POODLE vulnerability question SCOM 2007 R2

Similar Messages

• What can SCOM 2007 do for me?

  I realize this is an abstract question but at this point I don't know what I don't know so bear with me.
  Here is my situation; I have just been asked to make SCOM 2007 "work". I have SCOM 2007 installed with SQL 2008 in a Server 2008 R2 domain of approximately 400 users and 300 clients.
  I have an upcoming network vulnerability test coming up and I have no prior experience with SCOM. I'm a Server guy just never any experience with SCOM.
  I'm ultimately trying to prevent phishing attacks, spoofing, brute force attacks on user accounts and general data exfiltration. Just by reading through some documentation I think at best SCOM is only going to notify me that some of these things are happening
  and not actually preventing them and that's ok. After I got it installed and downloaded some management packs I realized the vast amount of information that SCOM is capable of giving me is overwhelming.
  I really just need to know what information I need and what do I need to configure to help mitigate some of the things I mentioned above?
  Thanks is advance for your advice.

  first of all, SCOM strong point is not on system vulnerability monitoring. May be SCOM ACS(Audit Collection service) may be help. Pls. refer to the following post about ACS
  How to Deploy Audit Collection Services (ACS)
  http://blogs.technet.com/b/fesiro/archive/2013/01/08/how-to-deploy-audit-collection-services-acs-in-scom-2012.aspx
  Collecting Security Events Using Audit Collection Services in Operations Manager
  http://technet.microsoft.com/en-us/library/hh212908.aspx
  Deploying ACS and ACS Reporting
  http://technet.microsoft.com/en-us/library/hh298613.aspx
  Reporting on security with Microsoft Audit Collection Servces
  http://www.techrepublic.com/blog/data-center/reporting-on-security-with-microsoft-audit-collection-services/#.
  Roger

• MS System Center Operations Manager 2010 Download required for Upgrade from SCOM 2007 R2 (Select)

  We need the download of SCOM 2012 without Service Pack1.
  Upgrade from SCOM 2007 R2 (select license) fails while upgrade check with error: Logs shows "At least one of the following applications is installed on this computer. Due
  to incompatibility with System Center 2012 - Operations Manager, these applications must be uninstalled."
  Upgrade was started from dos elevated prompt with modified parameters like this:
  setup.exe /silent /upgrade
  /AcceptEndUserLicenseAgreement:1
  /UseLocalSystemDASAccount
  /DataReaderUser:<domain\user>
  /DataReaderPassword:<password>
  Research in internet and we found another person with same issue, which reports that direct upgrade from SCOM 2007 R2 to SCOM 2012 SP1 is not possible but if upgrade is done over
  SCOM 2012 to SCOM 2012 SP1 it succeeds.
  Unfortunately, we don't find any downloads for the first release of System Center 2012  e.g. Operations Manager.
  Everything shows Service Pack 1 or the newer R2.
  Who can help?

  Our “Recommended” rolling upgrade path looks like the following:
  SCOM 2007R2 CU4+ > SCOM 2012 RTM UR2+ >
  SCOM 2012 SP1 UR4+ > SCOM 2012 R2
  Also you can refer below link
  http://blogs.technet.com/b/kevinholman/archive/2014/01/20/do-i-need-a-specific-cumulative-update-release-ur-in-order-to-upgrade-to-scom-2012-or-2012-sp1-or-2012-r2.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical

• How to find what are all the rules and events are monitoring for specific server in SCOM 2007

  how to find what are all the rules and events are monitoring for specific server in SCOM 2007.
  I need to know what are all the events, services, and rules are monitored for the specific server.
  Kindly help me friends.

