SQL server for all database components.
• On the Configuration screen, provide a Management Group name.  A good rule of thumb is to use your SCSM management group name we used above, prefixed by DW_.  I will use DW_SCSMDEMO.  Choose your SCSMAdmins group.  Next. 
• On the reporting server screen, type in the name of the remote SSRS server, and choose an instance.  We will validate the URL before letting you continue.
• For the service account, enter in DOMAIN\scsmsvc, and test the credential.
• For the reporting account, enter in DOMAIN\scsmrep, and test the credential.
• For the Analysis Services OLAP screen, input the remote DB server name, and choose an instance.  Create a new database, and provide a path if needed different than the default.
• For the Analysis Services credential, we will use the same credential that we used for reporting:  DOMAIN\scsmrep.  This account MUST be a local administrator on the SQL Analysis server, so ensure that is done in advance.
• Choose whether to join the CEIP, and click Next.
• Choose whether to use Microsoft update, and click Next.
• Choose Install.  When setup completes, backup and save the encryption key for this management group.

3.  Verify the installation:  You can also refer to:  http://technet.microsoft.com/en-us/library/hh519793.aspx

• Log on SCSM using your domain user account that is a member of the SCSMAdmins group.
• Open the Service Manager Console.  Connect to SCSM.
• Ensure the console opens.

4.  Register the Data Warehouse.  You can also refer to http://technet.microsoft.com/en-us/library/hh519811.aspx

• In the Service Manager console – select Administration.
• Click the link to Register the Service Manager Data Warehouse.  This launches a wizard.
• Input the DW server name, and select Test Connection.  Next.
• Accept the default Run As account, and click Next.
• Type in the password for the service account, and Next.
• Click Create.  Click Close.  Click OK.
• This process takes a considerable amount of time to complete (two hours or more).  To validate this – in the console select Data Warehouse > Data Warehouse Jobs.  Examine MPSyncJob details.  When it is done, all batches will be in Associated status, and you will see at least the following 5 jobs in the DW Jobs view:
• Extract_<Service Manager management group name>
• Extract_<Data Warehouse management group name>
• Load.Common
• Transform.Common
• MPSyncJob

5.  Deploy the Self-Service Portal.

• http://technet.microsoft.com/en-us/library/hh667344.aspx
• The Self-Service Portal consists of two elements: a SharePoint website and a web content server.  Typically I will deploy a single server running SharePoint 2012 Foundation, then request an SSL cert for the machine via IIS, then install the Web Content and SharePoint webparts on that single server.

6.  Configure the Active Directory Connector

• http://technet.microsoft.com/en-us/library/hh519809.aspx 

7.  Configure the Operations Manager Alert Connector and CI Connector

• http://technet.microsoft.com/en-us/library/hh524270.aspx
• Import Management Packs
• Create Alert Connector
• Create CI Connector

8.  Configure the Configuration Manager CI Connector

• http://technet.microsoft.com/en-us/library/hh519733.aspx

9.  Configure the Orchestrator Connector:

• http://technet.microsoft.com/en-us/library/hh495619.aspx
• The Account used in the connector wizard needs to have Read and List permissions on the Root Runbook folder in Orchestrator Run book designer for the connector wizard to complete successfully.  The documentation does not list this information.

10.  Configure the SCVMM Connector

• http://technet.microsoft.com/en-us/library/hh519785.aspx

11.  Set up and configure Notifications:

• http://technet.microsoft.com/en-us/library/hh519719.aspx

12.  Configure SCOM agents for monitoring

• The SCOM agent is installed by default on all SCSM 2012 SP1 servers, it is not configured.
• Open the control panel on your SCSM servers and add your SCOM management group information.
• Ensure your SCOM deployment allows manually installed agents.
• http://technet.microsoft.com/en-us/library/hh524312.aspx

The following document will cover a basic install of System Center Virtual Machine Manager 2012 SP1 at a generic customer.  This is to be used as a template only, for a customer to implement as their own pilot or POC deployment guide.  It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

SVCMM can be scaled to match the customer requirements. This document will cover a two server model, where all SCVMM roles are installed on a single VM/Server, and leverage a remote SQL database server.

This is not an architecture guide or intended to be a design guide in any way.

• Windows Server 2012 will be installed as the base OS for all platforms. All servers will be a member of the AD domain.
• SQL 2012 will be the base standard for all SQL database services.

Server Names\Roles:

• DB1          SQL 2012 Database Services
• SCVMM    VMM Management Server and Console

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\scvmmsvc                 SCVMM Service Account account
• DOMAIN\scvmmadmin            SCVMM RunAs account for managing hosts
• DOMAIN\sqlsvc                        SQL service account
• DOMAIN\SCVMMAdmins        SCVMM Administrators security group

2.  Add the “scvmmsvc” and “scvmmadmin” account to the “SCVMMAdmins” global group.

3.  Add the domain user accounts for yourself and your team to the SCVMMAdmins group.

4.  Install Windows Server 2012 to all server role servers.

5.  InstallPrerequisites and SQL2012.

6.  Install the SCVMM Server and Console.

7.  Deploy SCVMM Agent to Hyper-V hosts.

Prerequisites:

1.  Install Windows Server 2012 to all servers.

2.  Ensure server has a minimum of 4GB of RAM.

3.  Join all servers to domain.

4.  Install all available Windows Updates.

5.  Add the “DOMAIN\SCVMMAdmins” domain global group and the “DOMAIN\scvmmsvc” domain account explicitly to the Local Administrators group on each SCVMM role server.

8.  On the SCVMM server, install the Windows Assessment and Deployment Kit (ADK) for Windows 8.  http://www.microsoft.com/en-us/download/details.aspx?id=30652  When you install this – install only the “Deployment Tools” and “Windows Preinstallation Environment” options.  This can take a significant amount of time depending on download speed.

9.  On the SCVMM server – install the SQL 2012 Native Client and the SQL 2012 Command Line Utilities from http://go.microsoft.com/fwlink/?LinkId=253555

10.  On the SQL database server, install SQL 2012.

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation> New SQL server stand-alone installation…..
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
• Additionally, the product documentation for SCVMM states to install the management tools – complete:
  • Management Tools– Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  I prefer to use a service account for SQL, so I will set the Agent and DB Engine to run under my DOMAIN\sqlsvc account and provide the password.  This is optional.
• On the Collation Tab – you can use the default of SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the SCVMMAdmins global group here. This will grant more rights than is required to all SCVMM Admin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• Setup will complete.
        

