I found out about John’s upcoming class and wanted to pass this along.

 

Click HERE:  Master Class Certified training session in Dallas on 7/8/2013

John is THE most talented and knowledgeable Windows IT Pro I have ever met.  He is an accomplished author, public speaker, blogger, and I am constantly in awe of his knowledge of Windows Server technologies, System Center, Virtualization, PowerShell, and Disaster Recovery for the enterprise.  He is offering an amazing training session in Dallas that will cover ALL of these technologies, which is a rare find.

Class overview:

A 5 day highly intensive class with a heavy focus on interaction with attendees through extensive white-boarding, live demo environments and classroom discussions. The content of the Master Class has been formulated based on Johns many years of experience to give attendees what they need to be successful and to architect and manage even the most demanding environments. Key technology areas covered will include:

 

• Windows Fundamentals
• File, Print and Network Services
• Active Directory & Group Policy
• Hyper-V
• System Center 2012
• Private, Public and Hybrid Cloud
• PowerShell
• DR, HA and Backups
• Windows Server 2012
• Windows 8
• Future Versions

From John:

Become John Savill Master Class Certified (MCC) and take your skills and understanding of the complete Microsoft landscape to a whole new level.

Join the trainer of trainers, Windows IT Pro magazine senior contributing editor and industry expert John Savill for an intensive one week event designed to give attendees the skills required to architect, deploy and manage a Microsoft centric environment. This event will expand the skills of even experts in specific Microsoft areas and is also a great onboarding for people new to the Microsoft landscape. At the end of the event attendees will understand all the capabilities available, how they work best together and be able to take your environments to new levels of functionality.

 

Go to http://www.savilltech.com/mcc to find out more, download a 1 page information sheet and register now.

Jalasoft recently updated their network device simulator, which is useful for testing/demo of OpsMgr network monitoring capabilities.

You can download the simulator here:

http://www.jalasoft.com/xian/snmpsimulator

This article will walk through the setup, configuration, and initial monitoring.

You will need a computer or VM (Windows 2003 or above, including Win7 or Win8 apparently).  Then, you will need to add multiple IP addresses, one IP address for each device you want to monitor:

In the example above – 10.10.10.20 is the primary IP for my server.  Network devices will be simulated on 10.10.10.21 through 10.10.10.25

Run Setup.exe and install the defaults, the Agent Service and Simulator Console.

Provide a service account in order to run the simulator as a service (a new and much needed feature!)

Select the IP address that is the primary IP for the server.

When install is complete – open the Device Simulator console.

Connect to the agent on your primary IP.

Click the + to add a new device.

Lets add a Cisco Router:

On the first secondary IP:

And leave defaults for SNMP  (V2 and “public”)

Now lets add additional devices, such as switches, firewalls, etc…

When done – click the Green arrow to save the config.

Next up – we need to give each device a DNS A record so that SCOM can discover it.  In AD DNS, create new A records with associated PTR records, and give each device a name:

Once you have added the DNS records in AD – we are ready to discover the devices in SCOM:

Administration > Network Management > Discovery Rules.  Run the discovery wizard and discover network devices.

Give the discovery rule a name, choose a management server to run the discovery, and select a resource pool to monitor the network devices

(Hint – you should always create a dedicated resource pool for monitoring network devices, even if you only have a single management server.  This allows you to scale these out to dedicated servers in the future without making any other changes)

Choose Explicit discovery.

Create a Run As account for the “public” SNMP community string.  Select it:

Add in each device and select the appropriate community string Run As account:

Then choose to run the discovery manually:

And click “Create”, and leave the box checked to “Run the network discovery rule”

In the console – you can see the discovery rule and the status:

In the event log of the management server that runs the discovery – you will soon see network discovery events:

Once this is complete – you should see the network devices in the console views:

You can run Health Explorer and view the out-of-the-box monitoring:

Or look at the network node and summary dashboards to view summary and historical data

There are VERY specific scenarios where you might want to remove a management server from the All Management Servers Resource Pool (AMSRP)

However, there are some challenges you might experience if this is done.  Russ Slaten walks through the challenges and workarounds to make this happen with success.

http://blogs.msdn.com/b/rslaten/archive/2013/05/30/management-servers-turn-gray-when-they-are-removed-from-the-amsrp.aspx

You can download it here:

http://www.microsoft.com/en-us/download/details.aspx?id=39062

This article is based on version 6.0.7033.0 of the MP.

What's new?

• All workflows are implemented using PowerShell to improve overall functionality for this Management Pack.
• Failover Relationships are now a supported configuration that is being discovered and monitored by the new 2012 Management Pack.
• Discovery and Monitoring of a DHCP Cluster installation.
• Scopes, super scopes utilization is being monitored based on events that provide 80% and 100% usage.
• Utilization of scopes based on policies, client packet drop and residual IP addresses range monitoring.

The guide is very simple and straightforward.  It also lists out the rules and monitors, and discoveries in the MP with a good description of each.

What's in the MP?

This MP targets the Windows Server version 2012 DHCP servers ONLY (Microsoft.Windows.DHCPServer.2012.mp).  It does not replace the previous MP versions… so you will have to consider multiple MP’s if you run DHCP on multiple OS versions.  With all the huge improvements and benefits of DHCP on Windows Server 2012, it would make sense to rapidly shift all DHCP to WS2012 servers in your environment.

There are 20 monitors in the DHCP 2012 MP.  The bummer is that a LOT of these are manual reset monitors.  Manual reset monitors have to be reset, well, manually and my experience has been that the majority of customers do not like these as they do not live in the OpsMgr console.  In the past, whenever we shipped a management pack with manual reset monitors, we would include disabled rules that used the same data source, however this MP does not include those.  Keep this in mind as you deploy this MP.

There are only 4 rules in this MP.  All 4 are performance collection to show scope address utilization.

In the Library MP Microsoft.Windows.DHCPServer.Library.mp, there are many rules and monitors, however, most of these are carry-overs from an older MP version.  That said – they still do focus on the health monitoring of the DHCP server, such as the DHCP service, DHCP database, and many DHCP events.  The event monitors again are mostly manual reset monitors, so keep that in mind.

Key Monitoring Scenarios:

Known issues:

There are some challenges with this MP.  For instance – all scopes are discovered and monitored as a single object.  If a scope fills up – this will turn the monitor to an unhealthy state, and generate an alert.  If a subsequent scope fills up – you will NOT get another alert as the monitor is already unhealthy, and since it is a manual reset monitor… it is highly likely it will stay in this state unless someone resets it after resolving the issue.

One option for this – is to rebuild these scope-full monitors as rules – and simply allow them to create a new alert for each event, so you wont miss any scopes that are full.  The downside is you will see multiple events/alerts as the DHCP service logs these events on a regular basis (once per hour)

System Center 2012 Service Pack 1 has hit the GA (General Availability) milestone.

The best place to see what impact this has in new features and fixes will be here:

http://blogs.technet.com/b/systemcenter/archive/2013/01/15/system-center-2012-sp1-is-generally-available.aspx

There is already a very good deployment guide posted on TechNet here:  http://technet.microsoft.com/en-us/library/hh457006.aspx  The TechNet deployment guide provides an excellent walkthrough of installing OpsMgr 2012 SP1 for the “all in one” scenario, where all roles are installed on a single server.  That is a very good method for doing simple functionality testing and lab exercises.

The following article will cover a basic install of System Center Operations Manager 2012.   The concept is to perform a limited deployment of OpsMgr, only utilizing as few servers as possible, but enough to demonstrate the new roles and capabilities in OM2012 SP1.  For this reason, this document will cover a deployment on 3 servers. A dedicated SQL server, and two management servers will be deployed.  This will allow us to show the benefits of the RMS removal, and the management server pools concepts.  This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Definitions:

• MS - Management Server
• SRS - SQL reporting services

Server Names\Roles:

• DB1               SQL Database Services, Reporting Services
• SCOMMS1    Management Server, Web Console server
• SCOMMS2    Management Server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 will be the base standard for all database and SQL reporting services. 

