System Centre – Fletcher's Blog

August 27, 2013 Fletcher Kelly Uncategorized

New features–Cireson IT Asset Management

I have previously done a post on CIreson IT Asset Management. However the people at Cireson have been very busy with new features to be added to their ITAM (IT Asset Management) tool.

Cireson Asset Management: New Feature Highlights

After recently releasing the newest version of the Asset Management app for Microsoft System Centre (Features Press Release), this post goes a little more in depth to explain some of the amazing features included in this latest release. Always striving to make life easier and more productive for those who use and implement SCSM, they put a lot of thought into the features clients asked for and updates everyone was clamouring for.

Highlighted below are a few of notable enhancements, including the Cireson full Asset Catalogue, Location to IP Awareness, Contract Management and Reporting.

The full Asset Catalogue found within the Cireson Asset Management app allows users to define standard hardware types, as well as information such as model, manufacturer, and price. With access to a comprehensive yet simple and informative page view with all the relevant information in one place, users can better manage the standardization of asset types no matter what the scale of the organization.

Location to IP Awareness is now also an incredibly exciting feature. This function tracks where hardware assets exist, and also allows for hardware to location awareness based on IP address – information which is provided by System Centre 2012 Configuration Manager. This is a great example of how Cireson works to utilize all System Centre components in order to provide the most insightful and rich experience possible.

Expanding on the extensive Contract Management capabilities of the Asset Management app, the new version boasts the ability to perform full contract management with different types of contracts that relate to various software and hardware assets under management. Support and maintenance contracts, leases, and warranties represent the main areas of contract management. Highly unique to the Cireson app is the ability to manage contract status via a built-in SLA engine, with notifications upon near breach or expiration of a contract’s end date.

In addition, the superior reporting functions of this new version allows for comprehensive reporting based on asset data from the data warehouse and cube reporting engine within Service Manager. These rich out-of-the-box reporting solutions cover contract, hardware asset, license, and software asset reports, amongst others.

Other enhanced capabilities of the Cireson Asset Management app now include, app metering data tracking against software asset types to understand installation vs. utilization vs. purchased count, and over 250 brand new features that make the System Centre Service Manager experience better than ever before.

For more information, videos, and overviews relating to Cireson Asset Management for System Centre, visit the app store at www.cireson.com.

(E-Mail me)

Follow me.

Facebook (Personal)

Twitter (Personal & System Centre)

Twitter (System Centre Focused)

August 5, 2013August 5, 2013 Fletcher Kelly Orchestrator, Self Service Portal, System Center

End User Portal for System Centre Orchestrator

So, let’s ay you have invested the time and gotten System Centre Orchestrator up and running in your environment and you have the product performing some day to day tasks and it is working well. However, now you want start using SCO (System Centre Orchestrator) to start performing end user focused tasks like Password Reset, add users to groups or even disabling of users or server testing as part of first line support.

All of these tasks can be completed within orchestrator, however exposing them to the end user can be a little tricky. It can be done, the “native way” of performing this within the System Centre Suite is to use System Centre Service Manager with the Service Manager Orchestrator Connector and then prompt the user for information and kick off runbooks. This particular scenario works well if you have System Centre Service Manager in place, and a future blog post will cover the idea of “adding a user to an Active Directory group” as part of a Service Request. There are a few challenges around this. Firstly, you need SCSM (System Centre Service Manager) and some time and patience to test the connectors and runbooks and to create the correct templates and ensure that Workflows with SCSM are configured correctly within SCSM. Like I have said previously, this solution works and it works well!!!

In reality though, not everyone has SCSM in place, many of my companies customers are in the progress of migrating to SCSM and these systems are still in testing or QA or UAT, whatever the case may be, they are NOT in production YET! However, these companies still want this the functionality listed above. Yes, there is a way!!!

Enter EUPSCO, the full name is End User Portal System Centre Orchestrator, and as the name suggests it creates an End User Portal for System Centre Orchestrator. This allows the IT Department to create the required runbooks, to for example, ping a server or reset a password or disable an account. This creates the “Menu”, called “Services” within the End User portal. Once this is completed, the end user can then order from this menu and get the required results without the need of having to contact the IT Department. This particular tool is very easy to install and the guide is easy to follow. The End User portal requires NO Silverlight and as such, it is compatible with most browsers. I have personally tested with the IE, Chrome, Safari and Firefox, all working without issue.

