September 9, 2016

Create an Active Directory Trust

Introduction

In my previous blogpost I described how to configure a Site-to-site Virtual Private Network (VPN) connection in Microsoft Azure. In this blogpost I will explain how to create an Active Directory (AD) trust. This particular trust will create the possibility for users in the external domain (on-premises) to authenticate in the Azure domain. This means an External One-way: outgoing trust should be created.

Step 1. Create a conditional forwarder.

A conditional forwarder is a setting on a DNS server in the network that will forward data traffic to other DNS servers outside their own network. The current example described the authentication of users from a local AD in Azure AD. For more information about forwarders, please visit https://technet.microsoft.com/en-us/library/cc730756(v=ws.11).aspx

To create a conditional forwarder first open the DNS Manager on a Windows Server Domain Controller and right-click on the Conditional Forwarders container and select “New Conditional Forwarder” as shown in Figure 1.

Figure 1. DNS Manager.

In the “New Conditional Forwarder” window enter the DNS name of the server to which the traffic has to be forward.

Next, add the IP addresses of all servers which can resolve queries for this domain.

Optionally, it is possible to check the “Store this conditional forwarder in Active Directory, and replicate it as follows”. This will store the conditional forward configuration in AD and replicates it to all the Domain Controllers that have the DNS server role installed, please see Figure 2.

Figure 2. New Conditional Forwarder configuration.

Now click “OK” and the forwarder is saved (Figure 3).

Figure 3. New Conditional Forwarder.

Step 2. Flush DNS cache.

In order to resolve the new DNS domain, the cache needs to be cleared. Open a “command prompt” with administrator privileges and type “ipconfig /flushdns” as presented in Figure 4.

Figure 4. Flush DNS command in an elevated command prompt.

Once the DNS cache has been cleared the domain can be resolved.

Step 2. Create the AD trust.

Open “Active Directory Domain and Trusts” and right-click on the domain in order to open the properties. Next, select the tab “Trusts” and click “New Trust…” (Figure 5).

Figure 5. Domain properties.

The New Trust Wizard will open (Figure 6) and click “Next”.

Figure 6. Start window with the New Trust Wizard.

Subsequently, type the name of the domain and click “Next” (Figure 7). Note that this name should refer to the trust at which it has to be establish.

Figure 7. Type in the Trust Name.

In the next step the trust type of interest should be selected. In the current example the trust has to be established from the local domain to the Azure domain, so therefore an “Forest trust” was used as shown in Figure 8. To complete the selection of the trust type, click “Next”

Figure 8. Select the trust type.

After selecting the trust type, select the direction of the trust type. In the current example the “Two-way” trust is the best suitable selection for the goal (authenticate in the Azure domain). Please see Figure 9 for details. To finish selecting the direction for the trust and click “Next”.

Figure 9. Select the direction of trust.

The trust can be created for “This domain only” which is relevant for the current example since it is not necessary to have privileges in both domains (see Figure 10). Select the preferred option and click “Next”.

Figure 10. Select the side of trust.

The outgoing trust level will be set to “Forest-wide authentication”. This ensures that users automatically authenticate from the specified domain in the local domain (Figure 11). After the level of authentication is selected click “Next”.

Figure 11. Define the trust authentication level.

Once the outgoing trust level is set, type in the trust password (Figure 12). Make sure it is secure enough and it meets the domain security policy. A combination of symbols, numbers, and uppercase and lowercase letters are allowed. Confirm the password and click “Next”.

Figure 12. Trust password window.

Figure 13 provides a summary of the settings for the trust. To create the trust, click “Next” to continue.

Figure 13. Summary of the trust wizard settings.

If everything went well the trust relationship has been created (Figure 14). Click “Next”.

Figure 14. Status of the created trust.

In the “confirm outgoing trust” window it is possible to confirm the outgoing trust. To do so select “Yes, confirm the outgoing trust” and click “Next”. Please see Figure 15 for details. Be sure to confirm the trust only if the trust on the other domain is already created.

Figure 15. Option to confirm the outgoing trust.

In the “confirm Incoming trust” window it is possible to confirm the incoming trust. Select “No, do not confirm the incoming trust” and click “Next” (Figure 16).

Figure 16. Option to confirm the incoming trust.

The final step in the wizard shows that the trust relationship was successfully created and confirmed as shown in Figure 17. Click “Finish” to end the configuration.

Figure 17. Complete new trust wizard.

The bridge has been built, now it’s time to let cars drive over it!

Posted in Active Directory
Leave a comment

August 7, 2016

Create a Site-to-Site VPN with Azure Resource Manager

Introduction

Site-to-site Virtual Private Network (VPN) is used to establish connections between different locations of companies, amongst others. This way the different locations can exchange data with each other through a secure connection. In Azure, Site-to-Site VPN is used to establish connections between the Azure tenant and the on-premises environment. Making use of the Site-to-Site VPN connection it is possible to create one large network. This is called a hybrid environment.

Before creating a site-to-site VPN make sure that the VPN endpoint device will support the connection with Azure and a that public IPv4 IP address is available. To check if the VPN device is supported, please see the following website: https://azure.microsoft.com/nl-nl/documentation/articles/vpn-gateway-about-vpn-devices/

This blogpost will focus on Azure Resource Manager portal and contains six steps that should be performed in sequence. Please note that the configuration of the VPN endpoint device located on-premises will not be discussed in this blogpost. The following steps should be taken to create a Site-to-Site VPN in Azure:

Step 1. Create a Resource Group.
Step 2. Create a Virtual Network in Azure.
Step 3. Create a Virtual Network Gateway.
Step 4. Create a Local Network Gateway.
Step 5. Create a VPN connection.
Step 6. Check if the connection is working.