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\OMAA                 OM Server action account
• DOMAIN\OMDAS               OM Config and Data Access service account   
• DOMAIN\SQLSVC               SQL service account
• DOMAIN\OMAdmins          OM Administrators security group

2.  Add the “OMAA” account and the “OMDAS” account to the “OMAdmins” global group.

3.  Add the domain user accounts for yourself and your team to the “OMAdmins” group.

4.  Install Windows Server 2012 to all server role servers.

5.  Install Prerequisites and SQL 2012.

6.  Install the Management Server and Database Components

7.  Install the Reporting components.

8.  Deploy Agents

9.  Import Management packs

10.  Set up security (roles and run-as accounts)

Prerequisites:

1.  Install Windows Server 2012 to all Servers

2.  Join all servers to domain.

3.  Install the Report Viewer controls to all Management Servers. Install them from http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6442

4.  Install all available Windows Updates.

5.  Add the “OMAdmins” domain global group to the Local Administrators group on each server.

6.  Install IIS on any management server that will also host a web console:

Open PowerShell (as an administrator) and run the following: 

Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –Restart

After installing these roles/features, you must register ASP.NET with IIS.  The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -r 

7. Install SQL 2012 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • Reporting Services - Native
• Optionally – consider adding the following to ease administration:
  • Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
• On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Setup will complete.
                

Step by step deployment guide:

1.  Install the Management Server role on SCOMMS1. You can also refer to: http://technet.microsoft.com/en-us/library/hh301922.aspx

• Log on using your personal domain user account that is a member of the OMAdmins group.
• Run Setup.exe
• Click Install
• Select the following, and then click Next:
  • Management Server
  • Operations Console
  • Web Console
• Accept or change the default install path and click Next.
• You might see an error from the Prerequisites here. If so – read each error and try to resolve it. Common errors:
  • Report Viewer controls are not installed. Install them from http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6442
  • ISAPI/ASP.NET errors. Simply run the following command to resolve, from an elevated command prompt: “C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r” After you run this – you might have to cancel and restart setup for the installed to recognize this.
• On the Proceed with Setup screen – click Next.
• On the specify an installation screen – choose to create the first management server in a new management group.  Give your management group a name. Don’t use any special or Unicode characters, just simple text. Click Next.
• Accept the license.  Next.
• On the Configure the Operational Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
• On the Configure the Data Warehouse Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.  
• On the Web Console screen, choose the default web site, and leave SSL unchecked. If you have already set up SSL for your default website with a certificate, you can choose SSL.  Click Next.
• On the Web Console authentication screen, choose Mixed authentication and click Next.
• On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation (Data Access, Reader, and Writer accounts). Click Next.
• Choose Yes or No to send Customer Experience and Error reports.
• On the Microsoft Update screen – choose to use updates or not.  Next.
• Click Install.
• Close when complete.
• The Management Server will be very busy (CPU) for several minutes after the installation completes. Before continuing it is best to give the Management Server time to complete all post install processes, complete discoveries, configuration, etc. 10 minutes is typically sufficient.

2.  Install the second Management Server on SCOMMS2. You can also refer to: http://technet.microsoft.com/en-us/library/hh284673.aspx

• Log on using your domain user account that is a member of the OMAdmins group.
• Run Setup.exe
• Click Install
• Select the following, and then click Next:
  • Management Server
  • Operations Console
• Accept or change the default install path and click Next.
• Resolve any issues with prerequisites, and click Next.
• Choose “Add a management server to an existing management group” and click Next.
• Accept the license terms and click Next.
• Input the servername\instance hosting the Ops DB. Select the correct database from the drop down and click Next.
• On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS accounts we created previously.  Click Next.
• Choose Yes or No to send Customer Experience and Error reports. Next.
• Turn Microsoft Updates on or off for SCOM, Next.
• Click Install.
• Close when complete.

3.  Install OM12 Reporting on the SQL server. You can also refer to: http://technet.microsoft.com/en-us/library/hh298611.aspx

• Log on using your domain user account that is a member of the OMAdmins group, and has System Administrator (SA) rights over the SQL instances.
• Run Setup.exe. Click Install.
• Select the following, and then click Next:
  • Reporting Server
• Accept or change the default install path and click Next.
• Resolve any issues with prerequisites, and click Next.
• Accept the license and click Next.
• Type in the name of a management server, and click Next.
• Choose the correct local SQL reporting instance and click Next.
• Enter in the DOMAIN\OMDAS account when prompted. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
• Choose Yes or No to send ODR information to Microsoft. This is very important to assist Microsoft in getting good information to help improve the product.
• Click Install.
• Close when complete.

4.  Deploy an agent to the SQL DB server.

• This process has not changed from OpsMgr 2007 R2, so you would use the typical mechanism to push or manually install. You can also refer to: http://technet.microsoft.com/en-us/library/hh230731.aspx
• You could also deploy any additional agents at this point.

5.  Import management packs. Also refer to: http://technet.microsoft.com/en-us/library/hh212691.aspx

• Using the console – you can import MP’s using the catalog, or directly importing from disk.  Note – some MP’s should only be imported from disk.
• Import the Base OS and SQL MP’s at a minimum.

6.  Create a dashboard view:

• http://technet.microsoft.com/en-us/library/hh230752.aspx#bkmk_howtocreateadashboardview

7.  Manually grow your Database sizes and configure SQL

• When we installed each database, we used the default of 1GB (1000MB). This is not a good setting for steady state as our databases will need to grow larger than that very soon.  We need to pre-grow these to allow for enough free space for maintenance operations, and to keep from having lots of auto-growth activities which impact performance during normal operations.
• A good rule of thumb for most deployments of OpsMgr is to set the OpsDB to 30GB for the data file and 15GB for the transaction log file. This can be smaller for POC’s but generally you never want to have an OpsDB set less than 10GB/5GB.  Setting the transaction log to 50% of the DB size for the OpsDB is a good rule of thumb.
• For the Warehouse – you will need to plan for the space you expect to need using the sizing tools available and pre-size this from time to time so that lots of autogrowths do not occur.   http://www.microsoft.com/en-us/download/details.aspx?id=29270

8.  Continue with optional activities from the Quick Start guide on TechNet:

• http://technet.microsoft.com/en-us/library/hh230738.aspx

9.  Enable Agent Proxy

• I prefer to simply enable agent proxy for all agents.  You can do this by running a script on a schedule, either via scheduled task, Orchestrator, or embed into a management pack.
• http://blogs.technet.com/b/kevinholman/archive/2010/11/09/how-to-set-agent-proxy-enabled-for-all-agents.aspx

10.  Configure Notifications:

• http://blogs.technet.com/b/kevinholman/archive/2012/04/28/opsmgr-2012-configure-notifications.aspx

11.  Deploy Unix and Linux Agents

• http://blogs.technet.com/b/kevinholman/archive/2012/03/18/deploying-unix-linux-agents-using-opsmgr-2012.aspx

12.  Configure Network Monitoring

• http://blogs.technet.com/b/kevinholman/archive/2011/07/21/opsmgr-2012-discovering-a-network-device.aspx

13.  Connect with VMM 2012:

• http://technet.microsoft.com/en-us/library/hh427287.aspx
• Make sure you have the IIS MP’s imported first, including IIS 2003.

14.  Configure your OpsMgr environment to accept manually installed agents.

• The default is to block manually installed agents.  I recommend setting this to “Review new manual agent installations”

15.  Configure your management group to support APM monitoring.

• http://technet.microsoft.com/en-us/library/hh543994.aspx
• Import supporting management packs for IIS 7 and 8, and APM Web for IIS 7 and 8.

16.  Deploy Audit Collection Services

• http://technet.microsoft.com/en-us/library/hh298613.aspx
• Install the audit collector on a management server, and create a database on a SQL server.
• Upload the reports for ACS, my command is:  UploadAuditReports.cmd “DB1” "http://db1/ReportServer""c:\acs"
• Create and set a filter:  http://technet.microsoft.com/en-us/library/hh230740.aspx 
• You will need to grant NETWORK SERVICE full control to the AdtServer registry key to set a filter at the command line:  http://social.technet.microsoft.com/Forums/en-US/operationsmanagerreporting/thread/ab22685e-36a1-49a9-b90e-d39ead31901f
• My initial filter for lab use is:   adtadmin /setquery /query:"SELECT * FROM AdtsEvent WHERE NOT (EventId=4768 OR EventId=4769 OR EventId=4624 OR EventId=4634 OR EventId=4672 OR EventId=4776)"

17.  Configure SQL MP RunAs Security:

• http://blogs.technet.com/b/kevinholman/archive/2010/09/08/configuring-run-as-accounts-and-profiles-in-r2-a-sql-management-pack-example.aspx

System Center Orchestrator 2012 SP1 is extremely easy to setup and deploy.  There are only a handful of prerequisites, and most can be handled by the setup installer routine.

