Josh's IT-Blog

extend the Active Directory Users class for SCSM

17. February 201417. February 2014 by Burkard Josh

Today I needed some additional fields for the Active Directory User class for an SCSM Service Offering. For example, I need the PrimarySmtpAddress, which exists in the AD as mail, but not in the SCSM class. in this post, I will describe, how I did it:

We will need:

System Center Service Manager 2012 SP1
System Center Orchestrator 2012 SP 1
Service Manager Authoring Tool
Strong name key file

Open the Service Manager Authoring Tool and click to the menu File New, to create a new Management Pack. Define a unique name for your management packs file name, in this Example: Josh.Test.Library.xml (Library mean’s that we will extend a library class) read more

delete orphaned computers from SCOM

21. January 201421. January 2014 by Burkard Josh

after renaming a Active Directory computer, the computer was automatically detected in SCOM with the correct new name. but after short time, I detected, that the originally agent was already there, but not reachable. so I deleted the old computer under Device Management – Agent Managed.

normally after maximum 3 days, the agent isn’t visible in the computer view. the delay of 3 days is by design. so don’t delete the computer manually to early.

If you still see the Computer showing up – even after 3 days – then in most cases, there is still a discovery associated with it. To find the discovery, use this query:

SELECT BME.FullName, DS.DiscoveryRuleID, D.DiscoveryName FROM typedmanagedentity TME 
JOIN BaseManagedEntity BME ON TME.BaseManagedEntityId = BME.BaseManagedEntityId 
JOIN DiscoverySourceToTypedManagedEntity DSTME ON TME.TypedManagedEntityID = DSTME.TypedManagedEntityID 
JOIN DiscoverySource DS ON DS.DiscoverySourceID = DSTME.DiscoverySourceID 
JOIN Discovery D ON DS.DiscoveryRuleID=D.DiscoveryID 
WHERE BME.Fullname LIKE '%ComputerName%'

SELECT BME.FullName, DS.DiscoveryRuleID, D.DiscoveryName FROM typedmanagedentity TME

JOIN BaseManagedEntity BME ON TME.BaseManagedEntityId = BME.BaseManagedEntityId

JOIN DiscoverySourceToTypedManagedEntity DSTME ON TME.TypedManagedEntityID = DSTME.TypedManagedEntityID

JOIN DiscoverySource DS ON DS.DiscoverySourceID = DSTME.DiscoverySourceID

JOIN Discovery D ON DS.DiscoveryRuleID=D.DiscoveryID

WHERE BME.Fullname LIKE '%ComputerName%'

in my case, I didn’t found any discovery for this computer and it was still available in the Windows Computer view one week after deletion of the agent. read more

Create SCOM Dashboard for SharePoint in Visio

28. February 201415. January 2014 by Burkard Josh

This week I created a DashBoard for SCOM in Visio to present it on a SharePoint site. Normally you could use the Visio 2010 Addin for SystemCenter – Operations Manager. But this addin has some special prerequisites for the presentation on the SharePoint site, like installing SCOM components and special configurations on the SharePoint Farm. Also it has the limitation, that it can only present monitor states, and can’t present rule values (for example: disk usage).

So I created my own solution, which I will describe here. An overview to the steps: read more

website rebranding

14. January 201414. January 2014 by Burkard Josh

Hello

my website was over years reachable under josh-burkard.ch, which was a long url. I was on search for a new and shorter domain name for this website. now I have found one, which is shorter and which describes what i’m doing and writing about: Information Technology (IT). So, my new web address is burkard.IT

of course, the old address will be available, but I would like the new shorter one.

SCOM 2012 agent communication issue

21. January 20146. January 2014 by Burkard Josh

This days, I had a very special problem with some new SCOM agents. I installed some new servers and installed the SCOM 2012 agent on it. But after some time, they appeared in the Agent Managed view, still as not monitored.

first I looked up the event logs on the new servers and found this errors:

According to this errors, I found a lot of blogs about network and certificate issues, like this one: http://geertbaeten.wordpress.com/2013/07/08/scom-agent-or-gateway-certificate-issue/

but I don’t have a Certificate authority and I also assumed not have a network problem. read more

Create site-to-site VPN with FortiGate to Microsoft Azure

21. January 201414. September 2013 by Burkard Josh

I know, it is an unsupported configuration to create a site-to-site VPN to Microsoft Azure with a FortiGate firewall. But a FortiGate device is what i have and only to run some test’s I don’t want to buy some of this expensive supported firewalls.

I tried a lot of configurations, but nothings seams to run with Azure and my Fortigate firewall. So this week, I started a new try with this problem and after a few test’s I was successfully.

First I detected, that there is a new Option in Windows Azure, I never saw before: Dynamic Routing GateWay. After trying the old option Static Routing Gateway, I tried the new one and was successfully. The differences between dynamic and static routing gateways are described here. read more

WordPress Plugin: Sandbox Mirror

16. August 2013 by Burkard Josh

I created a new plugin for mirroring a WordPress site to a test site: Sandbox Mirror.

