DNS Bulk host Import

Last week I was with a customer that had multiple clients not added to the DNS server. Because we added these hosts to the new SCOM 2012 R2 environment we had only the IP address to work with. This is not user friendly and the host name of the device gives us insight of the location of the device.

So I needed a quick way to add around 250 devices directly to the DNS server.. I already had a sheet in a CMDB with the HostNames and IP adresses..

I exported these hosts and IP adresses in to a CVS file format,

now save your file as a CSV file in the format as above.
the following PowerShell Script I used to add these hosts to my DNS server..

Run the Script with DNS add premissions and al the host names will be added to your preferd zone.


SCOM 2012 r2 VEEAM VMware integration

We all want statistics about how our environment is preforming and a head-up when problems could be occurs. We already monitor our Virtual Windows Server trough SCOM. That gives us some pretty good information about the status of our servers. But what about the HOST that have these Virtual Servers? Shoulded  we not monotor them also? What about the Host performance? Could we manage all these VM’s on these HOSTS or do we need to expand our environment?

All these questions could be answered by digging down in your HyperVisor and calculate these information manually thats fun if you have enough time to spend on digging in to all your hosts and vm’s to see if your resources are in balance. Because that is fairly time consuming there is a way to help you automate this for you.

Still even with the Veeam SCOM 2012 r2  Management Pack for VMWare and HyperV you still need to analyse the statistics your self 😉
The installation of the Veeam SCOM MP is quit easy to do.

Requirements Veeam Management Pack for System Center 2012 Version 7.0R2:
VMware Infrastructure
Hosts: ESX 4.X ESXi 4.X 5.X
Software vCenter 4.X, 5.X

Microsoft Ops Mgr
Microsoft Ops Mgr 2012 SP1
Microsoft Ops Mgr 2012 R2
Note: For system requirements for Ops Manager Server, see Microsoft Ops Mgr Documentation

Important: Veeam MP for VMware reporting only supports MSSQL Server 2008 SP3, MSSQL 2008 R2 Sp2 and MSSQL 2012 SP1 Reporting Service.

Veeam VMware Collector, VES Service and Virtaulization Extension UI.
Memory: Minimum of 4GB for X86 systems and 6GB X64 Systems
HDD required at least 2GB of free space
Processor 2x 2Ghz Minimun recommended
Windows Server 2012 r2 Recommended (Server 2012 Sp1 or Server 2008 R2)
.NET FrameWork 4.0 or later.

My installation is a 2 Management Ops Server setup and a separate SQL Server.
The collector server is a singel- server installation with means that I have all features (Collector Service, VES Service and Virtualisation Extension UI) installed on one server. This is recommended for lab environments or small environments like mine.

Before you start make sure

  • SCOM agent is deployed to the server and proxy enabled, since I already have an installation in place
  • The installation account is local administrator on the collector server
  • The service account under which the collector server will run is local administrator on the collector server
  • Make sure all UI from the nworks MP are closed
  • Check your permissions of the Veeam service account.
  • The detailed required ports and network requirements for the MP.


SCCM 2012 r2 in a closed network

Last time I installed an SCCM 2012 r2 environment for a client, they have a special application that is running in a separate domain and have no internet access at all. I had only a few firewall openings that were needed to running this application.

I already had WSUS installed against an upstream server for indexing. Because the internet access to all servers were cutoff I needed to find a way to download all Critical and Security updates for all windows servers and clients in that environment. Normally you use WSUS only for indexing, SCCM 2012 r2 will download the requested updates directly from Microsoft Update Services. You could also download manual all required updates from the Microsoft Update catalogues and import them into the SCCM 2012 r2 environment. This will be a lot of work every month to do so..

My WSUS server have access to the upstream server and the upstream server already downloaded all required updates.

I created a rule within WSUS to auto approve all security and critical updates and download these automatically to specific directory. In SCCM you could import required updates from a file share so the next thing I created an ADR, in that ADR i told SCCM 2012 r2 to not download the updates but import them from a file share. I pointed to the file share where I downloaded the updates from WSUS.

SCCM accept these updates and distributed them to my clients.

Refreshing State Messages SCCM 2012 R2

Recently I worked on the reporting service of SCCM 2012. I noticed that some client did not jet report their Compliance state back to SCCM 2012. Because of demanding reports back to our security officers I needed a faster and better way to get the Compliance reports in order.

SCCM comes with a fairly extensive set of pre-configured reports to provide information about the state of your infrastructure.  There are different types of reports to become familiar with, but the ones we care about here can be found under Monitoring\Reports\Software Updates A.

If you don’t see this in your environment, it’s likely you are either viewing a Site Server that is not set up with the Reporting Service Point role.  If this role is set up on another Site Server in your environment, target the Admin Console there instead.  If not, the following article goes through the process of setting up Reporting Services in your SCCM hierarchy: Configuring Reporting in Configuration Manager

What is the problem?

SCCM can only report what it knows, the way SCCM determines what should be in a report is through state messages sent by its managed devices. The state messaging system is fairly complicated.

The idea is that for some reason or other (network hiccup, etc.) the state messages relating to a particular compliance setting did not make it to the Site Server, which has resulted in the Compliance report showing inaccurate information.  By default, state messages should be resent every 30 days from all managed devices so any issues detected should resolve themselves over time.  But in practice, I have found that sometimes it’s necessary to give the state message system a jump-start in order to resolve the reporting discrepancy.

On my way to get a solution to this I came across a TechNet blog describing the above problem, the old fashion way to solve this issue is to use a VB script that forces the State Messaging system to report back to the SCCM Site Server. Also a problem with SCCM 2012 is that there is no official documentation available for publishing VBScript that run automatically on managed devices.. Of course you could make a scheduled task on every server. But if you mange several hundred or even thousands systems. That will be an impractical solution.

What about PowerShell??

When I search on the Internet I came across a small PowerShell script that does the job, the first poster that created this small script had only a two-line solution, So why not try it? right below you will find the script, save this as yourscripname.ps1

The first two lines is where the actual action occur, these will force the managed device to report back to the SCCM site. the third and forth line will generate an event in your event viewer, that is the way you could view if your script run successfully.

You could also check out the UpdateStore.log file on your SCCM client log file folder:
Opening the log file after running the script, we should see the following:

Initiated refresh of update compliance to site server.    UpdatesStore    2/23/2015 6:03:10 AM    7332 (0x1CA4)
Successfully called refresh of update compliance from automation object.    UpdatesStore    2/23/2015 6:03:10 AM    13484 (0x34AC)
Message received to resend all update status, processing…    UpdatesStore    2/23/2015 6:03:10 AM    14184 (0x3768)
Successfully raised Resync state message.    UpdatesStore    2/23/2015 6:03:11 AM    14184 (0x3768)
Resend status completed successfully.    UpdatesStore    2/23/2015 6:03:11 AM    14184 (0x3768)

If this information is found at the same time as the script has run, we can say with confidently that it has done what we asked. From here, the only thing left to do is verify the Compliance report is now reporting correct information, which can be easily done by re-running the report.

Creating a Package:

open your SCCM Admin Console and browse to: Software Library\Application Management\Packages and right-click the Packages node.  Select Create Package and enter the following information

The first you need to enter some basic information the Wizzard will help you trough,

Name of your package.. I used ReSync Package – PowerShell
Enter your source directory (note that this source should be a network share and everyone permission need to be set as read)
On the next page, select ‘Standard Program’ (assuming we are using a client computer and not a device such as a Windows phone):
After selecting the Standard Program, we need to enter information on the script and how we want to run it.  The following screen provides that detail
image_thumb_05A7D343finish all other steps that the wizard require. I did not need to change any default settings in the package.

And deploy the package to your preferred device collection for testing.