There is already a very good deployment guide posted on Microsoft Docs here: https://docs.microsoft.com/en-us/system-center/scom/deploy-overview
The following article will cover a basic install of System Center Operations Manager 2022. The concept is to perform a limited deployment of SCOM, only utilizing as few servers as possible, but enough to demonstrate the roles and capabilities in SCOM. For this reason, this document will cover a deployment on 3 servers. A dedicated SQL server, and two management servers will be deployed. This will allow us to show the benefits of high availability for agent failover, and the highly available resource pool concepts. This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.
This also happens to be a very typical scenario for small environments for a production deployment. This is not a detailed architecture guide nor intended to displace the need for a complete and thorough design guide.
Server Names\Roles:
- DB1 SQL Database Services, Reporting Services
- OM1 Management Server Role, Web Console Role, Console
- OM2 Management Server Role, Web Console Role, Console
Windows Server 2022 will be installed as the base OS for all platforms. All servers will be a member of the AD domain.
SQL 2019 CU16 will be the base standard for all database and SQL reporting services.
High Level Deployment Process:
1. In AD, create the following accounts and groups, according to your naming convention:
- DOMAIN\SCOMAA OM Server Action Account
- DOMAIN\SCOMDAS OM Config and Data Access Account
- DOMAIN\SCOMREAD OM Datawarehouse Reader Account
- DOMAIN\SCOMWRITE OM Datawarehouse Write Account
- DOMAIN\SCOMAdmins OM Administrators security group
- DOMAIN\SQLSVC SQL Service Account
2. Add the SCOMAA, SCOMDAS accounts to the “SCOMAdmins” global group.
3. Add the domain user accounts for yourself and your SCOM Admin team to the “SCOMAdmins” group.
4. Install Windows Server 2022 to all server role servers.
5. Install Prerequisites and SQL 2019 CU16.
6. Install the Management Server and Database Components
7. Install the Reporting components.
8. Deploy Agents
9. Import Management packs
10. Set up security (roles and run-as accounts)
Prerequisites:
1. Install Windows Server 2022 to all Servers.
2. Join all servers to domain.
3. OPTIONAL: If your organization enforces TLS 1.2, you must ensure the prerequisites for TLS 1.2 have been met on all Management Servers. TLS 1.2 from Microsoft Docs
5. Install all available Windows Updates to ensure the servers are patched and secure.
6. Add the “SCOMAdmins” domain global group to the Local Administrators group on each server INCLUDING the SQL server used for Reporting.
7. Install IIS on any management server that will also host a web console:
Open PowerShell (as an administrator) and run the following:
Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth -Restart
Note: The server needs to be restarted at this point, even if you are not prompted to do so. If you do not reboot, you will get false failures about prerequisites missing for ISAPI/CGI/ASP.net registration.
8. Install SQL 2019 CU16 to server DB1
- Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
- Run setup, choose Installation > New SQL Server stand-alone installation…
- When prompted for feature selection, install ALL of the following:
- Database Engine Services
- Full-Text and Semantic Extractions for Search
- Note: Reporting Services is not part of SQL DB Engine install. This is a separate download, we will cover that later.
- On the Instance configuration, choose a default instance, or a named instance.
- On the Server configuration screen, set SQL Server Agent to Automatic. You can accept the defaults for the service accounts, but I generally recommend using a Domain account for the service account. You should do whatever your DBA standards are here. Input the DOMAIN\SQLSVC account and password for SQL Server Agent, and SQL Server Database Engine.
- Check the box to grant Volume Maintenance Task to the service account for the DB engine. This will help performance when auto-grow is needed.
- On the Collation tab – you should leave the default which is SQL_Latin1_General_CP1_CI_AS
- On the Server Configuration tab – ADD your personal domain user account and/or a group you already have set up for SQL admins.
- On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
- Choose Install, and setup will complete.
- You will need to disable Windows Firewall on the SQL server, or make the necessary modifications to the firewall to allow all SQL traffic. See: Configure Firewall for SQL
- When you complete the installation – you might consider also downloading and installing SQL Server Management Studio Tools from: DOWNLOAD SQL Management Studio
9. Apply SQL 2019 CU16 (or whatever the latest Cumulative update available is). SCOM 2022 only supports SQL 2019 with CU8 or later and we STRONGLY recommend installing the latest CU. At the time of this article being written, CU16 was the latest.
- There are no special instructions for CU16, simply apply the update accepting defaults.
- REBOOT the SQL server.
SCOM Step by step deployment guide:
1. Install the Management Server role on server named OM1.
- Log on using your personal domain user account that is a member of the SCOMAdmins domain global group, and has “sysadmin” role level rights over the SQL instance.