Step 1. Create a Resource Group

Virtual machines, IP addresses, load balancers, virtual network gateways, local network gateways, virtual networks etc. are all components that are usually related and may depend on each other. It is possible to make use of Azure Resource Manager Groups and combine these different components into a single or multiple resource group(s). This will make management and maintenance of these components a lot easier.

In order to create a resource group please login to the Azure portal at https://portal.azure.com. The “resource groups” icon is accessible on the left side of the portal (Figure 1).

Figure 1. Azure resource groups.

When the resource groups are not shown, click on “Browse” and search for resource groups, then mark them as favorite. From this moment on they will appear in the list.

In this example the goal is the create a VPN connection in Azure. First a resource group for the Virtual Network should be created. To do so click on the “Resource groups”, select “Add”, fill out the required fields and select “Create” (Figure 2).

Figure 2. Create Resource Group ARM.

Step 2. Create a Virtual Network in Azure

The second step is to create a virtual network in Azure. It is very important to determine in advance which subnets will be used. The selected subnet in Azure should not overlap with the subnets used on-premises.

In the Azure portal select “Virtual networks”. Once again if the item is not shown, click on “Browse”, search for virtual networks and mark them as favorite.

Create a virtual network by clicking “Add”. Fill out the required fields and click on “Create” (Figure 3).

Figure 3. Create a virtual network.

If desired, it is possible to add multiple subnets, for example one for the front-end servers and one for the back-end servers.

Step 3. Create a Virtual Network Gateway (Azure)

The virtual network gateway is the gateway on the Azure end, so sending and receiving data will go through this gateway. In this step the purpose of the Site-to-Site VPN should be considered. Depending on the requirements a choice can be made between route-based and policy-based VPN types.

Route based: (Dynamic routing) will support multiple VPN connections and uses IKEv2.
Policy Based: (Static routing) supports a single VPN connection and works with IKEv1.

*When a virtual network gateway is re-created it will come with a new public IP address from Microsoft. Keep in mind to change the (old) IP address in the VPN endpoint device that is used on-premises.

In the Azure portal select “Virtual networks gateways” and click “Add”. Fill out the required fields and click on “Create” (Figure 4).

*Provisioning a virtual network can take up to 45 minutes.

In the next step fill out the information provided below and shown in detail in Figure 4.

Virtual network: Select the virtual network that has been created in step 2.
Public IP addresses: Select Azure’s public IP address.
Gateway type: Select VPN.
VPN type: Select Route-based.

Figure 4. Create virtual network gateway.

Step 4. Create a Local Network Gateway (on-premises)

The local network gateway is the gateway that will be configured with the details of the on-premises network. The following information must be verified:

IP addresses: This must be the IP address of the VPN endpoint device located on-premises.
Address space: All the address spaces that’s being used on-premises.

*The address space used on-premises may have absolutely no overlap with the address space in Azure!

In the Azure portal select “Local networks gateways” and click “Add”. Next, fill out the required fields and click on “Create” (Figure 5).

Figure 5. Create local network gateway.

When creating multiple VPN connections, for example to different locations and/or companies, this step should be performed for each connection.

Step 5. Create a VPN connection

Once the local network is created a new connection can be added. This step can be executed directly after the local network gateway has been created. Click on “Connections” and click “Add”. Fill out the required fields and click on “OK” (Figure 6).

In the next step fill out the information provided below and shown in detail in Figure 6.

Virtual network gateway: Select the virtual network gateway that was created in step 3.
Local network gateway: This option cannot be changed. The VPN connection must be added to the local network gateway that was created in step 4.
Shared key (PSK): This key will be used for encryption for the connection. Type in a random mix of letters and numbers (do not use special characters in the key). Make sure that this exact key will be used for the configuration of the VPN connection on-premises.

Figure 6. Add Connection configuration.

Step 6. Check if the connection is working

The VPN connection needs to be successfully configured in both Azure and the VPN endpoint device on-premises. Once the configuration on both sides is finished, it is possible to check the connection status.

Go to “Local network gateway” and click on the connection. The local network gateway settings will be visible, click on “Connections” and select the connection. The information displayed here is showing the current connection status and data traffic, see Figure 7 for details. It is also possible to see the connection properties of the VPN connection as presented in Figure 8.

To open directly the VPN connections, click on “Browse” in the Azure Portal, search for connections and mark them as favorite.

Figure 7. VPN Connection details.

Figure 8. Properties of the configured VPN connection.

If executed all steps as described above, a successful VPN connection between the on-premises environment and the Azure environment has been established.

February 7, 2016

Installation of Microsoft Exchange Server 2013 CU11 – Part 1

On December 15^th2015 Microsoft released the Cumulative Update 11 (CU11) for Exchange Server 2013. In the upcoming blog post series I will describe the steps for a Greenfield installation of Exchange 2013 CU11 on Microsoft Windows Server 2012R2. In total this blog post series will consist of four parts.

Regarding to this subject several download links can be find below:

Download Microsoft Exchange Server 2013 CU11:

https://www.microsoft.com/en-us/download/details.aspx?id=50366

Issues that the cumulative update fixes:

https://support.microsoft.com/en-us/kb/3099522

Exchange 2013 system requirements:

https://technet.microsoft.com/library/aa996719(v=exchg.150).aspx

Note: As this update is Cumulative it is not required to install the previous CU’s.

In the current blog post, Part 1 of the blog post series, I will describe a Greenfield scenario. Therefore I will start with a clean Windows Server 2012R2. First I will describe the installation of the required pre-requisites followed by the Exchange 2013CU11 installation.

