quarta-feira, 22 de agosto de 2012

New SQL Management pack ships - 6.3.173.1

New SQL Management pack ships - 6.3.173.1

It can be found here:
http://www.microsoft.com/en-us/download/details.aspx?id=10631

New features:
AlwaysOn Monitoring
    • Automatically discover and monitor availability groups, availability replicas, and availability databases for hundreds of computers.
    • Health roll-up from availability database to availability replicas.
    • Detailed knowledge with every critical health state to enable faster resolution to a problem.
  • Seamless integration with Policy based management (PBM)
    • Auto-discover custom PBM polices targeting AlwaysOn and database components.
    • Rollup of health of policy execution within the SQL monitoring pack under extended health.
  • Support for Mirroring and Replication Monitoring (only applicable to SQL Server 2008 and 2008 R2 version of management pack)
    • Discover mirroring databases, witness, and mirroring group.
    • Monitor database mirror state, database mirror witness state, and mirroring partners’ state.
    • Custom diagram view to visually represent the primary and the mirrored databases.
    • Approximately twenty rules to detect replication events.
  • Improved Freespace monitoring with mount point support
Will update the post with impressions, but I just hope they fixed the tempdb zero size issue.

Stay tuned!

quinta-feira, 2 de agosto de 2012

Error in SCOM 2012 ACS Report: Sensitive Security Groups Changes

A customer of mine always had an issue with an ACS Audit report called "Sensitive Security Groups Changes". The information shown there didn't make a lot of sense. It would show the same user as the one being added to the group and the one being the one adding the user. Just some crazy stuff that could be fixed in report builder. But I was hired to upgrade the 2007 R2 structure to 2012, hoping that it would be fixed and maybe improved.
Nothing like that. In the end, it was even worse. For some reason, the information shown was completely wrong.
To fix the issue, I've opened an Incident with Microsoft, which didn't fix the problem, but lead me to fix it in the end.
It happens that the C:\Windows\System32\security\adtserver\eventschema.xml seems to be broken from the installation media.
The section for event 4728 seems to be broken:
        <Event SourceId="4728" SourceName="SE_AUDITID_ETW_GLOBAL_GROUP_ADD">
          <Call Name="AppendString" Param1="1" Param2="0" />
          <Call Name="AppendString" Param1="2" Param2="0" />
          <Call Name="AppendString" Param1="3" Param2="0" />
          <Call Name="AppendString" Param1="4" Param2="0" />
          <Call Name="AppendString" Param1="5" Param2="0" />
          <Call Name="AppendString" Param1="6" Param2="0" />
          <Call Name="AppendString" Param1="7" Param2="0" />
          <Call Name="AppendString" Param1="8" Param2="0" />
          <Call Name="AppendString" Param1="9" Param2="0" />
          <Call Name="AppendNamesFromSid" Param1="2" Param2="0" />
          <Param TypeName="typeUser" />
          <Param TypeName="typePrimarySid" />
          <Param TypeName="typeTargetUser" />
          <Param TypeName="typeTargetDomain" />
          <Param TypeName="typeTargetSid" />
          <Param TypeName="typeClientSid" />
          <Param TypeName="typeClientUser" />
          <Param TypeName="typeClientDomain" />
          <Param TypeName="typeClientLogonId" />
          <Param TypeName="typePrivileges" />
          <Param TypeName="typePrimaryUser" />
          <Param TypeName="typePrimaryDomain" />
        </Event>
The correct code (copied from 4729):
        <Event SourceId="4728" SourceName="SE_AUDITID_ETW_GLOBAL_GROUP_ADD">
          <Call Name="AppendString" Param1="1" Param2="0" />
          <Call Name="AppendString" Param1="2" Param2="0" />
          <Call Name="AppendString" Param1="3" Param2="0" />
          <Call Name="AppendString" Param1="4" Param2="0" />
          <Call Name="AppendString" Param1="5" Param2="0" />
          <Call Name="AppendString" Param1="6" Param2="0" />
          <Call Name="AppendString" Param1="7" Param2="0" />
          <Call Name="AppendString" Param1="8" Param2="0" />
          <Call Name="AppendString" Param1="9" Param2="0" />
          <Call Name="AppendString" Param1="10" Param2="0" />
          <Call Name="AppendNamesFromSid" Param1="2" Param2="0" />
          <Param TypeName="typeUser" />
          <Param TypeName="typePrimarySid" />
          <Param TypeName="typeTargetUser" />
          <Param TypeName="typeTargetDomain" />
          <Param TypeName="typeTargetSid" />
          <Param TypeName="typeClientSid" />
          <Param TypeName="typeClientUser" />
          <Param TypeName="typeClientDomain" />
          <Param TypeName="typeClientLogonId" />
          <Param TypeName="typePrivileges" />
          <Param TypeName="typePrimaryUser" />
          <Param TypeName="typePrimaryDomain" />
        </Event>
Make sure you make a copy of the file before changing. When you're done editing the file, restart the Collector service and you should be ok.

Adding an Agent Task to Fix the Active Directory 2008 Management Pack Console Tasks

Hi fellow SCOMmers, a quick tip on how to create a task to add a symbolic link to the C:\Program Files to all your domain controllers. Why?
First a little background:
In the Active Directory 2008 Management pack, it will still try to run some of the console tasks from the wrong folder:


You can always Override the parameter temporarily, but if you do it very frequently, will be a pain. Of course, ideally, Microsoft would fix this at some point, but since we can't change the management pack permanently, a quick way to fix it is to create a symbolic link to the Support Tools folder pointing to C:\Windows\System32, where most of these tools like DCDIAG.EXE are.
So, the steps:
  1. Open the SCOM console
  2. Select the Authoring Area and select Management Pack Objects
  3. Right Click Tasks and select Create a new Task
  4. Name the task, select a target (Active Directory Domain Controller Server 2008), select a proper management pack and configure the command as below and click Create:

Here is the command line parameters text, so you don't yell at me that you can't copy and paste it:
      /c mklink /d "C:\Program Files\Support Tools" %windir%\system32

5.To use the task, select the server in the Monitoring view, under the Windows Active Directory Server state view and click on the task from the Tasks panel on the right:

Hope it helps!

Happy SCOMming