The MOM team released a draft document outlining what to do when your RMS server installed on a cluster fails:
If your Root Management Server is installed on a cluster for some reason is wiped out here are the steps required to recover from a catastrophic disaster.
Disaster Recovery: Operations Manager 2007 Root Management Server on a Cluster
REDMOND, Wash., July 26, 2007 – During his address at Microsoft’s Financial Analyst Meeting (FAM), Jeff Raikes, president of the Microsoft Business Division, announced that
Office Communications Server 2007 and Office Communicator are code complete and will release to manufacturing (RTM) tomorrow. With this milestone and launch around the corner this fall, the Unified Communications Group is one step closer to fulfilling the UC promise and helping customers streamline business communications, increase productivity and lower costs.
PressPass spoke with Gurdeep Singh Pall, vice president of the Unified Communications Group, about the evolving unified communications industry, the return early adopters are seeing from Office Communications Server and Office Communicator and the company’s progress towards launch in the fall.
(more)
Livingston Communications just released an IT Ops Research Report today that shows
six out of 10 companies view applications changes as a leading cause of downtime. Other interesting facts:
Downtime ranked as the top IT operations challenge, with 51% of large enterprises (10,000 or more employees) selecting minimizing downtime as a top three concern in managing multi-tier applications.
The survey revealed that the average company experiences roughly 15 incidents of downtime per year.
From an industry perspective, computer-related companies (18.4) and healthcare/pharmaceutical companies (17.1) reported the most number of downtime incidents.
If you are interested in the report, visit
http://www.stacksafe.com/research and download a copy yourself.
I totally agree with
Pete:
This Excel spreadsheet, created by
Ian Blyth and reminiscent of the MOM 2005 Sizer, delivers estimated Operations Manager database size based on number of agents and estimated data transfer (which varies by the number of management packs installed, overrides in place, etc). Very useful tool in my opinion.
Database Size Estimator for Operations Manager 2007
The data returned by the tool is based on Ops Mgr operations and warehouse database growth estimates compiled by Cameron Fuller, available
HERE.
Great work Ian!
On the Microsoft Worldwide Partner Conference (WWPC), from July 10-12 in Denver, Steve Ballmer presented a
Keynote on Microsoft's Software & Services strategy and vision. The past days, his presentation was
posted to the Partner site.
Browsing the presentation, I found that the last slide had some interesting information about upcoming products. The slide is titled "FY08 and Beyond" and has a list of expected products, but also mentions:
Windows Vista SP1
Windows Server 2008 Update Release
Windows Server 2008 SP1
System Center Essentials "V2"
Microsoft TellMe
Forefront for Sharepoint "14"
Forefront for Exchange "14"
Although it does not disclose information about the products itself -- the slide title (Fiscal Year 2008 and Beyond) implies that some of these products will be out before the summer of 2008. Download the presentation below to see for yourself or
click here to see the screenshot that I took.
WWPC: Steve Ballmer's Presentation
WWPC: FY08 and Beyond
Ian Blyth writes: I was under the impression that AEM was free (certainly to SA customers) because CER was free to SA customers. But it looks like I was wrong. Mike Betts (
www.momanswers.net) posted a question in the newsgroup about it.
So I did some digging (and I did have to dig to find the document - and when I went to look for it a second time I could not find it searching on Google or Microsoft). Luckily Stefan’s blog has the link to the document.
System Center Operations Manager 2007 Licensing Brief.
It appears that if you use AEM that you still need a client license at $32 per client. Now if I had the OpsMgr agent on and was using ACS as well then the cost is taken care of. But if I am just using AEM it seems a lot for collecting some Dr Watson and Windows Error reports. I think it is a useful tool but I would find it hard to justify that level of spend.
(more)
Scott Moss writes: Useful information if you're going to be creating custom queries against the OperationsManager db Alert table or AlertView.
Resolution State
ID Resolution State
0 = New
255 = Closed
Severity Values for Alerts
0 = INFORMATIONAL
1 = WARNING
2 = CRITICAL
Example Query using OperationsManager database, this query will display all alerts that are Critical:
select * from dbo.Alert where Severity = '2'
Tarek Ismael writes: As Before in MOM 2005, you can automatic discover your server and install agents without run the wizard every time. Now in system center Operations Manager, this is not available but you can do this using Shell command. the Script can be using to run a Windows schedule task to discover and install Ops Mgr 2007 agent based on your LDAP query
param ($OpsMgrservername,$Domainname)
#Initialize the OpsMgr Provider
Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client
# Set the location to the root of the provider namespace.
cd OperationsManagerMonitoring::
#create a connection to the Management Group
New-ManagementGroupConnection $OpsMgrservername
#change the path
cd $OpsMgrservername
#configure query setting
$ldap_query = new-ldapquerydiscoverycriteria -domain $Domainname -ldapquery "(sAMAccountType=805306369)(name=*ABC*)"
#configure discovery setting
$windows_discovery_cfg = new-windowsdiscoveryconfiguration -ldapquery $ldap_query
# discoveryresults
$discovery_results = start-discovery -managementserver (get-managementserver)-windowsdiscoveryconfiguration $windows_discovery_cfg
#install Agent
install-agent -managementserver (get-managementserver) -agentmanagedcomputer $discovery_results.custommonitoringobjects
Save the file as Agentdiscoverinstall.ps1. Configure the Windows schedule task as
Powershell.exe Agentdiscoverinstall.ps1 -OpsMgrservername:localhost -Domainname:YOURDOM
Tarek Ismael writes: This issue has surfaced in the newsgroups, to solve this issue you can create a task using to change the value in the registry and restart health service on the client the registry key:
HKLM\SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Management Groups\MG_ Name\MaximumQueueSizeKb
the value : "15 MB" 15360
the script as below:
HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:\\" & strComputer &"\root\default:StdRegProv")
strKeyPath =
"SYSTEM\CurrentControlSet\Services\HealthService\Parameters\Management Groups\MG_ Name"
ValueName = "MaximumQueueSizeKb"
dwValue = 51200
objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, ValueName, dwValue
Set objShell = CreateObject("WScript.Shell")
objShell.Run "%COMSPEC% /c net stop healthservice",,1
objShell.Run "%COMSPEC% /c net start healthservice",,1
The DFS Namespaces team is excited to announce upcoming support for domain-based namespaces that exceed the previous size recommendation of 5,000 folders with targets in a namespace. Starting in Windows Server 2008, you will be able to use the DFS Management snap-in to create a new domain-based namespace in one of the following modes:
- Windows 2000 Server mode provides the same functionality and scalability currently available in namespaces hosted on servers running Windows 2000 Server or Windows Server 2003.
- Windows Server 2008 mode provides increased scalability and support for access-based enumeration, which will be configurable using Dfsutil. There are now no hard limits to the size of the namespace – however, we are currently running performance tests to determine guidelines for sizing these new domain-based namespaces for practical performance considerations.
Stand-alone namespaces will also benefit from the underlying DFS Namespaces changes made in Windows Server 2008, allowing stand-alone namespaces hosted on servers running Windows Server 2008 to support access-based enumeration.
Brad Anderson, General Manager for the Microsoft Management and Solutions Division writes:
Two weeks ago we announced that the 2008s [Windows Server, SQL Server, Visual Studio] would launch in February next year, with availability staged throughout the year. We’re in the process of building the best management tools so that developers can build knowledge into their codes and it’ll automatically execute based on that knowledge and policies. Visual Studio 2005 Team System introduced developers to SDM, and we’re working with the Visual Studio team to further connect software developers with architects and IT admin via Visual Studio 2008.
For Windows Server 2008, new management packs/agents for MOM 2005 and SC Operations Manager 2007 will be available in H1. Along those lines, we’ll also have a release of System Center Configuration Manager (formerly SMS) and a second release of Virtual Machine Manager to manage virtualized workloads enabled with Windows Server Virtualization. With the release of VMM, System Center can manage the physical and virtual assets. We developed this technology as, increasingly, customers told us they want a single, unified solution for managing both. I’ve met plenty of customers with physical servers in the datacenter operating at only 15% CPU capacity. SC Virtual Machine Manager assesses and then consolidates suitable server workloads onto virtual machine host infrastructure; this frees up physical resources for repurposing or hardware retirement.