The TechNet documentation does an excellent job of detailing the system requirements and deployment process:

http://technet.microsoft.com/en-us/library/hh420337.aspx

The following document will cover a basic install of System Center Orchestrator 2012 at a generic customer.  This is to be used as a template only, for a customer to implement as their own pilot or POC deployment guide.  It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

SCORCH can be scaled to match the customer requirements. This document will cover a typical two server model, where all server roles are installed on a single VM, and utilize a remote database server or SQL cluster.

This is not an architecture guide or intended to be a design guide in any way.

Definitions:

SCORCH          System Center Orchestrator

Server Names\Roles:

SCORCH          Orchestrator 2012 role server

• Management Server
• Runbook Server
• Orchestrator Web Service Server
• Runbook Designer client application

DB1                  SQL 2012 Database Engine Server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 will be the base standard for all database services. SCORCH only requires a SQL DB engine (locally or remote) in order to host SCORCH databases.

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

a.  DOMAIN\scorchsvc                       SCORCH Mgmt, Runbook, and Monitor Account

b.  DOMAIN\ScorchUsers                   SCORCH users security global group

c.  DOMAIN\sqlsvc                              SQL Service Account

2.  Add the domain user accounts for yourself and your team to the ScorchUsers group.

3.  Install Windows Server 2012 to all server role members.

4.  Install Prerequisites.

5.  Install the SCORCH Server.

Prerequisites:

1.  Install Windows Server 2012 on all servers.

2.  Join all servers to domain.

3.  Ensure SCORCH server has a minimum of 1GB of RAM.

4.  On the SCORCH server, .Net 3.5SP1 is required. Setup will not be able to add this feature on Windows Server 2012.  Open an elevated PowerShell session (run as an Administrator) and execute the following:

Add-WindowsFeature NET-Framework-Core

6.  On the SCORCH .Net 4.0 is required. This is included in the WS2012 OS (.NET 4.5)

7.  Install all available Windows Updates as a best practice.

8.  Add the “DOMAIN\scorchsvc” domain account explicitly to the Local Administrators group on the SCORCH server.

9.  Add the “DOMAIN\ScorchUsers” global group explicitly to the Local Administrators group on the SCORCH server.

10.  On the SQL database server, install SQL 2012.

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation> New SQL server stand-alone installation…..
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
• Additionally, the product documentation for SCVMM states to install the management tools – complete:
  • Management Tools– Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  I prefer to use a service account for SQL, so I will set the Agent and DB Engine to run under my DOMAIN\sqlsvc account and provide the password.  This is optional.
• On the Collation Tab – you can use the default of SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the ScorchUsers global group here. This will grant more rights than is required to all ScorchUser Admin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• Setup will complete.

Step by step deployment guide:

1.  Install SCORCH 2012:

• Log on using your domain user account that is a member of the ScorchUsers group.
• Run Setuporchestrator.exe
• Click Install
• Supply a name, org, and license key (if you have one) and click Next.  If you don't input a license key it will install Eval version.
• Accept the license agreement and click Next.
• Check all boxes on the getting started screen, for:
  • Management Server
  • Runbook Server
  • Orchestration Console and Web Service
  • Runbook Designer
• On the Prerequisites screen, check the boxes to remediate any necessary prerequisites, and click Next when all prerequisites are installed.
• Input the service account “scorchsvc” and input the password, domain, and click Test. Ensure this is a success and click Next.
• Configure the database server. Type in the local computer name if you installed SQL on this SCORCH Server, or provide a remote SQL server (and instance if using a named instance) to which you have the “System Administrator” (SA) rights to in order to create the SCORCH database and assign permissions to it. Test the database connection and click Next.
• Specify a new database, Orchestrator. Click Next.
• Browse AD and select your domain global group for ScorchUsers. Click Next.
• Accept defaults for the SCORCH Web service ports of 81 and 82, Click Next.
• Accept default location for install and Click Next.
• Select the appropriate options for Microsoft Update, Customer Experience and Error reporting. Click Next.
• Click Install.
• Setup will install all roles, create the Orchestrator database, and complete very quickly.

2. Open the consoles.

• Open the Deployment Manager, Orchestration Console, and Runbook designer. Ensure all consoles open successfully.

Post install procedures:

1.  Lets register and then deploy Integration Packs that enable Orchestrator to connect to so many outside systems.

Download the toolkit, add-ons, and IP’s for SCORCH 2012 SP1.

• Make a directory on the local SCORCH server such as “C:\IntegrationPacks”
• Copy to this directory, the downloaded IP’s, such as the following:
  • SC2012SP1_Integration_Pack_for_Configuration_Manager.oip
  • SC2012SP1_Integration_Pack_for_Data_Protection_Manager.oip
  • SC2012SP1_Integration_Pack_for_Operations_Manager.oip
  • SC2012SP1_Integration_Pack_for_Service_Manager.oip
  • SC2012SP1_Integration_Pack_for_Virtual_Machine_Manager.oip
                   
• Open the Deployment Manager console
• Expand “Orchestrator Management Server”
• Right click “Integration Packs” and choose “Register IP with the Orchestrator Management Server”
• Click Next, then “Add”.  Browse to “C:\Integration Packs” and select all of the OIP files you copied here.  You have to select one at a time and go back and click “Add” again to get them all.
• Click Next, then Finish.  You have to accept the License Agreement for each IP. 
• Now when you select “Integration Packs” you can see these IP’s in the list.
• Right Click “Integration Packs” again, this time choose “Deploy IP to Runbook server or Runbook Designer”.
• Click Next, select all the available IP’s and click Next.
• Type in the name of your Runbook server role name, and click Add.
• On the scheduling screen – accept the default (which will deploy immediately) and click Next.
• Click Finish.  Note the logging of each step in the Log entries section of the console.
• Verify deployment by expanding “Runbook Servers” in the console.  Verify that each runbook was deployed.
• Open the Runbook Designer console.
• Note that you now have these new IP’s available in the designer for your workflows.

Additionally – you can download more IP’s at:

http://technet.microsoft.com/en-us/library/hh295851.aspx

Such as the VMware VSphere IP, or the IBM Netcool IP.

Additionally – check out Charles Joy’s blog on popular codeplex IP’s which have been updated for Orchestrator:

http://blogs.technet.com/b/charlesjoy/

This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Server Names\Roles:

• DB3               SQL Database Services, Reporting Services
• CM1              Primary Site Server  Management Server, Web Console server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 RTM with CU2 will be the base standard for all SQL database and reporting services.      http://technet.microsoft.com/en-us/library/gg682077.aspx

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\ConfigMgrAdmins           ConfigMgr Administrators security group
• DOMAIN\ConfigMgrLocalAdmin    ConfigMgr Client Push account

2.  Add the domain user accounts for yourself and your team to the “ConfigMgrAdmins” group.

3.  Install Windows Server 2012 to all server role servers.

4.  Install Prerequisites and SQL 2012.

5.  Install the Site Server and Database Components

6.  Install the Reporting components.

Prerequisites:

1.  Install Windows Server 2012 to all Servers 

2.  Join all servers to domain.

3.  Install all available Windows Updates.

4.  Add the “ConfigMgrAdmins” domain global group to the Local Administrators group on each server.

5.  On CM1, Install required prerequisites for the site system roles (this covers all site system roles combined on a single server):

Open PowerShell (as an administrator) and run the following:   

Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat -Restart

Note – if your machines are not internet connected, you might need to add a “–Source D:\sources\sxs” or whatever the path is to your Windows installation media.  By default Windows 2012 gets .NET 3.5 from Windows Update, but this doesn't always work, and will never work for machines without an internet connection.

After installing these roles/features, you must register ASP.NET with IIS.  The simplest way is to open an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r 

6.  On CM1 – Install the Deployment Tools, Windows PE, and the User State Migration tool from the Windows 8 ADK:   http://www.microsoft.com/en-us/download/details.aspx?id=30652

7.  On CM1 – add the WSUS feature from Server Manager.

8. Install SQL 2012 RTM with CU2 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • Reporting Services - Native
• Optionally – consider adding the following to ease administration:
  • Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, and Reporting.
• On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Setup will complete.
• Apply SQL 2012 RTM, CU2 to the SQL server.  http://support.microsoft.com/kb/2703275
• Set a limit on SQL memory for the DB instance – to reserve memory for the OS and Reporting services.

9.  On the SQL server – add the Computer Account in the domain to the local administrators group of the SQL database server (DOMAIN\CM1$)

10.  In Active Directory – extend the schema, create the System Management container, and assign permissions:  http://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_PrepAD

Step by step deployment guide:

1.  Install the Primary Site Server role on CM1.

• Log on using your personal domain user account that is a member of the ConfigMgrAdmins group.
• Run Splash.hta
• Click Install
• Read the “Before You Begin” Info and click Next.
• On the Available Setup Options, choose to install a primary site, but to NOT check the box for typical options.  We are going to configure each step for our site and use a remote SQL database server.
• Choose Eval or input your license key and click Next.
• Accept the Eula and click Next.
• Accept the additional license agreements and click Next.
• Provide a path to the prereq file downloads.  If you have not downloaded these recently then create a new folder for these, locally or on a remote path.
• Choose you language and click Next, on the server and client screens.
• Input a site code for your primary site.  Input a description.  Choose a path.  Make sure you are also installing the console.  Click Next.
• Choose to install a primary site as a stand alone site.  We can add a CAS later in ConfigMgr 2012 SP1.
• Input the SQL server name, instance, click Next.
• Accept the default for the SMS provider.  Next.
• Choose to configure the communication method on each site system role, and to use HTTPS in the check box.  Next.
• Choose HTTP for the MP and DP – we can change this to HTTPS with certs down the road.  Next.
• Choose to enable CEIP or not.  Next.
• Choose next to run prereq checker.  Resolve any issues.  Click Begin Install.

Post Deployment Configuration:

1.  Add Site System Roles:

• http://technet.microsoft.com/en-us/library/hh272770.aspx
• Application Catalog roles
• Asset Intelligence
• Endpoint protection
• Fallback status
• Software update

2.  Enable discoveries

• http://technet.microsoft.com/en-us/library/hh427340.aspx
• Enable AD Forest Discovery

This will bring in the AD site and IP boundaries.

• Enable AD system discoveries to bring in systems
• Enable User discovery

3.   Create boundary groups

• Create a boundary group and add your site boundaries and site servers to it, for site assignment.

4.  Assign a client Push account to Administration > Site Configuration > Sites

5.  Push a client/clients from discovered assets.

6.  Verify Hardware and software inventory for clients

7.  Enable Endpoint protection

• Client Settings – create a new client device setting.  Enable endpoint protection.
• Configure Client device settings to turn on Endpoint protection and deploy endpoints.
• Deploy new client policy to All Desktop and Server Clients Collection, or a custom collection
• Create automatic deployment rule for definition updates using Definition template.

The following article will cover a basic install of System Center Service Manager 2012 SP1.   The concept is to perform a limited deployment of SCSM, similar to our deployment guide on TechNet:  http://technet.microsoft.com/en-us/library/hh519675.aspx  The deployment guide on TechNet demonstrates Service Manager in a Two Server model (typical for lab and test environments), and a Four Server Model (More typical for a scaled out production environment).  However for this article, I will be choosing a 3 server model, where all the SQL components are installed on a single SQL server, with a dedicated SCSM Management server, and dedicated SCSM Data Warehouse management server.  I feel this is a more typical scenario for lab testing and pilot environments where we don't want to deploy SQL on the SCSM management servers themselves, but don't need two independent SQL servers.  This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Server Names\Roles:

• DB2               SQL Database Services, SQL Analysis Services, SQL Reporting Services.
• SCSM            Management Server
• SCSMDW      Data Warehouse Management Server

Windows Server 2012 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2012 Enterprise will be the base standard for all SQL Database, Analysis, and Reporting services. 

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\scsmsvc                 SM Server service account
• DOMAIN\scsmwf                  SM Mail Enabled Workflow account
• DOMAIN\scsmrep                 SM reporting and analysis account
• DOMAIN\SQLSVC                 SQL service account
• DOMAIN\SCSMadmins         SM Administrators security group

2.  Add the three SCSM service accounts, and the domain user accounts for yourself and your team to the “SCSMadmins” group.

3.  Install Windows Server 2012 to all server role servers.

4.  Install Prerequisites and SQL 2012.

5.  Install the Management Server

6.  Install the Data Warehouse Server

7.  Post install configurations 

Prerequisites:

1.  Install Windows Server 2012 to all Servers

2.  Join all servers to domain.

3.  Add the “SCSMAdmins” domain global group to the Local Administrators group on each server.

4.  On the SCSM and SCSMDW server, Open Powershell as an administrator, and install .NET 3.5 by running:  “Install-WindowsFeature NET-Framework-Core”

5.  On the SCSM and SCSMDW server, install the SQL 2012 Native Client, and the SQL 2012 Analysis Management Objects, from http://www.microsoft.com/en-us/download/details.aspx?id=29065

6.  Install all available Windows Updates.

7. Install SQL 2012 to the DB server role

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation > New Installation…
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
  • Full-Text and Semantic Extractions for Search
  • Analysis Services
  • Reporting Services - Native
• Optionally – consider adding the following to ease administration:
  • Management Tools – Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I recommend using a Domain account for the service account.  Input the DOMAIN\sqlsvc account and password for Agent, Engine, Analysis, and Reporting.
• On the Collation Tab – you can use the default which is SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the SCSMAdmins global group here. This will grant more rights than is required to all SCSMAdmin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• On the Analysis Services screen, add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the SCSMAdmins global group here. This will grant more rights than is required to all SCSMAdmin accounts, but is fine for testing purposes of the POC.  Customize data directories for Analysis file locations if needed, and click Next.
• On the Reporting Services Configuration – choose to Install and Configure. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
• Continue accepting defaults until you reach Install.  Installation will run then complete.
               

Step by step deployment guide:

1.  Install the Management Server role on SCSM. You can also refer to: http://technet.microsoft.com/en-us/library/hh519668.aspx

• Log on using your personal domain user account that is a member of the SCSMAdmins group.
• Run Setup.exe
• Click Install > Service Manager Management Server
• Provide a Name, Org, and a product key, or select to install the 180 day evaluation.  Accept the license agreement and click Next.
• The Prereq checker runs.  Observe any critical or warnings.  At this point you should install the Report Viewer from the link in the checker, as that ships with the SCSM media.  Check prereqs again.  Common issues at this point will be memory and CPU checks throwing a warning.  This is fine for a lab, but should be corrected for any pilots or production work.  Click Next.
• For the Management Server role, we will use a remote database server.  Input the DB server name and choose an instance.  You must be logged on with an account that has SA rights over to remote SQL server in order to create and configure the DB.  If you get an error about the collation, click OK.  This is normal for SQL_Latin1_General_CP1_CI_AS.  See:  http://blogs.technet.com/b/momteam/archive/2012/05/25/clarification-on-sql-server-collation-requirements-for-system-center-2012.aspx  Select to create a new database, accept default size, and modify the path for the DB files if necessary.  Click Next.
• Choose a Service Manager Management group name.  If you also have OpsMgr in the environment, its a best practice to always use distinct MG names.  Choose your group DOMAIN\SCSMAdmins.  Click Next.
• Input the Service manager service account we created above.  Test the credentials, then click Next.
• Input the Service manager workflow account we created above.  Test the credentials, then click Next.
• Join the customer experience program, or not.  Next.
• Choose to leverage Microsoft Update, or not.  Next.
• Click Install.  When setup Completes.  Backup and save the encryption key for this management group.

2.  Install the Data Warehouse Management Server role on SCSMDW. You can also refer to: http://technet.microsoft.com/en-us/library/hh519780.aspx.

