Menu Close

UR3 for SCOM 2019 – Step by Step

image

KB Article for OpsMgr

List of New Features

Download Update Rollup from the Catalog

Download the NEW Simplified Management Server Update EXE

Download Updated UNIX/Linux Management Packs

Recommended hotfix page

New Features:

  • Updates to the new change tracking feature
  • Additional view options in web console widgets
  • Resolved issues with orphaned alerts
  • Performance Improvement in load time for Windows computer view
  • Performance Improvement in load time while changing user role privileges
  • Performance Improvement in SDK service queries
  • Performance Improvement in grooming of maintenance mode staging table
  • UNIX/Linux – Reliability and performance improvement in Xplat agent
  • UNIX/Linux – Support for RHEL 6
  • UNIX/Linux – Disabled SSL renegotiation for Linux agent
  • UNIX/Linux – TLS 1.2 support for Solaris 10 SPARC
  • UNIX/Linux – Dynamic changes in log-level settings without agent restart

Key fixes:

  • See the KB article.  There are too many fixes to list here.

 

NOTE:  I get this question every time we release an update rollup:  ALL SCOM Update Rollups are CUMULATIVE.  This means you do not need to apply them in order, you can always just apply the latest update.  If you have deployed SCOM 2019 and never applied an update rollup – you can go straight to the latest one available.

 
Let’s get started

From reading the KB article – the order of operations is:

  1. Install the update rollup package on the following server infrastructure:
    • Management Servers
    • Web Console Servers
    • Gateway Servers
    • Operations Console Servers
    • Reporting Server
  2. Apply Agent Updates
  3. Update Unix/Linux MP’s and Agents

 

Management Servers

image

Updates in SCOM 2019 have CHANGED.  There is a new process for updating management servers that differs from previous versions of SCOM.  Download the single file management server update, and this will ensure that your Management Server Role is updated, as well as any SQL updates, and Management Pack updates.

It doesn’t matter which management server I start with.  I simply make sure I only patch one management server at a time to allow for agent failover without overloading any single management server.

I have 2 management servers  My first management server holds 3 roles, and each must be patched:  Management Server, Web Console, and Console.

The first thing I do when I download the updates from the catalog, is copy the cab files for my language to a single location, and then extract the contents. 

image

Notice the new EXE file, and a MSP file exist for the Server update.  The EXE is the new simplified update file, but we included the older MSP for customers who want to continue to use the old process, or use silent installs for patching.  I will ONLY demonstrate and recommend the EXE file for the Management Server role update.

Once I have the EXE and MSP files, I am ready to start applying the update to each server by role.

  • ***Note:  One of the changes in SCOM 2019 Update Rollups, is that you no longer need to have “Sysadmin” role level rights to SQL.  The SCOM Update Rollup simply updates SCOM, and then uses your existing RunAs accounts to deploy the updated SQL script files to modify the SQL databases.  You simply need to log into your SCOM management servers as a Local Administrator and SCOM Admin.

My first server is a Management Server, Web Console server, and has the SCOM console installed, so I copy those update files locally, and execute them per the KB, from an elevated command prompt.

I will start with KB4594078-AMD64-Server.exe

This is a self-extracting executable, that kicks off a simple update tool.  Accept the license terms, and click “Install

This will update the management server role, update the databases with SQL scripts, and then import any Management Pack updates.

image

If you have an issue – you can review the setup logs:

  • Setup Log: C:\Users\<UserName>\Appdata\Local\SCOM\Logs
  • SQL Logs: <SCOM install directory>\Server\SQL Script for Update Rollups\SqlExceptions_{version}.log
  • MP Import Logs: <SCOM install directory>\Server\Management Packs for Update Rollups\ManualMPImport_{version}.log

Next up – since this management server also runs a SCOM Web Console, I will run the Web Console update: KB4594078-AMD64-WebConsole.msp

Lastly – install the Console Update (make sure your console is closed):   KB4594078-AMD64-Console.msp

You can reboot the server at this time if you were prompted to in order to complete the update.  If you were not prompted to, you do not need to. 

 

Additional Management Servers:

image

Apply the UR updates for Server, Web Console, and Console roles as needed for all additional management servers.  You should only patch one management server at a time to allow for graceful failover of agents and to keep resource pools stable.

You can use the same EXE file and MSP files (where applicable) you used for the first management server.  The setup program will detect if the SQL scripts are already completed, and if the MP’s are already imported, and skip those if needed.  

 

Updating Gateways:

image

Open an elevated command prompt, and run the update:   KB4594078-AMD64-Gateway.msp

The update launches a UI and quickly finishes.

 

Updating Reporting:

image

On your server that hosts the SCOM Reporting role, run the update:   KB4594078-AMD64-Reporting.msp

 

Update Agents:

image

Agents should be placed into pending actions by this update for any agent that was not manually installed (remotely manageable = yes):

***NOTE: For this to work, you MUST run the server update from an elevated command prompt, and the user account running the update must be a Local Admin, and SCOM Admin.  The Agents MUST have “Remotely Manageable” set to “Yes”.

image

You can approve these – which will result in a success or failure message once complete:

image

Now we will show the “REAL” agent number in the Administration –> Agent Managed view console:

image

And my SCOM Management Group Management MP, which will help show you REAL UR levels based on a better discovery.  This has long been a pain point in SCOM:

https://kevinholman.com/2017/05/09/scom-management-mp-making-a-scom-admins-life-a-little-easier/

image

 

Update UNIX/Linux MPs and Agents:

image

You can get the current Unix/Linux MP updates HERE.  

Download, extract, and import ONLY the updated Linux/UNIX MP’s that are relevant to the OS versions that you want to monitor.  Here is the FULL list:

image

In my environment – I only monitor RedHat and Universal Linux distributions, so this is my pared down list of MP’s to update:

image

This will take a considerable amount of time to import, and consume a lot of CPU on the management servers and SQL server until complete.

Once it has completed, and before you attempt to update your Linux Agents – verify the updated files are dropped at \Program Files\Microsoft System Center\Operations Manager\Server\AgentManagement\UnixAgents\DownloadedKits.   If they are not present, sometimes you must restart the Microsoft Monitoring Agent service on the management servers after an MP Import to get them to show up.

After restarting my Microsoft Monitoring Agent service on my management server, I see the new files dropped with new timestamps:

image

Now you can deploy the Linux agent updates:

image

image

image

image

If you have any issues, make sure your SUDOERS file has the correct information pertaining to agent upgrade:

https://social.technet.microsoft.com/wiki/contents/articles/7375.scom-configuring-sudo-elevation-for-unix-and-linux-monitoring.aspx

 

Update the remaining deployed consoles

image

This is an important step.  I have consoles deployed around my infrastructure – on my Orchestrator server, SCVMM server, on my personal workstation, on all the other SCOM admins on my team, on a Terminal Server we use as a tools machine, etc.  These should all get the matching update version.  

 

Verifying the update

There are new views in the SCOM console to help with this and make this process MUCH easier.  You do need to wait long enough for the discoveries to run in order for these to update the views. 

image

image

image

image

image

image

image

image

 

Review:

Now at this point, we would check the OpsMgr event logs on our management servers, review the Management Group Health dashboard, check for any new or strange alerts coming in, and ensure that there are no issues after the update.  

 

Known Issues:

image

1.  The Web Console views may not work (500 error) for scoped users who are not SCOM Admins.  These same views work fine for SCOM Admins.

  • This primarily affects Web Console roles installed using Network Authentication.  This does not appear to impact Web Console servers installed using Windows Authentication.
  • On the web console server – find the folder:   \Program Files\Microsoft System Center\Operations Manager\WebConsole\MonitoringView\TempImages
  • Change the security on this folder for Authenticated Users – and add “Write” capability:

image

 

2.  Once you apply an update rollup, you cannot install, or re-install SCOM reporting Role.

  • You will see an error in the setup UI (when you supply a management server name) that states “Unable to connect to the Data Access service for this management server. Ensure the Data Access service is running and that the service, the management group, and setup are all the same version.”

image

  • In the setup log, located at C:\Users\<username>\AppData\Local\SCOM\LOGS\OpsMgrSetupWizard.log – the last line will appear similar to:   Error:The management server is a different version than the current setup build. Please use a different management server or the correct version of setup. Server Version: 10.19.10311.0
  • SCOM Reporting Setup looks for a very specific value in the SQL database, which has been updated by the UR1 and setup now rejects continuing.
  • Apply the following workaround to install/reinstall SCOM Reporting role:
  • QUERY the OPERATIONSMANAGER database, and record the VERSION number that is returned.  You will need this value later.  You need to change the PrincipalName to your SCOM Management server that you point the reporting install to.

