Tuesday 30 August 2011

Network Devices Supported in SCOM 2012

Jonathan Almquist has posted on his blog about the network devices supported in SCOM 2012.
http://blogs.technet.com/b/jonathanalmquist/archive/2011/08/11/list-of-supported-network-devices-in-operations-manager-2012.aspx

I'm not going to replicate the really long device list table, but it's looking very comprehensive and should only grow by RTM.

A spreadsheet of the devices with more details can be found at the link below and details things like the OID of the device and if memory and processor monitoring is available.
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26831

Thursday 18 August 2011

Service Manager - Backup Unsealed MP's

I've had a solution for backing up SCSM unsealed management packs on the TechNet Gallery for a while now, but I thought I'd mention quickly that I've just updated it.

No new functionality, but Sam Erskine (Service Manager Guru) has very kindly given me his documentation for the installation of the management pack so I've updated the zip file with it.

Sam's blog can be found here and the download here

Duplicate Records when you use Unknown Computer Support along with AD Delta Discovery

I've run into this scenario a couple of times after enabling Delta Discovery and have got into the habit of doing a manual sweep for duplicate records, or extending the Delta Discovery period, but that kind of defeats much of the reason for it.

http://blogs.technet.com/b/configmgrteam/archive/2011/08/17/known-issue-and-workaround-duplicate-records-when-you-use-unknown-computer-support-with-active-directory-delta-discovery.aspx

Basically, if you have Delta Discovery enabled and then image a new device using unknown computer support SCCM creates a record for the new device, but then if Delta Discovery runs before the Task Sequence installs the Client Agent and after the OS has been joined to the domain, 2 records will be created within SCCM.  The problems start though when SCCM can't link/merge the two together and won't age either of the out of the database either.

Two choices are then left for you.
  1. Manually sweep for duplicate records and delete the one that shows no client installed.
  2. Setup a status filter rule that will run a script to automatically delete the record.
Thanks to the TechNet article posted by Minfang Lv, this is now relatively simple to do, with the scripts and instructions supplied.

As always, test before putting straight into production.

Wednesday 17 August 2011

Anti-Virus exclusion list for Microsoft Products

While trawling the blogs today I noticed this useful page mentioned by quite a few:

http://social.technet.microsoft.com/wiki/contents/articles/953.aspx

It's a Technet Wiki article that aims to condense all the AV exclusions you might want to configure for Windows Server when different products are installed (SQL, AD, IIS, etc).

There's also some references to general Windows exclusions also.

Service Manager 2010 hasn't made it onto the list yet, so I'll point you to the NN4 Consultants blog for that one:
http://www.nn4consultants.com/2011/06/scsm-framework-to-real-work-part-iv-av-exclusions/

Tuesday 9 August 2011

Microsoft Exec's... They're just normal people....

**Update 11/08/2011**  - Looks like someone didn't like this video being up, as it's now been removed.  Sorry!

Had to share this...


MGXFY12 Kurt D Comedy Video from Buttercuts Editorial on Vimeo.

Sad thing is, for those that know me, they could probably see me right at home in the car with them /shame

Thursday 4 August 2011

Microsoft BitLocker Administration and Monitoring (MBAM)

On the 1st of August, Microsoft officially released the MDOP 2011 R2 suite.

As well as the usual App-V, Med-V DaRT etc updates this R2 release also sees MBAM join the suite.

For those of you unfamiliar with MBAM, it builds on BitLocker Drive Encryption by offering an enterprise solution for provisioning, monitoring, and supporting BitLocker.