  how to find what are all the rules and events are monitoring for specific server in SCOM 2007.
  I need to know what are all the events, services, and rules are monitored for the specific server.
  Kindly help me friends.
  Thanks for the question Sandoss. This is something that we all come across at sometime.
  Thanks & regards, Sumit Agrawal
  The lack of this feature is an inexcusable oversight for an enterprise management product.  They have some serious lightweights making design decisions on the SCOM team. 5 thumbs down. 
  BTW the answer is probably LOTS of stuff. Literally 100's of workflows are running on any server. 
  The following OpsMgr DB query will list all running monitors on a server. Change the name of @srv. I think this works pretty well.  I'd like some feedback if something is missing.
  DECLARE @srv varchar(30)
  SET @srv = 'your name here'
  SELECT mon.displayName as monitor, bme.FullName,bme.DisplayName as object,
  case
      when s.HealthState = 1 then 'healthy'
      when s.HealthState = 2 then 'Warning'
      when s.HealthState = 3 then 'Critical'
      else 'N/A'
  end as Health
  FROM state AS s WITH (NOLOCK)
  left join BaseManagedEntity as bme WITH (NOLOCK) on s.basemanagedentityid = bme.basemanagedentityid
  left join dbo.MonitorView Mon WITH (NOLOCK) on Mon.ID = s.monitorid
  where
  bme.FullName like '%' + @srv + '%'
  and s.HealthState <> 0
  and mon.IsInternalRollupMonitor = 0
  and mon.IsExternalRollupMonitor = 0
  order by bme.DisplayName, mon.displayName

• SCOM 2007 - SharePoint 2007: Maximum connections counter

  Hello,
  I am trying to locate the "Maximum connections counter" for SharePoint 2007 using SCOM 2007. I don't see it so far!!!
  "Web Service - Maximum Connections" does not show anywhere any idea?
  Thanks,
  Dom
  System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  The object is Web Service, which then has several different counters, which then might have several instances.
  If this performance object is something you want to monitor for, and it is not included in the mp, then you just need to create a performance monitor or collection rule, depending on what you want to do with the data.
  The Exchange 2013 MP, for example, has no performance collection rules.  So it's very possible, while the product group wanted to include everything most people need, they could have forgotten or were just not able to do so before they had to release
  the mp.  The MOSS 2007 MP has been around for years, was never updated, and isn't one of the better mps from MSFT.  So if you want to extend it with a custom management pack, or just add something via the console, then you should be fine.
  Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/ If my response was helpful, please mark it as so, if it answered your question, then please also mark it accordingly. Thank you.

• SCOM 2007 Runbook "Missing Extensions"

  Yes, I have the OM console installed on the Runbook server.
  We are using SCO 2012 R2 with SCOM 2007 R2 CU7. 
  I have a simple runbook which starts with the Monitor Date/Time activity > finds warnings > the age > and either closes the warning or creates a critical alert depending on some variables.  The runbook runs great in the tester. But when we
  actually run it, it will start and then abruptly stop. The log will say that it is missing extensions. 
  Even when i create a 1 activity runbook (Get Alert) it will succeed in the tester and fail with missing extensions when run live. 
  Very similar to: http://social.technet.microsoft.com/Forums/en-US/2f30bc5a-4387-4ff2-a518-2d80cfaa0686/runbook-error-some-of-the-extensions-are-missing.
   Except we have the console installed.
  Question 1: What else may cause the SCOM IP to be missing some extensions/binaries? 
  Question 2: When using SCO 2012 R2 with SCOM 2007 R2, should we have the SCOM 2007 R2 console, or does the IP actually need the SCOM 2012 console?
  Question 3: Why arent these extensions/binaries built into the SCOM IP, or at even installed when SCO is installed? I'm no software developer, but it seems incomplete. (This question was mostly rhetorical)
  - Get on the floor, do that dinosaur

  Hi,
  the problem in the thread you referred to was that the Integration Pack was not Installed on the executing Runbook Server: "Runbook 'Name' stopped some of the Extensions are missing"
  See
  http://www.sc-orchestrator.eu/index.php/scoblog/99-functionality-differences-executing-a-runbook-with-runbook-tester
  The knowledge with the SCOM2012 IP and Operator Console  is a combination from my experience from field and here:
  http://social.technet.microsoft.com/Forums/en-US/8247b6b8-d84b-46f5-a964-2d04568eb5cb/orchestrator-2012-with-ip-for-operations-manager-2007-r2?forum=scoscip
  Regards,
  Stefan
  www.sc-orchestrator.eu ,
  Blog sc-orchestrator.eu

• Exchange servers not reflecting in Server State tab in monitoring in SCOM 2007 R2

  Hi,
  We have added few exchange servers in SCOM 2007 r2 for monitoring, but few of them are not reflecting in the Monitoring> Exchange 2010> Server State tab, whereas they are healthy in admin tab.
  Can anyone help on this?
  TIA

  Check from following:
  open firewall.
  Enable Exchange Rule for monitoring
  Enable proxy Agents
  Check Configure monitoring Exchange 2010 as exist below link
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/monitoring-exchange-2010-opsmgr-2007-r2-part1.html
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Disable SSLv3 on Exchange 2010 server (Poodle Vulnerability)

  Following the recommendation to mitigate the Poodle vulnerability, we tried disabling SSLv3 and making sure that users had TLS 1.1 and 1.2 enabled on their browsers.
  We used IIScrypt to turn off SSLv3 (v2 was already disabled from before).
  Now, OWA works fine, and users are able to connect via the Web.
  Internally, users are also able to connect with Outlook 2010/2013.
  however, users are not able to connect via Outlook from outside (Outlook anywhere)
  In the event viewer you get an error:
  A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
  I opened a ticket with Microsoft but the lady working on the case wanted us to re-enable SSLv2 which is out of the question.
  Anybody has seen this issue as well?

  Hi Max
  could you provide the steps to turn off SSLv3 . Is it from the registry
  http://support.microsoft.com/kb/187498 ?
  Mat A
  Yes. Copy and paste this into a text file and save as a .reg file, then double click on the file to add to the registry of the server
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
  "DisabledByDefault"=dword:00000001
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
  "Enabled"=dword:00000000
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• SCOM 2007 R2 to SCOM 2012 SP1 upgrade issues.

  We have SCOM 2007 R2 on one of our development Environment.
  The plan was to upgrade to SCOM 2012 R2 so we installed the SCOM 2007 R2 CU5.
  We are having issues to upgrade now from SCOM 2007 R2 CU5 to SCOM 2012 SP1.
  While upgrading we received the below message:
  Unable to Proceed
  Setup is unable to proceed with installation for the following reason:
  At least  one of the following application is  installed on the computer.Due to incompatibility with system center 2012 - operations manager,these applications must be uninstalled.
  -System Center 2012 - operations manager beta
  -system center operations manager 2007
  -system center operations manager 2007 sp1
  --system center operations manager 2007 r2
  -system center service manager agent
  --system center essentials agent

  Hi,
  You cannot upgrade from SCOM2007R2 to SCOM2012SP1, you must upgrade to SCOM2012 and the upgrade to SCOM2012SP1
  Cameron Fuller has a blog:
  http://blogs.catapultsystems.com/cfuller/archive/2013/02/11/can-you-upgrade-from-opsmgr-2007-r2-to-opsmgr-2012-sp1-scom-sysctr.aspx
  Upgrading System Center 2012 – Operations Manager to System Center 2012 SP1
  http://technet.microsoft.com/en-us/library/jj899854.aspx
  "The only supported upgrade path to System Center 2012 Service Pack 1 (SP1), Operations Manager is from System Center 2012 – Operations Manager. If you are upgrading from System Center Operations Manager 2007 R2, you must first upgrade to System Center 2012
  – Operations Manager"
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• 'High' Priority and 'critical' severity alerts from all MP's in SCOM 2007 R2

  Hi All
  Can anyone help me with the script to get all alert details from monitors and rules which are set to "high" priority and "critical" severity in SCOM 2007.
  Regards
  Madhavi

  You can below script to show all agent which isn't health
  $ReportOutput += "<h2>Agents where Health State is not Green</h2>"
  $ReportOutput += Get-Agent |
  where {$_.HealthState -ne "Success"} |
  select Name,HealthState | ConvertTo-HTML
  -fragment$ReportOutput += "<h2>Agents where the Monitoring Class is not available</h2>"
  $AgentMonitoringClass = get-monitoringclass
  -name "Microsoft.SystemCenter.Agent"
  $ReportOutput+= Get-MonitoringObject-monitoringclass:$AgentMonitoringClass|
  where{$_.IsAvailable -eq$false} |
  selectDisplayName | ConvertTo-HTML-fragment
  Also you can refer below links
  http://www.definit.co.uk/2012/01/scom-2007-r2-daily-health-check-script/
  http://www.blackops.ca/cms/blog/?p=155
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical

• High CPU Utilization due to Monitoringhost.exe SCOM 2007 R2

  CPU utilization on two servers is shooting upto 100% in regular intervals having win2008r2 sp1, hotfix mentioned by kevin does not apply to this version, tried almost everything however issue still persists, kindly suggest.

  Try to use following hotfix to fix your issue
  http://support.microsoft.com/kb/974051/en-us
  Also check below link
  http://blog.danovich.com.au/2009/08/03/monitoringhostexe-high-cpu-usage-on-scom-2007-r2/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Share Point 2013 MP for SCOM 2007 R2 - Not Monitored State

  Hi All,
  I have imported SharePoint 2013 MP in SCOM 2007 R2 and the sharepoint farm group is in "not monitored" state, moreover only one computer name out of all sharepoint farm servers is being populated in unidentified machines (rest are not being
  shown anywhere in Microsoft SharePoint folder).
  I have followed all the steps as per installation guide of sharepoint 2013 (foundation & Server) MP. Configured run as account has the farm admin rights.
  Please help as it seems discovery is not working properly.
  Regards,
  Prabh.

  Hi,
  Hope the below blog be helpful:
  Configuring the SharePoint 2013 Management Pack
  http://blogs.technet.com/b/kevinholman/archive/2013/05/14/configuring-the-sharepoint-2013-management-pack.aspx
  Please go through it.
  Regards,
  Yan Li
  Regards, Yan Li

• Can overrides from SCOM 2007 R2 be used in a new SCOM 2012 R2 installation?

  Hi All,
  I'm wondering if we can "easily" use our overrides/configuration from our current SCOM 2007 R2 implementation and use them in a new SCOM
  2012 R2 environment that we plan on standing up.  We are using SCOM to monitor approx. 400 servers (physical and virtual).
  We have been using 2007 R2 for a few years and we'd like to start using 2012 R2.  Instead of using the update path (2007 R2 to 2012
  to 2012 SP1 to 2012 R2), we are planning on setting up a new 2012 R2 environment and configuring our servers to start reporting to 2012 R2 (after it has been configured in such a way as to "mimic" our 2007 R2 environment).
  Ideally, we'd like to avoid going through the upgrade path.  (We'll leave our 2007 R2 environment running so that we can still access "historical
  data" until the new 2012 R2 environment has had a chance to build up its own "historical data".)
  So ... I was thinking we could export our overrides from 2007 R2 and import them into 2012 R2, but I'd like to verify that this approach makes
  sense.  We haven't done extensive customizations to 2007 R2 in terms of Distributed Applications or Management Pack Objects (although we have made some changes - which I guess we could manually configure in 2012 R2 to offer the same "experience").
  The following are some of the Management Packs that we are using in 2007 R2:
  Microsoft Windows Active Directory
  Active Directory Certificate Services
  EMC Storage Monitoring
  IBM Hardware
  Microsoft Exchange Server 2010
  McAfee
  Microsoft Forefront Server Protection 2010
  Microsoft Office SharePoint Server 2007
  Microsoft SQL Server
  Microsoft Windows DNS Server
  Microsoft Windows WINS
  Microsoft Windows Hyper-V
  Microsoft Windows Internet Information Services
   Microsoft Windows Server
  Microsoft Windows DHCP
  NetBackup Operations Manager
  Office Communications Server
  OpsLogix (BlackBerry)
  Service Level Dashboard for OpsMgr 2007 R2
  SolarWinds Orion
  Schedule Maintenance Mode
  Team Foundation Server 2010
  Virtual Machine Manager
  Microsoft Windows Cluster
  Operations Manager 2007 R2
  I appreciate all feedback and the sharing of you expertise.
  Thanks, Joe.

  As long as the base pack works and you wish to retain the customisation then you should be ok, there’s a good article
  here which explains how to perform the migration and some of implication/things to check.
  There will be complications if you’ve stored anything in the default mp but this is explained in the above article.

• Reports for Low disk space alerts in scom 2007

  Dear Experts,
  Is there any possible to get the Low disk Space alerts reports in SCOM 2007 R2.
  1, I need reports for Last week SCOM sent alerts on Low Disk space for the servers list
  2, Likewise I need SCOM Low disk space alerts reports for last month.
  Can somebody please explain me with the steps and I played much with Reporting pane.
  Thanks,
  Saravana

  Hi,
  The below code should work to get all servers that have alert of logical disk free space is low in specific period:
  get-alert -criteria 'Name = ''Logical Disk Free Space is low'' AND TimeRaised >=''3/24/2014'' AND TimeRaised <= ''4/24/2014''' | select MonitoringObjectDisplayName,MonitoringObjectPath,Name,TimeRaised | sort MonitoringObjectDisplayName
  Here is a similar thread for your reference:
  how to create a report showing the servers that had the alerts of "Logical Disk Free Space is low" for a specific period?
  http://social.technet.microsoft.com/Forums/en-US/50f2c3fb-2dfc-47c6-8c2a-8a2f0149df10/how-to-create-a-report-showing-the-servers-that-had-the-alerts-of-logical-disk-free-space-is-low?forum=operationsmanagerreporting
  Regards,
  Yan Li
  Regards, Yan Li

• SCOM 2007 R2 CU 7 SQL Database script update

  Hi..I'm in the process of installing CU 7 for SCOM 2007 R2 (SQL 2008 R2). I completed the Server update successfully. While running the SQL operations manager DB upgrade I get the message '(0 row(s) affected'
  Auto-attach to process '[144] [SQL] Server' on machine 'Server' succeeded.
  The thread 'Server\Instance [87]' (0x8fc) has exited with code 0 (0x0).
  The program '[144] [SQL] Server: Server\Instance' has exited with code 0 (0x0).
  Also, there are no alerts being generated since yesterday which I assume are due to the database not being updated.
  Am I missing something here?
  Thanks
  blogs.technet.com/b/kevinholman/archive/2012/05/18/opsmgr-2007-r2-cu6-rollup-hotfix-ships-and-my-experience-installing-it.aspx

  Hi,
  I suggest you follow the official KB methods here.
  1. Log on to the computer that hosts the Operations Manager 2007 database by using a user account that has database system administrator (SA) rights to the instance of the Operations Manager 2007 database. To perform the database update remotely, log on
  to a computer that hosts SQL Server Management Studio by using a user account that has the appropriate SA rights to the Operations Manager 2007 database.
  2. Run SQL Server Management Studio.
  3. In the Connect to Server dialog box, connect to the instance of SQL Server that hosts the Operations Manager database. The default database name is OperationsManager.
  4. On the toolbar, click New Query.
  5. From the SQL Editor toolbar, use the Available databases option to select the Operations Manager database.
  6. On the File menu, click Open, browse to C:\program files (x86)\System Center 2007 R2 hotfix utility\KB2783850\SQLUpdate, select the CU_Database.sql file that was extracted by the Windows installer (.msi file), and then click Open.
  7. When the file is loaded, click Execute in the SQL Editor toolbar.
  8. View the Messages pane to check whether the Transact-SQL commands ran successfully.
  9. Exit SQL Server Management Studio.
  10. For the Operations Manager data warehouse, repeat steps 1 through 8. However, connect to the instance of SQL Server that hosts the Operations Manager data warehouse, and then run the \SQLUpdate\CU_DataWarehouse.sql file.
  More info:
  http://support.microsoft.com/kb/2783850
  Niki Han
  TechNet Community Support