Menu Close

Assigning Gateways and Agents to Management Servers using PowerShell


image

Just publishing some common PowerShell agent and Gateway assignment commands I use on a frequent basis for SCOM:

 

A common issue I find in customer environments, is that they do not set their agents to be able to fail over to multiple Gateways, or they do not set their Gateway servers to be able to fail over to multiple management servers.

When you assign an agent to a gateway – by default it will ONLY talk to that one GW.  If you deploy multiple GW servers for failover – you must configure this failover using the SDK (PowerShell)

When you assign a Gateway to a Management Server – by default that Gateway server will ONLY talk to that one Management Server.  You should always configure Gateway Failover otherwise you will issue hundreds or thousands of Heartbeat failures should you ever take the Management Server down for planned or unplanned maintenance.

 

########### Gateway to Management Server Assignment # Get a specific gateway server object by name $Gateway = Get-SCOMManagementServer | where {$_.Name –eq "dmzscomagw1.dmz.net"} # Show the gateway server assignments for primary and failover $Gateway.GetPrimaryManagementServer().DisplayName $Gateway.GetFailoverManagementServers().DisplayName # Set the gateway server to a specific primary $Primary = Get-SCOMManagementServer | where {$_.Name –eq "scom1.opsmgr.net"} Set-SCOMParentManagementServer -GatewayServer $Gateway -PrimaryServer $Primary # Set the gateway server to a specific failover $Failover = Get-SCOMManagementServer | where {$_.Name –eq "scom2.opsmgr.net"} Set-SCOMParentManagementServer -GatewayServer $Gateway -FailoverServer $Failover # Set the gateway server to a list of management servers for failover $FailoverList = Get-SCOMManagementServer | where {$_.Name –ne "scom1.opsmgr.net" -and $_.IsGateway -eq $false} Set-SCOMParentManagementServer -GatewayServer $Gateway -FailoverServer $FailoverList ########### End

 
########### Agent to MS/GW Assignment # Get Management Server Object Examples $Primary = Get-SCOMManagementServer | where {$_.Name –eq "scom1.opsmgr.net"} $Failover = Get-SCOMManagementServer | where {$_.Name –eq "scom2.opsmgr.net"} $FailoverList = Get-SCOMManagementServer | where {$_.Name –ne "scoma1.opsmgr.net" -and $_.IsGateway -eq $false} # Get a specific agent by name $Agent = Get-SCOMAgent -DNSHostName 'server.opsmgr.net' # Get all agents currently assigned to a Management Server or GW $Agents = Get-SCOMAgent -ManagementServer $Primary # Get parent assignments for an agent $Agent.GetPrimaryManagementServer().DisplayName $Agent.GetFailoverManagementServers().DisplayName # Agent set parent Examples Set-SCOMParentManagementServer -Agent $Agent -PrimaryServer $Primary Set-SCOMParentManagementServer -Agent $Agent -PrimaryServer $Gateway Set-SCOMParentManagementServer -Agent $Agent -FailoverServer $Failover Set-SCOMParentManagementServer -Agent $Agent -FailoverServer $FailoverList # Reassigning all agents in an array of agents FOREACH ($Agent in $Agents) { [string]$AgentName = $Agent.DisplayName Write-Host "`nStarting agent assignment for ($AgentName)" $PriBefore = $Agent.GetPrimaryManagementServer().DisplayName $FailBefore = $Agent.GetFailoverManagementServers().DisplayName Write-Host "Primary before assignment for ($AgentName) is ($PriBefore)" Write-Host "Failover before assignment for ($AgentName) is ($FailBefore)" IF ($FailBefore) { # We need to remove any failover settings for this agent in case we are setting a primary server already in the failover list Write-Host "Removing Failover...." Set-SCOMParentManagementServer -Agent $Agent -FailoverServer $null } Write-Host "Assigning...." Set-SCOMParentManagementServer -Agent $Agent -PrimaryServer $Primary Set-SCOMParentManagementServer -Agent $Agent -FailoverServer $Failover $PriAfter = $Agent.GetPrimaryManagementServer().DisplayName $FailAfter = $Agent.GetFailoverManagementServers().DisplayName Write-Host "Primary after assignment for ($AgentName) is ($PriAfter)" Write-Host "Failover after assignment for ($AgentName) is ($FailAfter)" } ########### End

10 Comments

  1. Stephan

    Hello Kevin.
    We use Active Directory Integration for agent assignment in our Intranet. We have three Gateway Server (the third is observer) in our DMZ. The Gateway Server are AD Members. It’s no Trust between the Intranet AD and DMZ AD.
    Is it possible to use Active Directory Integration for agent assignment for Gateway Server?
    If yes, how?

  2. Brian

    Looks like the last script in the Agents list “Reassigning all agents in an array of agents” is not complete. Could you update it please? Your blogs on SCOM have been very helpful and appreciated!

  3. James

    Hello Kevin

    I want to test this out on a single server. I tried the script below and get no error but when I check the agent on the client server I see no change. Any ideas?

    I also have an issue trying to get a SCOM Gateway server to work in SCOM Manasgement console. I tried the same steps as the other two which worked correctly. I think I wll remove it again and leave it over night and try again. If there is anything I can try to get it working that would be appreciated.

    clear-host
    $Primary = Get-SCOMManagementServer | where {$_.Name –eq “esc-scomgw-01.xxxxx.net”}
    $Failover = Get-SCOMManagementServer | where {$_.Name –eq “pde0scop001.xxxxx.net”}
    # $Primary = “esc-scomgw-01.xxxxx.net”
    # $Failover = “pgb0scop001.ixxxxx.net”

    $MgmtServer = $null
    #$MgmtServer = Get-SCOMManagementServer “esc-scomgw-01.internal.cliffordchance.net”
    # $server = Get-SCOMAgent -ManagementServer $MgmtServer | ? {$_.DisplayName -eq “pde0adm005.ixxxxx.net”}
    $Agent = Get-SCOMAgent -DNSHostName “pde0adm005.xxxxx.net”

    $Agent.GetPrimaryManagementServer().DisplayName
    $Agent.GetFailoverManagementServers().DisplayName

    # Set the agent
    Set-SCOMParentManagementServer -Agent $Agent -PrimaryServer: $Primary
    Set-SCOMParentManagementServer -Agent $Agent -FailOverServer: $FailOver

    • Kevin Holman

      You need to check in SCOM. That’s what matters. The agent assignment on the agent changes over time…. that’s a value taken from the registry. If you want to see the change made on the agent immediately – open the config file in the agent install directory, and find the section, and check which one IsPrimary=True

  4. James

    Thanks Kevin

    I removed the colons from
    Set-SCOMParentManagementServer -Agent $Agent -PrimaryServer: $Primary
    Set-SCOMParentManagementServer -Agent $Agent -FailOverServer: $FailOver

    I think that did the trick

    Many thanks

  5. Steve

    We have 2 1807 management servers, and manage the infrastructure of 50 customers, and 45 Gateway server installed at various customers.
    I was working with another script.
    https://gallery.technet.microsoft.com/Move-Agent-SCOM-Primary-9927d7a3

    All Scom agents from all customers are known on the management server. I am not a Powershell guru, but you’re script is probably based on re-assigning scom agents in 1 domain.
    When I run this script on the Management server, it will probably apply to all agents that are known on the MS server.
    I just need to re-assign Customer A agents, and not customer B, C etc

    In the script I posted , you have the choice to re-assign 1 or more agents from a relevant customer, but it does not work because of the missing failover settings.
    Is it possible you can tweak you’re script, to be prompted to enter the name of the management server you want the SCOM Agents set to, and Select the SCOM Agents you want to change the primary management server for.

    I know what you’re thinking.. Do it you’re self 🙂 I’m missing the PS knowledge to tweak the script, and we don’t have a test Scom environment yet. That’s another story..

    Thanks

  6. Vijay

    Hey Kevin,

    I am trying to run below command to set new primary management servers for gateway server but i am getting error “Agent is currently managed through Active Directory. To change the agent assignment, update the Active Directory integration configuration” How can i change this for Gateway server

    Set-SCOMParentManagementServer -GatewayServer $Gateway -PrimaryServer $Primary

Leave a Reply

Your email address will not be published. Required fields are marked *