Stefan Stranger writes:
I've been asked to share the shared script mappings for the Active Directory and Exchange management packs, including script name, monitors / rules using the script, as well as object type targeted. Tables list only scripts used by more than one workflow.
Download Excel 2003 zipped copy
HERE
Download Excel 2007 zipped copy
HERE
Gabe Brown mentions on his blog that the public beta of System Center Configuration Manager is now available on Technet.
He also mentions that you can use SCCM in a virtual lab.
Visit the SCCM website on Technet
Exchange Server 2007 is more than an e-mail system. Exchange Server 2007 has several functions, from e-mail messaging, calendaring and real time collaboration to Unified Messaging. All these Exchange components must work together and several components from Exchange also rely on a lot of Windows Server components like DNS, Active Directory and IIS.
This article from MSExchange.com will show you how the new Exchange Server 2007 core services interact with other Exchange and related Windows services and which services from Exchange Server 2003 are obsolete in Exchange Server 2007.(
continue at source)
A session consists of all of the processes and other system objects that represent a single user’s logon session. These objects include all windows, desktops and windows stations. A desktop is a session-specific paged pool area and loads in the kernel memory space. This area is where session-private GUI objects are allocated from. A windows station is basically a security boundary to contain desktops and processes. So, a session may contain more than one Windows Station and each windows station can have multiple desktops.
Only one windows station is permitted to interact with the user at the console; this is called Winsta0. Under Winsta0 there are three desktops loaded: Winlogon (the logon screen), Default (the user desktop) and Disconnect. All three of these have separate logical displays, which is why your main desktop disappears if you lock the workstation. When you lock the workstation, the display switches from Default to Winlogon and there is no user interaction between the two. In Windows Vista this is even a bit more extreme. When you get a
UAC prompt for instance, it takes a screenshot of your Default desktop and then displays it dimmed out behind the UAC window in the foreground. The UAC window is part of the Secure Desktop (new for Vista and similar to the logon desktop) and will not allow you to interact with the Default desktop until you provide input.
Other windows stations exist that do not interact with the user. For example, services load under the ‘Service-0x0-3e7$’ non-interactive windows station. The exceptions to this are services that need to interact with the console user, so these load into Winsta0 instead.(
continue at source)
The new Explorer interface in
Vista does take some getting used to, especially if you’re used to zooming around Explorer in Windows XP. If you find, like I did, that the new way of doing things was actually slowing you down, here are some ways to claw back functionality.(
continue at source)
Gatineau, Microsoft's web analytics tool, looks like it is getting close to seeing the light of day. Apparently after an adChamps briefing in London, an attendee, Dave Naylor, got hold of
some Gatineau screenshots and posted them. Then
Ian Thomas, who is "responsible for bringing Microsoft's new web analytics solution, codenamed Gatineau, to market", rather than scurry about trying to get the screenshots taken down, did the right thing and just posted some good information about Gatineau, how to sign up for the alpha testing, and promising more soon.
Gatineau will allow users, once they have set up a profile and added a tracking script to their blog or website, to:
(more)
Mary Jo Foley writes:
Windows Seven now has an official ship target — 2010.
At Microsoft’s Global Exchange (MGX) annual sales conference in Orlando this week, Microsoft shared a bit more — albeit at a high level — on Windows Seven, according to a copy of a slide deck I saw that was distributed to the field sales force during the conference. Among the information shared was that Microsoft is anticipating it will take at least three years from now to get the next version of Windows client out the door.
Last time anyone got Microsoft to talk dates about Windows Seven, the next big Windows client release, a Windows exec slipped up and said something about 2009. Microsoft officials told MGX attendees that the company is currently internally planning Windows Seven. So far, the company has determined Windows Seven will come in both 32- and 64-bit flavors. No word on how many SKUs or any kind of guidance on features was provided, but Microsoft did say it would address both consumer and business segments with Windows Seven.
(more)
Pete Zerger (of
System Center Forum) has composed a checklist to use while importing the Active Directory Management Pack. Obviously, you'll still want to read the
Active Directory Management Pack Guide before importing the Management Pack, but this might be useful to jog your memory as you're going through the procedure.
Installation Checklist
Import the Active Directory Server Pack
Create a Management Pack in which to store customizations, such as overrides (for details on why, see this post)
(Optional) Import the Active Directory Client Management Pack and override the AD Client Monitoring Discovery Rule
Enable the Agent Proxy Setting on all Domain Controllers
Configure an account for Replication Monitoring (associated with the Active Directory Management Pack Account Profile)
Create a RunAs account and associate it with the AD MP Account Profile
Optional Configuration
Configure the maximum time allowed for change to replicate across a forest
Disable collection of warnings, performance data, and miscellaneous noncritical events to decrease network traffic
Enable data collection for the Replication Latency Report
Set parameters for tasks
Common Problems
Oomads not installed
Oomads 64-bit issues
Agent proxy settings enabled on all Domain Controllers
AD MP Account Profile Run As Account Password is not validated by the application when entered
The MOM product documentation team has just released the Operations Guide! The guide is a comprehensive resource that can be used to understand and use your Operations Manager 2007 implementation to your best advantage. It teaches an Operations Manager administrator what to do after successfully deploying a Management Group for the first time. The following topics are covered:
Understanding Initial Configuration
Configuring Operations Manager for Use
Deploying Agents
Processing Manual Agent Installations
Managing Management Packs
Investigating and Resolving Alerts
Changing Passwords for Operations Manager 2007 Accounts
Keeping the Core Infrastructure Healthy
Backing up the Root Management Server Encryption Key
Heartbeat and Heartbeat Failure Settings
Using Active Directory to Assign Computers to Operations Manager 2007
Identifying the Root Management Server
Removing a Management Server from a Computer
Configuring the Customer Experience Improvement Program (CEIP)
Configuring Client Monitoring
Configuring Error Reporting
Configuring Operational Data Reports
Managing Gateway Servers
Managing Web Console Servers
Managing Reporting
Backup and Recovery
Pick up your copy here:
http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/OM2007_OpsGuide.doc
With the release of the Scalable Networking Pack that is included with Windows 2003 SP2, we in Exchange support have been seeing some connectivity issues once the new networking features are enabled. These new features are enabled by default and are only used if your network card driver supports them. Some of the new architectural additions that were introduced with the Scalable Networking Pack are TCP Chimney Offload, Receive-side Scaling (RSS) and NetDMA. These were introduced because of the Microsoft Scalable Networking Initiative that was designed to help reduce OS bottlenecks caused by network packet processing. More information regarding the Scalable Networking initiative can be found at
www.microsoft.com/snp.
What this is does essentially is to offload TCP/IP packet processing to the network card, thus freeing up valuable CPU cycles for your applications. The throughput increases that you can get from having these enabled are quite significant.
These two posters, originally published in the July 2007 issue of TechNet Magazine, provide a strong visual tool to aide in the understanding of various features and components of Windows Server 2008. One poster focuses exclusively on powerful new Active Directory technologies, while the other provides a technical look at a variety of new features available in Windows Server 2008 (such as Server Core, Network Access Protection, and more).
Windows Server 2008 Active Directory Components
Windows Server 2008 Feature Components
Today we're going to get started with Windows Server 2008 Server Core. First, let's talk about what the Server Core installation is (and what it is not!). Server Core is a minimal environment to run specific server roles, which reduces the maintenance and management requirements and the attack surface for those roles.
When you look at what Server Core offers, the roles available are ideal for a branch office deployment scenario where there are limited (or no) IT resources remotely and all management is centralized. So let's get started with our installation.(
continue at source)
Microsoft is spending another $50 million to pump up sales, marketing, training and other support for its Forefront line of security products, the company announced July 11 at its Worldwide Partner Conference in Denver. It's also expanding eligibility so that more partners can take advantage of the up to 30 percent additional fees that they can receive through its Security Software Advisor program.
Forefront is Microsoft's battering ram when it comes to breaking into the enterprise security market. When the Redmond, Wash. company launched the first pieces of Forefront Dec. 8, analysts such as Gartner's John Pescatore predicted that Microsoft's entrance into the market would not only cause pricing pressure, but would also give industry stalwarts like McAfee and Symantec a swift kick in the pants, innovation-wise.
Pescatore: "As a result of their work so far, we can already see Symantec and McAfee moving faster in trying to address new threats like phishing; there definitely will be pricing pressure, and it will force the rest of the market to paddle faster to stay ahead or disappear."
(more)
Eileen Brown writes:
I’ve been dipping my toe in the waters of Powershell and feeling quite good about how my knowledge is growing. But now I’ve found
this little game, I’ve realised just how little I know about PowerShell, and just how powerful this is.
Powershell: Space Invaders
Microsoft is pleased to announce the release to manufacturing of System Center Remote Operations Manager 2007, previously known as the VAP scenario using OpsMgr with Essentials! The goal of this product is to allow IT service providers to efficiently and proactively monitor, control, update and manage their mid-market customers’ distributed infrastructures from a secure remote console. The feature set in this solution includes:
Support for remote monitoring services over the internet without requiring a VPN
Customer centric service provider views and reports
Diagnostic tasks to troubleshoot problems remotely
Support for centralized update management, software distribution and software and hardware inventory
Remote control support via Remote Web Workplace
Announced: System Center Remote Operations Manager
Charlie Kindel, General Manager for Windows Home Server writes:
Woo-hoo! We did it. Today we are announcing that Windows Home Server has been released to manufacturing (RTM). We have finalized the software and now handing it off to our OEM partners. The evaluation version (with 120 day evaluation period) and the system builder version are also heading into the distribution channels and will be available in the next couple of months. French, German and Spanish versions will be finalized shortly, and OEM products will hit retail shelves this fall.
We're also excited to announce Iomega and Fujitsu-Siemens Computers (FSC) as new OEMs planning to ship Windows Home Server products later this year.
(more)
This time, we're going to take that member server and convert it into a Read Only Domain Controller (
RODC). Now you might be thinking, why on earth is Microsoft creating such a feature set? Isn't this beast a throwback to the NT read-only BDC days? Nope.
A Read Only Domain Controller (RODC) is an additional domain controller for a domain that hosts read-only partitions of the
Active Directory database. An RODC is designed primarily to be deployed in a branch office environment. Branch offices typically have relatively few users, poor physical security, relatively poor network bandwidth to a hub site, and little local IT knowledge.
RODCs address some of the problems that might be caused by branch office locations that either have no domain controller or that have a writable domain controller but not the physical security, network bandwidth, and local expertise to support it.(
continue at source)
Watch the Core Read Only DC screencast
Microsoft seems to have (quietly) released an updated version of the OpsMgr 2007 MOM 2005 Backward Compatibility MP:
Updated MOM 2005 Backwards Compatibility MP (6.0.5000.12)
Updated System Center Internal Library MP (6.0.5000.16)
Updated System Center Core Monitoring MP (6.0.5000.16)
New Backward Compatibility Threshold monitoring type using in Converted MOM 2005 MPs which exposes Threshold values as overrides
Fixes to the Backward Compatibility Cluster discovery to address problem with converted MPs that monitor clustered Applications
Fixes conversion issue with MOM 2005 Windows Service rules using wildcards to match on Service names
It think it won't be long anymore before the Clustering MP (RTM) will be released, as I know that it had a dependency on this release for proper working. Hopefully other MP's like the Exchange 2007 will also appear in the coming weeks, following this update..
OpsMgr 2007 MOM 2005 Backward Compatibility MP Update
It’s always the same story. To substantially enhance your security, you have to give up some freedom or flexibility. If your environment is like most organizations, you have a very strong desire to harden the desktop operating system in an effort to provide a more secure computing environment for your end users. IT administrators typically approach the task of securing the desktop by employing a combination of security policy settings, user permissions, file and registry access control lists (ACLs), and system service restrictions.
One common hurdle in the development of a secure desktop environment is how to mitigate the threats surrounding malicious ActiveX® controls while still providing an appropriate level of application compatibility in your environment. This has been a challenge with desktop operating systems for many years. Fortunately, the new ActiveX control Installer Service (AxIS) in Windows Vista™ addresses concerns specific to the management of ActiveX controls in corporate environments. AxIS provides a simple and manageable way for standard users, who wouldn’t ordinarily be permitted to install ActiveX controls, to install them from approved Web sites. Group Policy control over AxIS allows IT administrators to determine which controls users can install, regardless of which permissions they have.
In this article, we take a look at the administrative challenges surrounding ActiveX controls, how these issues were addressed in previous versions of Windows®, and how AxIS in Windows Vista provides a unique and efficient way to manage the installation of ActiveX controls.(
continue at source)
Jesper Johansson mentions on his blog the availability of tools for the
Windows Vista Security book that just came out.
The default
Group Policy settings for User Account Control (
UAC) leaves out one of the UAC settings: the one that controls whether a locally defined administrator gets a full or filtered token when connecting to the computer remotely. To enable that setting to be managed using Local Security Policy or Group Policy requires
a new sceregvl.inf file. The UAC chapter discusses the setting and how to use this file to add it to the security policy tools.
A tool that enables you to launch a process elevated from a command line. You run "elevate <program> [program arguments]" and it will give you the standard elevation prompt. Since much of the code is reusable I also added the ability to run a process with low integrity with almost all the privileges stripped. Many programs won't work properly that way but I thought it was a nice way to test what will happen when you run them low.
One of my favorite utilities is the cmdhere.inf tool from the Windows 2000 Resource Kit. It puts a "command prompt here" command on the context menu for folders in Windows Explorer. However, with Vista cmdhere no longer works, and if you tweak it to work you get a non-elevated command prompt. Using the elevate tool,
this little utility adds an "elevated command prompt here" item to the shortcut menu.
Windows ships with a large number of processes built-in, although many are not installed in a default installation. In some cases, it is highly interesting to know what privileges these processes have, what accounts they have in their tokens, and what the access control list (ACL) on the process itself is.
This document summarizes these parameters for a stand-alone Windows Vista Ultimate x86 system with all optional components installed. The data in the document shows a start mode for each service. This is the mode that service will have if it is installed. Some of these services are not installed by default.
Download the Privileges for Built-in Processes document
A new feature in Windows Vista makes it possible to configure international settings from the command line using an extension of the Regional and Languages Options Control Panel. For example, a network administrator may wish to mandate that all corporate computers in his international branch offices use the ISO standard date format (YYYY-MM-dd). By describing this property in an XML file, the network administrator can create script(s) to automate the configuration of the international setting(s) for any Windows Vista installation.
This command line method of configuring international settings requires Windows Vista. It is bundled into the intl.cpl binary that ships with the operating system. (
more)
Lee Desmond writes:
in Windows Server 2008, the setup of a domain controller in an Active Directory network has undergone a couple of notable changes. Let us walk through the setup of a brand new Active Directory infrastructure to illustrate this.
(
continue at source)
Jeff Guillet writes:
I do a lot of work using Remote Desktop Connections. Sure beats the old "sneaker net" days where you had to physically log into each server you needed to manage.
I'm sure you know that you can
connect to the console session using MSTSC /CONSOLE from the command line. This is helpful when you need to establish a third RDP session because the other two are in use, or when you need to install software that can only be done from the console.
One of the questions I'm asked is how to tell if you're connected via RDP to the console from the RDP session. To do this, simply open a command prompt and enter QWINSTA. You will see output similar to the screen above.
Take a look at the session ID in the example above. When you're in an RDP session to the console, the session ID will always be 0 (zero). That's all there is to it!