• The first step for the DW install, is to prepare the SRS server.  We must perform this anytime the SQL Reporting server is installed remotely, on a different server than the SCSM Data Warehouse Management server.  See the following for instructions:  http://technet.microsoft.com/en-us/library/hh519664.aspx
• Once you have prepared the remote SRS server, log on to the SCSMDW server using your domain user account that is a member of the SCSMAdmins group.
• Run Setup.exe
• Click Install > Service Manager Data Warehouse Management Server
• Provide a Name, Org, and a product key, or select to install the 180 day evaluation.  Accept the license agreement and click Next.
• The Prereq checker runs.  Observe any critical or warnings.  Common issues at this point will be memory and CPU checks throwing a warning.  This is fine for a lab, but should be corrected for any pilots or production work.  Click Next.
• For the DW Management Server role, we will use a remote database server.  Input the DB server name for each database and choose an instance.  You must be logged on with an account that has SA rights over to remote SQL server in order to create and configure the DB.  If you get an error about the collation, click OK.  This is normal for SQL_Latin1_General_CP1_CI_AS.  See:  http://blogs.technet.com/b/momteam/archive/2012/05/25/clarification-on-sql-server-collation-requirements-for-system-center-2012.aspx  Select to create a new database, accept default size, and modify the path for the DB files if necessary.  Click Next.  This wizard allows us to scale out service manager across multiple SQL servers for the best performance, but for this purpose, we will be deploying to a single SQL server for all database components.
• On the Configuration screen, provide a Management Group name.  A good rule of thumb is to use your SCSM management group name we used above, prefixed by DW_.  I will use DW_SCSMDEMO.  Choose your SCSMAdmins group.  Next. 
• On the reporting server screen, type in the name of the remote SSRS server, and choose an instance.  We will validate the URL before letting you continue.
• For the service account, enter in DOMAIN\scsmsvc, and test the credential.
• For the reporting account, enter in DOMAIN\scsmrep, and test the credential.
• For the Analysis Services OLAP screen, input the remote DB server name, and choose an instance.  Create a new database, and provide a path if needed different than the default.
• For the Analysis Services credential, we will use the same credential that we used for reporting:  DOMAIN\scsmrep.  This account MUST be a local administrator on the SQL Analysis server, so ensure that is done in advance.
• Choose whether to join the CEIP, and click Next.
• Choose whether to use Microsoft update, and click Next.
• Choose Install.  When setup completes, backup and save the encryption key for this management group.

3.  Verify the installation:  You can also refer to:  http://technet.microsoft.com/en-us/library/hh519793.aspx

• Log on SCSM using your domain user account that is a member of the SCSMAdmins group.
• Open the Service Manager Console.  Connect to SCSM.
• Ensure the console opens.

4.  Register the Data Warehouse.  You can also refer to http://technet.microsoft.com/en-us/library/hh519811.aspx

• In the Service Manager console – select Administration.
• Click the link to Register the Service Manager Data Warehouse.  This launches a wizard.
• Input the DW server name, and select Test Connection.  Next.
• Accept the default Run As account, and click Next.
• Type in the password for the service account, and Next.
• Click Create.  Click Close.  Click OK.
• This process takes a considerable amount of time to complete (two hours or more).  To validate this – in the console select Data Warehouse > Data Warehouse Jobs.  Examine MPSyncJob details.  When it is done, all batches will be in Associated status, and you will see at least the following 5 jobs in the DW Jobs view:
• Extract_<Service Manager management group name>
• Extract_<Data Warehouse management group name>
• Load.Common
• Transform.Common
• MPSyncJob

5.  Deploy the Self-Service Portal.

• http://technet.microsoft.com/en-us/library/hh667344.aspx
• The Self-Service Portal consists of two elements: a SharePoint website and a web content server.  Typically I will deploy a single server running SharePoint 2012 Foundation, then request an SSL cert for the machine via IIS, then install the Web Content and SharePoint webparts on that single server.

6.  Configure the Active Directory Connector

• http://technet.microsoft.com/en-us/library/hh519809.aspx 

7.  Configure the Operations Manager Alert Connector and CI Connector

• http://technet.microsoft.com/en-us/library/hh524270.aspx
• Import Management Packs
• Create Alert Connector
• Create CI Connector

8.  Configure the Configuration Manager CI Connector

• http://technet.microsoft.com/en-us/library/hh519733.aspx

9.  Configure the Orchestrator Connector:

• http://technet.microsoft.com/en-us/library/hh495619.aspx
• The Account used in the connector wizard needs to have Read and List permissions on the Root Runbook folder in Orchestrator Run book designer for the connector wizard to complete successfully.  The documentation does not list this information.

10.  Configure the SCVMM Connector

• http://technet.microsoft.com/en-us/library/hh519785.aspx

11.  Set up and configure Notifications:

• http://technet.microsoft.com/en-us/library/hh519719.aspx

12.  Configure SCOM agents for monitoring

• The SCOM agent is installed by default on all SCSM 2012 SP1 servers, it is not configured.
• Open the control panel on your SCSM servers and add your SCOM management group information.
• Ensure your SCOM deployment allows manually installed agents.
• http://technet.microsoft.com/en-us/library/hh524312.aspx

The following document will cover a basic install of System Center Virtual Machine Manager 2012 SP1 at a generic customer.  This is to be used as a template only, for a customer to implement as their own pilot or POC deployment guide.  It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

SVCMM can be scaled to match the customer requirements. This document will cover a two server model, where all SCVMM roles are installed on a single VM/Server, and leverage a remote SQL database server.

This is not an architecture guide or intended to be a design guide in any way.

• Windows Server 2012 will be installed as the base OS for all platforms. All servers will be a member of the AD domain.
• SQL 2012 will be the base standard for all SQL database services.

Server Names\Roles:

• DB1          SQL 2012 Database Services
• SCVMM    VMM Management Server and Console

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

• DOMAIN\scvmmsvc                 SCVMM Service Account account
• DOMAIN\scvmmadmin            SCVMM RunAs account for managing hosts
• DOMAIN\sqlsvc                        SQL service account
• DOMAIN\SCVMMAdmins        SCVMM Administrators security group

2.  Add the “scvmmsvc” and “scvmmadmin” account to the “SCVMMAdmins” global group.

3.  Add the domain user accounts for yourself and your team to the SCVMMAdmins group.

4.  Install Windows Server 2012 to all server role servers.

5.  InstallPrerequisites and SQL2012.

6.  Install the SCVMM Server and Console.

7.  Deploy SCVMM Agent to Hyper-V hosts.

Prerequisites:

1.  Install Windows Server 2012 to all servers.

2.  Ensure server has a minimum of 4GB of RAM.

3.  Join all servers to domain.

4.  Install all available Windows Updates.

5.  Add the “DOMAIN\SCVMMAdmins” domain global group and the “DOMAIN\scvmmsvc” domain account explicitly to the Local Administrators group on each SCVMM role server.

8.  On the SCVMM server, install the Windows Assessment and Deployment Kit (ADK) for Windows 8.  http://www.microsoft.com/en-us/download/details.aspx?id=30652  When you install this – install only the “Deployment Tools” and “Windows Preinstallation Environment” options.  This can take a significant amount of time depending on download speed.

9.  On the SCVMM server – install the SQL 2012 Native Client and the SQL 2012 Command Line Utilities from http://go.microsoft.com/fwlink/?LinkId=253555

10.  On the SQL database server, install SQL 2012.

• Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
• Run setup, choose Installation> New SQL server stand-alone installation…..
• When prompted for feature selection, install ALL of the following:
  • Database Engine Services
• Additionally, the product documentation for SCVMM states to install the management tools – complete:
  • Management Tools– Basic and Complete (for running queries and configuring SQL services)
• On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
• On the Server configuration screen, set SQL Server Agent to Automatic.  I prefer to use a service account for SQL, so I will set the Agent and DB Engine to run under my DOMAIN\sqlsvc account and provide the password.  This is optional.
• On the Collation Tab – you can use the default of SQL_Latin1_General_CP1_CI_AS or choose another supported collation.
• On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the SCVMMAdmins global group here. This will grant more rights than is required to all SCVMM Admin accounts, but is fine for testing purposes of the POC.
• On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
• Setup will complete.
        

Step by step deployment guide:

1. Install SCVMM 2012 SP1:

• Log on using your domain user account that is a member of the SCVMMAdmins group.
• Run Setup.exe
• Click Install
• Accept the license agreement and click Next.
• Select:
  • VMM Management Server
  • VMM Console
• On the Product Registration – input a product key for a licensed version, otherwise Eval will be installed with a timeout.  Click Next.
• Accept or change the default install path and click Next.
• If you get any Prerequisite errors – resolve them. If you get any warnings, understand them and click Next to proceed.
• On the Database Configuration screen, enter in the name of your SQL database server and leave port blank. You can leave “use the following credentials” blank if you are installing to the local SQL server. You can enter credentials here to connect to a remote SQL server if your user account you are running setup as does not have enough rights over the instance to create a database. One the Instance Name – click the pull-down to select the instance you wish to install to.  Ensure “New Database” is checked and use the default name or change it to suit your naming standards. Click Next when this screen is complete.
• On the Account Configuration screen, enter the domain account for the SCVMM service account that we created earlier (DOMAIN\scvmmsvc). Leave the default to store encryption keys locally for this simple deployment. Click Next.
• On the Port configuration screen, accept defaults and click Next.    
• On the Library configuration screen, change the library path or accept the default location, and click Next.
• Click Install.
• Setup will install all roles and complete.