Currently it’s in beta status and not available for download. if you are interested to test it, please contact me.

recover deleted Bitlocker Recovery Informations

17. July 201317. July 2013 by Burkard Josh

Today I had a request from a first-level-admin which need the Bitlocker Recovery Password for a already deleted computer object. Here is what I came up with:

$compname = "ComputerName"
$SearchRoot = "CN=Deleted Objects,DC=domain,DC=local"

$recoverykeys = Get-QADObject -Tombstone -Recycled -Type "msFVE-RecoveryInformation" -SizeLimit 0 -Includedproperties msFVE-RecoveryPassword -SearchRoot $SearchRoot | ? {$_.lastknownparent -like "*$compname*"} | select msFVE-RecoveryPassword

$recoverykeys

$compname = "ComputerName"

$SearchRoot = "CN=Deleted Objects,DC=domain,DC=local"

$recoverykeys = Get-QADObject -Tombstone -Recycled -Type "msFVE-RecoveryInformation" -SizeLimit 0 -Includedproperties msFVE-RecoveryPassword -SearchRoot $SearchRoot | ? {$_.lastknownparent -like "*$compname*"} | select msFVE-RecoveryPassword

$recoverykeys

Please note that you need to be a Domain Admin (or equivalent) to be able to read the Deleted Objects Container. The tombstones will have a lifetime, after their expiration, you can’t access anymore to the recovery passwords.

add domain groups to vSphere ESXi 5 with PowerCLI

12. September 201328. June 2013 by Burkard Josh

With PowerCLI, you can add AD authentication to a single managed ESXi Host. For this you need to add your ESXi-Host to the AD (line 9) and then add permissions (line 11):

$VMHost        = "hostname.domain.local"
$HostPW        = "yxz"
$DomainAdmin   = "DomainAdmin"
$DomainPW      = "yxz"
$ADGroup       = "domain\DomainGroup"
$Domain        = "domain.local"

Add-PSSnapin VMware.VimAutomation.Core

Connect-VIServer $VMHost –User root –Password $HostPW
Get-VMHostAuthentication -VMHost $VMHost | Set-VMHostAuthentication -Domain $Domain -Username $DomainAdmin -Password $DomainPW -JoinDomain -Confirm:$false

Get-VMHost $VMHost | New-VIPermission -Principal $ADGroup -Role "Admin"

Disconnect-VIServer $VMHost -Confirm:$false

$VMHost = "hostname.domain.local"

$HostPW = "yxz"

$DomainAdmin = "DomainAdmin"

$DomainPW = "yxz"

$ADGroup = "domain\DomainGroup"

$Domain = "domain.local"

Add-PSSnapin VMware.VimAutomation.Core

Connect-VIServer $VMHost –User root –Password $HostPW

Get-VMHostAuthentication -VMHost $VMHost | Set-VMHostAuthentication -Domain $Domain -Username $DomainAdmin -Password $DomainPW -JoinDomain -Confirm:$false

Get-VMHost $VMHost | New-VIPermission -Principal $ADGroup -Role "Admin"

Disconnect-VIServer $VMHost -Confirm:$false

sometimes line 11 will fail, then you have to wait for domain replication and repeat it.

List VMTools Status with vCheck

28. June 201325. February 2013 by Burkard Josh

i like vCheck to daily report my virtual environment status. But a lot of our guest systems are not in my responsibility, so the VM Tools are not uptodate or aren’t installed.

i wroted this plugin for vCheck:

$Title = "VMs by VM Tools status"
$Header = "VMs by VM Tools status : $($VMToolsVersions.count)"
$Comments = "The following Operating Systems are in use in this vCenter."
$Display = "Table"
$Author = "Josh Burkard"
$Version = 1.0

# Start of Settings
# —- VM Guest OS Pivot Table —-

$VMTools = get-vm | % { get-view $_.ID } | select Name, @{ Name="hostName"; Expression={$_.guest.hostName}}, @{ Name="ToolsStatus"; Expression={$_.guest.toolsstatus}}, @{ Name="ToolsVersion"; Expression={$_.config.tools.toolsVersion}} | sort-object ToolsVersion

$VMToolsVersions = $VMTools | Where { $_.ToolsStatus -ne "toolsOk" } | sort ToolsVersion -desc

If (($VMToolsVersions | Measure-Object).count -gt 0 -or $ShowAllHeaders) 
{
	$MyReport += Get-CustomHeader "VMs by VM Tools status : $($VMToolsVersions.count)" "The following VM Tools Status are not OK or old."
	$MyReport += Get-HTMLTable $VMToolsVersions
	$MyReport += Get-CustomHeaderClose
}

$Title = "VMs by VM Tools status"

$Header = "VMs by VM Tools status : $($VMToolsVersions.count)"

$Comments = "The following Operating Systems are in use in this vCenter."

$Display = "Table"

$Author = "Josh Burkard"

$Version = 1.0

# Start of Settings

# —- VM Guest OS Pivot Table —-

$VMTools = get-vm | % { get-view $_.ID } | select Name, @{ Name="hostName"; Expression={$_.guest.hostName}}, @{ Name="ToolsStatus"; Expression={$_.guest.toolsstatus}}, @{ Name="ToolsVersion"; Expression={$_.config.tools.toolsVersion}} | sort-object ToolsVersion

$VMToolsVersions = $VMTools | Where { $_.ToolsStatus -ne "toolsOk" } | sort ToolsVersion -desc

If (($VMToolsVersions | Measure-Object).count -gt 0 -or $ShowAllHeaders)

{

$MyReport += Get-CustomHeader "VMs by VM Tools status : $($VMToolsVersions.count)" "The following VM Tools Status are not OK or old."

$MyReport += Get-HTMLTable $VMToolsVersions

$MyReport += Get-CustomHeaderClose

}

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: