Azure Automation Hybrid Worker behind a Firewall / Proxy

by

One nice feature of Azure Automation is the Hybrid Worker. With the Hybrid Worker you can execute Runbooks inside your onPremise infrastructure. according to the official documentation or at John Hennen’s post, you have to open your FireWall for outbound traffic to *.cloudapp.net for this ports 443,9354,30000-30199.

Azure Automation Hybrid Worker Traffic

When i told this requirement to our security-team, they weren’t very enthusiastic about the wildcard rule for *.cloudapp.net. So i have to search another solution.

To configure the Microsoft Monitoring Agent to use your proxy services, go to the Control Panel → System and Security → Microsoft Monitoring Agent and then go to the Proxy Settings tab: read more

daily Backup Report for SC DPM

by

i like System Center Dataprotection Manager, especially for the backup possibilites of remote Windows servers and the Online backup to Azure. But in my past, i lost the overview about succeded and failed backup jobs. The included reporting doesn’t helped me enough, and the alert notification was like spam. I needed a daily report with one view of all Jobs, Disks, Agents and other states. To reach this goal, i wrote my own PowerShell script, which i want to share here.

the report, sent by mail will look like this: read more

document your SCOM 2012 environment

by

This is quite huge for me, because I’ve been working on this script for the last two months and finally decided, to release the script to public, although I know that it’s still far from complete.

Document your Operations Manager 2012 environment

You should know your environment and what happens in it and you should be able to show people what exactly has been configured in your environment. This is quite important for consultants, but also for admins. Consultants need to create a documentation after implementing Operations Manager 2012 at a costumer’s site and admins should be able to know how their environment looks like at any given time. read more

demoted Domain Controller still present in SCOM

by

If you demote a Domain Controller, SCOM will generate a lot of alerts. By design, there is no automatically undiscovery for the Rules and Monitores for the Active Directory Roles.

Solution 1

This solution will remove all disabled Class instances from an existing object. it will not change any other properties of the object.

  • Open the Operations Management Shell
  • type in this command:

  • Stop the System Center Management service
  • Delete the folder C:\Program Files\System Center Operations Manager\Agent\Health Service State
  • Start the System Center Management service

Solution 2

This solution will clear only the agent cache. Sometime this will be sufficient, if the server discovery / undiscovery was already done well:

  • Stop the System Center Management service
  • Delete the folder C:\Program Files\System Center Operations Manager\Agent\Health Service State
  • Start the System Center Management service

Solution 3

This solution will remove the entire object and then recreate the object with it’s discovery. The new object wouldn’t be discovered as Domain Controller. The new object will have an new guid and any overwrites to the old object will be lost. read more

extend the Active Directory Users class for SCSM

by

Today I needed some additional fields for the Active Directory User class for an SCSM Service Offering. For example, I need the PrimarySmtpAddress, which exists in the AD as mail, but not in the SCSM class. in this post, I will describe, how I did it:

We will need:

  • System Center Service Manager 2012 SP1
  • System Center Orchestrator 2012 SP 1
  • Service Manager Authoring Tool
  • Strong name key file

Open the Service Manager Authoring Tool and click to the menu File New, to create a new Management Pack. Define a unique name for your management packs file name, in this Example: Josh.Test.Library.xml (Library mean’s that we will extend a library class) read more

delete orphaned computers from SCOM

by

after renaming a Active Directory computer, the computer was automatically detected in SCOM with the correct new name. but after short time, I detected, that the originally agent was already there, but not reachable. so I deleted the old computer under Device Management – Agent Managed.

normally after maximum 3 days, the agent isn’t visible in the computer view. the delay of 3 days is by design. so don’t delete the computer manually to early.

If you still see the Computer showing up – even after 3 days – then in most cases, there is still a discovery associated with it. To find the discovery, use this query:

in my case, I didn’t found any discovery for this computer and it was still available in the Windows Computer view one week after deletion of the agent. read more

Create SCOM Dashboard for SharePoint in Visio

by

This week I created a DashBoard for SCOM in Visio to present it on a SharePoint site. Normally you could use the Visio 2010 Addin for SystemCenter – Operations Manager. But this addin has some special prerequisites for the presentation on the SharePoint site, like installing SCOM components and special configurations on the SharePoint Farm. Also it has the limitation, that it can only present monitor states, and can’t present rule values (for example: disk usage).

So I created my own solution, which I will describe here. An overview to the steps: read more

website rebranding

by

Hello

my website was over years reachable under josh-burkard.ch, which was a long url. I was on search for a new and shorter domain name for this website. now I have found one, which is shorter and which describes what i’m doing and writing about: Information Technology (IT). So, my new web address is burkard.IT

of course, the old address will be available, but I would like the new shorter one.

SCOM 2012 agent communication issue

by

This days, I had a very special problem with some new SCOM agents. I installed some new servers and installed the SCOM 2012 agent on it. But after some time, they appeared in the Agent Managed view, still as not monitored.

first I looked up the event logs on the new servers and found this errors:

06-01-2014 07-57-40

06-01-2014 07-58-04

According to this errors, I found a lot of blogs about network and certificate issues, like this one: http://geertbaeten.wordpress.com/2013/07/08/scom-agent-or-gateway-certificate-issue/

but I don’t have a Certificate authority and I also assumed not have a network problem. read more

Create site-to-site VPN with FortiGate to Microsoft Azure

by

I know, it is an unsupported configuration to create a site-to-site VPN to Microsoft Azure with a FortiGate firewall. But a FortiGate device is what i have and only to run some test’s I don’t want to buy some of this expensive supported firewalls.

I tried a lot of configurations, but nothings seams to run with Azure and my Fortigate firewall. So this week, I started a new try with this problem and after a few test’s I was successfully.

First I detected, that there is a new Option in Windows Azure, I never saw before: Dynamic Routing GateWay. After trying the old option Static Routing Gateway, I tried the new one and was successfully. The differences between dynamic and static routing gateways are described here. read more