Step by step deployment guide:

1. Install SCVMM 2012 SP1:

• Log on using your domain user account that is a member of the SCVMMAdmins group.
• Run Setup.exe
• Click Install
• Accept the license agreement and click Next.
• Select:
  • VMM Management Server
  • VMM Console
• On the Product Registration – input a product key for a licensed version, otherwise Eval will be installed with a timeout.  Click Next.
• Accept or change the default install path and click Next.
• If you get any Prerequisite errors – resolve them. If you get any warnings, understand them and click Next to proceed.
• On the Database Configuration screen, enter in the name of your SQL database server and leave port blank. You can leave “use the following credentials” blank if you are installing to the local SQL server. You can enter credentials here to connect to a remote SQL server if your user account you are running setup as does not have enough rights over the instance to create a database. One the Instance Name – click the pull-down to select the instance you wish to install to.  Ensure “New Database” is checked and use the default name or change it to suit your naming standards. Click Next when this screen is complete.
• On the Account Configuration screen, enter the domain account for the SCVMM service account that we created earlier (DOMAIN\scvmmsvc). Leave the default to store encryption keys locally for this simple deployment. Click Next.
• On the Port configuration screen, accept defaults and click Next.    
• On the Library configuration screen, change the library path or accept the default location, and click Next.
• Click Install.
• Setup will install all roles and complete.

2. Deploy an agent to an existing Hyper-V Host.

• Open the System Center Virtual Machine Manager 2012 console.
• Connect to the SCVMM server.
• In the lower left hand pane of the console – select “Fabric”.
• In the folder list – Right click “All Hosts” and choose “Create Host Group”.
• Name your custom host group something like “Demo”
• Right click the Demo host group and choose “Add Hyper-V hosts and Clusters”
• On the Resource Location screen – choose the first bullet for a trusted AD domain computer.
• On the Credentials screen, click Browse.
• Select “Create Run As Account”
• On the General screen, enter a Name of “Hyper-V Host Administration Account”
• Input a DOMAIN\username of an AD account that has admin access to your Hyper-V servers. This account will be used to administer the Host and VM guests. For the purposes of the POC, we will use the DOMAIN\scvmmadmin account.
• After inputting the password, and accepting the new account, we will return to the Credentials screen with our existing RunAs account shown. Click Next.
• Type in the computer names of your Hyper-V servers that you wish to Manage. Ensure that the DOMAIN\SCVMMAdmins global group is a member of the local admins group on all Hyper-V servers so that we can manage them. Click Next.
• Select all the discovered Hyper-V servers, and click Next.
• Assign the discovered hosts to the “Demo” host group.
• Click Next, Finish.
• A job will be created to deploy the SCVMM agent to the Hyper-V hosts.

3.  Create host groups and clouds

4.  Configure WSUS for updates to Hosts

5.  Configure Logical Networks

6.  Connect with OpsMgr 2012 SP1:

http://technet.microsoft.com/en-us/library/hh427287.aspx

A little frustration I had recently – and decided I would write on it.

When you open the Orchestrator Runbook designer, remember to always open this “As an Administrator”

The reason for this, is that as you are using the Runbook Tester tool, these test runbooks will be executing under your interactive context.  This makes some runbook activities (like starting and stopping services) require elevation.  You will see errors like “Invalid Service” or no error information at all – the activity will simply fail.  You wont always see a tip that there is an access denied issue or something to tell you this activity requires elevation.

You can set this to always run as an admin under the advanced properties of your shortcut on the machine you use the designer most.

Available at:  http://support.microsoft.com/kb/2790831/en-us

This hotfix addresses an issue found in Windows Server 2012 (and Win8) that can be exposed when performance data is queried via WMI.  Products that regularly query WMI for performance data are SCOM, SCVMM, and SCDPM.  Since ConfigMgr also depends on WMI so heavily, you might consider this for Win8 clients if you detect the handle leak issue.

I have updated my hotfix list for SCOM with this information:

http://blogs.technet.com/b/kevinholman/archive/2009/01/27/which-hotfixes-should-i-apply.aspx

Way back in the day I wrote about this issue, where the SCOM agent in some cases can consume above typical resource levels of memory, handles, etc.  When this occurs – we will restart the agent to kill any “runaway” processes.  Read about this here:

http://blogs.technet.com/b/kevinholman/archive/2009/12/21/the-new-and-improved-guide-on-healthservice-restarts-aka-agents-bouncing-their-own-healthservice.aspx

One of the things I have noticed, is that on many of my servers, these thresholds are being breached on a regular basis – mostly due to the monitoringhost.exe processes needing to use more than the default of 300mb of RAM (private bytes). 

The issue is, that you will likely have NO idea this is happening.  We don’t generate any alerts for this by default – we simply “fix the problem” by creating a state change, then running a response script to bounce the agent.  The bad part about this, is you could have agents in a constant restart loop.

In SCOM 2012 – I still recommend making the following changes via overrides:  Open the “Operations Manager > Agent Details > Agents by Version” view in the console:

Open health explorer for one of the agents – and here is an example of an agent that has been bouncing on a regular basis:

On the 4 monitors highlighted above – I recommend enabling alerting – and disabling auto-close of the alert so you can take action on agents that need it:

Then – for any agents that need higher values – make the necessary adjustments via override:

As a refresher – this will be common on any monitored systems that discover a large number of instances – such as Exchange, DNS, SQL servers, SCVMM, etc.

Just saw this on Cameron’s blog: 

http://blogs.catapultsystems.com/cfuller/archive/2013/02/25/system-center-2012-operations-manager-unleashed-on-kindle-and-nook-scom-sysctr.aspx

You can download this book on the Nook and Kindle today, with the printed edition coming soon!