Different pre-requisites are defined for Microsoft Exchange Server 2013 CU11, which include the following:

Extract Exchange2013_CU11
Install .Net Framework 3.5
Unified Communications Managed API 4.0
Install the Active Directory Management Tools
Check if the account is a member of the proper Active Directory groups
Prepare AD schema
Prepare Domain
Installation of Windows Features

Also make sure that the server is member of the domain and it has a static IP address.

Step 1: Extract Exchange2013_CU11

First download Exchange 2013CU11 here. If the download goes well you will see the following file, Exchange2013-x64-cu11.exe. Extract this file in a directory on your hard drive. In my case “C:\Install\Exchange2013_CU11” (Figure 1).

Figure 1. Extracted files Exchange 2013CU11.

Step 2: Install .Net Framework 3.5 and 4.5

After the extracting of Exchange 2013CU11, it is time to install .Net Framework 3.5. Make sure the WinSxS folder is accessible since the correct source files are required for the installation.

Next, start an elevated command prompt and run the following command (Figure 2):

dism /online /enable-feature /featurename:NetFX3 /all /Source:C:\Windows\WinSxS

Figure 2. Installing .Net Framework 3.5 in an elevated command prompt.

Step 3: Unified Communications Managed API 4.0

Download the Unified Communications Managed API 4.0 Runtime from the Microsoft Download Center: https://www.microsoft.com/en-us/download/details.aspx?id=34992

After downloading, launch the install and follow the instructions on the screens.

Step 4: Install the Active Directory Management Tools

Now it is time to install the Active Directory Management Tools. This can also be done within the Server Manager. For convenience, I choose to install this with PowerShell. Open PowerShell as an administrator and run the following command: Install-WindowsFeature RSAT-ADDS

Figure 3. Installing Remote Server Administration Tools with PowerShell.

Step 5: Check if the account is a member of the proper Active Directory groups

Make sure that the account that is used is a member of the following AD groups:

Schema Admins
Enterprise Admins
Domain Admins

Step 6: Prepare Schema

The Prepare Schema command below connects to the Schema Master and extends the Schema with Microsoft Exchange 2013 specific attributes. For more information see: http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx Make sure to run this command from the directory were the installation files of Exchange2013-x64-cu11 are located as shown in Figure 5. Start the command prompt with elevated rights and run the following command: Setup /PrepareSchema /IAcceptExchangeServerLicenseTerms

Figure 4. Output from the prepare schema command.

Step 7: Prepare Active Directory

The command displayed in figure 5, prepares the Active Directory (Forest). For more information see http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx Run the this command from an elevated command prompt: Setup /PrepareAD /OrganizationName:S……e /IAcceptExchangeServerLicenseTerms

Note: In this scenario I install a new Exchange 2013 environment. Therefore it is required to list an organization name. If one is preparing Active Directory in an existing organization this step can be skipped, because the organization name is already known.

Figure 5. Output from the prepare AD command.

Step 8: Installation of Windows Features

The command displayed in figure 6 will install all the necessary Windows features required for Exchange such as HTTP-Activation, Desktop Experience, .Net Framework 4.5. Etc. It is recommended to execute the command in this stage because the server needs a reboot after installing the Windows features to successfully finish the installation process.

Run the following command as an administrator in PowerShell:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Figure 6. Output from the install Windows features command in PowerShell.

Exchange 2013 CU11 installation

Now that we prepared Active Directory and installed all the other required components it’s time to launch the Exchange 2013CU11 installation itself. To start the setup, go to the directory were the extracted files from step 1 are located. In my case “C:\Install\Exchange2013_CU11” run the “Setup.exe” as an Administrator.

Just to be sure you run the most recent version, you can select the option to connect to the internet and check for updates. Hit Next. See figure 7.

Figure 7. Check for updates prior to the setup.

In my case no updates were found so hit next.

Figure 8. Check for updates prior to the setup.

Wait for the initializing setup to complete.

Figure 9. Initializing setup.

Select next on the introduction page.

Figure 10. Introduction screen of the Microsoft Exchange Server 2013.

Read carefully the license agreement, or not. Anyway select “I accept the terms in the license agreement” and click next.

Figure 11. License Agreement terms.

In this scenario I used the recommended settings, select this one and hit next.

Figure 12. Recommended settings screen.

On this screen the setup want to know which Exchange roles have to be installed on the server. In my case I select both the Mailbox and Client Access role to be installed. If you want it is possible to separate these roles on different servers.

Last but not least check also the “Automatically install Windows Server Roles and features that are required to install Exchange Server”. Hit next.

Figure 13. Server Role Selection screen.

Select the installation folder for Exchange 2013CU11.

Figure 14. Installation location screen.

In this step in the wizard you must specify the name for the Exchange organization. It is required to provide a name as it is a new installation. If you want to use apply Active Directory split permissions make sure you select the checkbox.

Figure 15. Exchange Organization name screen.

Default Malware Protection is on. If you don’t want to use this check Disable malware scanning Yes. In my case I do want to use malware scanning. Hit next.

Figure 16. Select the use of malware scanning.

The setup will execute some final checks and if you see no warnings appear hit install to start the installation.

Figure 17. Readiness Checks.

When the Setup has finished, reboot the server to complete the installation of Exchange 2013CU11. Hit finish to close the wizard.

Figure 18. Installation location screen.

After the reboot you can connect to the Exchange Admin Center with the following URL:

https://<servername>/ecp

To connect to the Outlook Web App use this URL:

https://<servername>/owa/

Now you can configure the Exchange server to your own needs. In part 2 I will describe how to install and configure Exchange certificates.

Good luck!

Posted in MS Exchange
Tagged Exchange 2013, Exchange CU11, MS Exchange
Leave a comment

August 4, 2015

Unable to Proceed error during upgrade Operations Manager 2012R2

During the upgrade of Operations Manager 2012R2 it is possible that you encounter some problems. For example, starting the upgrade process for Operations Manager 2012 R2 the following error is shown in some cases: “Setup is unable to proceed with installation for the following reason: “Setup could not detect the current Data Warehouse scenario. Please ensure That the SQL Server service for the Data Warehouse is running, and the current User has permission to access the Data Warehouse” (Figure 1).

Figure 1. Operations Manager 2012R2 upgrade error: Unable to Proceed.

In such a case the names of the Data Warehouse Database and the Data Warehouse Database Server are missing in the registry and therefore the setup cannot be continued. To check this go to “HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft Operations Manager \ 3.0 \ Setup” to determine if the values of the “DataWarehouseDBName” and “DataWarehouseDBServerName” are present. If not, please add the Data Warehouse Database Name and Data Warehouse Server name as shown in Figure 2. Subsequently, restart the Operations Manager 2012R2 installation. The error should be resolved.

Figure 2: Data Warehouse Database name and the Data Warehouse Database Server name in registry.

Posted in Operations Manager
Tagged Operations Manager, OpsMgr 2012 R2, SCOM, SCOM2012R2
1 Comment

July 27, 2015

Operations Manager Dashboards in Microsoft Visio

In this post I describe what cool items can be built with the Visio based dashboard solutions for System Center Operations Manager (SCOM).

I am aware of the awesome products that are made by Squared Up and Savision which both can be used to make excellent dashboards. However, in this post I will focus on the Microsoft Visio based solutions to create dashboards for Operations Manager environments for the simple reasons that it is low cost and the sky is the limit.

Currently, there are two solutions which are based on Microsoft Visio. The first one is the good old bad old Operations Manager Add-in for Visio by Microsoft, and the second one is Pro-View which is provided by OpsLogix. Both solutions offer the possibility to create awesome dashboards for Operations Manager. In this blog post I will describe the possible usage of both solutions and the basic steps to get started with these Visio additions. I will conclude this blog with my opinion on these Visio additions.

Why Dashboards?

Maybe the most important question to ask should be “why should we make use of dashboards?“ Operations Manager is a technical product, and that is a good thing but when making some nice distributed applications in Operations Manager, you probably want to publish them in a fancy way. In my opinion Visio is the right tool for the job, not only because it is possible to build exactly the dashboard you want but this can also be done at low cost. Besides that IT managers love it when they look at the nice overviews of their Business Applications.

Microsoft Operations Manager Visio Add-in and SharePoint Visio Services Data Provider

With the Microsoft Visio Add-in you can create beautiful diagrams that show monitored objects within your Operations Manager environment. For example, you can display complete business applications on a map in Visio including the health state. The Microsoft Visio Add-in comes with a SharePoint Visio Services data provider. This data provider enables you to publish the created Visio drawings in a SharePoint web part so you can include these in a SharePoint website. In such a case it is required to save the drawing with the *.vdw extension.

How it works?

After installing the Visio Add-in, click here for the installation guide, we see that an extra tab is added to the Visio ribbon (Figure 1), named Operations Manager. Under the “Configure” button on the left, it is possible to configure the data source. The management server name and the address of the web console can be entered in this wizard (Figure 2). With these settings in place the connection to Operations Manager server can be made. You can also configure the refresh time of the dashboard so you will immediately see when the health state of objects change.

Figure 1. Operations Manager ribbon in Microsoft Visio.

Figure 2. Data source configuration.

Adding Visio Shapes

After the connection with Operations Manager has been made you can start creating dashboards. There are several ways to display shapes and objects on the Visio drawing. I will describe the different methods and how you can use them.

Method 1: Insert Shape

When clicking on the “Insert Shape” button, see Figure 1, you can add a shape to the drawing, Visio will add automatically the data links (Figure 3).

Figure 3. Add data links process bar.

It is possible to choose classes of objects that are managed in Operations Manager as shown in Figure 4.

Figure 4. Insert Shape, Choose class wizard.

When you select the object from the class you want to add, click “insert”. At this time the object has been added to your drawing (Figure 5).

Figure 5. Object has is added to the Visio drawing.

When selecting the shape use the right mouse button to select “Data” and subsequently select “Show Linked Row”. Now you will see the datalink in the External Data view. Here you will see the Object Id, Display Name, Path, Health State and Class name as shown in Figure 6.

Figure 6. External Data links Visio.

Method 2: Link Shape

It is also possible to use the link shape method, when using this an existing shape on the drawing can be selected and subsequently linked to an object. Just drop a shape on the drawing and click on the “Link Shape” button in the ribbon as presented in Figure 1. In the pop-up window you can select the object from the class you want to add (Figure 7). After you click on “Link” you will see that the health icon has been added to the shape (Figure 8).

Figure 7. Link Shape to Data, choose class wizard.

Figure 8. Linked shape object on the Visio drawing.

Visio Data Graphic

A nice feature of Visio is that you can change the health Data Graphic of an object. Data graphics are in this situation used for classes, last refresh times and to show the health state of an object state amongst others. To change the data graphic select the shape then select “Data”, “Edit Data Graphic”. Now you can change for example the icon set as shown in Figure 9. It is possible to choose the default Operations Manager icon set or for instance traffic lights.

Figure 9. Edit the icon set for the health state of an object.

