At the time of this writing, the last Windows Server Remote Access Management pack released by Microsoft was for Windows Server 2012R2. Customers need to monitor their VPN solutions deployed using the Windows Server Remote Access role on Windows Server 2016 and 2019. This MP will discover and monitor all your RRAS servers on Windows Server 2012 and later.
Quick Download: https://github.com/thekevinholman/RemoteAccessMP
I basically started with the WS 2012R2 MP, but made a LOT of changes. It was not a good MP, I soon found:
- Changed the discovery to be OS version agnostic
- Disabled all the event collection rules (what a terrible thing to do originally!)
- Removed the massive number of classes. They served absolutely no purpose and just bloated the MP. A very common issue with a lot of Microsoft MP’s.
- Rewrote the Distributed Application to contain Remote Access Servers instead of sites, so it populates now.
- Removed On-Demand detection from the Heuristic monitortype, and set “ConfirmDelivery=false” on all Heuristic monitors, which was breaking cookdown.
- Added a RunAs profile, which will be used by the discovery script and the Heuristics script monitor, if needed.
- Cleaned up the ID of the MP, and some class names
- Cleaned up the views
- Cleaned up the discovery and monitoring PowerShell scripts
Quick Download: https://github.com/thekevinholman/RemoteAccessMP
Hi!
Good work Kevin. 🙂
Maybe good to know is that we had (AP.Remote.Access v19.5.5) installed, see more info –> https://c22mort.github.io/RemoteAccess.html.
I had to remove AP.Remote.Access v19.5.5 before Microsoft Windows Server Remote Access Management Pack 10.0.0.0 could be installed. Otherwise it will be a naming conflict in the database and the installation will be canceled.
WOW. I had no idea that existed.
I have done some additional work on this one recently to the one I posted and I believe it fixes a lot of the issues in the original MP.
Hi Kevin
Can your updated MP monitor AlwaysON VPN as well as Direct Access? It looks like this will cover the RAS server components, but how about the NPS role?
Thanks
NPS is covered by another MP that should work for this: https://gallery.technet.microsoft.com/SCOM-NPS-2008-2016-0b921c1f
Thanks Kevin, that’s great.
Hi Kevin,
When I try to import the MP, I got the following error.
————————————————————————————————————————————————–
Microsoft Windows Remote Access Server could not be imported.
If any management packs in the Import list are dependent on this management pack, the installation of the dependent management packs will fail.
Database error. MPInfra_p_ManagementPackInstall failed with exception:
[MP ID: 3d274d76-7ee2-b5a7-fe35-ae87563e99d0][MP Version: 10.0.0.10][MP PKT: ] Database error. MPInfra_p_ManagementPackInstall failed with exception:
ManagementPack cannot be imported because it contains a Relationship Type with the same name as an existing type: RemoteAccessSite.Contains.RemoteAccessServer
———————————————————————————————————————————————————
Did I missing any MP? Please advise.
Thank you!
Do you already have another version of a RRAS MP imported?
Yes, I have the following MP installed
– Microsoft Windows RemoteAccess 2012 Monitoring
– Microsoft Windows RemoteAccess 2012 R2 Monitoring
– Multi-Tenant RemoteAccess Server 2012 R2 (Discovery)
– Multi-Tenant RemoteAccess Server 2012 R2 (Monitoring)
Thank you!
You need to remove:
– Microsoft Windows RemoteAccess 2012 Monitoring
– Microsoft Windows RemoteAccess 2012 R2 Monitoring
As those are replaced by my MP.
Thank you very much Kevin! It’s working now.
My SCOM SME is out on vacation so if you can give me a quick tutorial how to gather AOVPN Client counts, that would make our team look good!
Is there anyway to monitor total DA connections on SCOM? I have the MP installed but i cant see a way to monitor total connections
Hello Kevin!
Thanks for bringing this MP to my attention!
At the moment, after around a week after I installed it, still I don’t get any VPN servers discovered. After reading the guide, I reckon this is a permission problem. Can you clarify “The account that runs the workflows in the management pack will need to have full control permissions for the DirectAccess Server GPO”? We do not use DA and don’t have a Group Policy Object for DA. Or did you mean the OU? I’m not really sure what a bunch of VPN (only SSTP) need in terms of permissions, but would like to finally discover my VPN hosts and start monitoring them.
Cheers
Jens
That’s probably not the best place to ask, but since you mention that you “set confirmdelivery=false”, could you elaborate on what confirmdelivery actually is for? And while we are at it, what about Priority?
I’m not been able to find much relevant information, and these don’t really seem to make any difference in my workflows
Thanks 🙂
I wish I knew. 🙁
I only know they break cookdown. I don’t write much that needs cookdown, so it doesn’t come up often, and when it does, I turn it off. Wish I had a better answer.
Thanks for the answer anyway, at least now I know for a fact that it isn’t any sort of common knowledge 😀
As per https://learn.microsoft.com/en-us/previous-versions/system-center/developer/jj129817(v=msdn.10) :
“The ConfirmDelivery attribute should be set to true only when you find that the workflow is failing to pass data from the data source to the next module in the workflow. This would happen when the amount of data surpasses a predefined system threshold. When it surpasses this threshold, data items will be dropped for performance reasons. However, when ConfirmDelivery is set to true, the data will not be dropped but the next module in the workflow will acknowledge delivery of the data item to the data source module before it receives its next piece of data.”
Seems it’s related to all workflows not for discovery only.
Just a quick doubt if this MP has been tested on Remote access on 2022 server edition ? I suppose it should work as not much chanced form 2019 and 2022 Temote access (if anything) , but wondering if you had more info on wether it will work with OS version 2022 .. Thanks
I have not tested it on that OS. But I do not see any reason why it would be different.
Just to let you know that i imported the MP into scom2022 and my server 2022 VPN servers showed up correclty in the dashboard so seems to be also working for 2022 . .Nice .. Thanks Mr Holman for your MP ..