- Run Setup.exe (AS AN ADMINISTRATOR)
- Click Install
- If you see a message about not having administrator rights, make sure you run Setup.exe “as an administrator”
- Select the following, and then click Next:
- Management Server
- Operations Console
- Web Console
- Accept or change the default install path and click Next.
- You might see an error from the Prerequisites here. If so – read each error and try to resolve it.
- On the Proceed with Setup screen – click Next.
- On the specify an installation screen – choose to create the first management server in a new management group. Give your management group a name. Don’t use any special or Unicode characters, just simple text. KEEP YOUR MANAGEMENT GROUP NAME SHORT AND SIMPLE, and DO NOT put version info in there. I typically use “SCOM1” as this is short, simple, and readily expandable in the future to additional management groups. Click Next.
- Accept the license. Next.
- On the Configure the Operational Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1.domain.com”. Leave the port at default unless you are using a special custom fixed port. If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
- On the Configure the Data Warehouse Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1.domain.com”. Leave the port at default unless you are using a special custom fixed port. If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
- On the Web Console screen, choose the Default Web Site, and leave SSL unchecked. If you have already set up SSL for your default website with a certificate, you can choose SSL, or configure this later. Click Next.
- On the Web Console authentication screen, choose Mixed authentication and click Next.
- On the accounts screen, change the accounts to Domain Account for ALL services, and enter in the unique DOMAIN\scomaa, DOMAIN\scomdas, DOMAIN\scomread, DOMAIN\scomwrite accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation (Data Access, Reader, and Writer accounts). Click Next.
- On the Diagnostics and Usage Data – click Next.
- On the Microsoft Update screen – choose OFF. Next.
- Click Install.
- Close when complete. Don’t worry if you see the Management Server have a yellow warning. That’s just a reminder to license SCOM as it always installs as EVAL.
2. (Optional) Install the second Management Server on server named OM2.
- Log on using your domain user account that is a member of the SCOMAdmins group, and has System Administrator (SA) role rights over the SQL instances.
- Run Setup.exe
- Click Install
- Select the following, and then click Next:
- Management Server
- Operations Console
- Web Console
- Accept or change the default install path and click Next.
- Resolve any issues with prerequisites, and click Next.
- Choose “Add a management server to an existing management group” and click Next.
- Accept the license terms and click Next.
- Input the servername\instance hosting the existing Ops DB. Select the correct database from the drop down and click Next.
- Accept the Default Web Site on the Web Console page and click Next.
- Use Mixed Authentication and click Next.
- On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\scomaa and DOMAIN\scomdas accounts we created previously. Click Next.
- On the Diagnostic Data screen – click Next.
- On the Microsoft Update screen – choose OFF. Next.
- Click Install.
- Close when complete.
3. (Optional) Install SCOM Reporting Role on the server named DB1.
- Log on using your domain user account that is a member of the SCOMAdmins group, and has ”sysadmin” role level rights over the SQL instance.
- Install SQL 2019 Reporting Services
- Download SQL 2019 Reporting Services from DOWNLOAD
- Run SQLServerReportingServices.exe
- Select “Install Reporting Services”
- Input a product key for your license. (You can get your key by running setup from your SQL database media – make sure you use STD or ENT edition whichever you choose to deploy)
- Accept the License agreement
- Install Reporting Services Only
- Choose a Path, and select Install
- Choose “Configure report server”. You must immediately configure the Report Server.
- Connect to the local server
- Select “Web Service URL” and click Apply
- Select “Database” and click “Change Database”
- Action: Create a new report server database and click Next
- Database Server: Click Test Connection then click Next
- Database: Accept “ReportServer” for default name and click Next
- Credentials: Accept default Service Credentials and click Next
- Summary: Click Next, then Finish when completed.
- Select “Web Portal URL” and click Apply
- Select “Email Settings” and configure your SMTP server and a return address in order to be able to use emailed reports in SCOM, and click Apply.
- Now that configuration is done, click Exit
- Validate SSRS is working:
- Open a Web Browser on the server.
- Browse to http://localhost/reports/
- You MUST see an empty “Home” screen before continuing to install SCOM reporting role.
- Install SCOM Reporting Role on the SSRS SQL server
- Locate the SCOM media. Run Setup.exe (AS AND ADMINISTRATOR).
- Click Install.
- Check the box for Reporting Server and click Next
- Accept or change the default install path and click Next.
- Resolve any issues with prerequisites, and click Next.
- Accept the license and click Next.
- Type in the FQDN of a management server, and click Next.
- Choose the correct local SQL reporting instance and click Next.
- Enter in the DOMAIN\SCOMDAS and DOMAIN\SCOMREAD account when prompted. You MUST input the same account here that you used for the OM DW Reader account when you installed the first management server. Click Next.
- On the Diagnostic Data screen – click Next.
- Turn Microsoft Updates OFF for SCOM, Next.
- Click Install.
- Close when complete.
- Configure Report extensions
- Open SQL Management Studio on a server where you have this installed, or install it locally.
- Connect to Reporting Services and type in DB1 for the server name.
- Right Click DB1 and choose properties.
- Select Advanced
- Scroll down to “AllowedResourceExtensionsForUpload”
- Add “*.*” to the end of the list of allowed extensions.
You have a fully deployed SCOM Management group at this point.
Open/Reopen the SCOM consoles, ensure you have a Reporting tab now, and within an hour you should see reports populated in the console.
Look for any health issues or alerts, and review the SCOM event logs on both management servers for errors or warnings.
Known / Common issues:
1. Errors trying to publish reports to SSRS. When using SSRS 2019, you might see errors on a management server for event ID 31567 with description “Failed to deploy reporting component to the SQL Server Reporting Services server” and “extension is not allowed”. This is because of a security restriction in SSRS. The workaround is to open SQL Management Studio, connect to your Reporting Services instance, open the Properties of the instance, Advanced, and add *.* to the list for “AllowedResourceExtensionsForUpload”
2. AD integration is broken out of the box in SCOM 2022. You will see events such as:
Log Name: Operations Manager
Source: Health Service Modules
Event ID: 11460
Description: There was an error while updating Management Group container.
Exception: System.DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException
Message: The specified domain does not exist or cannot be contacted.
This is caused by the fact that NT Authority\System is now exposed in the Operations Manager Administrators user role. It was always present in previous versions of SCOM, but hidden. Now that it is exposed, it will break AD integration.
Remove this, and AD integration works fine.
What’s next?
Once you have SCOM up and running, these are some good next steps to consider for getting some use out of it and keep it running smoothly:
1. Configure SCOM Security
- You must add your SCOMAdmins Global group to allow “Log on as a service” right on Management Servers, in order to push agents. https://kevinholman.com/2019/03/14/security-changes-in-scom-2019-log-on-as-a-service/
- Add your SCOMAdmins Global Group to the SCOM Administrators User Role. Ensure you, your team, and the SCOM DAS and Action accounts are members of this group FIRST. Then, remove BUILTIN\Administrators from the Operations Manager Administrators – User Role, to secure your SCOM installation.
2. Apply the latest Update Rollup.
- At the time of this blog posting there is not Update Rollup for SCOM 2022. You should always find and apply the most current CUMULATIVE update rollup.
3. Set SCOM License.
- By default all SCOM installations deploy as “180 Day Evaluation”. You need to apply your license key to make sure your production deployments don’t time-bomb.
- https://kevinholman.com/2017/06/29/dont-forget-to-license-your-scom-2016-deployments/
4. Optimize SQL Server for growth and performance
- Make sure you SQL server data, log, and TempDB files are on a disk that is formatted with a 64 KB Allocation Unit size. Best practices
- Pre-size the OpsDB: When we installed each database, we used the default of 1GB (1000MB). This is not a good setting for steady state as our databases will need to grow larger than that very soon. We need to pre-grow these to allow for enough free space for maintenance operations, and to keep from having lots of auto-growth activities which impact performance during normal operations. A good rule of thumb for most deployments of OpsMgr is to set the OpsDB to 50GB for the data file and 25GB for the transaction log file. This can be smaller for POC’s/LAB’s but generally you never want to have an OpsDB set less than 10GB/5GB. Setting the transaction log to 50% of the DB size for the OpsDB is a good rule of thumb.
- Pre-size the Data Warehouse: You will need to plan for the space you expect to need using the sizing tools available and pre-size this from time to time so that lots of smaller auto-growths do not occur. The sizing helper is available at: DOWNLOAD. You do not need to pre-size out terabytes of space, but there is nothing wrong with growing the DB manually a couple hundred gigs if you KNOW you will be using that much space soon.
- Limit SQL MAX memory reserving memory for the OS.
- Set Power Management plan in OS to “High Performance”
- (Optional) Create a high performance TempDB: (This is already configured by default in SQL 2016 and later) Optimizing TempDB Performance
- (Optional) Optimize MAXDOP: Optimizing MAXDOP
- If you have a SQL Always On scenario – the secondary replicas need a SQL script run on them: https://kevinholman.com/2017/08/27/scom-2016-event-18054-errors-in-the-sql-application-log/
5. Set up SQL maintenance jobs.
- Be proactive. Set up your Database Backups, Transaction Log backups, and your Re-index jobs now.
- https://kevinholman.com/2017/08/03/what-sql-maintenance-should-i-perform-on-my-scom-2016-databases/
6. Configure Data Warehouse Retention.
- This should be done up front, don’t wait for the DW to fill your disks with data you aren’t required to keep.
- https://kevinholman.com/2010/01/05/understanding-and-modifying-data-warehouse-retention-and-grooming/
7. Optimize your management servers registry
8. Enable Agent Proxy as a default setting
- I prefer to simply enable agent proxy for all agents. The BEST way to do this is to enable Agent Proxy as a default setting. That way you will never have to mess with this again:
- https://kevinholman.com/2017/03/10/enable-proxy-as-a-default-setting-in-scom-2016/
9. Configure Administration Settings per your requirements:
- Database Grooming
- Automatic Alert Resolution
- Heartbeat configuration (modify only if required)
- Manual Agent Installs (Reject, Review, or Accept)
10. Backup Unsealed Management packs
- You need to set this up so that in case of a disaster, or an unplanned change, you will have a simple back-out or recovery plan that wont require a brute force restore of your databases. I have seen this save many a customer’s bacon when they had this available, and cause them great pain when it wasn’t.
- https://kevinholman.com/2017/07/07/scom-2012-and-2016-unsealed-mp-backup/
11. Deploy an agent to the SQL DB server.
- This process has not changed from OpsMgr 2012, so you would use the typical mechanism to push or manually install. You can also refer to: SCOM Agent Deployment
- You could also deploy any additional agents at this point.
12. Import management packs.
- https://docs.microsoft.com/en-us/system-center/scom/manage-mp-import-remove-delete?view=sc-om-2022
- Using the console – you can import MP’s using the catalog, or directly importing from disk. I recommend always downloading MP’s and importing from disk. You should keep a MP repository of all MP’s both current and previous, both for disaster recovery and in the case you need to revert to an older MP at any time.
- Import the Base OS and SQL MP’s at a minimum.
13. Configure Notifications:
14. Deploy Unix and Linux Agents
15. Configure Network Monitoring
16. Configure SQL MP RunAs Security:
17. Continue with optional activities from the Quick Reference guide:
18. (Optional) Configure your management group to support APM monitoring.
- https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-r2/hh543994(v=sc.12)
- Import supporting management packs for IIS 8, and 10, and APM Web for IIS 8, and 10.
19. (Optional) Deploy Audit Collection Services
- https://docs.microsoft.com/en-us/system-center/scom/deploy-install-acs?view=sc-om-2019
- Install the audit collector on a management server, and create a database on a SQL server.
- Upload the reports for ACS, my command is: UploadAuditReports.cmd “SQL1” http://SQL1/ReportServer “c:\acs”
- Create and set a filter:
- https://docs.microsoft.com/en-us/previous-versions/system-center/system-center-2012-R2/hh230740(v=sc.12)
- https://kevinholman.com/2017/02/16/how-to-test-your-acs-filter-to-ensure-it-is-valid/
- My initial filter for lab use is: adtadmin /setquery /query:”SELECT * FROM AdtsEvent WHERE NOT (EventId=4768 OR EventId=4769 OR EventId=4624 OR EventId=4634 OR EventId=4672 OR EventId=4776)”
- You will need to grant NETWORK SERVICE full control to the AdtServer registry key to set a filter at the command line: http://social.technet.microsoft.com/Forums/en-US/operationsmanagerreporting/thread/ab22685e-36a1-49a9-b90e-d39ead31901f
20. Learn MP authoring.
- Fragments the fast and easy way with Visual Studio: https://kevinholman.com/2016/06/04/authoring-management-packs-the-fast-and-easy-way-using-visual-studio/
- Download MPAuthor: http://www.silect.com/mp-author/
Kevin quick questions,do you know is it possible use GMSA accounts to install SCOM 2022?
Thanks Bob;)
“Group managed service accounts (GMSA) now supported at RTM. The SCOM 2019 RTM installer did not recognize gmsa accounts, and it took an Update Rollup to be applied first for gmsa to be supported. In SCOM 2022, you can use gmsa straight from the setup wizard.”
https://blog.topqore.com/what-is-new-in-scom-2022-overview/
Hi Kevin
Will you post an “upgrade from 2016 to 2022”-guide like previous version upgrade guides?
No – because you cannot upgrade from 2016 > 2022 in a single step. SCOM 2022 supports in place upgrade from 2019. I will be writing that article.
Whops, made a typo. Thank you =)
Thank you Kevin for this great article! You helped a newbie successfully setting up his first SCOM environment.
Best regards
Stefan
I have installed SCOM 2022.
The first thing that makes SCOM 2022 not usable is the fact that the SCOM 2022 agent needs to have .net 3.5 or .net 4.7.2. A lot of our servers don’t have .net or don’t have the version mentioned.
Regards
Hung
Thanks for your feedback. I am sending this to the product group.
You are correct, in SCOM 2019 we required simply “Microsoft .NET Framework 3.5 or later.” which was easy to meet – since that version or higher would be present in any supported OS. I am trying to find out why we now require .NET 3.5 -AND- 4.7.2 or higher.
I got clarification.