The application also reads from Active Directory, this helps with your reporting line allowing a Manager of staff members (Determined by “Manager” in Active Directory) to log requests on the behalf of his/her staff members, so now +a manager can log a request to reset the password of his/her staff member. The application also allows for approvals. So each service can have an approver, the service allows for a runbook to be triggered if an Approver’s input is needed, with mine, I simply kick off a runbook, which sends an email to the approver with a link to the End User Portal and his/her requests allowing him/her to approve or deny the request.

There are a few key variables which are passed onto the runbook to allow the automation to be easier. The How To’s on the EUPSCO page cover these nicely. This Forum Post also covers these options. Just to make it a little easier, the primary ones are as follow. (please note that these are case sensitive)

1. TargetUserId

2. ApproverUserId

3. ServiceName

This should help your organization adopt System Centre Orchestrator more easily.

A BIG thank you goes out to the People at ITQ for the System Centre Orchestrator End User Portal

(E-Mail me)

Follow me.

Facebook (Personal)

Twitter (Personal & System Centre)

Twitter (System Centre Focused)

February 4, 2013 Fletcher Kelly Orchestrator, System Center

Recover System Center Orchestrator 2012 with runbooks export

Just recently in a test environment, a script or some such other gremlin caused some absolute havoc on my system. Before you ask, I had NO Backup in place of this system. This system was System Center Orchestrator. However, once a week, I do a “sort-of” backup. By this, I mean I export all my Runbooks and place a copy on my local machine and a file server and the SCORCH (System Center ORCHestrator) server.

I was planning to perform an upgrade to System Center 2012 Service Pack 1, and as it happens according to the Upgrade Sequencing for System Center 2012 SP1, SCORCH was the first Product that needed to be updated.

So, at this moment in time, I had a non-functioning SCORCH server and a backup of the Runbooks from the server WITHOUT a proper backup. Luckily the use of SCORCH at this moment in time was mainly for timed tasks and Runbooks triggered by folder changes.

So, I had to rebuild the server. These are the steps I followed and it worked out for me.

NB!!!! Please note that is NOT a replacement for a backup, having a proper backup plan is crucial to any environment. Once my SCORCH server was back up and running, I immediately implemented a proper backup procedure using Microsoft System Center Data Protection Manager in addition to the backup of Runbooks. I am currently working on a Runbook to backup my Runbooks, more to follow on that soon. To achieve this goal, I will be using an Orchestrator Codeplex runbook.

Anyways, back on topic. Lets “recover” System Center Orchestrator 2012.

1. Reset the computer account in Active Directory.

2. Re-join machine to domain using the same name.

3. Install SQL Server, I used a local instance for this.

4. Install System Center Orchestrator 2012 Service Pack 1. I decided to upgrade as well as part of the rebuild, previous version of Integration Packs are backwards compatible.

5. When installing, make sure to use the same port numbers and user accounts as previously used when installing (this should be documented as part of the original install)

6. Import Runbooks.

7. Once the Runbooks are imported. You will then need to check the Runbooks. You will need to re-register and re-deploy the integration packs.

8. Once all the Runbooks are registered and deployed, your environment will be backup and running.

9. If you have a Connector within System Center Service Manager, you will need to check and ensure that the Run As account is working as expected.

(E-Mail me)

Follow me.

Facebook (Personal)

Twitter (Personal & System Center)

Twitter (System Center Focused)

November 1, 2012November 1, 2012 Fletcher Kelly Service Manager

Auto-Closing work items made easy–Service Manager 2012

So, there are a few ways of tackling the issue of automatically closing Incidents/Change Requests within Service Manager. Most of these solutions rely on a script leveraging SMLets. So you would create a script and then create a workflow and end up importing the Management Pack into Service Manager. The issue with this is the following, it is quite time consuming and should change under the hood with Service Manager, like the changes from 2010 to 2012, your script will most likely stop working. You can look at the TechNet Gallery for replacement scripts.

So, here enters something new I have found compliments of Cireson, a nice FREE tool which allows for easy configuration of “Auto-Close” not just of Incidents but of Work Items in General. Takes a few minutes to download and even easier to setup. It simply changes the status of the Work Items to completed/closed and then you standard Workflows will kick in.

I HIGHLY recommend this simple add-on for System Centre Service Manager 2012

Hope this helps,

Follow me.