Kindle:

http://www.amazon.com/System-Operations-Manager-Unleashed-ebook/dp/B00BJ65JX2/ref=sr_1_2?ie=UTF8&qid=1361836029&sr=8-2&keywords=system+center+2012+operations+manager+kindle

Nook:

http://www.barnesandnoble.com/w/system-center-2012-operations-manager-unleashed-kerrie-meyler/1109455133?ean=9780672335914

Print:

http://www.amazon.com/System-Operations-Manager-Unleashed-Edition/dp/0672335913/ref=sr_1_3?ie=UTF8&qid=1361885729&sr=8-3&keywords=unleashed+2012

You can get the paperback book on Amazon:

http://www.amazon.com/gp/product/0672335913/ref=s9_simh_gw_p14_d0_i1?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-2&pf_rd_r=06KDNZB3VZVMSN0TWRJH&pf_rd_t=101&pf_rd_p=1389517282&pf_rd_i=507846

At long last the book is ready for shipping in paperback.  It is also available on Nook (link), Kindle (link), and direct from the publisher in watermarked PDF (link)

I am proud to be the technical editor for this book.  This was my first foray into editing, and I have scoured every page.  There is a ton of new content and this book covers the depth of the product exceedingly well.  They brought in a ton of accomplished authors and key consultants from around the globe to create this, and I highly recommend it for any SCOM admin.

For those that are unfamiliar, MAP is a tool from the solution accelerator team which provides inventory, assessment, and reporting that will help you assess your current IT infrastructure status and determine the right Microsoft technologies for your IT needs. environment.  It can be a very valuable tool as it is agentless, and has the ability discover machines on your network that might be unknown, or not fully covered by your existing asset management solutions.

Resources:

Product page:  http://technet.microsoft.com/en-us/solutionaccelerators/dd537566

Download:  http://www.microsoft.com/en-us/download/details.aspx?&id=7826

Requirements to install:

Windows 7, Windows 8, Windows 8 Pro, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista Business, Windows Vista Enterprise, Windows Vista Ultimate

Installation:

Run the “Microsoft_Assessment_and_Planning_Toolkit_Setup.exe” program.  To get started, click Next.

The first step is a pre-req checker.  If any are not met you must correct these before continuing.

Accept the license agreement and click Next.

Accept or change the installation path, and click Next.

Select a choice for the Customer Experience Improvement Program, and click Next.

Click Install.  When completed, click Finish to open the MAP toolkit.

Running MAP and collecting inventory for Windows Computers:

When the MAP toolkit opens for the first time – we must create a database to store our collected inventory.  Give the DB a name, such as “MapData” and click OK to create the local DB.

In the left pane – click “Environment” and then select “Collect Inventory Data”.

Choose “Windows Computers” and click Next.

Choose to leverage Active Directory to discover from.  Additionally you can leverage alternative methods to discover machines not found in AD.  Click Next.

We must provide domain credentials that have rights to be able to query active directory.  Input the data and click Next.

On the AD options, you can select the default to scan the entire domain, or if all servers are in known OU’s, you can select specific AD containers to search in.  Click Next.

On the credentials page, we need to input a credential that has local administrator on all machines in the domain.  This is required as MAP will connect to each machine and inventory details from WMI.  For this purpose a domain administrator account works best, or a domain account that is a member of the local administrators group of each server in the domain.  Click “Create” and input the credentials.  You can input multiple credentials here and all will be attempted if one fails, however, this could extend the time required to run the inventory.  When complete, click Next.

On the Credentials Order screen, you can change the order of multiple credentials if entered.  Click Next.  Click Finish.

Inventory will start immediately.  Querying the data from AD will occur rather quickly.  However, connecting to each server on the network via WMI will take considerable time., even days, depending on how large the environment.  Allow this to complete, such as below:

Once you are happy with the results of the inventory, you can run a “Generate Inventory Results Report” to create the spreadsheet output in your My Documents\MAP directory

Requirements to gather data:

MAP uses WMI to gather the inventory data.  You need to ensure that the server/workstation that is running the MAP collection has access to all servers via any hardware firewalls, and if the servers are running Windows Firewall that exceptions allow the MAP workstation to contact all servers on those ports.  Detailed information is available at:  http://social.technet.microsoft.com/wiki/contents/articles/8657.map-prepare-the-environment-wmi.aspx

Gathering data from VMware:

This is covered at:  http://social.technet.microsoft.com/wiki/contents/articles/12160.map-prepare-the-environment-vmware.aspx

In the inventory collection check the box for VMware:

Choose to manually provide a list of vCenter server names.

Provide credentials that have access to the vCenter servers:

Provide a list of server names that run vCenter :

Configure the properties of your vCenter servers:

Additional resources:

MAP Survival guide:  http://social.technet.microsoft.com/wiki/contents/articles/1640.microsoft-assessment-and-planning-toolkit.aspx

MAP Blog:  http://blogs.technet.com/b/mapblog/

CU1 for OpsMgr has been released for some time now, this post will be a simple walk-through of applying it.  This hotfix is included on my Hotfix page for SCOM:  http://blogs.technet.com/b/kevinholman/archive/2009/01/27/which-hotfixes-should-i-apply.aspx

Marnix did a great posting on this topic as well, available here:  http://thoughtsonopsmgr.blogspot.nl/2013/03/om12-sp1-update-rollup-1-manual.html

Description and download location:

http://support.microsoft.com/kb/2785682

To download all of the updates, you will need to click the link in the KB above, which will launch the catalog for the individual downloads:

Following the KB – the installation plan looks something like this:

1. Install the update rollup package on the following server infrastructure:
   • Management server or servers
   • Gateway servers
   • Reporting servers
   • Web console server role computers
   • Operations console role computers
2. Manually import the management packs.
3. Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

***Note:  One of the things you will notice – is that there is no update available for consoles, or for reporting servers.  So we will skip those roles as they are not applicable.  My new list looks like:

• Management servers
• Gateway servers
• Web console server role computers

Since I am monitoring Linux systems, I’ll need to add steps for that from the KB:

1. Download the updated management packs from the following Microsoft website:

   System Center Monitoring Pack for UNIX and Linux Operating Systems

   (http://www.microsoft.com/en-us/download/details.aspx?id=29696)

2. Install the management pack update package to extract the management pack files.
3. Import the following:
   • The updated Microsoft.Unix.Library management pack (from the Microsoft.Unix.Library\2012 SP1 folder)
   • The Microsoft.Process.Library management pack bundle
   • The platform library management packs that are relevant to the Linux or UNIX platforms that you monitor in your environment
4. Import the updated management pack for each version of Linux or UNIX that you monitor in your environment.

Seems simple enough, lets get started.

Install the update rollup package

On the catalog site, I add all the updates to my basket, and click View Basket, and Download.

Next I copy these files to a share that all my SCOM servers have access too.  These are actually .CAB files, so I will need to extract the MSP’s from these CAB files.

Once I have the MSP files, I am ready to start applying the update to each server by role.

My first server is a management server, and the web console, so I copy those two update files locally, and execute them per the KB, from an elevated command prompt:

This launches a quick UI which applies the update.  It will bounce the SCOM services as well.  The update does not provide any feedback that it had success or failure.  You can check the application log for the MsiInstaller events for that.

You can also spot check a couple DLL files for the file version attribute. 

Next up – run the Web Console update:

This runs much faster. 

I move on to my additional management servers and gateways, and apply the MSP file from the elevated command prompt.  No issues.

Manually import the management packs

The only MP to be updated with this CU1 for SP1 is located on your management servers, at

Only the AlertAttachment MPB should be updated.  The KB article known issues states the other MP should not be imported.  If you don’t use this MP already (Such as for Global Service Monitoring) then there is no need to install this update.  If you ever do go back and enable/install Global Service Monitoring or any MP that requires this Alert Attachment MP – don’t forget to install this updated version!  If not you will see issues with alert views in Dashboards, like console crashes or blank screens.

Apply the agent update

Approve the pending updates in the Administration console for pushed agents.  Manually apply the update for manually installed agents.

100% success rate.

Be sure to check the “Agents By Version” view to find any agents that did not get patched:

Update Linux MPs

Next up – I download and extract the updated Linux MP’s for SCOM 2012 SP1 CU1.  http://www.microsoft.com/en-us/download/details.aspx?id=29696

I open the console – and update these MP’s from disk

7.4.3507 is SCOM 2012 SP1.  7.4.4112.0 is SCOM 2012 SP1 with CU1.

Next up – you would upgrade your agents on the Linux monitored agents.  You can now do this straight from the console:

In this case – there is no need, as the previous version of my agents were already updated.

Lastly – refer to the KB article for this update, as if you are a heavy user of Linux process monitoring using our template – additional steps are required to address the fixes.

All done!

Now at this point, we would check the OpsMgr event logs on our management servers, check for any new or strange alerts coming in, and ensure that there are no issues after the update.

One of the features in OpsMgr2012 is the ability to create rich dashboards, and then publish them to a SharePoint site. 

This is covered in the product documentation here:  http://technet.microsoft.com/en-us/library/hh212924.aspx

I recently ran into a problem setting this up for a customer – so thought I’d talk about that here for a moment.

First thing is to log on to the SharePoint 2012 server as a SharePoint Administrator, and copy the following two files from the SCOM setup media (\Setup\AMD64\SharePoint) to a local directory on the SharePoint server:

Next we will run C:\bin\shpt\install-OperationsManager-DashboardViewer.ps1 from an elevated SharePoint Management Shell:

But look what happened on mine:

PSsnapin Microsoft.SharePoint.PowerShell is loaded
Get-SPFarm : Microsoft SharePoint is not supported with version 4.0.30319.1 of
the Microsoft .Net Runtime.
At C:\bin\shpt\install-OperationsManager-DashboardViewer.ps1:74 char:9
+ $farm = Get-SPFarm
+         ~~~~~~~~~~
    + CategoryInfo          : InvalidData: (Microsoft.Share...SpCmdletGetFarm:
   SpCmdletGetFarm) [Get-SPFarm], PlatformNotSupportedException
    + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SpCmdletGetFarm

Cannot index into a null array.
At C:\bin\shpt\install-OperationsManager-DashboardViewer.ps1:75 char:1
+ $sol = $farm.Solutions[$solutionID]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArray

This error is caused because I installed Windows Management Framework (WMF) 3.0 on my server, which also upgrades PowerShell to 3.0.

The workaround for this – is to launch a Powershell 2.0 session – and then add the SharePoint snapin:

From an elevated command prompt – type:

powershell.exe -Version 2.0

Add-PSSnapin Microsoft.SharePoint.PowerShell

Now we can run the script with success:

Next up – we need to activate the web part.

On the SharePoint site – Site Actions > Site Settings > Site Collection Administration > Site Collection Features

Make sure the OpsMgr Dashboard Web Part is Active:

To add/configure a dashboard – open the SharePoint Central Administration site.

Site Actions > View All Site Content > Lists > click Operations Manager Web Console Environments

Add New Item > give the dashboard a title, and the URL of your SCOM web console:

Click Save. 

Now we can add a dashboard to a page on SharePoint.  On your SharePoint site page:

Site Actions > New Page

Give our new dashboard view a name, and click Create

Below “Editing tools” click Insert > Web Part

Select “Microsoft System Center” and select “Operations Manager Dashboard Viewer Web Part” and click Add.

On the upper right, click the down arrow and pick “Edit Web Part”

Choose the correct environment, paste in a URL from the web console for a dashboard, and give the page an appropriate title.

On the menu bar – click Save and Close.

Ready to go!

Additional reading and resources:

http://www.scom2k7.com/how-to-view-scom-2012-dashboards-in-sharepoint-2010/

http://blogs.technet.com/b/momteam/archive/2011/09/27/setting-up-the-operations-manager-web-part.aspx

http://thoughtsonopsmgr.blogspot.com/2013/03/om12-operations-manager-web-part.html

Update Rollup 2 (UR2) for OpsMgr 2012 SP1 has shipped.  This post will be a simple walk-through of applying it.  This hotfix is included on my Hotfix page for SCOM:  http://blogs.technet.com/b/kevinholman/archive/2009/01/27/which-hotfixes-should-i-apply.aspx

Description and download location:

http://support.microsoft.com/kb/2802159

Description of fixes in this release: 

1. The Web Console performance is very poor when a view is opened for the first time.
2. The alert links do not open in the Web Console after Service Pack 1 is applied for Operations Manager.
3. The Distributed Applications (DA) health state is incorrect in Diagram View.
4. The Details Widget does not display data when it is viewed by using the SharePoint webpart.
5. The renaming of the SCOM group in Group View will not work if the user language setting is not "English (United States)."
6. An alert description that includes multibyte UTF-8 characters is not displayed correctly in the Alert Properties view.
7. The Chinese (Taiwan) Web Console displays the following message even after the SilverlightClientConfiguration.exe program is run:  Web Console Configuration Required.
8. The Application Performance Monitoring (APM) to IntelliTrace conversion is broken when alerts are generated from dynamic module events such as the Unity Container.
9. Connectivity issues to System Center services are fixed.
10. High CPU problems are experienced in Operations Manager UI.
11. Query processor runs out of internal resources and cannot produce a query plan when you open Dashboard views.
12. Path details are missing for "Objects by Performance."

Unix and Linux fixes:

1. The Solaris agent could run out of file descriptors when many multi-version file systems (MVFS) are mounted.
2. Logical and physical disks are not discoverable on AIX-based computers when a disk device file is contained in a subdirectory.
3. Rules and monitors that were created by using the UNIX/Linux Shell Command templates do not contain overridable ShellCommand and Timeout parameters.
4. Process monitors that were created by the UNIX/Linux Process Monitoring template cannot save in an existing management pack that has conflicting references to library management packs.
5. The Linux agent cannot install on a CentOS or Oracle Linux host by using FIPS version of OpenSSL 0.9.8.

This Update Rollup is also required if you want to use the new System Center Advisor Connector:  http://blogs.technet.com/b/momteam/archive/2013/04/09/system-center-advisor-connector-for-operations-manager-preview.aspx

That’s a LOT.  Looks like some very important ones as well…. so lets get this one tested in our labs!

Download the update:

You can get this update “partially” applied by using Windows Update.  However, since there are manual steps involved, and a specific recommended order of operations, I don’t really recommend using Windows Update in general.  It is certainly an option, however.

To download all of the updates, you will need to click the link in the KB above, which will launch the catalog for the individual downloads. 

You’ll notice some of these updates are a LOT bigger than the previous ones in UR1.

I also notice there is now an update for the “Console” which is new, however we are missing the update for the Gateway, which was included in UR1.  More on that later.

Add these to your “basket” then “view basket” and choose a download location.

Build a plan:

Following the KB – the installation plan looks something like this:

1. Install the update rollup package on the following server infrastructure:
   • Management server or servers
   • Gateway servers
   • Reporting servers
   • Web console server role computers
   • Operations console role computers
2. Manually import the management packs.
3. Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

***Note:  One of the things you will notice – is that there is no update available for gateways, or for reporting servers.  We will skip the reporting role. 

As to the Gateway, there WAS an update for this in UR1, and since this Update Rollup is by definition cumulative, we likely need one for a complete UR2 update.  Well, what I found out – is that in UR2, there wasn’t any update specifically in this revision for gateways, so a “UR2” gateway update wasn’t shipped.  This means, you need to ensure you have applied the “UR1” gateway update to any gateways to make sure you are fully patched. 

For customers that use Windows Update, this will happen automatically.  For customers who manually apply updates to their System Center role servers, you will need to go and download the gateway update from UR1, if you had not already applied UR1 to your environment.  The UR1 gateway update is at:  http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2784734%20gateway

My new list looks like:

• Management servers
• Gateway servers (with UR1 update only if not already applied)
• Web console server role computers
• Operations console Role Computers

Since I am monitoring Linux systems, I’ll need to add steps for that from the KB:

1. Download the updated management packs from the following Microsoft website:

   (The Unix/Linux MP location isn't available, and the previous location hasn’t been updated yet.  So this part is still under investigation as well.  I will update this section when I clear this part up)

2. Install the management pack update package to extract the management pack files.
3. Import the following:
   • The updated Microsoft.Unix.Library management pack (from the Microsoft.Unix.Library\2012 SP1 folder)
   • The Microsoft.Unix.Process.Library management pack bundle
