SCOM 2012 SP1 Cisco Port Security Violations
Hello,
I'm fairly new to System Center but have learning quite a bit over the last year. I am looking for some information on how to generate an alert off of a port-security violation. There's not much information about this so i'm wondering if anyone
out there has experience doing this.
Also, we run a fairly large Cisco environment (20000+ switchports), so my next question is, do I have to be monitoring every switchport to see a port-sec event happen. I've run some debug snmp packets on my Cisco devices, and I do see the SNMP trap
sent for the port-security violation.
The universal device poller that I setup for this is: OID 1.3.6.1.4.1.9.9.315.1.2.1.1.2 or the MIB CISCO-PORT_SECURITY-MIB:cpsIfPortSecurityStatus, so i'm pretty confident that i've got the right data. I'm just looking for a way to see these events happen
without having to monitor every single switchport on my network and if the alert will tell me which switch, which port had the violation.
Any help is always appreciated.
Hi,
I have to say that I don't have experience doing this, but in my opinion, if you there is log files about that information, we can use SCOM to monitor the log file and fire alerts according to your requirements.
Based on my research, the output of the port-security debug may have information about which switch, which port had the violation. (I am not familiar with cisco device, if there is any misunderstanding, please feel free let know)
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Similar Messages
-
SCOM 2012 SP1 Cisco Interface/Port Monitoring
Hey.
We are trying to finish our parallel rollout of SCOM 2012 (previously used 2007 R2 with xSNMP) and have ran into a snag with a port that goes to a T3 connecting two of our offices.
The device is a Cisco 7206 router (listed as Certified in the
latest lists). SCOM sees the port and labels it IF-47 (stupidly) during discovery and rediscovery, but won't apply any type of performance monitoring on it. I could create the override to enable one but the only monitors it shows are three rollups (High
Discard, High Error, and High Queue Drop percentages). We need to be able to monitor utilization like any other port on the router. Ironically, SCOM has added these monitors for disabled (admin-down) ports.
We have the other endpoint router in SCOM and have added the interface/port to the "Critical Network Adapters Group" but that only seems to monitor availability (up or down). So besides creating my own SNMP monitors from the Cisco OIDs needed, anyone
know of a way to get this interface/port monitored for performance (i.e. utilization)?
One peculiarity, if I look at the monitors between this interface/port and another that has the perf monitors this one has "Network Adapter (Common)" whereas the one with the perf monitors shows "netcor cisco" of multiple fashions.
thanks!Hi,
Some monitors are disabled by default. For details about the monitors, please see the section “Tuning Alerts for Network Monitoring” in the following document:
Tuning Network Monitoring
http://technet.microsoft.com/en-us/library/hh282073.aspx
For utilization information, we can check the views:
Viewing Network Devices and Data in Operations Manager
http://technet.microsoft.com/en-us/library/hh212706.aspx
In addition, I would like to share the following post about network monitoring:
What Gets Monitored with System Center Operations Manager 2012 Network Monitoring
http://blogs.technet.com/b/momteam/archive/2011/09/20/what-gets-monitored-with-system-center-operations-manager-2012-network-monitoring.aspx
Network Monitoring with System Center Operations Manager 2012
http://blogs.technet.com/b/ptsblog/archive/2011/11/28/network-monitoring-with-system-center-operations-manager-2012.aspx
Thanks.
Nicholas Li
TechNet Community Support -
SCOM 2012 SP1 - Show on event view all snmp trap (SNMP monitoring work)
Hello everybody,
Sorry for my english, I write normaly in french, but we have more result in english.
I have a problem with SCOM 2012. I try to catch all snmp traps sended by a 2960 CISCO switch on a EventView with a specific rule (Authoring->Rule->Collection Rules -> Event Based -> SNMP Trap (Event) based on the object target "Node")
I creat a specific management pack juste for the rule and the views.
SNMP Monitoring - CISOC 2960 => It's OK, I can have the processor state, utilization, etc ...
SNMP Monitoring Ubuntu computer => It's OK, I can have all the state I want.