.NET 3.5 is required for IntelliTrace and APM. IntelliTrace is only used with APM.
If a customer is not using APM, then .NET 3.5 is not required.
.NET 4.7.2 or later is required as a minimum for the SCOM 2022 agent. This version shipped with Windows Server 2019 and later.
.NET 4.5 shipped on WS2012
.NET 4.5.1 shipped on WS2012R2
.NET 4.6.2 shipped on WS2016
.NET 4.7.2 shipped on WS2019
.NET 4.8 shipped on WS2022
Microsoft has always recommend keeping .NET up to date, and has included .NET updates in Windows Update.
Hi Kevin,
just for clarification, does that mean that before we can use SCOM 2022 we first have to install .Net version 4.7.2 on all our Windows 2012/2016 servers due to the agent prerequisites? This version is not automatically updated with Windows Update on all servers, is it?
Regards,
Gerald
.NET Framework 4.7.2 is required per our documentation (and confirmed by the Product Group) as a prerequisite for the SCOM 2022 agent.
1. .NET is kept up to date using Windows Updates for WS2012, but manual deployment or opt-in is required for WS2016.
2. Old versions of .NET framework fall out of support. Customers should keep the .NET framework in a supported version. This is standard Microsoft lifecycle. https://docs.microsoft.com/en-US/lifecycle/faq/dotnet-framework
3. .NET framework 4.5 and 4.51 support ended in 2016. Those versions of .NET have already expired and customers should have already updated them on WS2012/2012R2. Extended Support for Windows Server 2012 and 2012R2 Operating systems will end on October 10, 2023. https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-framework
4. Windows Server 2016 shipped with .NET Framework 4.6.2. The support lifecycle for 4.6.2 follows the support lifecycle for the OS. Mainstream support for Windows Server 2016 (and therefore .NET 4.6.2) ended on Jan 11, 2022. There is extended support until Jan 12, 2027. However, customers should update .NET on Windows Server 2016 to stay in the mainstream support lifecycle, and this will be required to use the SCOM 2022 agent.
So, in summary – this SHOULD have very low impact on any customer, unless the customer is choosing to run unsupported software and also not apply the recommended Windows Updates. (outside of Windows Server 2016, which creates a challenge).
I did a scan of two very large customers in late calendar year 2020. Out of 5000 servers sampled in Customer A, 99% were already running .NET 4.8. In Customer B with 10,000 servers, about 85% of their servers were running a supported .NET version, while 50% were running .NET 4.7.2 or later. That was almost two years ago and their numbers are MUCH higher today.
I’d like to hear more about any roadblocks customers might feel about this. For any customer that has issues with .NET 4.7.2 as a minimum, my questions are:
1. What version are you running?
2. Is that version supported by Microsoft?
3. If you do not keep .NET updated as recommended by Microsoft, why not?
4. Do you have applications that do not allow running .NET 4.7.2 or later?
5. If you are able to keep basic operating system security patches up to date, why can you not include .NET framework updates, like they are included in Windows Update?
We started 3 months ago to rollout the .NET 4.8.x to all our Windows 2016 and som Windows 2012 R2, which didn’t have minimum .NET 4.7.2.
We hope that we can migrate to SCOM 2022 at the end of the year
@Kelvin: Thanks you very for all the informations about SCOM
Hung
Regarding the statement .Net is not required:
“.NET 3.5 is required for IntelliTrace and APM. IntelliTrace is only used with APM.
If a customer is not using APM, then .NET 3.5 is not required.”
I have a customer that is not using APM at all and attempted to deploy an agent on windows 2012 R2 – the installation failed even when the “Install APM” option was unchecked. only after installing .Net + rebooting the server the agent was installed (Push installation). so it looks like while the statement might be true – the implementation does not seem to work without a .Net upgrade.
I have not tested the standalone agent installation with NOAPM=1 switch.
Also if I recall correctly – the standalone wizard does not allow you to unselect the option of APM if you only run the wizard. the only option is to use a command line, which is a bit annoying when you want to use the stand alone installer wizard for a quick troubleshoot. I really wish MS would add this option to the wizard
I just tested a Console based agent push to WS2012 and WS2012R2, without .NET3.5 and zero issues. There is no dependency on .NET 3.5 to push agents from SCOM 2022 to WS2012 and WS2012R2.
Hi Kevin,
We are in a phase to upgrade SCOM. The version we currently hold is SCOM 2016 and would like to upgrade to SCOM 2022. Knowing in place upgrade is not allowed.We would like to go for side by side migration. Could you please post a guide for this?
IMO is not good practice upgrade from 2016 to 2019 and the same SCOM instance upgrade to 2022. Better option will be create new SCOM 2022 instance and connect agents in multihomming. After you can decommisioned old instance. It’s save.
It also to apply from SCOM 2012 R2 to multihomming to 2022?
Not sure what your question is – but you can multi-home SCOM 2012R2 and SCOM 2022. A SCOM 2012 agent will work with a SCOM 2022 management group during a migration, as will a SCOM 2022 agent report to a SCOM 2012R2 management group.
Thank you for the great work!
I have some trouble with the standard view “Windows Computers”. On the “Active Alerts” view I have around 50 alerts (critical and warning), but in “Windows Computers” all states show “Healthy”. The agents (around 80, agent version 2019 UR3) are also connected to a SCOM 2019 server, here the states are displayed correctly – any ideas on this?
You can easily have alerts from rules, that will not affect windows computer health state. That’s by design. I’d venture that you dont have all your management packs in sync between the two management groups.
You were right, I had a mismatch with the SQL-MP version – thanks again!
does SCOM 2019 or 2022 support having OpsMgr and OpsMgr DW databases on Azure SQL Managed Instances. We are moving SCOM infra from on prem to Azure
No. Azure SQL MI is not supported for SCOM deployments. There is an Azure hosted SCOM (SCOM Managed Instance) that is in preview that will leverage SQL MI.
Hi Kevin ,
I recently upgraded the environment from SCOM 2019 to SCOM 2022
The upgrade was smooth, however i am getting an error on my web console when i try to access it.
Server Error in ‘/OperationsManager’ Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a “web.config” configuration file located in the root directory of the current web application. This tag should then have its “mode” attribute set to “Off”.
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the “defaultRedirect” attribute of the application’s configuration tag to point to a custom error page URL.
Please let me know if this is a known issue.
This requirement .Net 4.7.2 is very “stupid”.
We still have a lot of Windows 2012 R2 and Windows 2016.
Scom Admin can’t install without permissions and application tests a new .net version on all Windows 2012/16 servers
What does Microssoft think how many windows server does a company using have?
100 or 200?
Regards
Hung
Hung, I will reply here with the same response above:
.NET Framework 4.7.2 is required per our documentation (and confirmed by the Product Group) as a prerequisite for the SCOM 2022 agent.
1. .NET is kept up to date using Windows Updates for WS2012, but manual deployment or opt-in is required for WS2016.
2. Old versions of .NET framework fall out of support. Customers should keep the .NET framework in a supported version. This is standard Microsoft lifecycle. https://docs.microsoft.com/en-US/lifecycle/faq/dotnet-framework
3. .NET framework 4.5 and 4.51 support ended in 2016. Those versions of .NET have already expired and customers should have already updated them on WS2012/2012R2. Extended Support for Windows Server 2012 and 2012R2 Operating systems will end on October 10, 2023. https://docs.microsoft.com/en-us/lifecycle/products/microsoft-net-framework
4. Windows Server 2016 shipped with .NET Framework 4.6.2. The support lifecycle for 4.6.2 follows the support lifecycle for the OS. Mainstream support for Windows Server 2016 (and therefore .NET 4.6.2) ended on Jan 11, 2022. There is extended support until Jan 12, 2027. However, customers should update .NET on Windows Server 2016 to stay in the mainstream support lifecycle, and this will be required to use the SCOM 2022 agent.
So, in summary – this SHOULD have very low impact on any customer, unless the customer is choosing to run unsupported software and also not apply the recommended Windows Updates. (outside of Windows Server 2016, which creates a challenge).
I did a scan of two very large customers in late calendar year 2020. Out of 5000 servers sampled in Customer A, 99% were already running .NET 4.8.
In Customer B with 10000 servers, about 50% of their servers had 4.72 or later, today they have 72% running 4.7.2 or later. They are not planning on SCOM 2022 for a couple years, however.
I’d like to hear more about any roadblocks customers might feel about this. For any customer that has issues with .NET 4.7.2 as a minimum, my questions are:
1. What version are you running?
2. Is that version supported by Microsoft?
3. If you do not keep .NET updated as recommended by Microsoft, why not?
4. Do you have applications that do not allow running .NET 4.7.2 or later?
5. If you are able to keep basic operating system security patches up to date, why can you not include .NET framework updates, like they are included in Windows Update?
Hello Kevin,
thanks for you comments.
our company is like your customer B. about 50% of the WIndows Server don’t have .net 4.7.2 or later. The reason is that our Windows Update process doesn’t include .Net update
We use SCOM 2019 since two years and we don’t have to migrate to SCOM 2022. I’m curious about some features (Teams, security roles etc.) with SCOM 2022 so that made a evaluation environment.
>3. If you do not keep .NET updated as recommended by Microsoft, why not?
I don’t know the real reason but i think “never change a running system”.
4. Do you have applications that do not allow running .NET 4.7.2 or later?
5. If you are able to keep basic operating system security patches up to date, why can you not include .NET framework updates, like they are included in Windows Update?
The real reason is that i only want to migrate SCOM (I used SCOM since MOM 2005) to a new version and don’t want to change all the Windows Update processes in the company (it takes years in our company)
To my mind our company and Customer B are the majority which use SCOM
Regards
Hung
This is good feedback. I will provide it to the PG.
Good morning Kevin!
I recently started an empty 2019 SCOM install and then saw 2022 was released so I upgraded! Everything went well but I have a straggling error I would like to fix first if possible. It started right after the upgrade. The error in the OM logs is:
Log Name: Operations Manager
Source: Health Service Modules
Date: 6/1/2022 6:58:04 AM
Event ID: 31551
Task Category: Data Warehouse
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxx
Description:
Failed to store data in the Data Warehouse. The operation will be retried.
Exception ‘SqlException’: Could not find stored procedure ‘JobStatusChange’.
One or more workflows were affected by this.
Workflow name: Microsoft.SystemCenter.DataWarehouse.Synchronization.JobStatus
Instance name: Data Warehouse Synchronization Service
Instance ID: {84D15FFF-A130-79E0-2C0E-860F44B037C9}
Management group: MgtGroup
Event Xml:
31551
2
3
0x80000000000000
4497
Operations Manager
xxxxx
MgtGroup
Microsoft.SystemCenter.DataWarehouse.Synchronization.JobStatus
Data Warehouse Synchronization Service
{84D15FFF-A130-79E0-2C0E-860F44B037C9}
SqlException
Could not find stored procedure ‘JobStatusChange’.
Any thoughts?
Kevin H
Did you have this error before the upgrade? How long was 2019 deployed before you upgraded? This could be a bug in the upgrade process or it could be something that was broken before. I haven’t seen enough upgrades to know if this is a common issue yet or not.
The error started right after the upgrade. So it did not alert before the upgrade. The 2019 install was around for a week or so. But it was empty. I did check the DW in SSMS and did not see a stored procedure with that name. I am not sure if the error stops anything. I was about to proceed on installing management packs following your Whats Next section and add a couple of hosts to test monitoring.
There is a stored proc in the in DW database called dbo.JobStatusChange
Both in SCOM 2019 and 2022. It does not appear to be changed. If yours is missing, I’d stop, and rebuild your management group before continuing. I don’t know why that might be missing, and if something went wrong during the upgrade, then I’d be concerned about this.
Was SCOM 2019 at UR3 before you did the SCOM 2022 upgrade?
Was SCOM Reporting role installed and working?
SCOM Reporting Role was installed and it appeared to be ok. I am now unsure what version of 2019 I installed. I am holding a pre-2022 upgrade snapshot on my management server. Would you roll back to that … check the version…and re-run the upgrade?
I see some events after the upgrade that say this:
Management Pack with id:”Microsoft.SystemCenter.Apm.Infrastructure.Monitoring”, version:”10.19.10050.0″ is no longer used by HealthService and will be deleted from cache.
That was just general release I think…
I’m in the same boat, what did you end up doing? I really don’t want to do a rebuild if it’s just this…
What I would like to know if you have time to answer:
Can I roll back to snapshot (Pre-2022) and retry the upgrade?
Should I apply 2019 CU3 before retrying the upgrade?
Kevin
Honestly – if this is new – why not just uninstall it all, drop the DB’s, and go fresh SCOM 2022? Why mess with rollbacks, DB restores, etc? That would be my recommendation.
But to answer your question – you should be able to roll back from a snapshot all servers including the databases, and then ensure UR3 is applied, then perform the upgrade.
I also ended up with same issue when i upgraded SCOM 2019 to 2022 on a dev machine. There is no stored proc JobStatusChange after upgrade. In my case i had UR3 on the SCOM 2019.
But as i understood there is no UR level reqs when upgrading from 2019?
So this feels little bit scary when planning this for the real environment.
Count it up to 3 now in this thread who has this problem.
Is there anyone who got a solution for this?
Good morning Kevin!!
So, I uninstalled in this order:
Removed SCOM reporting services from our SQL server
Uninstalled SCOM on my SCOM server (MGT/WEB/CONSOLE)
Restarted my SCOM server
I noticed the DBs are still there and have structure (Tables, views, etc.)
I assume since I have uninstalled SCOM, I am safe to delete them and let the clean 2022 install recreate them….correct?
I would also like to say thanks for all your hard work, I have followed your blogs/procedure documents for years and they have been priceless!!
Thanks again
Kev
Yes you must drop the DB’s first and let setup create new ones.
Has done a SCOM 2019 (RTM) to SCOM 2022 and no procedure called dbo.JobStatusChange exist
Unfortunately a rollback is not possible in this enterprise environment since we found it out later – and it is enterprise with 1000´s applications and servers.