   • The platform library management packs that are relevant to the Linux or UNIX platforms that you monitor in your environment

Seems simple enough, lets get started.

Install the update rollup package

On the catalog site, I add all the updates to my basket, and click View Basket, and Download.

Next I copy these files to a share that all my SCOM servers have access too.  These are actually .CAB files, so I will need to extract the MSP’s from these CAB files.

Once I have the MSP files, I am ready to start applying the update to each server by role.

***Note:  You MUST log on to each server role as a Local Administrator, SCOM Admin, AND your account must also have System Administrator (SA) role to the database instances that host your OpsMgr databases.

My first server is a management server, and the web console, and has the OpsMgr console installed, so I copy those update files locally, and execute them per the KB, from an elevated command prompt:

This launches a quick UI which applies the update.  It will bounce the SCOM services as well.  The update does not provide any feedback that it had success or failure.  You can check the application log for the MsiInstaller events for that.

You can also spot check a couple DLL files for the file version attribute. 

Next up – run the Web Console update:

This runs much faster.   A quick file spot check:

Lastly – install the console update:

Well, this one required a reboot.  The KB article instructed “If you do not want to restart the computer after you apply the console update, close the console before you apply the update for the console role.”  However – my console was closed….. so you had better prepare that these files might be locked and require a reboot.

After the reboot– a quick file spot check:

I now move on to my additional management servers, applying the server update, then the console update.  My additional management servers did not require a reboot after the console update.

Next, I update the gateways.  Since I had already applied UR1 to my gateway servers, this step can be skipped.  There is no new update for gateways in UR2.  However, if I have not applied UR1 to my SCOM deployment previously, then I need to download and apply the UR1 update to gateways at this time.

Manually import the management packs?

We have two updated MP’s to import  (MAYBE!).

These MP bundles are only used for specific scenarios, such as Global Service Monitoring, or DevOps scenarios where you have integrated APM with TFS, etc.  If you are not currently using these MP’s, there is no need to import or update them.  The Intellitrace MP will actually fail to import of you are not using these, because of a dependency.  I’d skip this MP import unless you already have these MP’s present in your environment.

Apply the agent update

Approve the pending updates in the Administration console for pushed agents.  Manually apply the update for manually installed agents.

100% success rate.

Be sure to check the “Agents By Version” view to find any agents that did not get patched:

Update Unix/Linux MPs

Next up – I download and extract the updated Linux MP’s for SCOM 2012 SP1 UR2

(The link in the KB article doesn’t work at the time of this writing – here is the correct link)

http://www.microsoft.com/en-us/download/details.aspx?id=29696

7.4.3507 is SCOM 2012 SP1. 

7.4.4112.0 is SCOM 2012 SP1 with UR1.

7.4.4119.0 is SCOM 2012 SP1 with UR2.

Download the MSI and run it.  It will extract the MP’s to C:\Program Files (x86)\System Center Management Packs\System Center 2012 MPs for UNIX and Linux (7.4.4199.0)

Import the files in the 2012 SP1 folder, and the following:

Microsoft.Unix.ConsoleLibrary.mp

Microsoft.Unix.Process.Library.mpb

Microsoft.Unix.ShellCommand.Library.mpb

Also add any platform specific MP’s for versions on Unix or Linux in your monitoring environment.

You will likely observe high CPU utilization of your management servers during these MP imports.  Give it time to complete the process of the import and MPB deployments.

Next up – you would upgrade your agents on the Unix/Linux monitored agents.  You can now do this straight from the console:

You can input credentials or use existing RunAs accounts if those have enough rights to perform this action.

Lastly – refer to the KB article for the UR1 update, as if you are a heavy user of Linux process monitoring using our template – additional steps are required to address the fixes.  You must open, edit, and re-save any process templates that you had previously created in order to apply the fixes to each.

Now at this point, we would check the OpsMgr event logs on our management servers, check for any new or strange alerts coming in, and ensure that there are no issues after the update.

Known issues:

See the existing list of known issues documented in the KB article.

Additional:

1.  Since there was no gateway update, the agents that report to gateways will not be placed into pending.  Additionally, when you push new agents, the agents will not receive UR2 immediately, because we didn’t not update the agent files on the gateway.  A workaround for this is the copy the agent update files for UR2 from the \AgentManagement folders on a management server, and copy them to the gateway \AgentManagement folder.  If you are using Windows Update/WSUS/SCCM to update your agents, then no steps are necessary, as they will receive the agent update automatically.

I recently did a deep dive on how to apply UR2 to System Center 2012 SP1 Operations Manager.  http://blogs.technet.com/b/kevinholman/archive/2013/04/11/applying-update-rollup-2-ur2-to-opsmgr-2012-sp1.aspx

The following article covers some of the other System Center 2012 SP1 components, such as Orchestrator, App Controller, and Service Manager.

The KB article and download links are located at: http://support.microsoft.com/kb/2802159

Orchestrator 2012 SP1:

The simplest way to apply these updates to Orchestrator RunBook Servers and Runbook Designers would be using Windows Update, which can be controlled via WSUS or ConfigMgr since these are on the catalog. 

Alternatively, you can download these and manually apply them.  The catalog location for the Orchestrator UR2 update is:  http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2828193

The manual application is simple – download the CAB files, extract the MSP files, and then copy them to all your RunBook Servers, and any machine with the RunBook Designer installed.  These MSP’s need to be applied via an *elevated* command prompt:

No success feedback is given.  Check your application event log or do a quick file spot check:

App Controller 2012 SP1:

The simplest way to apply these updates to an App Controller server would be using Windows Update, which can be controlled via WSUS or ConfigMgr since these are on the catalog. 

Alternatively, you can download these and manually apply them.  The catalog location for the App Controller UR2 update is:  http://catalog.update.microsoft.com/v7/site/Search.aspx?q=2815569

The manual application is simple – download the CAB files, extract the MSP files, and then copy them to all your App Controller Server.  These MSP’s need to be applied via an *elevated* command prompt:

No success feedback is given.  Check your application event log or do a quick file spot check:

Service Manager 2012 SP1:

The UR2 updates for Service Manager 2012 SP1 are not part of Windows Update.  These are a separate download available here:

http://www.microsoft.com/en-us/download/details.aspx?id=38409

There are two files, one is x64 and the other x86.  The x86 update would only be deployed if you were running 32 bit consoles somewhere, as the servers themselves are only 64bit.

I copy the x64 update file down to my SCSM Management server, and my Data Warehouse Management server.  I will execute the update from an *elevated* command prompt:

This kicks off a self-extracting update with a UI.  Agree to the license agreement and click “Install”