-- 10.19.10050.0 - 2019 RTM -- 10.19.10311.0 - 2019 UR1 -- 10.19.10349.0 - 2019 UR1 with post UR1 Hotfix -- 10.19.10407.0 - 2019 UR2

-- 10.19.10505.0 – 2019 UR3 USE OperationsManager SELECT PrincipalName, Version FROM MTV_HealthService WHERE IsManagementServer = 1 AND PrincipalName = 'OMMS1.opsmgr.net'

UPDATE the VERSION entry in the OpsDB to match the RTM version number which is 10.19.10050.0 just for this management server.

UPDATE MTV_HealthService SET Version = '10.19.10050.0' -- 2019 RTM WHERE PrincipalName = 'OMMS1.opsmgr.net'

Install SCOM 2019 Reporting, and choose this same Management Server.  Reporting install will work now.

REVERT the VERSION entry in the OpsDB to match the original value you recorded

UPDATE MTV_HealthService SET Version = '10.19.10505.0' -- 2019 UR3 WHERE PrincipalName = 'OMMS1.opsmgr.net'

 

Done!

image

10 Comments

  1. Stclair

    I previously had the issues with some Management server continuing to try to deploy warehouse components. Still occurs after this update although it says it was addressed in the patch. I tried both the simple installer then manually installing the UR on the affected servers. Weirdly this only occurs on management servers at a remote site but not on the local. Thanks:

    Failed to deploy Data Warehouse component. The operation will be retried.
    Exception ‘DeploymentException’: Failed to perform Data Warehouse component deployment operation: Install; Component: Script, Id: ‘4173391e-ce71-1369-c358-17030bb09b41’, Management Pack Version-dependent Id: ‘73695800-a0e6-5cc8-6a66-9f8bbe722d7f’; Target: Database, Server name: ‘ServerA’, Database name: ‘OperationsManagerDW’. Sql execution failed. Error 777971002, Level 16, State 1, Procedure DeploymentOperationValidate, Line 278, Message: Sql execution failed. Error 777971104, Level 16, State 1, Procedure DeploymentOperationValidate, Line 170, Message: Deployment operation validation failed. Component alrady installed. Operation: ‘Install/Upgrade’; Component type: ‘Script’; Component id: ‘4173391E-CE71-1369-C358-17030BB09B41’; Management pack version: ‘73695800-A0E6-5CC8-6A66-9F8BBE722D7F’; Target: ‘Server name: ServerA; Database name: OperationsManagerDW; Dataset ID: [null]’

    One or more workflows were affected by this.

    Workflow name: Microsoft.SystemCenter.DataWarehouse.Deployment.Component
    Instance name: 8a9be2d2-02de-4f28-85a8-2ebf425c9dbb
    Instance ID: {40D8D96F-675F-D7D0-019D-6E0E8C6CF9E2}

  2. Nodar

    Hi Kevin, first of all many thanks for your solutions and recommendations, usually use them for my SCOM.

    UR3 done successfully except agents, some of them were not updated from console and still have old versions 10.19.10014.0 and 8.0.13053.0

    Do I need to update them manually (one by one) or better to find issue and update them using console?

    Thanks in advance.

    • Kevin Holman

      You can try to do a “repair” using the console. Then go investigate the ones that failed and see what is wrong/failing, then address it. If the number is manageable then yes, I’d expect you would fix those manually.

      A UR update generally will not work on old agents, you need to upgrade them first…. I’d expect those to fail.

  3. Thomas Rummerstorfer

    Hi Kevin,

    do you have any news about the Ubuntu 2004 LTS support?
    It has been a full year since the release, but there it’s still not supported by SCOM.

    • Kevin Holman

      I recommend you open a request at aka.ms/SCOM (or a support case) for this. I am not sure why we have not added this support to SCOM 2019.

Leave a Reply

Your email address will not be published. Required fields are marked *