Adding refresh state

To ensure that the dashboard will continuously refresh its data, a state of the refresh time can be added to your dashboard. To do this, go to the Operations Manager ribbon (see Figure 1) and click on the ”Add Status” button. Now you will see that the refresh time of the dashboard is displayed on the drawing as presented in Figure 10.

Figure 10. Adding the state of the refresh time to the dashboard.

Below some examples of dashboards that I created using the Microsoft Visio Add-in are provided.

Resources

You can download the Operations Manager data module for Visio and the SharePoint data provider via the following link: http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=29268

Microsoft has documented this Add-in very well, so installing it should not be a problem. Please see the following links for more information about how to install, configure, and use the Visio Add-in and the SharePoint 2010 Visio Services Data Provider.

Source: https://technet.microsoft.com/en-us/library/hh920821.aspx

OpsLogix ProView

The ProView solution made by OpsLogix is also an amazing tool to create dashboards. ProView is also an addition to Visio. This means that Visio is required to be used for building dashboards for Operations Manager.

ProView can minimally do the same thing as the Microsoft Visio Add-in. Thus, adding your own stencils and using these shapes is not an issue. ProView stands out with the ability to let you use performance counters. This means that you can get real-time insight in the performance of objects from Operations Manager such as databases, computers etc. Another very cool feature is that ProView dashboards are based on HTML 5, so you have the opportunity access the dashboards on any device. Therefore, it is not required to use SharePoint when publishing the dashboards.

How to create dashboards with Proview?

When ProView is installed, click here for the installation guide, the OpsLogix ProView tab will appear in the ribbon (Figure 11).

Figure 11. The ProView tab in the ribbon in Microsoft Visio.

First we have to configure the connection between ProView and Operations Manager as shown in Figure 12. Fill out the requested information and test the connection when you have done this click “Apply and Close”.

Figure 12. Configure the connection between ProView and Operations Manager.

If you intend to display the drawing on an HD screen you can directly adjust the size of the drawing with a press of a button to a 1080p format. To do this select “Set Size HD” in the ribbon (Figure 11).

Adding objects to the drawing

For ProView also applies that after the connection with Operations Manager has been made you can start creating dashboards. Just like the Visio Add-in from Microsoft you can add with ProView also different objects to the drawing. ProView allows you to use Alerts Counters, Health States, Performance Counters and Monitoring Add States objects. I will describe the features and basic usage of each of them.

Alert Counters

Alert counters can be used to get insight in the amount of alerts. With the “Add Counter” button you have the option to display all open alerts of a group. In this example we want to see all open alerts from the Windows Computer group. To accomplish this, select the first group as shown in Figure 13, and subsequently select the right Windows Computer class (Figure 14).

Figure 13. Group Selection, Select Group.

Figure 14. Class Selection, Select Class.

In the “Options and Template Management” screen, you can select an alert template as shown in Figure 15. There are many different flavors to choose from, for example “Show all active Critical Alerts” or “Show all Unhealthy Targets from SCOM”. By choosing an alert template it is possible to adjust the thresholds for the error and healthy state. Subsequently, it is possible to modify the colors of the health state (Figure 16), click “Next” and press “Add”.

Figure 15. Options and Template Management, Choose Template.

Figure 16. Options and Template Management, Pick the health state color.

Now the Alert Counter has been added to the Visio drawing (Figure 17). Selecting the Live Preview button in the ribbon as shown in Figure 11, you will get a preview of the dashboard including real time information from Operations Manager.

Figure 17. Adding Alert Counter on Visio drawing.

Health States

Health states can be used to gain more understanding of the health from particular objects. When you click on the “Add Health State” button in the ribbon (Figure 11) you have the option to add health states of objects. In the example presented logical disks were selected (Figure 18). On the “Target Selection” page select the instance you want to display (Figure 19).

Figure 18. Class selection, Select Class.

Figure 19. Target selection, Select Target.

On the “Options Page” you can select how you want to display the health state (Figure 20). You can choose between 1) an icon that will change its color and 2) the icon with a health state in the right corner. Click “Next” and press “Add” on the summary page, now the object will appear on the dashboard (Figure 21).

Figure 20. Options Page, Select how the health state is shown.

Figure 21. Logical Disk object with health state icon.

Performance Counters

The use performance counters will give you more insight in the performance of the selected object trough dynamic data graphics. To add performance counters to the dashboard use the “Add PerfCounter” button in the ribbon as presented in Figure 11. On the first page of the wizard, entitled “Target Selection”, you can select an instance (Figure 22). On the next page you can select the performance counter of preference (Figure 23).

Figure 22. Target Selection, Select Target.

Figure 23. Counter Selection, Select Counters.

Click “Next” to go to the options page. On this page (Figure 24) you can configure several items like which data graphic you want to use and how you want to render. There are different Graphic Types such as Line, Sparkline, Bar, Bullet, Pie and Zoomline to choose from.

Select “All Targets” if you want to include also the performance counter data from all other targets of the same target class you selected before. Otherwise choose “All Instances” when you want to include the performance counter data from all the instances that belong to the selected target. In this example I want to see the average CPU time of one target, so I leave both options unselected. Define all remaining settings and press “Next”, then press “Add” to add the performance counter to the drawing (Figure 25).

Figure 24. Options Page, Select Properties.

Figure 25. Adding Performance Counter to the Visio drawing.

Add Monitoring State

Through this wizard you can add the health state of a monitor to the dashboard. The health state gives insight in the different monitors that are configured in Operations Manager. This is very useful in case you want to see the availability of the defragmentation state instead of the whole disk. Click on the “Add Monitor State” button in the ribbon (Figure 11). In the add monitor state wizard select the class you want to use. In the present example I choose the Windows Computer class (Figure 26).