June 13, 2012 Fletcher Kelly System Center

Installing System Centre Orchestrator

So, just recently I decided to install System Centre Orchestrator. It appears easy enough if you follow the Technet articles. This addresses the need for Service Accounts and the permissions needed by these accounts and there functions. It also helps you to size and decide the Orchestrator installation type that would best suit your environment. It helps you to decide the best way to break the components if you want to.

However, the one thing that I found to be lacking was the actual components needed by SCORCH, like the Features and Roles. I followed the default Technet articles and setup the required accounts and then proceeded with the installation of SCORCH, one of the easiest installs. However, one component would not install, the Orchestrator Console and this was somewhat annoying and would not do. I did some searching around and found quite a handy PowerShell script which was used by someone else who ran into a similar issue. This script enables a few components and once this was done, the SCORCH installation completed without issue. See the script below.

Add-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,RDC, NET-Framework, NET-Framework

This worked a treat, so now I was one step closer to Orchestration. So, I designed a few simple Runbooks for testing purposes. I then kicked off the required Service Requests within Service Manager and would then try to track the progress of the Runbook, only to discover that the Runbooks were not running at all. It was NOT a permissions issue or an access issue. After much troubleshooting, I discovered it was something very simple. The services were not started, mine did not appear to start automatically when installing SCORCH.

Just a simple post to make someone else’s life a little easier when installing SCORCH.

Follow me.

November 30, 2011 Fletcher Kelly Self Service Portal

System Centre Service Manager 2012 Portal

So now, I move onto the final part of the SCSM 2012 journey, the Portal.

The install was pretty straight-forward, the most difficult part is deciding how you would split your roles or if you are going to split your roles, here is the guide for role placement.

So, once you have decided which route you would like to follow, here are the steps I followed.

Start the setup.
I decided NOT to use SSL from the get go, as there APPEARS to be a “niggly” with Certificates, it would appear that since I have implemented my portal, a TechNet article has been released to address this issue.
I Chose to use port 5555 for the SharePoint Service (SCSMWebContentServer).
You will need to UNCHECK “Use SSL”, go back and then go forward again, not sure if just works like that.
When you get to the option to configure the portal, I chose to use port 5556 (Service Manager Portal), again NO SSL
Select the required database, your Service Manager database on your Primary Service Manager Management Server.
Once completed, you have a nice starting for portal based on SharePoint Foundation.

Okay, so now some funnies and nigglies I have picked up, please note that this is beta software and this might account for some of these.

When you open the portal for the first time, you will be greeted by a team site http://<url>:<portnumberyouchose>
Easily solved, the actual portal hides under /smportal, so it you go to :/smportal">:/smportal">:/smportal">http://<url>:<portnumberyouchose>/smportal, you will see your familiar portal as above.
You will need to add all domain users to the read group, this can be modified under “Sit Actions” –> “Site Permissions”, then create a group and add “<domain>\domain users and give them “Read” permissions.
As an extension of this, I had to add my end users to some roles in Service Manager itself. I created an Active Directory group and add all my end users to this group. Then I went into Service Manager and the “Administration” Pane –> Security –> User Roles –> add created group to “Read-Only Operators”
With the Self-Service Portal and Service and Request Offerings, it would appear that the Icons (for me at least) are limited to .JPG showing in the portal. I have tried with others and they do not appear to display on the Portal.

Hope this helps,

Follow me

November 24, 2011November 24, 2011 Fletcher Kelly Management Server, Uncategorized

Service Manager 2012 Management Server (Upgrade)

So, for the Management Server.

This was very easy and quite painless for me.

Backup Encryption Key (for Disaster Recovery Purposes)
Install Windows Server 2008 R2 SP1 (This is a pre-requisite for SCSM 2012)
Remove Operations Manager Agent if this is installed, as the installer WILL stop you from continuing if the OpsMan Agent is installed.
Run the Upgrade, PLEASE NOTE that if the Portal is installed on your Management Server, it will be REMOVED during the upgrade.
Successfully completed the upgrade.
Restart all 3 System Center services

So, now to upgrade the console

Upgrade the Management Console, there are some pre-requisites that are needed. I will focus on the three most common ones that we needed in our environment.
1. Dot Net Framework 3.5 SP1 (configured using Roles and Features) download , redist
2. Microsoft SQL Server 2008 Analysis Management Objects download
3. ADO.NET Data Services Update download

You can now use the new Console of the freshly upgraded Management Server and you can now check a few things.

1. Ensure that the Data Warehouse & Reporting Buttons are present in the console. These can take a few seconds to load. Once loaded, you know that the Data Warehouse Registration is complete and carried over from SCSM 2010. Mine takes an average of 5 seconds to populate the additional buttons.

2. You can now ensure that all the System Center Services are started on the Data Warehouse Server and finalize all post installation tasks

3. If you are expecting to find CUBES immediately, it is unlikely to happen. They will appear after some of the additional Data Warehouse jobs have run. Please remember that you will also need to “Process Cube” before they can be used.

Hope this helps,

Follow me

October 26, 2011 Fletcher Kelly System Center

Scheduled reports with SCSM Data Warehouse

Hi All,

I know it has been a little while.

The reports built into Service Manager are great, however when you try to get a bit creative and automate some of the reports, you are going to run into some issues. So to work around theses issues, I did the following.

Create a custom report from SQL Reporting Services and modified for my needs, I was focusing more on “Incident Analyst” and I was looking for a breakdown of the number of Incidents per Analysts in a week period. This becomes tricky as the Analyst wanted this to be automated for reporting purposes.

1. If you using SQL 2008 R2, Report Builder 3 will be available to you from the SSRS webpage.

2. Select File, Open, drill down to System Center\ServiceManager\ServiceManager.Console.Reporting.IncidentManagement and select

ServiceManager.Report.IncidentManagement.IncidentAnalystReport

This time it opens OK – let’s try and do a “Save As”, just to see what we can do with a report.

The first error is complaining about a mismatch between allowed values and the default for the TimeZone parameter:

To “correct this” go to Parameters, TimeZone – double-click it.

Select the Default Values and change the option to No default Value:

Click OK and select Save As (Don’t forget to change the report name again as it would appear that when a failed save occurs then the original name is used – and thus you may make a change to the default report).

The next error again concerns a defaultvalue for the EndDate_OffsetValue parameter this time.

Again change the Default Value of this parameter to No Default Value

Again attempt the Save As (again check the name). This time it should succeed.

So now we effectively have a report that we can manipulate to utilise a variable parameter for the StartDate and EndDate values.

Double-click the StartDate_BaseValue parameter. Click the Default Values option and select “Specify values”

Click Add and strike the (Null) that appears in the Value form.

Click the function button

In the Category chooser, select “Common Functions” “Date & Time”

Locate the “Today” item and double-click it.

Close the bracket in the “Set expression for Value option:

Click OK.

Repeat this step for the EndDate_BaseValue Parameter.

Now make the change to the StartDate_OffsetType to switch the interval from the past month to the past week.

Double-click StartDate_OffsetType, select Default Values and change the Value option from Month to Week.

So back to Report Manager – drill down to the new report and open it up. Run the report using the View Report button – no results returned.

Check the NULL option for Incident IDs

And now re-run – data as expected. The Challenge now is to select the NULL option for a scheduled report as opposed to the interactive one.

Click “New Subscription”

Populate the Report Delivery Options and Subscription Processing Options as required – I used a File Share (NB it needs a UNC \\server\share) and just set up a schedule in 5 mins time to use an HTML 4 report. (NB You will need to repeat the password for the account that will write the report after you have clicked the schedule button as it loses the password and saving the subscription will fail)

Then in the Report Parameter Values ensure the following two options are selected. NB Do not set these in the Properties, Parameters option of Report Manager as they have a different impact.

Save the changes and wait for the report to run – this should now pick up the correct “current” date and provide a week’s worth of data!

3. Now, you try to run the report and under “Assigned To User”, you try to use UPN names or Display Names and nothing seems to work! This is because the Report is actually looking for a UserDimkey, this can be seen in this post. So how do you get this information. SQL is your friend.

4. Open SQL Management Studio on the Data Warehouse Server and run the following command substituting the User Display name you want to find the UserDimKey for.

