Deploying SCOM Gateway server
- Put a change request into the Network group to open TCP ports 5723 and 5724 both ways from the Gateway server to the MS server
- Certificates need to be deployed (2 types of certificates)
- The root CA needs to be installed on all management servers
- A custom cert template needs to be created on the issuing CA for OpsMGR
- The Custom OpsMgr cert needs to be installed on all management servers
- Run the momcertimport on all management server after the certs have been installed. This makes some specific registry changes for scom to help pick the correct cert.
- Approve gateway server on RMS using a approval tool.
- Manual install of agents on servers to be monitored
- Approve agents in SCOM console
Download the PDF deploying-scom-gateway-server2
Written by Brad Hearn - Visit Website
Windows server 2000 and 2003: Time configuration for MaxPosPhaseCorrection and MaxNegPhaseCorrection
The Windows Time service by default in Windows 2000 and 2003 allows for a positive or negative time correction of any amount for domain controllers. This can cause serious problems in a forest should a dramatic time shift occur. This can even occur when synchronizing with other authoritative sources as hardware problems, software problems or human error can cause them to provide the wrong time. Some of the problems that can occur from a dramatic time change are Windows Server 2003 based domain controllers may be quarantined, deleted objects may be prematurely purged before end-to-end replication of the deletion is fully replicated (causing lingering objects), user and computer passwords may expire unexpectedly, and trust passwords becoming out of sync. The amount of effort to recover from a dramatic time change can be significant. The registry key(s) are different depending upon the operating system version.
Written by Brad Hearn - Visit Website
How to create a Recovery task in SCOM on a windows service.
When you have the requirement to monitor a windows service through Microsoft’s System Center Operations Manger and have it restarted automatically you can not use the management pack templates. The reason for this is that the templates are stored in locked MP’s that you do not have access too.
Follow the following steps to monitor a service and have it restarted automaticaly by SCOM if it fails.
Read more
GPO - Change Event Viewer Log size and retention period
The default of the event viewer log size is 512kb. As well to make this dangerous the logs will overwrite events older then 7 days only. So what happens when you logs fill up in two days from a critical error? You start loosing critical information to help trouble shoot the problem. With today’s availability of disk here is a better way to set these settings using a GPO to automate the process on all of your servers/desktops…
Written by Brad Hearn - Visit WebsiteForce a user GPO on a computer OU in Microsoft Active Directory
I needed to apply a blank screen saver to all of our servers. Of course I wanted this to be done based on Server and not the logged in user/administrator. The location in the GPO for setting a screen saver is located in… (Click below to read the rest)
Written by Brad Hearn - Visit Website
Modify NTFS permissions without replacing ACLs with Xcalcs.exe
Xcacls is used to modify NTFS permissions without replacing existing ACLs. This allows you to hit individual files, folders, or entire directories. The tool is very easy and can do all this with a single line of code.
While I was at a clients I came across some user folders that never had the proper NTFS rights assigned at setup. Subsequently they all had the default local users group assigned to them with read and execute. This effectively gave all users access to all folder. To make this even harder to resolve, someone had also removed the inheritance check mark and copied all the permissions. This now means that the only way to remove the ACL from the GUI is by removing it individually on each folder and file. Not a good solution considering there are over 4000 users. So time to use a script.
First you will need to download Xcacls.
Search Google for Xcacls, or for KB825751, or click on the link below
Written by Brad Hearn - Visit Website
How to Remove Management Pack Dependencies
When you create an override and don’t save it to a custom Management Pack it will by default save to the Microsoft.SystemCenter.OperationsManager.DefaultUser.xml management pack. This will later on bite you in the ass when you want to remove the effected management pack. To avoid this of coarse you should always save changes to a custom management pack…..
Written by Brad Hearn - Visit Website
Permissions tab is missing on Microsoft Windows share connected to Netapp filer
If the permissions tab is missing on a Nettap filer share when connecting through Microsoft Windows management this probably due to the fact that the share was created using the filer default security Unix instead of NTFS. To confirm and fix this do the following…
Written by Brad Hearn - Visit Website
Manage multiple DHCP scopes with netsh script
Use a script to change the DNS lookups and Wins lookups options in DHCP on muliple scripts. Using the netsh command this can be done eaisly.
Tools needed…
Written by Brad Hearn - Visit Website
Microsoft DHCP: How to Export and import scopes between DHCP servers
We are going to use Microsoft’s Netsh command to export and import DHCP scopes from one server and then import them to another. We run a split scope on two servers for redundancy. So scope one serves the range 172.0.0.64 to 172.0.0.159 and the second server handles 172.0.0.160 to 172.0.0.255. While I was performing maintenance I noticed that in some cases someone missed the creation of the second half of the scope. So to fix this I am going to run a script that will export the scopes. Then I will run another script to import them on the second server. Make sure after wards to modify the exclusion on the second server to be opposite so that they are not both serving the same half.
Written by Brad Hearn - Visit Website