SCOM Performance Dashboard Widget Woes

SCOM is a great product, but sometimes I would have liked that they spent a bit more time on implementing the silverlight dashboards, especially the performance one.

The reason? The usage of the hardcoded GUIDs to populate the performance counters.

Let’s back up a bit, before going on, and talk a bit about the usage scenario. Creating these dashboards using the GUI is fine, though if you need to to create a lot of the same type of dashboards, just with different targets. The GUI route can become a big timesink. Also one usually want to keep these types of dashboards in an unsealed management pack so one can do adjustments as necessary on the fly without having to go the way through Visual Studio to seal the MP anew each time a change is needed. VS still has some complexity tied to it and not everybody wants to invest time into learning this tool. read more

SMS / Voice Notifications: PowerShell, System Center Operations Manager Updated

I really like this script for sending SMS using SCOM. Though it has some bugs in it’s current form. I also do not have a Twilio account. That is why I decided to rewrite some of the logic to use generic HTTP SMS gateways. Currently it is set up for using pswincom sms gateway, though this can easily be changed to some other service. Though you will need to find out how to construct the URL for that service and change the code in the CreateSMSurl function to match.The PSWinCom details are here. read more

OpsMgr: Sample Blue Bar State Widget Template Sorted

I really like this Wei Out there template, and also this that gives a overview of the Send Queue Size of the SCOM agent. Though I’m lazy and do not like that I have to click the performance counter column so it will sort by it. That is why I have added some code so it will, though you will lose the state column to the sorting logic. But I’m fine with that. I also added the option to only show the Top N highest values.

Here is the changed code:

View the code on Gist.

Happy Tinkering!

CRM & ADFS woes (the connector story)

So I have been doing some ADFS 3.0 work as of late. Part of this work included getting CRM 2016 to use ADFS for authentication instead of the normal AD (IWA) approach. Getting the user side of it set up is not that hard, and there are many good sources for correct information. Now it turns out CRM has some hidden integration complexity. Though not directly from CRM itself, but the Connector for Microsoft Dynamics (which has not changed since CRM 2011). This was making a stink and would not connect to ADFS. At the time I did not know that the error was caused by the connector not being able to talk to ADFS server because of a firewall issue, so I wrongfully assumed that the error had something to do with ADFS configuration. This analysis was done on internal federation configuration and not using IDF (published external using ADFS Proxy), i.e using the Intranet configuration for the CRM RP with Windows Authentication only active. read more

ADFS3.0 MEX Monitor Fix

I recently did some work on publishing internal legacy applications using WAP and ADFS for pre-authentication. Wrapping of the production part of these components I wanted to get full visibility into how they performed over time. To do this I added in SCOM management packs for both products. As monitoring kicked in I started seeing that the health of the overall ADFS farm always defaulted to a warning state. Delving a bit deeper into why, I found that it was the “MEX Endpoint Is Unreachable”-monitor that was keeping the farm in this state. read more

SCOM Agent Quick Firewall Rules

I always try not to have to do too much repeat work, so when I have some extra time I like to make some stuff easier. This time I threw together a quick and easy way of adding the needed firewall openings to servers for SCOM Agent push installs.

One little note; the commands used here are only present on 2012 R2 with PS 4.0 and newer servers.

 

WAP & ADFS the persistent cookie conundrum

I recently did some work with WAP 2012R2 (Web Application Proxy) and ADFS 3.0 (Active Directory Federation Services) looking into how the different timeout values work in conjunction with publishing internal legacy applications to the intrawebz. This using IWA (Integrated Windows Authentication) for the backend, and that meant setting up KCD (Kerberos Constrained Delegation) between WAP and the application servers. I will not focus on that configuration here. I am more interested in how the security mechanisms work, and how that impacts how to configure the different time constraint values for logon and session related parameters. read more

DPM 2016 silent install

With the new DPM 2016 soon to be released there are some changes to the unattended file.

The old one for DPM 2012 R2 is below:

The changes for DPM 2016 is that all the Yukon prefixed variables now have SQL before it. This makes much more logical sense. Also there still are some small bugs. If you use the ProgramFiles variable, the installer will at writing (TP 5), just append the value you put in the unattend file and then try to add the default path name on top of that. This will make the installer quit as the character length of the path string will exceed 64 character, which is not allowed. read more

Give me security; WordPress&MySQL!

This is a follow-up on a previous blog post of mine. I don’t like to leave the security of the solution hanging as we are exposing the MySQL database to the internet up in the cloud. There exist a possibility to use Azure internal virtual network, though for that your web site must use a more expensive tier. So therefore I will address how to set up a secure connection from the WordPress frontend to the MySQL backend.

First you will need to download OpenSSL (I’m using the Windows lite version found here). read more

Give me more datadisks

With lower tier VM’s in Azure you have a limit on how many data disk you can attach. As an example an A1 can only have 2 datadisks of 1 TB each attached. So if you just want to use Azure for storing a lot of data like backup you are kind of out of luck. You would either need to get a higher tier VM that allows for more datadisks or use a service like Azure Backup instead.

Let me give you one more option, Azure Files Shares.
Now, I hear a lot of you say; “you can’t use a share as a local disk”. And you would be correct, you can’t. Though let’s be a bit sneaky, and get around that limitation. read more