2. Deploy an agent to an existing Hyper-V Host.

• Open the System Center Virtual Machine Manager 2012 console.
• Connect to the SCVMM server.
• In the lower left hand pane of the console – select “Fabric”.
• In the folder list – Right click “All Hosts” and choose “Create Host Group”.
• Name your custom host group something like “Demo”
• Right click the Demo host group and choose “Add Hyper-V hosts and Clusters”
• On the Resource Location screen – choose the first bullet for a trusted AD domain computer.
• On the Credentials screen, click Browse.
• Select “Create Run As Account”
• On the General screen, enter a Name of “Hyper-V Host Administration Account”
• Input a DOMAIN\username of an AD account that has admin access to your Hyper-V servers. This account will be used to administer the Host and VM guests. For the purposes of the POC, we will use the DOMAIN\scvmmadmin account.
• After inputting the password, and accepting the new account, we will return to the Credentials screen with our existing RunAs account shown. Click Next.
• Type in the computer names of your Hyper-V servers that you wish to Manage. Ensure that the DOMAIN\SCVMMAdmins global group is a member of the local admins group on all Hyper-V servers so that we can manage them. Click Next.
• Select all the discovered Hyper-V servers, and click Next.
• Assign the discovered hosts to the “Demo” host group.
• Click Next, Finish.
• A job will be created to deploy the SCVMM agent to the Hyper-V hosts.

3.  Create host groups and clouds

4.  Configure WSUS for updates to Hosts

5.  Configure Logical Networks

6.  Connect with OpsMgr 2012 SP1:

http://technet.microsoft.com/en-us/library/hh427287.aspx

A little frustration I had recently – and decided I would write on it.

When you open the Orchestrator Runbook designer, remember to always open this “As an Administrator”

The reason for this, is that as you are using the Runbook Tester tool, these test runbooks will be executing under your interactive context.  This makes some runbook activities (like starting and stopping services) require elevation.  You will see errors like “Invalid Service” or no error information at all – the activity will simply fail.  You wont always see a tip that there is an access denied issue or something to tell you this activity requires elevation.

You can set this to always run as an admin under the advanced properties of your shortcut on the machine you use the designer most.

Available at:  http://support.microsoft.com/kb/2790831/en-us

This hotfix addresses an issue found in Windows Server 2012 (and Win8) that can be exposed when performance data is queried via WMI.  Products that regularly query WMI for performance data are SCOM, SCVMM, and SCDPM.  Since ConfigMgr also depends on WMI so heavily, you might consider this for Win8 clients if you detect the handle leak issue.

I have updated my hotfix list for SCOM with this information:

http://blogs.technet.com/b/kevinholman/archive/2009/01/27/which-hotfixes-should-i-apply.aspx

Way back in the day I wrote about this issue, where the SCOM agent in some cases can consume above typical resource levels of memory, handles, etc.  When this occurs – we will restart the agent to kill any “runaway” processes.  Read about this here:

http://blogs.technet.com/b/kevinholman/archive/2009/12/21/the-new-and-improved-guide-on-healthservice-restarts-aka-agents-bouncing-their-own-healthservice.aspx

One of the things I have noticed, is that on many of my servers, these thresholds are being breached on a regular basis – mostly due to the monitoringhost.exe processes needing to use more than the default of 300mb of RAM (private bytes). 

The issue is, that you will likely have NO idea this is happening.  We don’t generate any alerts for this by default – we simply “fix the problem” by creating a state change, then running a response script to bounce the agent.  The bad part about this, is you could have agents in a constant restart loop.

In SCOM 2012 – I still recommend making the following changes via overrides:  Open the “Operations Manager > Agent Details > Agents by Version” view in the console:

Open health explorer for one of the agents – and here is an example of an agent that has been bouncing on a regular basis:

On the 4 monitors highlighted above – I recommend enabling alerting – and disabling auto-close of the alert so you can take action on agents that need it:

Then – for any agents that need higher values – make the necessary adjustments via override:

As a refresher – this will be common on any monitored systems that discover a large number of instances – such as Exchange, DNS, SQL servers, SCVMM, etc.

You can get the paperback book on Amazon:

http://www.amazon.com/gp/product/0672335913/ref=s9_simh_gw_p14_d0_i1?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-2&pf_rd_r=06KDNZB3VZVMSN0TWRJH&pf_rd_t=101&pf_rd_p=1389517282&pf_rd_i=507846

At long last the book is ready for shipping in paperback.  It is also available on Nook (link), Kindle (link), and direct from the publisher in watermarked PDF (link)

I am proud to be the technical editor for this book.  This was my first foray into editing, and I have scoured every page.  There is a ton of new content and this book covers the depth of the product exceedingly well.  They brought in a ton of accomplished authors and key consultants from around the globe to create this, and I highly recommend it for any SCOM admin.

For those that are unfamiliar, MAP is a tool from the solution accelerator team which provides inventory, assessment, and reporting that will help you assess your current IT infrastructure status and determine the right Microsoft technologies for your IT needs. environment.  It can be a very valuable tool as it is agentless, and has the ability discover machines on your network that might be unknown, or not fully covered by your existing asset management solutions.

Resources:

Product page:  http://technet.microsoft.com/en-us/solutionaccelerators/dd537566

Download:  http://www.microsoft.com/en-us/download/details.aspx?&id=7826

Requirements to install:

Windows 7, Windows 8, Windows 8 Pro, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista Business, Windows Vista Enterprise, Windows Vista Ultimate

Installation:

Run the “Microsoft_Assessment_and_Planning_Toolkit_Setup.exe” program.  To get started, click Next.

The first step is a pre-req checker.  If any are not met you must correct these before continuing.

Accept the license agreement and click Next.

Accept or change the installation path, and click Next.

Select a choice for the Customer Experience Improvement Program, and click Next.

Click Install.  When completed, click Finish to open the MAP toolkit.

Running MAP and collecting inventory for Windows Computers:

When the MAP toolkit opens for the first time – we must create a database to store our collected inventory.  Give the DB a name, such as “MapData” and click OK to create the local DB.

In the left pane – click “Environment” and then select “Collect Inventory Data”.

Choose “Windows Computers” and click Next.

Choose to leverage Active Directory to discover from.  Additionally you can leverage alternative methods to discover machines not found in AD.  Click Next.

We must provide domain credentials that have rights to be able to query active directory.  Input the data and click Next.

On the AD options, you can select the default to scan the entire domain, or if all servers are in known OU’s, you can select specific AD containers to search in.  Click Next.

On the credentials page, we need to input a credential that has local administrator on all machines in the domain.  This is required as MAP will connect to each machine and inventory details from WMI.  For this purpose a domain administrator account works best, or a domain account that is a member of the local administrators group of each server in the domain.  Click “Create” and input the credentials.  You can input multiple credentials here and all will be attempted if one fails, however, this could extend the time required to run the inventory.  When complete, click Next.

On the Credentials Order screen, you can change the order of multiple credentials if entered.  Click Next.  Click Finish.

Inventory will start immediately.  Querying the data from AD will occur rather quickly.  However, connecting to each server on the network via WMI will take considerable time., even days, depending on how large the environment.  Allow this to complete, such as below:

Once you are happy with the results of the inventory, you can run a “Generate Inventory Results Report” to create the spreadsheet output in your My Documents\MAP directory

Requirements to gather data:

MAP uses WMI to gather the inventory data.  You need to ensure that the server/workstation that is running the MAP collection has access to all servers via any hardware firewalls, and if the servers are running Windows Firewall that exceptions allow the MAP workstation to contact all servers on those ports.  Detailed information is available at:  http://social.technet.microsoft.com/wiki/contents/articles/8657.map-prepare-the-environment-wmi.aspx

Gathering data from VMware:

This is covered at:  http://social.technet.microsoft.com/wiki/contents/articles/12160.map-prepare-the-environment-vmware.aspx

In the inventory collection check the box for VMware:

Choose to manually provide a list of vCenter server names.