SNMP Traps => The switch or the computer send traps over the network, and I can see in wireshark, the server receive the traps
SNMP Service (Windows service) => Disabled
SNMP trap (Windows service) => Disabled
Health Service (Windows service) => Enabled
Port 162 UDP => Open and listenning by the MonitoringHost.exe
Firewall rules => Everythinks is OK
SNMP Trap send version is => 2c
SNMP Monitoring device version is => 2c
I try too many of solution on different web site like :
http://scom-2012.blogspot.ch/2012/07/setting-up-snmp-monitoring-in-scom-2012.html
http://social.technet.microsoft.com/Forums/systemcenter/en-US/731661b9-10a1-4d3f-ba83-8e84d25ab760/event-collection-for-network-devices-scom-2012
http://social.technet.microsoft.com/Forums/systemcenter/en-US/a15bce49-fb62-4fd4-93cf-f87c3b734d58/snmp-trap-based-monitoring?forum=operationsmanagergeneral
http://social.technet.microsoft.com/Forums/systemcenter/en-US/41f5b6ef-c8b9-461d-bdcb-81fde5a89f50/scom-2012-unable-to-monitor-snmp-traps?forum=operationsmanagergeneral
http://social.technet.microsoft.com/Forums/systemcenter/en-US/4051fbd1-06f1-49e0-9ad4-4cbe4d2d7d4d/discover-windows-computer-as-network-device-w-snmp?forum=operationsmanagerauthoring
http://technet.microsoft.com/en-us/library/hh563870.aspx
http://social.technet.microsoft.com/Forums/en-US/cad1d3f9-594f-4f06-a5aa-660ccc2e9192/snmp-trap-based-monitoring-in-scom-2012-sp1?forum=operationsmanagerauthoring
http://social.technet.microsoft.com/Forums/en-US/41f5b6ef-c8b9-461d-bdcb-81fde5a89f50/scom-2012-unable-to-monitor-snmp-traps?forum=operationsmanagergeneral
http://social.technet.microsoft.com/Forums/en-US/e05a1c8f-7280-4f80-86cf-aabb4269bb87/scom-2012-customizing-snmp-trap-event-data?forum=operationsmanagergeneral
http://social.technet.microsoft.com/Forums/en-US/6826f6a6-bbc3-444b-9b18-288d7fedac3e/scom-unable-to-monitor-snmp-traps?forum=operationsmanagergeneral
http://social.technet.microsoft.com/Forums/en-US/7cd1571a-d292-4efc-9921-5a068f6f1691/scom-2012-sp1-ur2-snmp-monitoring?forum=operationsmanagermgmtpacks
Do you know a workaround? Or a different way to catch all the traps from a network device and show them (traps) on a event views.
Thank you in advance.
KimBaxZ
Computer expert system technologyHello Yan Li,
I read your link, and I found this :
The network devices must be discovered and registered as ICMPSNMP devices.
And when I make the dicovery the first time, ICMP doesn't work, so I put only SNMP. This morning I tried with ICMP and SNMP, but the same problem come to me. And I found the rootcause of the problem with this post : http://www.code4ward.net/main/Blog/tabid/70/EntryId/105/Troubleshooting-Network-Discovery-in-SCOM-2012.aspx
I allowed the SNMP service, ping, and Health Service, just after I try a second time to dicover my device and it's work (ICMP and SNMP).
I recreat all my management pack and the rule. And now it's work! Thank you very much for your help!!
Have a nice day
Best regards
KimBAxZ
Computer expert system technology -
Performance of Network Monitoring in SCOM 2012 SP1
Hi all!
I´ve problems with performance of the network monitoring feature in SCOM 2012 SP1.
According to the
guide the following should be adeqate:
•1000 network devices (approximately 12,500 monitored ports) managed by a resource pool that has three or more management servers
•500 network devices (approximately 6,250 monitored ports) managed by a resource pool that has two or more gateway servers
We have 800 network devices with a total of 24000 ports,
BUT only 1500 of them are monitored. This is basically what happens automatically after discovery, since only ports between monitored devices are monitored by default.
