SCOM 2016 – Linux Agent Deployment “Signed certificate verification operation was not successful”

Today, while trying to add my linux servers to my new SCOM 2016 environment, I ran into an interesting issue.

When deploying the agent to my CentOS 6.8 server, all was going fine, then suddenly *holy drama!* – the agent install fails, indicating “The SSL certificate could not be checked for revocation”
When clicking the details link, this is what is shown:

SCOM uses ssl to communicate via between the management server and the monitored system/server/client, etc. The problem I faced is that the server has a host name set to SERVER.DOMAIN-COOL.COM, and in order to authenticate successfully the HOSTNAME name MUST match the FQDN (fully qualified domain name) of the name that is resolved by SCOM. i.e. SERVER.DOMAIN.COM.

If you are facing this scenario and your UNIX/Linux server has a different hostname then what is in DNS you have two choices. Either you change the hostname on your server, which may or may not be an option, or you create a new certificate with the FQDN hostname and private key without touching the server name at all using the scxsslconfig tool. I decided to perform the latter. Just open the a shell and run…

After executing the command, make sure to restart the agent.

After the service is restarted head back to your SCOM console, and attempt to manage the linux server again.
This time it will complete successfully.

Posted in System Center Tagged with: , , , , , ,

DPM, Windows Server Backup and “The backup storage location is invalid” error..

While working with DPM, I came across an issue, where my internal backup of the DPM server, kept failing with “DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 546, WSB Error Code: 0x10851A0). (ID 30229 Details: Internal error code: 0x80990ED0)”

Upon closer inspection, when I launch an admin command prompt and attempt to perform a local backup using wbadmin:

I receive the following error:
The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location.

wbadmin_fail

The solution to this issue, is to simply add a new key to the registry.
Create the following:

wbadmin_registry

Immediately after creating the key, the backups should complete successfully.

wbadmin_success

Posted in Server 2012 R2 Tagged with: , , , , , ,

Bulk remove non-English Management Packs from OpsMgr 2012R2

I’ve been taking some time to learn some of the System Center tools, and recently I’ve installed an Operations Manager (SCOM) instance to use for monitoring in my environment.

Being the numb-skull I am, the first task I took it to myself to complete, was to download some management packs. Well, if your a veteran to this, you’re probably saying, “what a dummy” he downloaded the entire group.. and I reply to you, “yep”, I sure did.

If you don’t know, or are not acquainted with what I am talking about, while importing management packs, under each of the group headings, could be dozens or more, of sub-packs, which may or may not be English.

Still no idea, here, let me share a picture.
Management Packs

As you can see, these are organized by product, and then further organized, so on and so forth..
Like the big dummy I am, I selected the headers for each of the top level items I was interested in, which left me with hundreds of non-English management packs installed into my console.

Removing these from the GUI, can only be accomplished 1 at a time! *groan*

Here comes PowerShell to save the day!!
With a quick command, you can quickly remove all of those management packs not in your native language.
managepowershell

I will take a moment to CAUTION you on the usage of this command: Do not use this in a production environment without fully insuring that this command is correctly entered. If done incorrectly, it could remove all management packs from the environment! YIKES!
Consider yourself warned!

Posted in System Center Tagged with: , , , , , ,

Now running on Google Domains!

So, yesterday I took a plunge and migrated my primary domain cbudde.com to google domains. In case you’re not familiar with this service, it’s googles new offering into website registrar management. You can take a closer look here.

It seems to offer all the same features as your godaddy, and networksolutions. The real benefit is cost. Google domains is a flat $12/year fee for each domain. With that, they include additional features that most other registrars charge extra for.

for example, domain privacy, DNSSEC, which typically are premium features that cost more, are included free of charge through google domains.

The transfer was about as easy as to be expected for any domain. Simply needing to have privacy disabled, and the domain unlocked. It took approximated 60 minutes to completely migrate from godaddy to google, using google DNS. When I configured DNS properties to point to my webhost DNS servers, it took about 12 hours before the change was updated. (This is an estimate, based on when I started the change, the night prior, verse when I woke up from snooze-land that following morning)

All in all, a decent experience, and if you’re looking to save some money on domain name hosting, google DNS might just be what you’re looking for!

Posted in Webhosting Tagged with: , , , , ,

Add or Remove E-mail Aliases in On-Premises Active Directory – Office 365

If you are synchronising your Office 365 account with your on-premises Active Directory environment, you will know that you cannot edit exchange user properties using the Office 365 administrator portal.

If you try, you will come across this error or a similar one:
sync_error
In this post, I’m going to show you how to add e-mail aliases using the Active Directory User and Computers snapin.

Before we begin, make sure that you have the advanced options enabled from the view menu in ADUC.

  • With ADUC open, select view, and then check the box next to “Advanced Features”
    advancedFeatures

Now, with that out of the way…

  1. Select the user you wish to add an Alias for > Right click the name, and select properties.
  2. Now, Remember that advanced features check box I mentioned above, because we selected that, you will now see a tab called, “Attribute Editor”. If you don’t see this tab, go back and check the box for “Advanced Features”, and then kick yourself, for not paying attention.
  3. Find the variable proxyAddresses – this is the one you want to edit.
    When you add new e-mail aliases, you want to make sure that your primary e-mail address will start with upper-case SMTP. Your aliases, aka, secondary addresses should be lower-case smtp.For example, I want my primary e-mail address to be [email protected]
    In the proxyAddresses attribute, I would put:
    SMTP:[email protected]
    As my alias, I want [email protected] to do this, I will use lower case smtp:
    smtp:[email protected]
  4. Apply the new settings, and click OK
  5. Wait patiently for your active directory to be synchronised with Office 365 (by default this happens every 3 hours but you can force this with a bit of research. – We’ll leave that for another article, here’s a link to the new ADSync tool)
Posted in Active Directory, Azure/Office365 Tagged with: , , , , ,

How to perform manual sync with the new Azure AD Connect.

On occasion, it may be required of you to force a sync between your local AD environment and your MS Azure / Office 365 environment. By default, this value is about 3 hours. For whatever reason, you need to make a change to a user object, you may need to perform this sync so they can utilize the services.

This command is very simple to execute.

  1. Open an elevated Windows Azure AD Module for Powershell window.
  2. Navigate to the “C:\Program Files\Microsoft Azure AD Sync\bin” folder.
  3. Run either the .\DirectorySyncSlientCmd.exe with either the Initial or Delta argument.

    azure1

For a detailed explanation of the arguments, check out the source article links at the bottom.

Posted in Azure/Office365 Tagged with: , , , ,

Installing VMware Tools the right way on CentOS 6.7!

For CentOS, I recommend following the VMware Tools Installation Guide for Operating System Specific Packages to get your VMware Tools instead of just running it from vSphere Client. Why you ask? Well, because in following this setup routine, you can template your VM, and not have to manually install the vmware client everytime you create a new machine, and it updates easily with yum package manager. How’s that for an answer?

  1. So the first thing we need to do, is grab a few prerequisites.

  2. Second we need to grab the public keys from VMware, here’s a link to their keys. http://packages.vmware.com/tools/keys
  3. Import the keys (I put mine in a folder in tmp, /tmp/vmware):

  4. Now, we’ll create a repository file. Navigate or create the file at: /etc/yum.repos.d/vmware-tools.repo – You can name it whatever you want, as long as its meaningful to you.
  5. Add the following content to the file:


    NOTE – Keep in mind, I am doing this on a CentOS 6.7 VM, on ESX 5.5 U2, 64bit. If you are using a different flavor, you’ll need to adjust for your version. Refer to the VMware Tools Installation Guide for Operating System Specific Packages for more information.
  6. Now, its just a matter of running the following command:

  7. After the installation completes, reboot.
Posted in CentOS, VMWare Tagged with: , , , , ,

Enable the Server Graphic Shell on Server 2016 TP2

So back in early May 2015, (I know, like it was sooo long ago..) during the MS Ignite Conference, Microsoft released Technical Preview 2 for Server 2016.

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview

The installation, regardless of what you select, only installs the CORE installation to reduce the OS footprint and minimize the security impact.
setup
But what if you want the GUI? You can enable the GUI or (Server Graphics Shell) from within Server Manager. See, I already learned-ya something new today!
I will show you how below.

  • Navigate to Add Roles and Features Wizard,
    addroles
  • Select Features and under “User Interfaces and Infrastructure”, check Server Graphical Shell.
    graphicshell
  • Confirm the installation, and reboot if desired.
    confirm
  • After a reboot, look at that pretty UI! Yay!
    desktop
Posted in Server 2016 Tagged with: , , , , ,

Setting the default domain for vCenter SSO

vCenter Single Sign by default requires the user to specify the domain when they pass their username during authenticate with vCenter.
For Example : MYDOMAIN\USER1 or [email protected]

You can eliminate the need to insert the domain in the user name by following the following steps.

NOTE – This has to be done in the WebClient. These options are not available in the desktop client.

  1. Log in to the vSphere Web Client as [email protected] or as another user with vCenter Single Sign-On administrator privileges.
  2. Browse to Administration > Single Sign-On > Configuration.
    administration configuration
  3. On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.
    default

In the domain display, the default domain shows (default) in the Domain column.

When you login to vCenter now, you can omit the DOMAIN from your username and connect as just user1.

These are the exact steps as posted in the VMware KB. I added some pretty pictures to assist.

Posted in VMWare Tagged with: , , , , , ,

Boot into safe mode on Windows 8/Server 2112

One of the earliest steps in troubleshooting a PC/Server is to boot into safe mode. Be it Last Known Good recovery, to uninstalling a faulty driver, this has simply been achieved by pressing the F8 key.
This changed with Windows 8 / Windows Server 2012 and its Automatic Repair mode.
But what if we want Safe Mode?

You can still have Safe Mode, however, it is buried deep into the recovery options. While just mashing the F8 key sometimes works, I have noticed that sometimes, on Dell servers, it now brings you into the LifeCycle Controller. If this is the case, you can still access the recovery options by pressing the Shift+F8 key combination.

recovery

Select the “Troubleshoot” Option.
optino

And… Select “Advanced options”
troubleshoot

Now, from the Advanced Options menu, choose the “Windows Startup Settings” option.. *How anyone is ever to find this, your guess is as good as mine…
advanced

Finally, Restart.
restart

When your system restarts; Look what I found!!
abo

Posted in Server 2012 R2, Windows 8 Tagged with: , , , , , , , ,