Provide credentials that have access to the vCenter servers:

Provide a list of server names that run vCenter :

Configure the properties of your vCenter servers:

Additional resources:

MAP Survival guide:  http://social.technet.microsoft.com/wiki/contents/articles/1640.microsoft-assessment-and-planning-toolkit.aspx

MAP Blog:  http://blogs.technet.com/b/mapblog/

CU1 for OpsMgr has been released for some time now, this post will be a simple walk-through of applying it.  This hotfix is included on my Hotfix page for SCOM:  http://blogs.technet.com/b/kevinholman/archive/2009/01/27/which-hotfixes-should-i-apply.aspx

Marnix did a great posting on this topic as well, available here:  http://thoughtsonopsmgr.blogspot.nl/2013/03/om12-sp1-update-rollup-1-manual.html

Description and download location:

http://support.microsoft.com/kb/2785682

To download all of the updates, you will need to click the link in the KB above, which will launch the catalog for the individual downloads:

Following the KB – the installation plan looks something like this:

1. Install the update rollup package on the following server infrastructure:
   • Management server or servers
   • Gateway servers
   • Reporting servers
   • Web console server role computers
   • Operations console role computers
2. Manually import the management packs.
3. Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

***Note:  One of the things you will notice – is that there is no update available for consoles, or for reporting servers.  So we will skip those roles as they are not applicable.  My new list looks like:

• Management servers
• Gateway servers
• Web console server role computers

Since I am monitoring Linux systems, I’ll need to add steps for that from the KB:

1. Download the updated management packs from the following Microsoft website:

   System Center Monitoring Pack for UNIX and Linux Operating Systems

   (http://www.microsoft.com/en-us/download/details.aspx?id=29696)

2. Install the management pack update package to extract the management pack files.
3. Import the following:
   • The updated Microsoft.Unix.Library management pack (from the Microsoft.Unix.Library\2012 SP1 folder)
   • The Microsoft.Process.Library management pack bundle
   • The platform library management packs that are relevant to the Linux or UNIX platforms that you monitor in your environment
4. Import the updated management pack for each version of Linux or UNIX that you monitor in your environment.

Seems simple enough, lets get started.

Install the update rollup package

On the catalog site, I add all the updates to my basket, and click View Basket, and Download.

Next I copy these files to a share that all my SCOM servers have access too.  These are actually .CAB files, so I will need to extract the MSP’s from these CAB files.

Once I have the MSP files, I am ready to start applying the update to each server by role.

My first server is a management server, and the web console, so I copy those two update files locally, and execute them per the KB, from an elevated command prompt:

This launches a quick UI which applies the update.  It will bounce the SCOM services as well.  The update does not provide any feedback that it had success or failure.  You can check the application log for the MsiInstaller events for that.

You can also spot check a couple DLL files for the file version attribute. 

Next up – run the Web Console update:

This runs much faster. 

I move on to my additional management servers and gateways, and apply the MSP file from the elevated command prompt.  No issues.

Manually import the management packs

The only MP to be updated with this CU1 for SP1 is located on your management servers, at

Only the AlertAttachment MPB should be updated.  The KB article known issues states the other MP should not be imported.  If you don’t use this MP already (Such as for Global Service Monitoring) then there is no need to install this update.  If you ever do go back and enable/install Global Service Monitoring or any MP that requires this Alert Attachment MP – don’t forget to install this updated version!  If not you will see issues with alert views in Dashboards, like console crashes or blank screens.

Apply the agent update

Approve the pending updates in the Administration console for pushed agents.  Manually apply the update for manually installed agents.

100% success rate.

Be sure to check the “Agents By Version” view to find any agents that did not get patched:

Update Linux MPs

Next up – I download and extract the updated Linux MP’s for SCOM 2012 SP1 CU1.  http://www.microsoft.com/en-us/download/details.aspx?id=29696

I open the console – and update these MP’s from disk

7.4.3507 is SCOM 2012 SP1.  7.4.4112.0 is SCOM 2012 SP1 with CU1.

Next up – you would upgrade your agents on the Linux monitored agents.  You can now do this straight from the console:

In this case – there is no need, as the previous version of my agents were already updated.

Lastly – refer to the KB article for this update, as if you are a heavy user of Linux process monitoring using our template – additional steps are required to address the fixes.

All done!

Now at this point, we would check the OpsMgr event logs on our management servers, check for any new or strange alerts coming in, and ensure that there are no issues after the update.

One of my Server 2012 machines kept hanging, and it was more than annoying.

The system is a Dell Precision 690 Workstation, with dual Xeon CPU’s, and has the Hyper-V role installed.  This machine uses an Intel storage controller and has an addition Dell SAS/SATA controller.  Primarily, I use this machine as my iSCSI server to host disks for other servers in my lab.

The problem, is that several times an hour, the entire system would hang, for 20-30 seconds.  It would always recover.  However, all the other servers that depend on this server for an iSCSI connection to storage, would also hang up or throw errors caused by not being able to reach the storage.  All the VM’s running on iSCSI disks would also just hang until this self corrected.  VERY frustrating for demos. 

I read several articles on the web, mostly pertaining to Windows 8.  There are all sorts of recommendation such as enabling hot swap options in the BIOS for AHCI controlled disks, changing from the Windows driver for the intel storage controller to the Intel branded RST drivers.  Some only experience this with SSD’s installed, and this system does have three of them.

When the hang occurred – you would see the following in the system event log:

 

Log Name:      System
Source:        storahci
Date:          6/19/2013 4:36:34 PM
Event ID:      129
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      VS3.opsmgr.net
Description:
Reset to device, \Device\RaidPort0, was issued.

What finally resolved this for me – was changing the power management settings, from Balanced to High Performance.  What this actually changed that was critical to this condition was modifying PCI Express > Link State Power Management > Off

Turning this from “Moderate” to “Off” resolved the issue and I no longer get these frequent hangs.

From an article I found that discussed this:

PCI Express has "active-state" power management, which lowers power consumption when the bus is not active (that is, no data is being sent between components or peripherals). On a parallel interface such as PCI, no transitions occur on the interface until data needs to be sent.

In contrast, high-speed serial interfaces such as PCI Express require that the interface be active at all times so that the transmitter and receiver can maintain synchronization. This is accomplished by continuously sending idle characters when there is no data to send. The receiver decodes and discards the idle characters. This process consumes additional power, which impacts battery life on portable and handheld computers.

To address this issue, the PCI Express specification creates two low-power link states and the active-state power management (ASPM) protocol. When the PCI Express link goes idle, the link can transition to one of the two low-power states. These states save power when the link is idle, but require a recovery time to resynchronize the transmitter and receiver when data needs to be transmitted. The longer the recovery time (or latency), the lower the power usage. The most frequent implementation will be the low-power state with the shortest recovery time.

I can assume that the 20-30 second “hang” was a resynchronization process, and turning this to “Off” kept the PCI express bus in synch at all times.  Might help you if you run into this.

There is a new community driven MP available for monitoring Hyper-V and Virtual Machines on Windows Server 2012, for OpsMgr 2012.

http://hypervmpe2012.codeplex.com/

This management pack goes beyond the very basic Microsoft Hyper-V MP, and has the following monitoring features:

• VMs Integration Services Version monitor
• Hyper-V Replica Health Monitoring Dashboard and States
• SMB Shares I/O latency monitor
• Hyper-V Hypervisor Logical processor monitoring
• Hyper-V Hypervisor Virtual processor monitoring
• Hyper-V Dynamic Memory monitoring
• Hyper-V Virtual Networks monitoring
• NUMA remote pages monitoring
• SLAT enabled processor detection
• Hyper-V VHDs monitoring
• Physical and Logical Disk monitoring
• Host Available Memory monitoring
• Stopped and Failed VMs monitoring
• Failed Live Migrations monitoring

This MP includes 17 unit monitors that focus on key performance indicators like %HyperVisor Run time, Dynamic Memory Pressure, NUMA and SLAT performance, SMB share latency, and Virtual Machine % Guest Processor and general VM health.

It also includes 23 rules, which primarily collect that same monitored performance data for reporting, as well as an alert rule for failed live migrations.  There are also some valuable performance collections for virtual network and storage.

***NOTE:  Almost all the performance rules are disabled by default – so create an override MP and turn on the ones you want reporting on.

Here are some snapshots:

Cluster Shared Volume Health

Alert views with knowledge:

State views of your Hyper-V Hosts from a Windows Computer rollup perspective, AND a Hyper-V role health perspective:

Monitoring and Health of every virtual CPU assigned across all VM’s in your environment:

Monitoring of your VM integration services, showing you what is up to date and what is not:

Along with Hyper-V replica monitoring and a dashboard, and key performance views for the performance metrics you want to collect optionally.