For this setup I first used only one management server dedicated to the Network Pool,
based on my assumption that if two servers could monitor 6250 ports, one server would be more than enough for 1500. I found this configuration working very poorly so I added another server. I now have two servers
dedicated for the Network Resource Pool. (They are NOT members of the “All management servers resource pool”)
Still, I get constant alerts regarding Health Services Private Bytes on these servers. They vary between 1-2Gbytes. Furthermore, if one of the servers goes offline, the network devices that was monitored by that server becomes grey for
several hours. Even if the server only is rebooted it takes forever to get everything online and green again.
I don´t really know what I should do now. I had a plan to replace our current network monitoring system (SNMPc) which easily handles this load on only one server. They are of course completely different beasts, but still. SCOM seems to
require a massive back-end to produce equivalent real life results.
Any suggestions or reflections from the field are highly appreciated!
Regards
PeterHi,
Try to overide the monitor Health Services Private Bytes by the following steps.
◾Go Authoring space – Management Pack Objects – Monitors
◾Go to change scope – select clear all – look for Health Service – tick it and press OK.
◾Expand Health Service – expand Entity Health – expand Performance – expand Health Service Performance
◾Select the Health Health Service Private Bytes Threshold.
◾Right click the mouse and choose to overide the monitor for a group
◾Select the group called Management Server Computer Group and press OK
◾Select the Agent Performance Monitor Type – Threshold and change the value 104857600 to ex. 2610612736.
◾Select to store the overide in a management pack you have created and press OK
Juke Chou
TechNet Community Support -
SCOM 2012 SP1 is failing to install - SQL not compatible
I'm getting an error when installing SCOM 2012 SP1 stating the SQL is not supported. I have seen a few posts on the forum about this error message but so far none of the resolutions resolved my issue.
Using named instance on port 2433. Entering SQL\instance and port 2433 yields same message as seen in another post:
"The installed version of SQL server is not supported. Verify that the computer and installed version of SQL Server meet the minimum requirements for installation. Please see the Supported Configurations document for further information."
I noticed I get this in my OpsMgrSetupWizard.log
[15:03:28]: Error: :StackTrace: at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupValidationHelpers.GetRemoteOSVersion(String remoteComputer)
[15:03:28]: Debug: :IsSQLOnAValidComputer: remote OS version string was null or empty.
Notice the last line - IsSQLOnAValidComputer is null/empty. The solutions I found are to open the ports between these servers but the SQL server and SCOM server are on the same network - no firewall between them. The registry key for domain firewall
policy to 'EnableFirewall' is 0. The firewall service is disabled on both machines.
I am running the installation as a domain service account - for the DAA. It has local admin on the SQL and SCOM server. It has sysadmin DB access to the instance.
SCOM Server:
Server 2008 R2 Standard SP1
SQL Server:
Server 2008 R2 Enterprise SP1 | SQL 2012 RM 64-bit version 11.0.2100.60
Any help is greatly appreciated.Glad to hear the issue has been resolved. Thanks for the update.
Niki Han
TechNet Community Support -
System center data access service crashes with event id 26339 ad 26380 in SCOM 2012 Sp1 RTM
hi all,
I have deployed scom 2012 sp1 rtm on Os 2012 std and database is on another VM Machine having SQL 2012 sp1 with OS 2008 R2 SP1 std, suddenly sql vm get stopped and unable to start , so I have delete it from hyper-v 2012 console and imported the VM again
in Hyper-0S 2012 cluster.
Now, System centre data access service get crashed again and again with mentioned events
event 26339, OpsMgr SDKService
event 26380, opsmgr SDkService
An exception was thrown while initializing the service container.
Exception message: Initialize
Full exception: HTTP could not register URL
http://+:51905/ConnectorFramework/ because TCP port 51905 is being used by another application.
The System Center Data Access service failed due to an unhandled exception.
The service will attempt to restart.