/****** Script for SelectTopNRows command from SSMS ******/
SELECT TOP 1000 [AssetStatus]
      ,[AssetStatus_ConfigItemAssetStatusId]
      ,[BaseManagedEntityId]
      ,[BusinessPhone]
      ,[BusinessPhone2]
      ,[City]
      ,[Company]
      ,[Country]
      ,[Department]
      ,[DisplayName]
      ,[DistinguishedName]
      ,[Domain]
      ,[EmployeeId]
      ,[EntityDimKey]
      ,[Fax]
      ,[FirstName]
      ,[FQDN]
      ,[HomePhone]
      ,[HomePhone2]
      ,[Initials]
      ,[InsertedBatchId]
      ,[IsDeleted]
      ,[LastName]
      ,[Mobile]
      ,[Notes]
      ,[ObjectStatus]
      ,[ObjectStatus_ConfigItemObjectStatusId]
      ,[Office]
      ,[Pager]
      ,[SID]
      ,[SourceId]
      ,[State]
      ,[StreetAddress]
      ,[Title]
      ,[UpdatedBatchId]
      ,[UPN]
      ,[UserDimKey]
      ,[UserName]
      ,[Zip]
FROM [DWDataMartR2].[dbo].[UserDimvw] where [DisplayName] = ‘DisplayNameofUserInActiveDirectory

5. Once you have this value(s), you can add these value(s) to your report and schedule them successfully.

Hope this helps,

Follow me

June 15, 2011 Fletcher Kelly Powershell

DPM and Invoke-Command, bring the DPM shell to your machine

Not that long ago, I created an article about DPM and I referenced DPM commands to be run in the DPM shell and only now realised that not everyone has the DPM console installed as this is not the easiest console to install and get working.

So, I am now the Proud Owner of Learn Windows PowerShell in a month of Lunches and I am an now playing and have figured out how to import the necessary commands with Remoting. There are some steps you need to follow to get PSRemoting working across an enterprise, this might help.

Once this is done, let the Magic begin.

First, lets create a New-PSSession

1. New-PSSession –ComputerName <FQDN of DPM Server> (figured this one out the hard way)

example : New-PSSession –ComputerName mydpmserver.mydomain.com

Second, lets use Invoke-Command to import the module (we are going to add the DPM Snapin)

2. invoke-Command -ScriptBlock {add-pssnapin Microsoft.DataProtectionManager.PowerShell} -Session (Get-PSSession –ComputerName <FQDN of DPM Server>)

Third, we are going to import these commands using Import-PSSession (you can add a prefix here using –prefix to identify them in a unique way)

3. Import-PSSession -Session (Get-PSSession -ComputerName <FQDN of DPM Server>) -module Microsoft.DataProtectionManager.PowerShell

Fourth, you can run Get-Command to confirm this (filtered by DPM)

4. Get-Command *DPM*

Cleaned up transcript and copied into a word file for ease here

For those of who read my previous post, you would have noticed the attach-productionserver.ps1 command. If you are really observant you would have noticed that it and a few others are not here.

So, lets try to get a workaround for that.

It is still a work in progress, however i am using Enter-PSSession for now

1. Enter-PSSession –ComputerName <FQDN of DPM Server>

2. Navigate to the DPM Bin Folder

cd ‘C:\Program Files\Microsoft DPM\DPM\bin’

3. You will now see that the attach- commands are available

4. When done, use Exit-PSSession

Cleaned up transcript and copied into a word file for ease here

I recommend you follow Don Jones, author of the above mentioned book and PowerShell MVP

Hope you find this helpful and as interesting as I did.

Follow me

May 27, 2011 Fletcher Kelly Technology

Changing your Protection Server in DPM to another server

Have you ever been in a situation where you have either removed or added a new DPM server to your environment?

It happened to me just the other day, I had to “re-think” my DPM design and starting using “Local” to each Data Centre DPM servers to backup my data at each Data Centre. However, this was not the case before this, we were using the same product, but a different strategy. Now I had DPM agents in both datacentres connecting to DPM servers not in the same Data Centre. For Example, I had Server A (Data Centre 1) with a DPM agent from my secondary DPM Server (Data Centre 2) protecting it. So, I went searching and found my answer and it turned out to be amazingly simple thanks to POWERSHELL. DPM has a POWERSHELL management shell (thank goodness) and some built-in scripts for just this (truly amazing). Within 10 minutes I had changed my DPM agents to report to the DPM Servers and began creating protection as needed like SharePoint (see previous post).

To be safe, these are the steps I followed.

1. Remove old agent

2. Install new agent using CMD prompt

3. Ran attach-productionserver.ps1 to re-allocate to new server.

All steps are nicely listed on Microsoft Technet

This was really easy and well worth the investment in time.

On a side, was also made aware of a DPM Hotfix Rollup Package

Hopefully this helps someone else as well.

Follow me

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: