teknoglot:

  • Home
  • Home
  • Microsoft
    • Hyper-V
    • OpsMgr 2007
    • SQL 2005
    • SQL 2008
    • Windows XP
    • Windows Vista
    • Windows 2008
  • Linux
    • Fedora 11
    • RedHat ES
    • SLES
    • Ubuntu
  • Code
    • PowerShell
    • VBS
  • Series
    • MP Dev: TG WinAutoSvc
  • Definitions
    • System Center Operations Manager 2007
      • Classes
      • Service Model
      • Singleton
  • Technobabble
Twitter RSS

ESENT Error When Modifying OpsMgr Agent

Posted on March 19, 2010 by Sam T
No comments

Getting “ESENT Kerys are required to install this application” when you are trying to modify/change an agent installation?

image

This seems to be  most common on Windows 2008 and i guess it’s because of the UAC and the fact that opening the Control Panel isn’t running in administrative mode.

To work around this you need to run the msiexec command on the correct installation GUID from an administrative command prompt.

Besides running through the registry to find the GUID, one of the easier ways is this:

  1. Open an administrative command prompt.
  2. run wmic product
  3. Locate your product by its name, the GUID (looks a bit like this {25097770-2B1F-49F6-AB9D-1C708B96262A}) directly after that is the one you want. Copy it.
  4. run msiexec /i <PASTEYOURGUIDHERE>
  5. Modify the agent as pleased

That’s pretty much it. Good luck.

Categories: OpsMgr 2007 | Tags: Errors, How-To, OpsMgr, Windows, Windows Installer, WMI

Updated MSMQ Management Pack v6.0.6615.0!

Posted on December 23, 2009 by Sam T
No comments

Microsoft has released an update to the MSMQ (version 3) management pack.

System Center Pack for: Message Queuing 3.0
Version: 6.0.6615.0
Released on: 12/14/2009

Message Queuing (also known as MSMQ) is a server application that enables applications to communicate across heterogeneous networks and systems that may be temporarily offline or otherwise inaccessible. Instead of an application communicating with a service on another computer, it sends its information to Message Queuing, which sends the information to a Message Queuing service on the target computer where it is made available to the other application. Message Queuing provides guaranteed delivery, efficient routing, security, and priority based messaging.

Now, what’s really interesting is what you will find in the MP Guide under “Supported Configurations”.

The Message Queuing Management Pack for Operations Manager 2007 is designed to monitor Message Queuing version 3 only.

The Message Queuing Management Pack supports the following platforms:

· Windows Server 2003

· Windows XP

The Message Queuing Management Pack also supports monitoring clustered MSMQ components.

Text coloration is obviously added by me to highlight the interesting part. ;)

Finally MSMQ monitoring seems to be cluster aware, which might mean that the home-made pack i did to have those (numerous) queues covered could be passed on to the scrap-heap. This is also confirmed under “Changes in This Update”.

The December 2009 update to this management pack includes the following change:

· Fixed a problem when working with an instance of MSMQ in a Cluster. The MP is now able to discover and monitor public and private queues in a cluster.

· Fixed a problem when discovering the local and cluster instance of MSMQ. The MP is now able to discover and monitor both instances.

The confusing double RunAs profiles seems to have been cleaned up too (you only have to worry about one now) as well as fixing some sloppy mistakes in the previous scripts (no Option Explicit? C’mon Microsoft! You write the best practices, try to stick to them.) and generally improving display and documentation.

Gonna import this to our staging environment today and let it roll during the holidays.

Cheers! Oh, and happy holidays!

Download and documentation:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1D2B4398-8BC2-4A43-850C-852EBB0D983B&displaylang=en&displaylang=en

Categories: OpsMgr 2007 | Tags: Management Pack, MSMQ, OpsMgr

Linux Discovery – Not Enough Entropy

Posted on December 2, 2009 by Sam T
3 comments

Here’s a little trouble-shooting guide for discovering Linux systems from OpsMgr R2 when getting the following error from the wizard:

<stdout>Generating certificate with hostname="COMPUTERNAME"

[/home/serviceb/TfsCoreWrkSpcRedhat/source/code/tools/scx_ssl_config/scxsslcert.cpp:198]

Failed to allocate resource of type random data: Failed to get random data - not enough entropy

</stdout><stderr>error: %post(scx-1.0.4-248.i386) scriptlet failed, exit status 1

</stderr><returnCode>1</returnCode>

<DataItem type="Microsoft.SSH.SSHCommandData" time="2009-08-05T11:15:01.5800358-04:00" sourceHealthServiceId="0EB1D6DA-202C-7FC5-3D46-BDBB9208547D"><SSHCommandData><stdout>Generating certificate with hostname="COMPUTERNAME"

[/home/serviceb/TfsCoreWrkSpcRedhat/source/code/tools/scx_ssl_config/scxsslcert.cpp:198]

Failed to allocate resource of type random data: Failed to get random data - not enough entropy

</stdout><stderr>error: %post(scx-1.0.4-248.i386) scriptlet failed, exit status 1

</stderr><returnCode>1</returnCode></SSHCommandData></DataItem>

But first, a little background on the actual “problem”. To generate the certificate, the entropy needs to be high enough to generate random data for the certificate creation. Without the certificate, the OpsMgr agent won’t be able to open up communications with the MS. So, what creates this entropy we need? Bluntly put, a selection of hardware components that are likely to produce non-predictable data. Like a keyboard, mouse and a monitor or videocard. Of course, there’s a lot more to it, but we really don’t need to know this. What we need to know is that there has to be a “bit bucket” of more than 256bytes of entropy for the certificate creation process to succeed. We also need to know that more enterprise-ish servers, like rack- or blade-servers tend to be void of things like directly attached keyboards, mouses and monitors that the linux kernel needs to be able to generate entropy. And herein lies the problem. If you have a new server that is not in full service (likely since we are trying to deploy the monitoring on it) which means that there’s not much random data flowing through the hardware and there’s no keyboard or mouse or monitor connected to it there is quite the risk that the system entropy is going to be very low. Of the linux systems that I have been deploying OpsMgr agents to, about half have failed because of “Not enough entropy”. So, here’s the steps I usually takes to ensure that discovery works. I use PuTTY to connect to the soon-to-be-monitored servers. This guide also assumes that you have SU rights on the system since all of these steps (except #1) needs it.

  1. Check you current entropy 
    cat /proc/sys/kernel/random/entropy_avail

    Is it less than, or close to, 256? It probably is. If you don’t feel like connecting a mouse and start wiggling it around—not really feasible in a data center—and see if the entropy increases, you can generate your own random data.

  2. Generate you own random data.
    Be advised that this forced entropy will not be as random as the system-created on and thus not as secure. How much more insecure it is, I don’t know, and quite frankly I prefer to have my systems monitored yet slightly less secure than not monitored at all. Anyway, you can force your own random data by running:

    dd if=/dev/urandom of=~/.rnd bs=1 count=1024

    This creates a .rnd file with 1024B of random data that the certificate creation process will use instead of the system entropy if the file exists.

  3. Uninstall and re-discover
    The first failed attempt of discovery will most likely leave a non-working agent installation that we have to remove. Otherwise we will just be stuck with an “Access Denied” error. Run:

    rpm –e scx

    Now, try to discover the system again.

  4. Failed again?
    Try generating the certificate manually by running:

    /opt/microsoft/scx/bin/tools/scxsslconfig -f –v
/opt/microsoft/scx/bin/tools/scxadmin –restart

    Retry discovery again.

  5. Still fails?
    Uninstall the agent once more as instructed in step 3.

Stese steps have solved my problems 100% on both SUSE and RedHat and hopefully they will help you too.

Interestingely enough, these problems seems to be connected to some changes in the 2.6 kernel and basically everything that uses SSL-ish certificates will be affected. Even though the symptoms may be a bit more subtle, like time-outs and disconnects. For “headless” servers like those I usually to administer where the random data tend to be much lower, there’s even specialised hardware whose sole purpose is to generate random data, like the Entropy Key. I have also been told that new servers is likely to be equipped with entropy chipsets to make sure that there’s chaos enough to avoid these new-found oddities.

Sources:
http://social.technet.microsoft.com/Forums/en-US/crossplatformsles/thread/f94ec905-23ac-4444-b9f8-644fec3ae357

http://www.askrenzo.com/oracle/SCOM/SCOM_discovering_nodes.html

Categories: OpsMgr 2007, SLES | Tags: How-To, Linux, OpsMgr, TroubleShooting, X-Plat

(re)Gain sysadmin access to SQL2005 or SQL2008

Posted on November 19, 2009 by Sam T
2 comments

In SQL Server 2005 and 2008 the local Administrators account is not sysadmin by default. This makes it even more important that the one setting up the Database also remembers to add a SQL Server admins group to the sysamin role. If this step is forgotten, the user installing the database server is the only one that will ever be sysadmin.

In some extreme cases I’ve seen situations where no one except some dude on vacation is sysadmin and there’s a bunch of applications that needs to be installed/upgraded. In these cases I have also been assigned Local Administrator rights on the server, but since the local Administrators group isn’t sysadmin either I still cannot login to the SQL server.
What to do!?

Thanks to Raul Carcia’s blog post it’s not that a big deal. The instructions is written for SQL Server 2005, but works equally fine on SQL Server 2008 and the only requirement is that you are a local server administrator.
Here’s what to do:

  1. Open the SQL Server Configuration Manager.
  2. In SQL Server Services, open the properties for the SQL Server instance you need access to.
  3. In the Advanced tab, locate Startup Parameters.
  4. Add “;-m” to the end of that line.
  5. Press OK and restart the SQL Server into “Maintenance Mode” or “Single User Mode” if you like. (check that a restart is OK first ;) )
  6. Open a command prompt (right-click, “Run as Administrator” in Windows 2008) and go to C:Program FilesMicrosoft SQL Server100ToolsBinn
    (C:Program FilesMicrosoft SQL Server90ToolsBinn for SQL2005)
  7. Execute 
    sqlcmd /A /E /S&lt;SERVERINSTANCE&gt;

    (use . for local default instance and .INSTANCE for local named instance)

  8. In the CLI, execute: 
    EXEC sp_addsrvrolemember 'DOMAINyourusername', 'sysadmin';
GO
  9. Return to the SQL Server Configuration Manager and restore the Startup Parameters to it’s previous settings.
  10. Restart the SQL Server instance to allow users to access it again.

Now, you should be able to login to the SQL server with sysadmin rights using your current user. This would also be a good point in time to actually establish a SQL Server Admins group (local or domain) to add to the sysadmin role to avoid having others to the above steps when you, yourself, happens to be on vacation. ;)

As Raul Carcia point out in his original post, this is really a disaster recovery procedure and there’s definitely nothing sneaky about it since it leaves quite alot of trails in the event logs.

All in all, a Great article by Raul and all credit should go his way.

Categories: OpsMgr 2007, SQL 2005, SQL 2008 | Tags: How-To, SQL Server, SQL Server 2005, SQL Server 2008

Updated: MP for System Center Configurations Manager 2007 SP2 on x64

Posted on November 3, 2009 by Sam T
No comments

Microsoft has released an updated MP for SCCM SP2 (v6.0.6000.2, released on 10/28/2009) for OpsMgr R2.

The update basically contains support for x64 that was missing in the previous release.

The Configuration Manager 2007 SP2 Management Pack adds support for monitoring Configuration Manager 2007 SP2 in a 64-bit environment with Operations Manager 2007 R2 or Operations Manager 2007 SP1 with hotfix (KB971541) installed. This enables the Configuration Manager 2007 SP2 Management Pack to work with either the 32-bit or the 64-bit Operations Manager 2007 agent. Except for the 64-bit support, the other features and guidance for Configuration Manager 2007 Management Packs remain intact.

(coloration added by me)

Read more and download here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=a8443173-46c2-4581-b3b8-ce67160f627b

Categories: OpsMgr 2007 | Tags: Management Pack, OpsMgr, x64

Installing SQL Reporting Services 2005 on Windows 2008 x64

Posted on November 2, 2009 by Sam T
1 comment

Let’s say you have followed this guide: http://support.microsoft.com/kb/938245/

Still not working? The one thing I forgot, or rather did not find in any of the guides, was to change the website application pool to “Classic .NET AppPool”. It is actually noted in KB938245 but only after the installation, during the configuration. For some reason I have not been able to install Reporting Services 2005 on Windows 2008 without changing this prior to the installation.

Maybe I am doing it wrong but this seems to be working all right for me.

Categories: OpsMgr 2007, SQL 2005, SQL 2008 | Tags: How-To, IIS7, Reporting Services, x64

Cannot Delete Files with Long Paths?

Posted on October 21, 2009 by Sam T
No comments

What do you do when you cannot delete a file or folder on a windows server?

Check the file permissions! And if that doesn’t help?

Check the share permissions! Yes, if it is a shared folder. And if that doesn’t help?

Check the file ownership! Great! But then what?

Well, the file could be in use, and then you would have to shut the locking process down and perhaps kick a user out. In a really bad scenario it could also be a symptom of a broken filesystem, a reserved filename (like “lpt1” or “PRN”) or even an invalid name (silly things like a space in the beginning or the end of a filename).
Another possible reason could actually be that the path to the file or folder is too long. You won’t actually get an error telling you that the filepath exceeds the 255 characters Windows can handle but a simple “Acces Denied”.

There are some, more or less tedious, work-arounds for the problem. Like renaming, starting from the root, all the directories to shorter ones or using the old DOS (8.3, like “dokume~1.doc”) names that windows can auto-generate for you. Personally, I have two favourite ways of handling this.

  1. Map the parent-directory of the file/folder you are trying to access/delete as a network drive and access your files that way.
    This is particularly useful if the folder you are trying to access a DFS-share or perhaps a share on the central fileserver filepaths like “\servername01Central ProjectsCentral ServicesIT DepartmentDevelop Methods for Automatically Deploying New Central Servers2.2.1 Auto-Deploying SQL-Server 2005 ClusterDocumentsPreparationsWhitepapersSQL Server 2005 Failover Clustering White Paper.doc”
  2. Create a new share to a folder further down the hierarchy. This works locally too if you are logged on to, say, SRV01, you create a new share on “D:FilesharesCentral ProjectsCentral ServicesIT DepartmentDevelop Methods for Automatically Deploying New Central Servers” called “Autodeploymethods” and access it from “\SRV01Autodeploymethods”. That way the filepath doesn’t exceed 255 characters.

Now. When designing fileservers, you really should think about how deep the filepaths may get. This is especially true on DFS-shares since you might have to deal with the full FQDN too, and not only the actual folder structure. Many big corporations I know uses “codes” for departments and assign a project ID (quite simply a number or maybe an abbreviation) to each project and uses theese for the fileshares too. Another scenario that could lead to similar problems are intranet sites where users can create and manage their own subsites and where filenames and folders are not stored in a database.

I have only seen this phenomena on Windows systems so far, and I’ve actually used a linux Live-CD on occasion when admin access is denied.

Read More:
http://support.microsoft.com/kb/320081

Categories: Microsoft, Windows 2008, Windows Vista, Windows XP | Tags: Errors, KB, Windows
Previous Entries
Next Entries

  • kaTWEET!

    • RT @notch: An older article, but it just surfaced on Reddit. If you're Swedish, you should know this: http://t.co/CvaRkUzx

  • Categories

    • Code
      • PowerShell
      • VBS
    • Linux
      • Fedora 11
      • RedHat ES
      • SLES
      • Ubuntu
    • Microsoft
      • Hyper-V
      • OpsMgr 2007
      • SQL 2005
      • SQL 2008
      • Windows 2008
      • Windows Vista
      • Windows XP
    • Technobabble

  • Recent Posts

    • Virtual OpenVPN Server at Home
    • OpsMgr 2007 R2 Documentation
    • Bulk disable ACS Forwarders (with wildcards)
    • OpsMgr 2007 Connectivity Map
    • Introduction to TG WinAutoSvc v1

  • Recent Comments

    • Giulise on Installing SQL Reporting Services 2005 on Windows 2008 x64
    • Sam T on Bulk disable ACS Forwarders (with wildcards)
    • ChrisAbel on Bulk disable ACS Forwarders (with wildcards)
    • Sam T on Introduction to TG WinAutoSvc v1
    • mats on Introduction to TG WinAutoSvc v1
© teknoglot:. Proudly Powered by WordPress | Nest Theme by YChong