Exception:
System.ServiceModel.AddressAlreadyInUseException: HTTP could not register URL http://+:51905/ConnectorFramework/ because TCP port 51905 is being used by another application. ---> System.Net.HttpListenerException: The process cannot access the file
because it is being used by another process
at System.Net.HttpListener.AddAllPrefixes()
at System.Net.HttpListener.Start()
at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.EnterpriseManagement.ConnectorFramework.ServiceDataLayer.ConnectorFrameworkDataAccessChannel.Initialize()
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.Initialize(InProcEnterpriseManagementConnectionSettings configuration)
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.InitializeRunner(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
Kirpal SinghHi Kirpal
Can you try this it might help as its an known issue of getting event id 's 26361,26380 try out & lets see if it helps.
The manifest files are located on the RMS at the \Program Files\System Center Operations Manager 2007\ root directory. The manifest files will need to be edited for the config and sdk service on affected RMS. The file names are:
Microsoft.Mom.Sdk.ServiceHost.exe.config
Microsoft.Mom.ConfigServiceHost.exe.config
In between the EXISTING <runtime> and </runtime> lines – you need to ADD a NEW LINE with the following:
<generatePublisherEvidence enabled="false"/>
This solution disables CRL checking for the specified execute-ables, permanently. -
SG-500-28P How to configure switchport port-security violation setting
Is there a way to do switchport port-security violation {protect | restrict | shutdown} in SG-500-28P in case of a BPDU Guard violation?
Seems like the default option is shutdown and I don't know how to change it.
Thank you!Hi,
you can recover this Violation.By using below command:
To enable automatic re-activation of an interface after an Err-Disable shutdown,
use the errdisable recovery cause Global Configuration mode command. To
disable automatic re-activation, use the no form of this command.
Syntax
errdisable recovery cause {all | port-security | dot1x-src-address | acl-deny |
stp-bpdu-guard | loopback-detection | udld }
no errdisable recovery cause {all | port-security | dot1x-src-address | acl-deny |
stp-bpdu-guard | loopback-detection | udld }
For more information:
Refer this URL:page no :406
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf
regards
Moorthy -
SCOM 2012 SP1 failed to send notifications by IM Channel
Hello, I have a problem with my SCOM 2012 SP1. When it tries to send notification by IM Channel I get the following alert in SCOM:
Notification subsystem failed to send notification using
device/server 'live.august.ru:5060' over 'sip' protocol to
'sip:[email protected]'.
Microsoft.Rtc.Signaling.OperationFailureException: The GetInbandDataAsyncResult
operation has failed with message: "The data session subscription to server
failed.". See the InnerException and FailureReason properties as well as the
logs for additional information. . Rule id:
Subscription077dc311_59c0_4ba5_a432_072b486cd287
At the same time the following event in the Application Event Log generates on the server with IM service:
Event Type: Warning
Event Source: Live Communications Server Authentication
Event Category: (1003)
Event ID: 16435
User: N/A
Computer: LCS
Description:
At least one invalid authentication signature was detected.
There were 2 messages with invalid signatures in the last 7112 minutes. The last one had the FROM header: sip:[email protected]
Cause: This could be due to a client or server which is not handling authentication correctly, or it could be due to an attacker.
Resolution:
None needed unless the failure count is high (>100). Check your network for any rogue clients. Restart the server if problem persists.
Notifications sent by the SMTP channel work fine!
I Have the following Servers:
LCS (live.august.ru) - Win 2003 EE SP2 + Live Communication Server 2005 SP1
SCOM - Win 2012 + SCOM 2012 SP1
Also I have a third server (Win 2003 + SCOM 2007 R2) and it sends notifications to the same VMLCS server successfully. The configurations of IM Channels are identical on both servers:
IM server: live.august.ru
Return address: sip:[email protected]
Protocol option: TCP
Authentication method: Kerberos
IM port: 5060
I tried to change the Authentication method to NTLM, and the port to 5061, but it doesn't help...Hi,
Please refer to these following articles to configure IM channel correctly:
How to Create and Configure the Notification Action Account
http://technet.microsoft.com/en-us/library/hh212835.aspx
How to Enable an Instant Message Notification Channel
http://technet.microsoft.com/en-us/library/hh212690.aspx
Enabling Instant Messaging Notifications in System Center 2012 Operations Manager
http://opsmgrunleashed.wordpress.com/2012/02/24/enabling-instant-messaging-notifications-in-system-center-2012-operations-manager/
Alex Zhao
TechNet Community Support -
SCOM 2012 SP1 availability report in MS Generic Report Libary shows inaccurate data
Hi,
in SCOM 2012 sp1, we have the generic availability report showing many of our web sites with no up time beyond a certain date. The web sites are ok, the web availability monitors are all healthy and the monitors test ok
None of these web availability tests are in Maintenance mode although what we are observing certainly makes us think that they are.