Figure 26. Class Selection, Select Class.

On the Monitor Selection page select the correct monitor and click “Next” (Figure 27).

Figure 27. Monitors Selection, Select Monitors.

Subsequently, select the target you want to use as demonstrated in Figure 28.

Figure 28. Target Selection, Select Targets.

On the option page you can choose for a health state as a color box or icon. In this example I choose the color box (Figure 29). On the summary page click “Add” to add the monitor to the dashboard (Figure 30).

Figure 29. Options Page, Select how the health state is shown.

Figure 30. Add Monitor State as a color box to the drawing.

Dashboard Preview

Unlike the Microsoft Visio Add-in, ProView does not have the ability to display live data on the dashboard at the moment you are working on it. To see the live data from the dashboard press the “Live PreView” button in the ribbon (Figure 11).

Below some examples are presented of dashboards that I created using OpsLogix Proview.

Resources

For more information about the OpsLogix Proview Visio plug-in please see: http://www.opslogix.com/proview/

OpsLogix made some nice getting started videos. Please see the following links for more information about how to install, configure, and use ProView.

This video will show you how to get started with the Proview authoring Plugin: http://www.opslogix.com/opslogix-proview-getting-started-video/
This video will show you how to use the “Add Counter” Wizard in the Proview authoring Plugin: http://www.opslogix.com/opslogix-proview-add-counter-wizard/

Conclusion

Both Visio solutions described in this blog post can be used to create fantastic dashboards for Operations Manager! However, each Visio solution has its own advantages and disadvantages.

The possibilities with the Microsoft Visio Add-in are almost endless. An advantage is that the Microsoft Visio Add-in is free of cost. One of the drawbacks is that the Microsoft Visio Add-in does not support HTML 5 and this is where ProView stands out. Resulting from the fact that ProView is HTML 5 based and the dashboards can be accessed from different locations and devices. ProView allows you to create dashboards in Visio and store these in a management pack, so the dashboards are also visible in the Operations Console. Additionally, when using ProView it is possible to add performance counters of objects to the drawing, so it provides insight in the performance of the managed objects.

ProView also works via a wizard that can be used to add and edit the image or icon of grouped/individual counters including perfmon, health and/or monitor states. Publishing the dashboards in ProView does not require SharePoint or Silverlight. The Microsoft Add-in needs SharePoint if the dashboards will be published on a central location.

Despite the disadvantage of not supporting HTML 5, the Microsoft Visio Add-in is very easy to install and use especially if you use the Visio stencils available for Operations Manager. In fact, the installation of the Microsoft Visio Add-in is less complex compared to that of OpsLogix ProView. Of course it should be noted that the dashboards created in ProView cannot only be published using Visio or SharePoint but also from the Operations Manager console which is considered an advantage over Microsoft Visio Add-in. For this reason the installation of ProView is more complex and consequently also more time consuming.

Microsoft Visio Add-in offers the opportunity to link multiple tabs in the same Visio file. This is especially very convenient when one wants to zoom in on an object presented on the dashboard. ProView offers approximately the same functionalities. However, resulting from the use of *.svg as a file extension every tab should be saved as a separate file in ProView.

It is difficult to indicate which of the two Visio solutions I prefer since both solutions make it possible to create excellent dashboards. The use of both solutions of course requires some knowledge on Visio. Considering that the Microsoft Visio Add-in is free of charge and that it can easily be installed and used, I slightly prefer this Visio solution. To be honest ProView has just entered the world of Operations Manager dashboarding, so I expect that many more cool features will be added in the future. ProView is certainly a product to keep an eye on.

Be Creative

In this blogpost I describe the basics of both the Microsoft Add-in and Oplogix Proview. As it is expressed beautifully on the OpsLogix website:

“You are the artist and you can control everything”

Thus, apply your own creativity when making overview dashboards of the infrastructure or the application environment of organizations. I hope I have provided an insight in the possibilities of both Visio solutions and that it will inspire you to start with one of these fantastic products. Please also see the webinar from Pete Zeger on dashboarding in System Center were some of my dashboards are shown: https://www.youtube.com/watch?v=NuMAUKEDkx0&feature=youtu.be

Posted in OpsMgr Visio Add-in
Tagged Dashboards, Operations Manager, OpsLogix, OpsMgr Visio Add-in, ProView, SCOM, Visio
Leave a comment

May 21, 2015

SCOM License: Requested registry access is not allowed

After installing System Center Operations Manager (SCOM) 2012 R2 it is necessary to enter the product key. This can be done by the Operations Manager Shell, but if the command Set-SCOMLicense -ProductId <Product Key> was entered the message: set-scomlicense: Requested registry access is not allowed may appear (Figure 1).

Figure 1. SCOM PowerShell License key error

To rapidly add the Operations Manager product key the following steps should be taken:

Solution:

Open the standard Windows PowerShell console as an Administrator.
Type the following command: Import-Module OperationsManager
Enter the following command: Set-SCOMLicense -ProductId <Product Key>

This way you can quickly activate Operations Manager without editing the registry settings. Don’t forget to restart the Operations Manager server.

I found this solution on Michael Skov’s his blog, which can be found here. Many thanks Michael for sharing this solution.

Posted in Operations Manager
Tagged OpsMgr 2012 R2, SCOM, SCOM License
Leave a comment

May 13, 2015

Creating Rules in Operations Manager 2012 R2

In this post I will describe the necessary steps that must be followed in order to create a rule targeted against a group in Operations Manager (OpsMgr) 2012 R2. In this particular case I will create a rule that keeps an eye on the Windows Special Logon events. The procedure is as follows:

Open the Operations Manager console -> Authoring -> Management Pack Objects. Right click on Rules -> Create a new rule. Open the Alert Generating Rules -> Event Based and select NT Event Log (Alert) (Figure 1).

Figure 1. Create Rule Wizard, Rule Type.

Select also the proper destination Management Pack (Figure 1) and click Next.

In the General window fill out the name of the rule. Optionally a description can be given as presented in Figure 2.

Select Alert as the Rule Category (Figure 2).

The Rule Target must be Windows Computer (Figure 2).

Make sure to uncheck the box Rule is enabled and click Next (Figure 2).

Figure 2. Create Rule Wizard, General.

Select the security event log and click Next (Figure 3).

Figure 3. Create Rule Wizard, Event Log Type.

In the build event Expression window fill out Event ID as the Parameter Name, Equals as the Operator choose a Value of 4672 and click Next (Figure 4).

Figure 4. Create Rule Wizard, Build Event Expression.

Fill out the Alert name and Alert description. Subsequently, select the priority and severity. In this case I chose to put the severity on the Information level. Next, click on Create (Figure 5). Optionally, custom alert fields can be added to the Alert description. Moreover, it is possible to make use of alert suppression.

Figure 5. Create Rule Wizard, Configure Alerts.

When the rule is created, search for it in the Look for box and open the rule properties (Figure 6).

Figure 6. Search rules.

In the rule properties window select the Overrides tab and select Override… For a group… (Figure 7).

Figure 7. Override for a group window.

Search and select the proper group and click OK.

*Make sure that the selected group is located in the same management pack as the rule. An alternative is to make use of a group that is located in a sealed management pack.

In the Override-controlled parameters check Enabled and make sure that the Override Value is set on True (Figure 8).

Figure 8. Override Properties window.

Figure 9 shows the alert properties in case an account with special logon has been reported. If desired it is possible to create a dedicated alert view to collect all the alerts (Figure 10).

Figure 9. Alert properties, special logon event.

Figure 10. Alert view, special logon events.

Good luck when practicing this kind of cool stuff in your own lab environment.

May 7, 2015

Installing OpsMgr 2012 R2 Reporting Services

Last week I was working for one of our clients. Although they have been using Operations Manager (OpsMgr) 2012 R2 for some time, they have not made use of OpsMgr SQL Reporting Services (SRS) yet. My job was to install and configure both SRS and OpsMgr Reporting. In this post I will describe the installation and configuration of SRS in an existing SQL environment as well as for OpsMgr 2012R2.

If one is going to install OpsMgr Reporting in an existing SRS environment beware of the fact that the OpsMgr Reporting installation overwrites the existing Reporting Databases.

Installing SQL Reporting Services

First install reporting services by adding this feature to the SQL installation. This can be done as follows:

Open Control Panel -> Programs -> Programs and Features. Select the SQL installation, in my case Microsoft SQL Server 2008 R2 (x64).
Click on Uninstall/Change -> Add and select the SQL installation media.
Install the support Files and click install.
Next select Add Features to an existing instance of SQL Server 2008 R2.
In the Select Feature installation check Reporting Services.
Verify the disk space and click next.
Click next in the Error Reporting window.
Click next in the rule check window.
In the Ready to install window click on Install to start the installation.
Verify in the Microsoft SQL Server Management Studio if the Report Server and Report ServerTempDB have been created.

After the setup has been completed SRS needs to be configured as described below.

Configuring SQL Reporting Services

Open the Reporting Services Configuration Manager. Select the Web Service URL and click on apply as presented in Figure 1.

Figure 1. Reporting Services Configuration Manager, Web Service URL.

Next select Database, and click on Change database (Figure 2).

Figure 2. Reporting Services Configuration Manager, Report Server Database.

In the Report Server Database Configuration Wizard window, select Create a new report server database (Figure 3).

Figure 3. Report Server Database Configuration wizard, create a new report server database.

In the Database Server window, select the database server and make sure that the Authentication Type is correct (Figure 4) click Next.

Figure 4. Report Server Database Configuration wizard, connect to the database server.

In the Database window, fill out the Database Name, check the language, select the proper Report Server Mode (Figure 5) and click Next.

Figure 5. Report Server Database Configuration wizard, enter database name.

In the Credentials window, select the authentication type, fill out the user Name and Password (Figure 6) and click Next.

Figure 6. Report Server Database Configuration wizard, specify credentials.

Verify the configuration (Figure 7) and click Next.

Figure 7. Report Server Database Configuration wizard, summary.

In the Program and Finish window make sure that all items listed in Figure 8 are marked successful click Finish.

Figure 8. Report Server Database Configuration wizard.

Select the Report Manager URL window and click Apply (Figure 9).

Figure 9. Reporting Services Configuration Manager, Report Manager URL.

At this moment, the SQL Reporting installation has been completed. Now we can start the OpsMgr2012 R2 SQL Reporting installation.

Installing Operations Manager Reporting Services

In order to install OpsMgr SRS, first start the OpsMgr 2012R2 installation wizard. Select only the Reporting Server, then click Next (Figure 10).

Figure 10. Operations Manager Setup, select features to install.

Subsequently, choose the correct installation directory (Figure 11) and click Next.

Figure 11. Operations Manager Setup, choose installation path.

If all the prerequisites passed as shown in Figure 12 click Next.

Figure 12. Operations Manager Setup, prerequisites check.

Select I have read, understood, and agree with the license terms (Figure 13).

Figure 13. Operations Manager Setup, license terms.

Specify the OpsMgr management server (Figure 14).

Figure 14. Operations Manager Setup, specify a management server.

Next, select the SQL Server instance for reporting services as demonstrated in Figure 15 and click Next.

*In the present case the Setup Wizard indicated the following message “The installed version of SQL Server could not be verified or is not supported”. Because this message can have several causes, it is wise to search the log file of the installation to further investigate the message. The OpsMgrSetupWizard log file is located in %:\Users\<USERNAME>\AppData\Local\SCOM\LOGS

Figure 15. Operations Manager Setup, SQL Server instance for reporting services.

In the present case, the log file revealed that the SRS version is different compared to the SQL version (Figure 16).

Figure 16. Operations Manager setup log file.

In fact, the log file indicates that SRS has version 10.50.1600.1. When running the SELECT @@VERSION query it appears that the SQL Database has version 10.50.2500.0 as shown in Figure 17. Moreover, Figure 17 reveals that SP1 is installed on the SQL Server. For this reason SP1 also needs to be installed for SRS. Once this has been completed, the OpsMgr reporting installation can be continued.

Figure 17. SQL Server Management Studio.

Proceed the installation by clicking Next (Figure 18).

Figure 18. Operations Manager Setup, SQL Server instance for reporting services.

Configure the OpsMgr Data Reader account. This account will be used to deploy reports and needs to be able to run queries against the data warehouse (DWH). In addition, the account will also be used to connect to the Management Server (MS). To continue click Next (Figure 19).

*The specified Data Reader account must have db_datareader rights on the OperationsMangerDW database.

Figure 19. Operations Manager Setup, Configure Operations Manager accounts.

In the customer experience improvement program window select if you are willing to participate in the improvement program or not and click Next (Figure 20).

Figure 20. Operations Manager Setup, help improve Operations Manager.

Turn Microsoft update on or off and click on Next (Figure 21).

Figure 21. Operations Manager Setup, Microsoft Update.

Check the installation summary and click Install (Figure 22).

Figure 22. Operations Manager Setup, installation summary.

Make sure the installation has been successfully finished as shown in Figure 23.

Figure 23. Operations Manager Setup, setup is complete.

*It can take a while before all the reports are shown in the console.

Next, open the OpsMgr console and select the Reporting Pane. A list of available reports is presented here (Figure 24).

Figure 24. Operations Manager Console, reporting pane.

It is now possible to create many different reports within the OpsMgr2012 R2 console or by connecting to the Reporting Services URL. Have fun and create some awesome reports🙂

Posted in Operations Manager
Tagged Operations Manager, OpsMgr, OpsMgr 2012 R2, Reporting, SQL, SQL Reporting, SRS
Leave a comment

April 17, 2015

Application Performance Monitoring – Client-Side Monitoring

Introduction

In my previous post I described the configuration of Application Performance Monitoring (APM) for SharePoint 2010, including Client-Side Monitoring (CSM) for SharePoint. Unfortunately, CSM is not supported for SharePoint 2010 and the configuration of CSM as described in my previous post was found to give disappointing results. Therefore, I will describe the setup of CSM monitoring for .Net Applications in this post.

The prerequisites

First it needs to be checked if the correct Management Packs (MP) are installed as shown in Figure 1.

Figure 1. Required Management Packs for APM.

It is of importance that Server-Side Configuration for the .Net application has been configured properly, as described in my previous post: Application Performance Monitoring – SharePoint 2010.

Another prerequisite for configuring CSM is that the .Net application should be compatible for monitoring. To check if the .Net application is indeed compatible go to the IIS Web Application Inventory and select the .Net application of preference as illustrated in Figure 2.

Figure 2. IIS Web Application Inventory view.

Next, “Check Client-Side Monitoring Compatibility” should be selected in the task menu (Figure 3).

Figure 3. Task to start CSM compatibility.

This task verifies if the .Net application can be safely monitored by using CSM. Click “Run” to start the task (Figure 4).

Figure 4. Run task check CSM compatibility.

Read and verify the task output and check if it is safe to use CSM for the .Net application as shown in Figure 5.

Figure 5. Task status check CSM compatibility.

Configuring CSM

In order to configure CSM, the properties of the application that are already configured for Server Side Monitoring should be opened first: go to Authoring → select .Net Application Performance Monitoring and open the properties of the .Net application. Next, the tab “Client Side Monitoring” can be selected as shown in Figure 6. Make sure that the check box is enabled. Subsequently, a group can be selected with servers as the Targeted group.

Figure 6. General properties, CSM tab.

Select Customize to adjust the client-side configuration. Figure 7 presents several configuration settings such as turning on performance and exception alerts, page load thresholds, and sensitivity thresholds. It is of foremost importance to configure the client IP address filter properly. Please note that only localhost addresses are monitored by default. This means that all IP addresses are monitored in case no IP addresses are added to the IP filter list. The IP addresses added to the IP filter list are excluded from CSM.

Figure 7. Modifying CSM settings.

Once CSM has been configured for the preferred .Net application it can be checked whether the configuration was successful. This can be done via the browser. If the .Net application is loaded, hit F12 to open the developer mode and search for a code similar to the one presented in Figure 8. When such a code is presented it can be assumed that CSM has been successfully applied to the .Net application. In the state view of the monitored .Net application it can be seen that the “Client-Side Monitoring Application Component“ has received a healthy status as demonstrated in Figure 9.

Figure 8. Internet Explorer developer mode.

Figure 9. State view of the APM monitored application.

Posted in Application Performance Monitoring
Tagged .Net Application, APM, Application Performance Monitoring, Client-Side monitoring, Operations Manager, SCOM
Leave a comment