By using MBAM, you can centrally provision BitLocker and enforce BitLocker policies across the organization.
Provisioning BitLocker by using MBAM is a two-step process:
  1. Deploy the MBAM client to each computer (SCCM would be the preferred option here)
  2. Configure policy settings that MBAM enforces.
The client enforces MBAM policy settings, stores recovery key data in an encrypted MBAM database, and reports its compliance status to MBAM.
In addition to walking the user through the encryption process, it can also prompt the user for a PIN, if required, addressing an aspect of BitLocker deployment that has challenged IT.
The most obvious way MBAM can simplify BitLocker support is by streamlining drive recovery for the Service Desk.  The picture below shows the Drive Recovery webpage in MBAM. If a user calls the Service Desk because they are in BitLocker recovery mode, the Service Desk doesn’t look up the drive’s recovery key in AD DS. Instead, the Service Desk uses MBAM to quickly look up the recovery key based on its ID.
MBAM also introduces single-use recovery keys. When the Service Desk retrieves and uses a recovery key, the MBAM client automatically generates a new recovery key for the computer. The original recovery key can’t be used again to recover the computer’s hard drive.
This is vitally important as users are known for jotting down things like the recovery key and keepin it near their device in-case they ever need it again. The hard drive might as well be unencrypted.
Single-use recovery keys help prevent unauthorized users from gaining access to the hard drive even if they get access to a previously used recovery key.
While MBAM does a great job of helping you provision BitLocker, one of the areas it shines the most in is compliance reporting. The reports it includes can help you quickly determine the status of the entire organization or a single computer. They can also help you monitor access to the MBAM databases.
Imagine that a user loses their laptop computer, and it contains confidential data. With MBAM, you can quickly look up the computer to determine whether it was compliant with BitLocker policy. You will know immediately whether the loss represents any risk.
MBAM provides the following reports in the MBAM management console:
  • Enterprise Compliance Report. This report can tell you at a glance the BitLocker compliance status of your entire organization. 
  • Computer Compliance Report. This report indicates whether a specific computer or a specific user’s computers are compliant with BitLocker policy.
  • Recovery Audit Report. This report indicates who has accessed recovery key information, successfully or not.
  • Hardware Audit Report. This report indicates who has changed the hardware compatibility list and when the MBAM client discovers new hardware. When you enable hardware compatibility checking, the MBAM client uses the hardware compatibility list to determine whether each computer model supports BitLocker.


Two useful videos to watch on MBAM:

SCOM 2007 R2 Cumulative Update 5 (CU5)

Now that the KB Article for CU5 is live we can now see exactly what's included in CU5:

Cumulative Update 5 for Operations Manager 2007 R2 resolves the following issues:
  • Restart of non-Operations Manager services when the agent is updated.
  • Updated ACS reports.
  • TCP Port Probe incorrectly reports negative ping latency.
  • MissingEvent Manual Reset Monitor does not work as expected.
  • Drillthrough fails because of rsParameterTypeMismatch in the EnterpriseManagementChartControl.
  • ACS - Event log message is truncated or corrupted in SCDW.
  • UI hang caused by SDK locking.
  • ACS Filter fails for certain wildcard queries.
  • Edit Schedule button is disabled with SQL 2008 R2.
  • Web console times out when you open the left navigation tree.
  • Scheduled Reports view for Windows Server 2003 and for Microsoft SQL Server 2005 Reporting Services SP3 CU9 returns "System.IndexOutOfRangeException: Index was outside the bounds of the array."
  • Signed MPs cannot be imported when new attributes are added to existing classes.

Cross Platform Cumulative Update 5 for Operations Manager 2007 R2 resolves the following issues:
  • Performance data for LVM managed partitions is not available.
  • Process monitor does not keep name if run by using symbolic link.
  • AIX with large number of processes crashes with bad alloc.

Cross Platform Cumulative Update 5 for Operations Manager 2007 R2 adds the following feature:
  • Support for Red Hat 6

Note The new agent for Red Hat 6 is included in Cumulative Update 5. You can download the management pack for Red Hat 6 by visiting the following Microsoft website:
 
 
I'm a strong believer in not re-inventing the wheel, so rather than do a step by step guide on the install myself, I'll just recommend you check out Kevin Holman's post:
 
 
 

Wednesday 3 August 2011

Ramp up the Test Lab - SCOM 2007 R2 CU5 is here!

Cumulative Update 5 (CU#5) for SCOM R2 is now available for download from here:
http://www.microsoft.com/download/en/details.aspx?id=26938

The Knowledge base article for the update (KB2495674) isn't presently live, but the download page does note that there are a number of manual steps are required to install, so this will definately need the guide reading in full.

With that being said, get it downloaded and the test lab ramped up ready, but wait for the full details before attempting an install!

**Edit 04/08/2011 - KB Article is now live **