We also have a Web transaction login monitor for WEBSITE(A) that does not show this same outage for a login test.
However WEBSITE(A)'s availability monitor shows the same downtime as the other web availability tests.
Any thoughts on where to look for this problem? Im guessing its a problem placing the data in the Warehouse?
Thanks LanceHi,
Based on my understanding, the report shows there is downtime for the web site, but the web site did work well always.
It seems like that there is old data stored in data warehouse, would you please check the report for recent date, such as one day or two days.
Regards,
Yan Li
Regards, Yan Li -
Issue upgrading SCOM 2012 SP1 to SCOM 2012 R2
I have been having a really fun time trying to get my test SCOM 2012 SP1 environment upgraded to SCOM 2012 R2. I initially had an issue with the DB server not accepting connections to SMB which was causing the upgrade to fail stating database permission
issues (that was a fun one to troubleshoot). Once I figured out that problem I am now getting an error in the OpsMgrSetupWizard log that is stating the following:
[14:46:47]: Always:
:LaunchMsiSetup: Complete: 2 seconds
[14:46:47]: Error:
:LaunchMsiSetup: Failed, return code: 1612
[14:46:47]: Error:
:Error:Failed to uninstall previous MOM product on this machine, cannot proceed with upgrade
[14:46:47]: Error:
:Error:Failed to uninstall Operations Manager Agent on this machine. This is fatal error, we cannot proceed with upgrade
[14:46:50]: Error:
:LaunchMSI: MSI E:\Setup\AMD64\Server\OMServer.msi returned error 1603
[14:46:50]: Error:
:ProcessInstalls: Install Item Management Server failed to install. We did not launch the post process delegate.
In the application log I am getting the following error:
"Product: System Center Operations Manager 2012 Server -- The Operations Manager management server cannot be installed on a computer on which the Operations Manager agent, Operations Manager gateway, System Center Essentials, or System Center Service
Manager is already installed. These must be uninstalled to proceed."
I have verified that I don't have any of these installed and have even gone so far as to remove my Config man agent and System Center Endpoint Protection just in case it was getting confused with System Center Essentials.
I am at a loss as to what to try next. Any suggestions?Hi,
Check if you have the following registry. If so, please back it up first, then delete for a test.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\C96403E8AD6025B4F9E1FE9C574E34AE
Also, please uninstall MOM product and Operations Manager Agent manually to check the result.
Upgrading System Center 2012 SP1 - Operations Manager to System Center 2012 R2
http://technet.microsoft.com/en-us/library/dn249707.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Manage DPM servers, running DPM jobs, etc from SCOM 2012 SP1
Hi,
Little background about our systems.
We have a dedicated SCOM 2012.
We have 22 DPM servers, DPM 2010 and DPM 2012 (we are upgrading to 2012 SP1, we have customers that still using Windows 2003 servers) to be managed by SCOM
We have a few DPM servers that are not located on the same domain as the SCOM server (untrusted domain).
Some problem we have
1. When we try to manage the DPM servers from the SCOM server.
From SCOM 2012 server I can “Manage DPM server” that are located in our domain but I cannot manage DPM servers located on untrusted domains (customer’s domains). I receive the below error message
"Unable to connect to <untrusted domain DPM SERVER> ID: 948
Verify that the DPM service is running on this computer"
I guess it’s because the account that I’m using to run SCOM server located in our domain and does not have the permission to open the DPM console on the untrusted domain. So I wonder if it is possible to use “RUN AS profiles/accounts”
to solve this issue, and how?
2. I have installed SCOM 2012 Operations Manager Console on my computer and then installed DPM Central Console.
When I select one dpm server (from my computer), that is on our domain, and then click “Manage DPM server” I got this error message
"Unable to connect to <our domain DPM SERVER> ID: 33333
1. Verify that the DPM service is running on this computer (YES)
2. Verify that the current user has been added to at least one of the roles in Operations Manager. (YES)
3. Open Operations Manage console and then try launching the DPM Console (THAT IS WHAT I AM TRYING TO DO)
4. If you have re-imported the management pack recently, the role configuration may be corrupt. Open the DPM-specific roles and check if the roles have task assigned to them. If not, delete the roles and recreate the...."
When I click on “Get more information” I get this error message.
"You don´t have access permission to connect to the System Center Data Access service on <SCOM SERVER>. Please check if it is a permission issue".....
Do you know why I cannot connect to any DPM server on our own domain?
Why do I get access permission error on my computer but not on the SCOM server (using the same account)?
What should we do to be able to connect to DPM servers that are on untrusted domain?
3. Is it possible to see Last Recovery Point date/time in SCOM alerts?
For me it is the first thing I look at. If it has failed 10 min ago it is not critical.
But if it is a date and time more than 1 day old, then it is critical.
I hope someone can help us with this
Br
SvBohoHi,
To manager DPM, I think we may need to add the account to local admin group of the DPM server.
In addition, to connect to DPM the user needs permissions to DPM/SQL Server DPMDB.
For your DCs, have your enabled agent proxy option? If not, please enable that option for all DCs.
To monitor DPM with SCOM, please also go through the below links:
http://kevingreeneitblog.blogspot.com/2011/10/managing-and-monitoring-system-center.html
http://damatisystemcenter.com/2013/10/14/monitor-data-protection-manager-2012-using-scom-2012-sp1/
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards,
Yan Li
Regards, Yan Li -
I'm trying to upgrade our SCOM 2012 SP1 environment to R2, but I have a heck of a problem getting there.
We currently have an test installation with SCOM 2012 SP1 with Management Server and Console on a single 2012 Standard server. The database are located on a remote server. The R2 setup stopped mid way through the setup, because the SCOM 2012 SP1 agent is
installed. And I could NOT remove it my any normal means. I've tried "misexec.exe /x productcode", the setup, powershell uninstall and so on. Nothing works, because the management server installation is blocking the uninstall. The uninstall says
I have to remove the management installation first. And that's not gonna happen.
I had to follow this guide to finally getting through the setup: http://www.opsman.co.za/forcibly-removing-a-scom-agent-that-cannot-be-uninstalled-by-normal-means/
In addition to searching for the agent msi install key in registry, and deleting everything. After I did this, the setup is working, and the SCOM management server, console and DB are up to date. However, the Microsoft Monitoring Agent are STILL there in
Control Panel. And this can NOT be the most healthy way of getting through the setup.
I'm about to upgrade to R2 in our production environment with 3 management servers, and I would hate to go through this sketchy process there as well. Just for the record, I have no idea why the agents are installed on our management servers.
Any of you have tips as to how I can get rid of the agents more gracefully?Hi
Thanks for the replay guys!
None of those links touch my problem I'm afraid. I have followed the Upgrade guides you pointed to, step by step. But the setup does not Complete. There's problems during the actual software Upgrade of the management servers (3'rd step in the Upgrade page).
I've dived into the Application logs and installation logs, and as far as I can tell, it stops because it has trouble upgrading while the server has the 2012 SP1 Agent installed. I do not remember the actual error text right now, but I can get it in a few
days.
Anyhow, the setup DID move on once I removed most of the registry information of the agent installation. So. that leaves me to the conclusion that the agent IS in fact stopping the setup. Either the agent are malfunctioning, or the setup do not expect the
agent to be present on the management servers. I suspect the latter to be the the most plausible. At least until Yan Li told me this was normal.
So, I'm not sure what to think. I'm pretty much forced to remove this agents, as this is the only thing allowing me to continue the setup. At least untill I'm told otherwise. But I hate to do it this way. It's so dirty. The registry is pretty much cleaned,
but there's still Application files present, and the agent is still in the Control panel and can be started. It's not something I would like to do in our prodution environment. -
Three agent UR versions gets installed from gateway - SCOM 2012 SP1 UR4
Hi,
We have a SCOM 2012 SP1 UR4 installation with several gateways that servers connect to and get installation from.
We noticed that when the agent get installed on a client server it gets first the agent itself, then UR1, UR2 and last UR4.
From the XML-section in the task that has installed the agent one can read the following:
SoftwareUpdateInstalled KB2784734-amd64-Agent.msp;KB2826664-amd64-Agent.msp;KB2880799-amd64-Agent.msp; SoftwareUpdateInstalled
Below is from the application log of a newly installed server that got the agent installed.
The question I have is if this is correct? Why are all three UR installed?
Shouldn't it be enough with the latest version of UR? Are they not cumulative?
Can I simply delete the older versions in the agent directory of the Gateway?
Regards S-E
Windows Installer installed the product. Product Name: System Center 2012 - Operations Manager Agent.
Product Version: 7.0.9538.0. Product Language: 0. Manufacturer: Microsoft Corporation.
Installation success or error status: 0.
Windows Installer installed an update. Product Name: System Center 2012 - Operations Manager Agent.
Product Version: 7.0.9538.0. Product Language: 0. Manufacturer: Microsoft Corporation.
Update Name: System Center 2012 - Operations Manager SP1 UR1 Update Patch.
Installation success or error status: 0.
Windows Installer installed an update. Product Name: System Center 2012 - Operations Manager Agent.
Product Version: 7.0.9538.0. Product Language: 0. Manufacturer: Microsoft Corporation.
Update Name: System Center 2012 - Operations Manager SP1 UR2 Update Patch.
Installation success or error status: 0.
Windows Installer installed an update. Product Name: System Center 2012 - Operations Manager Agent.
Product Version: 7.0.9538.0. Product Language: 0. Manufacturer: Microsoft Corporation.
Update Name: System Center 2012 - Operations Manager SP1 UR4 Update Patch.
Installation success or error status: 0.
Windows Installer installed the product. Product Name: Active Directory Management Pack Helper Object.
Product Version: 1.1.0. Product Language: 1033. Manufacturer: Microsoft Corporation.
Installation success or error status: 0.Hi,
This should be normal, as we can see in the below two articles. When applying Update Rollup 2, UR1 is listed there, and when applying Update Rollup 3, UR1 and UR2 is listed there also.
http://blogs.technet.com/b/kevinholman/archive/2013/04/11/applying-update-rollup-2-ur2-to-opsmgr-2012-sp1.aspx
http://blogs.technet.com/b/kevinholman/archive/2013/09/27/applying-update-rollup-3-ur3-to-opsmgr-2012-sp1.aspx
For example, UR3 can be applied to System Center Operations Manager 2012 SP1 (as released) or a SCOM 2012 SP1 deployment that has had UR1 or UR2 already applied.
Regards,
Yan Li
Regards, Yan Li -
Brand new SCOM 2012 SP1 install with Update Rollup 1 applied
Single server, local SQL install, SQL Server 2012 SP1
Hyper-V VM running on Server 2012. VM has 8GB Ram, single vCPU
Going through initial management pack importing and configuration, at this point I have the Windows Server 2012 and SQL 2012 MP's installed.
See screenshot
http://i.imgur.com/l0Molh1.png
I am getting the following alerts in my SCOM console and cannot find a resolution to fix the issue. I don't want to set an override, as an override will prevent the PowerShell alert in other instances, where I might want to receive an alert.
Looking at the alert description, it states "The Data Access service is either not running or not yet initialized"
The SCOM Console launches and responds fine, and I get no other errors. I check the Data Access service and it is online. I have left the system alone for a couple of hours and no other errors. I then closed those alerts and restarted the
server, and they came right back in, so I know that this is something that is happening at either server startup of during the start of the SCOM services.
Is it possible that SCOM is trying to execute these scripts and the Data Access service has not come online yet?
Has anyone else come across this before?Please try the method in the following thread:
Note: As there is operations related to Registry, please perform a backup before doing this.
OpsMgr 2012 - Power Shell Script failed to run
http://social.technet.microsoft.com/Forums/de-DE/systemcenterde/thread/4be37f8d-1e7b-450c-8cb9-f1e95f3b2bd0/
Thanks.
Nicholas Li
TechNet Community Support -
Non supported version of SQL with new install of SCOM 2012 SP1
I have SQL 2012 SP1 running on Server 2012. I have tried the SCOM installation with and without CU2 (to fix the 1618 installation error)
SC VMM installed cleanly and appears to work.
The install for SCOM produces an error that says, "The installed version of SQL Server is not supported". I have not been able to find any log from the install that has that error in it.
Also, I have not been able to determine the true requirements of the SQL server for SCOM. (I found dock SCOM 2012 RTM and SQL 2008 R2, but noting for 2012 SP1.
Can someone point me to the correct place for the install log with (hopefully more information) and/or the requrements for the SQL installation?
RoyThe log is not created yet because it has not started the install.
The firewall is the most common issue indeed. Temporarily Disable the firewall and see whether you can continue.
Are you using a developers edition? The only 2 editions supported are standard and Enterprise.
The true requirements for SCOM 2012 sp1:
We recommend that you check for updates and hotfixes for SQL Server. Note the following database considerations for Operations Manager:
SQL Server 2008 R2 and SQL Server 2012 are available in both Standard and Enterprise editions. Operations Manager will function with both editions.
Operations Manager does not support hosting its databases or SQL Server Reporting Services on a 32-bit edition of SQL Server.
Using a different version of SQL Server for different Operations Manager features is not supported. The same version should be used for all features.
SQL Server collation settings for all databases must be one of the following: SQL_Latin1_General_CP1_CI_AS, French_CI_AS, Cyrillic_General_CI_AS, Chinese_PRC_CI_AS, Japanese_CI_AS, Traditional_Spanish_CI_AS, or Latin1_General_CI_AS. No other collation
settings are supported.
The SQL Server Agent service must be started, and the startup type must be set to automatic.
Side-by-side installation of System Center Operations Manager 2007 R2 reporting and System Center 2012 Service Pack 1 (SP1), Operations Manager reporting on the same server is not supported.
The db_owner role for the operational database must be a domain account. If you set the SQL Server Authentication to Mixed mode, and then try to add a local SQL Server login on the operational database, the Data Access service will not be able to start.
For information about how to resolve the issue, see System Center Data Access Service Start Up Failure Due to SQL Configuration Change
If you plan to use the Network Monitoring features of System Center 2012 – Operations Manager, you should move the tempdb database to a separate disk that has multiple spindles. For more information, see
tempdb Database.
Found here:
http://technet.microsoft.com/en-us/library/jj656654.aspx#BKMK_RBF_OperationsDatabase
It's doing common things uncommonly well that brings succes.
Maybe you are looking for
-
Unlocked Tour in Colombia-browser won't show up
Hello, I've got an unlocked Verizon Tour that I'm trying to use in Colombia. I can currently make/receive calls and send and receive texts but I can't find my dad gum browser. Phone info: Tour 9630 v4.7.1.61(Platform 4.1.0.81) Carrier: Comcel I ha
-
I installed Adobe Reader 11 and the sign option went away for certain users. Does anyone know of user specific preferences that would cause this?
-
PE 9 Fails to Install Shared Technologies - Adobe Support Stumped!
I'm having the same problem as reported in the now closed thread http://forums.adobe.com/thread/725863?tstart=0. During installation, Photoshop Elements 9 installs Elements, then installs Organizer. When it gets to the point to install Shared Techno
-
Xmlp report executable and access
Hi like form(.fmx) and reports(.rdx) executable is there any executable for xmlp report. i am asking this becuase.... i created xmlp report , know i need to give this report access to the client.so is there any way like i can give the excutable for t
-
I activated my voiceover and now i cannot enter my passcode to unlock my phone. phone has been disabled due several entering of passcode, phone says connect to iTunes but am unable since phone is still locked. kindly assist