If you are monitoring Hyper-V in your environment – this MP is a no-brainer.  Good stuff and showcases the value of the community surrounding OpsMgr 2012.

My lab consists of 2 Dell Precision T7500 workstations, each configured with 96GB of RAM.  These are each nodes in a Hyper-V 2012 cluster.  They mount cluster shared volumes via iSCSI, some are SSD, and some are SAS RAID based disks, from a 3rd Dell Precision Workstation.

One of the things I have experienced, is that when I want to patch the hosts, I pause the node, and drain the roles.  This kicks off a live migration of all the VM’s on Node1 to Node2.  This can take a substantial amount of time, as these VM’s are consuming around 80GB of memory. 

When performing a full live migration of these 18 VM’s across a single 1GB Ethernet connection, the Ethernet link was 100% saturated, and it took exactly 13 minutes and 15 seconds.

I recently got a couple 10 gigabit Ethernet cards for my lab environment.  I scored an awesome deal on eBay for 10 cards for $250, or $25 for each Dell/Broadcom 10GBe card!  The problem I have now is that the CHEAPEST 10GBe switch on the market is $850.  No way am I paying that for my lab.  The good news is, these cards, just like 1GB Ethernet cards, support direct connect auto MDI/MDIX detection, so you can form an old school “crossover” connection just using a standard patch cable.  I did order a CAT6A cable just to be safe.

Once I installed and configured the new 10GBe cards, I set them up in the Cluster as a Live Migration network:

The same live migration over 10GBe took 65 SECONDS!

In summary -

1GB Live migration, 18 VM’s, 13m15s.

10GB Live migration, 18VM’s, 65 seconds.

In my case, I can drastically decrease the live migration latency, with minimal cost, by using a direct connection between two hosts in a cluster with 10 gigabit Ethernet.   Aidan Finn, MVP – has a post with similar results:  http://www.aidanfinn.com/?p=12228

Next up, I need to carve up my 10GBe network by connecting it to the Hyper-V virtual switch, and then create virtual adapters.  Aidan has a good write-up on the concept here:  http://www.aidanfinn.com/?p=12588

Here is a graphic that shows the concept from his blog:

The supported and recommended network configuration guide for Hyper-V clusters is located here:

http://technet.microsoft.com/en-us/library/ff428137(v=WS.10).aspx

Typically in the past, you would see 4 NIC’s, one for management, cluster, live migration, and virtual machines.  The common alternative would be to use a single 10GBe NIC (or two in a highly available team) and then use virtual network adapters on a Hyper-V switch, and QoS to carve up weighting.  In my case, I have a dedicated NIC for management (the parent partition/OS) and a dedicated NIC for Hyper-V virtual machines.  On my 10GBe NIC, I want to connect that one to a Hyper-V virtual switch, and then create virtual network adapters – one for Live Migration and one for Cluster/CSV communication.

We will be using the QoS guidelines posted at:  http://technet.microsoft.com/en-us/library/jj735302.aspx

John Savill has also done a nice quick walkthrough of a similar configuration:  http://savilltech.com/blog/2013/06/13/new-video-on-networking-for-windows-server-2012-hyper-v-clusters/

When I start – my current network configuration look like this:

We will be attaching the 10GbE network adapter to a new Hyper-V switch, and then creating two virtual network adapters, then applying QoS to each in order to ensure that both channels have their sufficient required bandwidth in the case of contention on the network.

Open PowerShell.

To get a list of the names of each NIC:

Get-NetAdapter

To create the new switch, with bandwidth weighting mode:

New-VMSwitch “ConvergedSwitch” –NetAdapterName “10GBE NIC” –MinimumBandwidthMode Weight –AllowManagementOS $false

To see our new virtual switch:

Get-VMSwitch

You will also see this in Hyper-V manager:

Next up, Create a virtual NIC in the management operating system for Live Migration, and connect it to the new virtual switch:

Add-VMNetworkAdapter –ManagementOS –Name “LM” –SwitchName “ConvergedSwitch”

Create a virtual NIC in the management operating system for Cluster/CSV communications, and connect it to the new virtual switch:

Add-VMNetworkAdapter –ManagementOS –Name “Cluster” –SwitchName “ConvergedSwitch”

View the new virtual network adapters in powershell:

Get-VMNetworkAdapter –All

View them in the OS:

Assign a minimum bandwidth weighting to give QoS for both virtual NIC’s, but apply heavier weighting to Live Migrations in the case of contention on the network:

Set-VMNetworkAdapter –ManagementOS –Name “LM” –MinimumBandwidthWeight 90
Set-VMNetworkAdapter –ManagementOS –Name “Cluster” –MinimumBandwidthWeight 10

Set the weighting so that the total of all VMNetworkAdapters on the switch equal 100.  The configuration above will (roughly) allow ~90% for the LM network, and ~10% for the Cluster network.

To view the bandwidth settings of each virtual NIC:

Get-VMNetworkAdapter -All | fl

At this point, I need to assign IP address information to each virtual NIC, and then repeat this configuration on all nodes in my cluster.

After this step is completed, and you confirm that you can ping each other’s interfaces, you can configure the networks in Failover Cluster Administrator.  Rename each network appropriately, and configure Live Migration and Cluster communication settings:

In the above picture – I don’t allow cluster communication on the live migration network – but this is optional and you certainly can allow that if the primary cluster communication fails.

Test Live Migration and ensure performance and communications are working properly.

In Summary – here is all the PowerShell used:

Get-NetAdapter
New-VMSwitch “ConvergedSwitch” –NetAdapterName “10GBE NIC” –MinimumBandwidthMode Weight –AllowManagementOS $false
Get-VMSwitch
Add-VMNetworkAdapter –ManagementOS –Name “LM” –SwitchName “ConvergedSwitch”
Add-VMNetworkAdapter –ManagementOS –Name “Cluster” –SwitchName “ConvergedSwitch”
Get-VMNetworkAdapter -All | fl
Set-VMNetworkAdapter –ManagementOS –Name “LM” –MinimumBandwidthWeight 90
Set-VMNetworkAdapter –ManagementOS –Name “Cluster” –MinimumBandwidthWeight 10

Had an interesting call with a customer.  He had a working SCOM 2012 RTM environment, and applied SP1, and the service pack upgrade appeared to immediately break the web console with the following error:

In the Application log on the web console server, we saw the event at the end of this article, dealing with a “Could not load type 'System.ServiceModel.Activation.HttpModule'“

This was caused by a prerequisite in SP1, that was not a blocking prerq in RTM.  When he applied the SP1 upgrade, he was prompted to add “HTTP Activation” to the role services of the OS.  Once added, he was able to continue the upgrade.

HOWEVER – this leaves IIS in a semi-broken state, and requires a re-registration of ASP NET in IIS to correct. 

On Server 2008 R2 – run the following in an elevated CMD:  C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i -enable  

On Server 2012 - run the following in an elevated CMD:  C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -r  

Offending event:

 

Log Name:      Application
Source:        ASP.NET 4.0.30319.0
Date:          1/11/2013 10:33:19 AM
Event ID:      1310
Task Category: Web Event
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERVERNAME.DOMAIN.COM
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: 1/11/2013 10:33:19 AM
Event time (UTC): 1/11/2013 4:33:19 PM
Event ID: 3c5b3b4438db4c52992734b9f5ef157b
Event sequence: 1
Event occurrence: 1
Event detail code: 0
Application information:
    Application domain: /LM/W3SVC/1/ROOT/OperationsManager-2-130023955997091166
    Trust level: Full
    Application Virtual Path: /OperationsManager
    Application Path: C:\Program Files\System Center 2012\Operations Manager\WebConsole\WebHost\
    Machine name: SERVERNAME
Process information:
    Process ID: 4600
    Process name: w3wp.exe
    Account name: IIS APPPOOL\OperationsManager
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Could not load type 'System.ServiceModel.Activation.HttpModule' from assembly 'System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.
   at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMarkHandle stackMark, Boolean loadTypeFromPartialName, ObjectHandleOnStack type)
   at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName)
   at System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
   at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
Request information:
    Request URL: http://localhost/OperationsManager
    Request path: /OperationsManager
    User host address: ::1
    User: 
    Is authenticated: False
    Authentication Type: 
    Thread account name: IIS APPPOOL\OperationsManager
Thread information:
    Thread ID: 10
    Thread account name: IIS APPPOOL\OperationsManager
    Is impersonating: False
    Stack trace:    at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Custom event details: