Thursday 27 August 2015

System Center Universe Europe 2015

Well, it’s a wrap!

I’m just on my way back home from the awesome event that was System Center Universe Europe 2015.

(Keynote Room laid out ready - Image by SCU Europe)
It’s been a manically packed 3 days with 4 different tracks happening simultaneously throughout the day (with early starts from 08:30!) and smaller side sessions also as an extra.

There’s been such a wide topic coverage this week (centred around IT management) covering the various component of System Center, Azure, Enterprise Mobility, PowerShell, there was even some fun with managing Tesla cars thrown in!

I was lucky enough to get to present a couple of sessions this year, one covering the different ways that the System Center components connect, interact and why with another session on how you can start to leverage the Azure services to extend your on-premise datacentre into a hybrid model and start gaining IT Management benefits and scale now, without the wholesale approach of just shift everything.

(People were keen for sessions and ensuring they had seats well before sessions started)

But it never stops me cringing and wondering why or how I was lucky enough to get a speaking spot, just looking around the speakers room left me gaping in awe at the world class talent that an event like this manages to attract.

Speakers/Experts/MVPs/Vendors from around the world happily flock to this event with renowned experts from the USA, Sweden, UK and even Sri Lanka in attendance.
People that have been in this game far longer than me and who I can thank personally for helping me build my career to what it is now after spending many hours over the years reading/watching/listening to them sharing their knowledge.

This is the other thing that makes these types of event so awesome, the attendees.

Having been to many of these events as an attendee myself, it’s always refreshing to see crowds of people that are so willing to learn and absorb knowledge.
But not just in a passive manner, this type of event sees the attendees willing to engage, ask questions (and there is no such thing as a stupid question in my opinion, it’s just something you don’t yet know the answer to so always ask!) and give helpful feedback.

(Break time between sessions - Image by SCU Europe)
Well that might be a wrap for this year, but the good news is it's back again next year, bigger and better and this time... in Berlin!!

Thursday 6 August 2015

Hotfix KB3081699 for ConfigMgr and Windows Phone Apps - Installation order matters!

A few weeks ago, Microsoft consolidated their app stores ready for Windows 10 launch.

This had a knock on effect that ConfigMgr and Intune could no longer create Windows Phone app deployments, nor could you configure the Allowed/Blocked compliance settings (Well you could work around it by using old URLs and pasting them in).

Thankfully, Microsoft have just released a hotfix (KB3081699) to resolve this issue.

** Update 07/08/2015 ** - See note at end of post

It needs applying to your site server and your consoles, however there is an important thing to note.

Microsoft have also released CU1 this last week.

Not spending too much time thinking about it, since the hotfix was released AFTER CU1, I updated my site to CU1 and then applied KB3081699.

Nothing seemed amiss and the installations completed successfully, but there appeared to be zero difference in behaviour... odd...

I tried to apply the patch again, only to be greeted by an error message.

This update applies to systems running cumulative update 0, this system has the more recent cumulative update 1 installed.

Erm, ok, I agree, but CU1 doesn't include this fix!?!?!?!

Slightly my fault as I installed CU1, didn't reboot, then installed KB3081699 which didn't complain about CU1 as it wasn't fully installed, but didn't actually install properly either. /sigh

Hopefully Microsoft will re-release this patch, or another CU very soon that includes it.

In the mean time, make sure if you need the fixes in KB3081699 that you install it BEFORE CU1.
Also, not that I can test, hope that CU1 doesn't roll back the fix in KB3081699.

** Update 07/08/2015 ** - Microsoft have also added to the hotfix download request page a CU1 version that resolves the above order issue i.e. it can be installed after CU1.

Just ensure you select the version appropriate to your current update level.

Also, it doesn't appear to be a quick install either, I'm seeing around a 20 minute installation time.


Sunday 2 August 2015

Operations Manager & OMS - Unable to access AppLocker event log on Server Core

I was doing a bit of housekeeping today and I noticed a Warning alert from a monitor that Operations Manager Failed to Access the Windows Event Log.

Looking at the alert it showed that the Microsoft-Windows-AppLocker/EXE and DLL event log couldn't be accessed on my Hyper-V hosts.

When I checked manually, it wasn't surprising that the event log couldn't be accessed, because it didn't exist...

I use Server Core in my environment and doing a bit of initial digging it looks like AppLocker isn't supported on Server Core due to it having a requirement on the Application Identity Service.

This alert is generated in SCOM when you have it integrated with Microsoft Operations Management Suite (or the Operational Insights part) and are using the Security and Audit Solution.


For now, this is a quick thing to override.

  • In SCOM navigate to Authoring | Management Pack Objects | Rules
  • Click the Scope button and search for Microsoft System Center Advisor
  • Select the Microsoft System Center AdvisorWindows Server target

  • Use the Look for: filter to narrow down the rule to just AppLocker
  • Right click the Collect AppLocker Events and choose Overrides | Override the Rule | For a group...

  • Filter or scroll through the object list and find a group containing your Windows Server Core OS devices, I'm using the Windows Server 2012 R2 Core Computer Group

Now as default the override will show that it's already set at default, so why are we overriding it?
That's because this rule has an override that enables it for all members of the Microsoft System Center Advisor Monitoring Server Group which is the group that devices you add in SCOM to have data uploaded to Operational Insights get added to and rules/monitors for the Operational Insights management packs get targeted at usually.

Rather than mess with this one, as we still want it to gather AppLocker events for supported devices, we are going to override the rule with a value of False, but make sure the Enforce option is ticked so that it overrules the default Operational Insights override.

And that's it. SCOM should no longer try to run that rule, therefore not trying to access a non-existent event log on the members of the group you selected (Server 2012 R2 Core OS devices in my case).