Menu Close

How to upgrade and update SCOM agents using Tasks

image

You probably have a lot of agents that are not up to date.  Perhaps you recently did a side by side migration and have a lot of older SCOM agents that need an upgrade.  Perhaps you are just way behind on getting the latest update rollup out?

Did you know that you can use tasks in SCOM to perform the agent upgrades?

First – Download and import my SCOM Management MP:

SCOM Management – MP – Making a SCOM Admin’s life a little easier – Kevin Holman’s Blog

Next, once all the SCOM Agents are discovered – use the SCOM Agent view to see the task for “Execute Software From Share”

image

We can use this task to install software on agents, as long as the agent action account (Local System) has rights to the share, and can connect to it.

So – let’s prepare our share first.

On one of your management servers, browse to the location that you installed SCOM.  We are going to share the amd64 folder.

Example:  \Program Files\Microsoft System Center\Operations Manager\Server\AgentManagement\amd64

image

Right click amd64 and choose properties.  Choose “Sharing” and select “Advanced Sharing”

Select the box to “Share this folder” and provide a share name.

image

Select “permissions” and ensure that “Everyone” has read:

image

You just need to ensure that the Computer Accounts in the domain can read the share.  Use “Authenticated Users” instead of Everyone if your organization doesn’t allow the Everyone group.

Next, we need to grant NTFS permissions to the files in the share.

Select the Security tab of the amd64 folder, and click “Edit”.

Add the “Authenticated Users” group to have Read, List folder contents, and Read & Execute permissions.

image

Note:  You don’t have to share from the SCOM server.  You can just as easily copy the agent files to an existing share if permissions are sufficient as above.

Now that our share is complete – we can use the task and start upgrading agents.

I have several SCOM 2012 agents in this example that I need to get upgraded to SCOM 2019:

image

I need to override the command line with the following:

"msiexec.exe /i \\omms1\SCOMAgent\MOMAgent.msi NOAPM=1 AcceptEndUserLicenseAgreement=1"

image

This command line also installs without APM (per the NOAPM=1).  You can leave this out if your organization uses APM.

image

By default I use the built in RunAs account, which is Local System.  You theoretically could input a user account here to perform the install.  This would require:

1. The user has “Log on as a service” right on the agent machine (for SCOM 2019 and later) or “Log on locally” right (for SCOM 2016 and earlier)

2. The user has rights to read and execute from the share.

3.  The user has local administrator rights on the agent machine (to be able to install software).

This task will always report “Success” – EVEN if the task is NOT successful.  Because the task simply calls the command line.  It does not wait nor understand if the software actually installed.

image

Next, you can log on to a targeted agent and review the Application Event Log:

image

image

And soon your SCOM Agents view will show the upgrade worked:

image

Next – we can use the same method – to update the agents to UR3:

image

"msiexec.exe /p \\omms1\SCOMAgent\KB4594078-amd64-Agent.msp /qn"

image

Check the application event log on the agent:

image

And in a few minutes – the SCOM Agent view shows the update was a success!

image

image

In summary – we can execute and install software from a share using SCOM tasks.

We can even upgrade or update the agents as long as we can provide a command line to the task.

Some examples of those command lines are below:

Upgrade an existing agent: "msiexec.exe /i \\omms1\SCOMAgent\MOMAgent.msi NOAPM=1 AcceptEndUserLicenseAgreement=1" Apply an Update Rollup patch file to an agent: "msiexec.exe /p \\omms1\SCOMAgent\KB4594078-amd64-Agent.msp /qn"

If you want to get REALLY fancy – you can skip the task and share, and EMBED the agent upgrade/update files into a Management Pack, and use scripts to apply the updates automatically.  This is an advanced authoring exercise to embed binary files into your MP’s, but if interested check out my video on doing this:

1 Comment

  1. Pingback:Top 5 SCOM community recommendations: April SCOMathon Newsletter - SCOMathon

Leave a Reply

Your email address will not be published.