This will go through several steps, installing files, stopping and starting the SCSM services, configuring the database, then finalization.  When complete, you will see a final dialogue:

You can do a quick file spot check to verify:

When complete – I move on to my Data Warehouse Management Server, and repeat.

Lastly – I need to update any consoles I have deployed on user desktops or terminal servers in my environment.

A new Base OS MP Version 6.0.7026.0 has shipped.  This management pack includes updated MP’s for Windows 2003 through Windows 2012 operating systems.  This updated MP will import into OpsMgr 2007 or 2012 management groups.

http://www.microsoft.com/en-us/download/details.aspx?id=9296

Ok – so what's new in this MP?

The April 2013 update (version 6.0.7026.0) of the Windows Server Operating System Management Pack contains the following changes:

• Fixed a bug in Microsoft.Windows.Server.2008.Monitoring.mp where the performance information for Processor was not getting collected.
• Made monitoring of Cluster Shared Volume consistent with monitoring of Logical Disks by adding performance collection rules. (“Cluster Shared Volume - Free space / MB”,”Cluster Shared Volume - Total size / MB”,”Cluster Shared Volume - Free space / %”,”Cluster Disk - Total size / MB”,”Cluster Disk - Free space / MB”,”Cluster Disk - Free space / %”)
• Fixed bug in Microsoft.Windows.Server.ClusterSharedVolumeMonitoring.mp where the Cluster disks running on Windows Server 2008 (non R2) were not discovered.
• Fixed bug 'Cluster Disk Free Space Percent' and Cluster Disk Free Space MB' monitors generate alerts with bad descriptions when the volume label of a cluster disk is empty.
• Added feature to raise event when NTLM requests time out and customers are unable to use mailboxes, outlook stops responding, due to the low default value for Max Concurrent API registry Key (HLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters) , which is a ceiling for the maximum NTLM or Kerberos PAC password validations a server can take care of at a time. It uses the “Netlogon” performance counter to check for the issue.

These fixes address the majority of known issues discussed in my last article on the Base OS MP:

http://blogs.technet.com/b/kevinholman/archive/2012/09/27/opsmgr-mp-update-new-base-os-mp-6-0-6989-0-adds-support-for-monitoring-windows-server-2012-os-and-fixes-some-previous-issues.aspx

A note on Processor utilization monitoring and collection:

Distinct rules and monitors were created for Windows Server 2008, and 2008 R2.  Server 2008 will monitor and collect “Processor\% Processor Time” while Server 2008 R2 will monitor and collect “Processor Information\% Processor Time”.  Overrides were included in the MP to disable the “2008” rules and monitors for the 2008 R2 instances.  If for some reason you prefer to collect and monitor "from “Processor” instead of “Processor Information”, for instance if this breaks some of you existing reports, it is very simple to just override those rules and monitors back to enabled.  An unsuealed override will always trump a sealed override.

Known Issues in this MP:

1.  The knowledge for the 2008 and 2008 R2 Total CPU Utilization Percentage is incorrect – the monitor was updated to a default value of 3 samples but the knowledge still reflects 5 samples.  This is still an issue (no biggee)  The 2012 monitors use 5 samples by default with correct knowledge.

2.  There are now collection rules for Cluster disks and CSV for free space (MB), free space (%), and total size (MB),  If you want performance reports on other perfmon objects that are available in perfmon but not included in our MP, such as disk latency, idle time, etc, you will need to create these.  Since this can be complicated to get it right – I wrote an article on how to do this correctly, and offer a sample MP for download:  http://blogs.technet.com/b/kevinholman/archive/2012/09/27/opsmgr-authoring-performance-collection-rules-for-cluster-disks-the-right-way.aspx

This will be a basic walkthrough on installing SharePoint 2013.  The TechNet documentation for the process is here:  http://technet.microsoft.com/en-us/library/cc262957.aspx

Windows Server 2012 and SQL 2012 will be used.  We already have an existing remote SQL 2012 server we will be using in this scenario.

Accounts:

• OPSMGR\ShptSetup  (user account that will log in and install or update SharePoint)
• OPSMGR\ShptSvc      (service account for the farm, database access account)
• OPSMGR\SharePoint Admins (Group)

Add all the SharePoint accounts to the SharePoint Admins group.  Technically for lowest priv the ShptSvc account does not need to be a SharePoint admin – as setup will grant necessary permissions to the SharePoint servers and Databases, however this is done for simplicity in a lab environment.

Install a new Windows Server 2012 computer.  Join it to a domain.  Add the DOMAIN\SharePoint Admins global group to the Local Administrators group.

Log on to the SharePoint server as DOMAIN\shptsetup

ShptSetup account must have the following rights:   http://technet.microsoft.com/en-us/library/ee662513.aspx

• local admin on all SharePoint servers
• SQL Server login on the computer that runs SQL Server.
• Member of the following SQL Server roles:
• securityadmin fixed server role
• dbcreator fixed server role
• If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database.
• To make this process simple – if possible, just grant the shptsetup account to have SysAdmin role over the SQL instance for installation.

Run prerequisiteinstaller.exe from the SharePoint 2013 media.

This will install all the necessary pre-reqs needed for SharePoint 2013:

Once the prereqs are installed, reboot the server.  When you log back in as DOMAIN\shptsetup, the installation of prereqs will complete.

Run setup.exe from the SharePoint 2013 media.

Input your product key.

Accept the license agreement

Choose Complete:

Click Install Now.

When complete – we can run the config wizard:

We want to create a new farm:

Provide a SQL server, and a SharePoint farm database access account:

The user account running setup needs access to the SQL server in order to create the SharePoint databases.  The provided SharePoint Farm Account/Database Access account will get the required permissions automatically by setup.

Provide a passphrase:

Specify a port or accept the default:

Complete the wizard:

When complete – you should see:

This will kick off the central administration sire farm configuration wizard.

Answer the questions in the wizard, and create the first site collection.

The management pack for SharePoint 2013 (including server and foundation) is available here:

http://www.microsoft.com/en-us/download/details.aspx?id=35590

As of this writing – the version on the download site is 15.0.4425.1000 however the ACTUAL version of the management packs are 15.0.4420.1017.  I have no idea why we don’t make these match up.

First – import the MP’s:

As a best practice, also ensure you have imported and configured the Windows Server Operating System, SQL Server, and IIS management packs for your OS versions.  Then – the SharePoint MP’s:

We will assume you have installed SharePoint 2013, and deployed an agent to these servers.  When monitoring a farm, you need to ensure agents are deployed to all farm role computers, including the SQL database servers.

Next – I recommend you perform this step on your management server.  We need to copy the configuration file “microsoft.sharepoint.foundation.library.mp.config” that shipped with the management pack files, to the following location:

C:\Program Files\System Center Management Packs

This MUST be placed in this specific location.  You might have to create the directory if it does not exist.  If you had previously configured SharePoint 2010 on this same server, you will see your SharePoint 2010 config file present, as seen in the graphic above.

Open the microsoft.sharepoint.foundation.library.mp.config file using NotePad, and find the section “<Association Account”

<Association Account="SharePoint Discovery/Monitoring Account" Type="Agent">
  <Machine Name="" />
< /Association>

We need to create a RunAs account for the SharePoint 2013 MP to use.  This RunAs account display name MUST match the “Association Account” in the config file.  Here is where we need to have a quick discussion.

The SharePoint 2010 MP’s and config file use the SAME default name of “SharePoint Discovery/Monitoring Account” 

• If you are NOT monitoring SharePoint 2010, then you can continue and use the default name.  If you ARE monitoring SharePoint 2010 already – then you have two choices. 
• If your CURRENT SharePoint monitoring RunAs account credential is also a Farm Admin in SharePoint 2013 – you can just use your existing RunAs Account and continue. 
• If you are monitoring SharePoint 2010 already, and you wish to use a DIFFERENT credential for monitoring SharePoint 2013, then you will need to modify the config file.

Honestly – the config files for SharePoint 2010 and 2013 should not have used the same default name for the RunAs account and the profile.  I’m hoping they change this in future versions because it just makes everything harder to support.

At any rate – I was not able to get the 2013 MP to use a unique RunAs account… no matter what I did it was always using the SharePoint 2010 MP’s credential, even when it was not distributed to my SharePoint 2013 servers, which is bizarre.  At this point I’d recommend using the same credential for all Farms if you are trying to monitor SharePoint 2013 and 2010.  I continue to investigate this.

Next – I will create a new Run As account – with this EXACT name (unless it already exists)

Open the RunAs account we just created – and on the distribution tab – add in the servers that are part of the farm, or SQL servers that host farm databases:

At this point – I need to ensure that my RunAs account credential that I just used is a Farm Admin, and has full access to all SharePoint SQL servers/databases.

Next – we need to configure the SharePoint config file for the server names for our SharePoint 2013 and SQL servers.  If you don’t edit the file with specific Farm Server and Database Server names, then SCOM will try and discover SharePoint 2013 on EVERY server in the management group.  It is best to scope this down in advance.  Open the file in NotePad, and under "Association Account” add a “Machine Name=” line for each server in your farm.  For instance, my Farm consists of “shpt2.opsmgr.net” and “db1.opsmgr.net” so my file will look as follows:

<Association Account="SharePoint Discovery/Monitoring Account" Type="Agent">
  <Machine Name="shpt2.opsmgr.net" />
  <Machine Name="db1.opsmgr.net" />
< /Association>

Save and close the config file.

In the monitoring view – Expand MicrosoftSharePoint > Administration and select the “Microsoft SharePoint Farm Group”

In the Tasks pane – run the task “Configure SharePoint Management Pack”

*** Note– if the task fails – or throws an error – try running it again a few times, or closing and opening the SCOM console – and running it again.  If it continues to fail – investigate and ensure you have the config file on your management server, and you are running the console on the management server when calling the task.

You should see output similar to this:

Output
Load configuration file Microsoft.SharePoint.Foundation.Library.mp.config
Configure Microsoft.SharePoint.Foundation.Library version 15.0.4420.1017
Create override management pack Microsoft.SharePoint.Foundation.Library.Override
Account SharePoint Discovery/Monitoring Account is associated to DB1.opsmgr.net for Microsoft.SharePoint.AdminAccount
Account SharePoint Discovery/Monitoring Account is associated to SHPT2.opsmgr.net for Microsoft.SharePoint.AdminAccount
Allow DB1.opsmgr.net as a proxy
Allow SHPT2.opsmgr.net as a proxy
Create 'Enabled' property override with value true for Microsoft.SharePoint.2013.WSSInstallation.Discovery
Create 'SyncTime' configuration override with value 18:43 for Microsoft.SharePoint.2013.WSSInstallation.Discovery
Create 'IntervalSeconds' configuration override with value 28800 for Microsoft.SharePoint.2013.WSSInstallation.Discovery
Microsoft.SharePoint.2013.WSSInstallation.Discovery does not have configuration TimeoutSeconds
Create 'SyncTime' configuration override with value 18:45 for Microsoft.SharePoint.2013.SPFarm.Discovery
Create 'SyncTime' configuration override with value 18:51 for Microsoft.SharePoint.2013.SPService.Discovery
Create 'SyncTime' configuration override with value 18:57 for Microsoft.SharePoint.2013.SPSharedService.Discovery
Create 'SyncTime' configuration override with value 19:03 for Microsoft.SharePoint.2013.SPHARule.Discovery
Create 'SyncTime' configuration override with value 19:09 for Microsoft.SharePoint.2013.SPHARuleMonitor.Availability
Create 'SyncTime' configuration override with value 19:09 for Microsoft.SharePoint.2013.SPHARuleMonitor.Security
Create 'SyncTime' configuration override with value 19:09 for Microsoft.SharePoint.2013.SPHARuleMonitor.Performance
Create 'SyncTime' configuration override with value 19:09 for Microsoft.SharePoint.2013.SPHARuleMonitor.Configuration
Create 'SyncTime' configuration override with value 19:09 for Microsoft.SharePoint.2013.SPHARuleMonitor.Custom
Create 'SyncTime' configuration override with value 19:15 for Microsoft.SharePoint.2013.SPHARuleMonitor.SPServer.Availability
Create 'SyncTime' configuration override with value 19:15 for Microsoft.SharePoint.2013.SPHARuleMonitor.SPServer.Security
Create 'SyncTime' configuration override with value 19:15 for Microsoft.SharePoint.2013.SPHARuleMonitor.SPServer.Performance
Create 'SyncTime' configuration override with value 19:15 for Microsoft.SharePoint.2013.SPHARuleMonitor.SPServer.Configuration
Create 'SyncTime' configuration override with value 19:15 for Microsoft.SharePoint.2013.SPHARuleMonitor.SPServer.Custom
SharePoint management pack configuration completed successfully

This task is really a “discovery helper”.  It will create the necessary RunAs profile associations to the RunAs account for each server, and it will enable agent proxy for each server, and will create some overrides to space out all the discoveries so they run in order, and can discover all Farm components as quickly as possible.   From the time you run the task, to full Farm, Role, Server, and Service discovery, should be around 40 minutes.

After 40 minutes – check in the console and see if your Farm, Servers, and Services have all been discovered.  If not – check in the “Unidentified machines view”.  If your farm servers show up there, it is likely a permissions issue with your RunAs account, either on the Farm servers or on the SQL server.  On the SharePoint servers, make sure this account can log in and execute the SharePoint command shell without errors. 

Some good troubleshooting blogs on this topic:

http://thoughtsonopsmgr.blogspot.com/2013/04/sharepoint-server-2013-mp-useful-links.html

http://thoughtsonopsmgr.blogspot.nl/2013/04/troubleshooting-sharepoint-server-2013.html

http://thoughtsonopsmgr.blogspot.nl/2013/04/sharepoint-server-2013-mp-configure.html

Known issues:

There is a bug in the MP’s report deployment – you will see an alert about

Data Warehouse failed to deploy reports for a management pack to SQL Reporting Services Server. Failed to deploy reporting component to the SQL Server Reporting Services server. The operation will be retried.
Exception 'DeploymentException': Failed to deploy reports for management pack with version dependent id 'edf9e0b9-65aa-df29-6729-d16f0005e820'. Failed to deploy linked report 'Microsoft.SharePoint.Server_Performance_Report'. Failed to convert management pack element reference '$MPElement[Name="Microsoft.SharePoint.Foundation.2013.Responsetime"]$' to guid. Check if MP element referenced exists in the MP. An object of class ManagementPackElement with ID 75668869-f88c-31f3-d081-409da1f06f0f was not found.
One or more workflows were affected by this.
Workflow name: Microsoft.SystemCenter.DataWarehouse.Deployment.Report

See:  http://thoughtsonopsmgr.blogspot.com/2013/05/bug-alert-sharepoint-server-2013-mp.html