It also complains around ChangeTrackingMaintenance SP not found. is is possible to run /recreate these two SP manually
Do you want to add a footnote about how to input gMSA account names with the dollar $ in the “Configure Operations Manager accounts” screen?
Hi Kevin,
We are seeing future dates on the active alerts. The battery of host server was replaced and think VMs were shutdown without backing up. Now all the alerts from those VMs are coming up in future dates like 2043. I have tried reinstalling agents, delete cache folders. But it wont help. We are using SCOM 2019. Any advise would be very helpful.
kind regards,
Kev
Hi Kevin
Ubuntu 22.04 only use OpenSSL 3.0 (no 1.1+) and SCOM agent or newest OMS Agent https://github.com/microsoft/OMS-Agent-for-Linux does only support OpenSSL 1.1+ . So could be great if we hear when this could be available as we and customers upgrade to 22.04. It is very important otherwise
Hi Kevin
Do you know if there any any news to Microsoft to support ubuntu 22.004. AMA support it, but AMA does not support SCOM
Hi Kevin – was hoping on support for 22.04 i January 23 for MMA – do you have news on this
Thanks
Peter
Hi Kevin
Just wondering if there are any special concerns updating ACS Collectors with 2022 bits from 2019. I have done this in the past with no issues, but I can’t seem to figure out why my Forwarders have stopped connecting and I have both repairing and ripping out the install, strange?
Thanks in advance for your time.
A clean install of SCOM 2022 cause this issue. Uninstalled SCOM2022 and installed 2019 on same server with no issues -> Then upgraded SCOM 2019 to 2022 and then again get the issue
Issue: Windows Server 2022 with SCOMMS incl. SQL 2019 and CU16
OM Log:
A monitoring host is unresponsive or has crashed. The status code for the host failure was 2164195371
Logging event 1103 from source “HealthService” with severity 0x2 and description “Summary: 3 rule(s)/monitor(s) failed and got unloaded, 0 of them reached the failure limit that prevents automatic reload. Management group “zyx”. This is summary only event, please see other events with descriptions of unloaded rule(s)/monitor(s).”.
Application Log: Faulting application name: MonitoringHost.exe, version: 10.22.10056.0, time stamp: 0x620207a1
Faulting module name: ntdll.dll, version: 10.0.20348.681, time stamp: 0x69d3cd31
Exception code: 0xc0000409
Fault offset: 0x00000000000a3476
Faulting process id: 0x1d4c
Faulting application start time: 0x01d88483a1bb8a8e
Faulting application path: C:\Program Files\Microsoft System Center\Operations Manager\Server\MonitoringHost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 6a1cc79a-bce7-4d4b-9d7b-10534ca92f9c
Faulting package full name:
Faulting package-relative application ID:
SCOM never works – The console works, but it is a grey SCOM (upgraded SCOM2022) or white SCOM server (new SCOM2022)
installed on a updated Windows server 2022 (update time 20th june-22)
There is a bug in SCOM 2019 fixed in UR4 that happens when you don’t have any updated SQL drivers installed. This might impact SCOM 2022. Can you try installing MSOLEDBSQL 18.6.3 and ODBC 17.9?
https://docs.microsoft.com/en-us/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server?view=sql-server-ver16#1863
https://docs.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server?view=sql-server-ver16
it does not come with the same errors anymore – but still un”start”able
the console can not be open now – Classic” Failed to connect…”
Application log two different errors now:
1)
Application: Microsoft.Mom.Sdk.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.EnterpriseManagement.Common.SdkServiceNotInitializedException
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.get_Container()
at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService+SdkChannel.Start()
at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService.AsyncStartCallback(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
2)
Faulting application name: Microsoft.Mom.Sdk.ServiceHost.exe, version: 10.22.10118.0, time stamp: 0x6206dd6c
Faulting module name: KERNELBASE.dll, version: 10.0.20348.681, time stamp: 0x0017762d
Exception code: 0xe0434352
Fault offset: 0x00000000000201dc
Faulting process id: 0x1228
Faulting application start time: 0x01d884eacbfe3e46
Faulting application path: C:\Program Files\Microsoft System Center\Operations Manager\Server\Microsoft.Mom.Sdk.ServiceHost.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: ee805631-1836-4871-bee2-bfad150ebdb5
Faulting package full name:
Faulting package-relative application ID:
SCOM Event log
1)
The System Center Data Access service failed due to an unhandled exception.
The service will attempt to restart.
Exception:
System.AppDomainUnloadedException: Attempted to access an unloaded AppDomain.
2)
The System Center Data Access service failed due to an unhandled exception.
The service will attempt to restart.
Exception:
Microsoft.EnterpriseManagement.Common.SdkServiceNotInitializedException: The Data Access service has not yet initialized. Please try again.
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.get_Container()
at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService.SdkChannel.Start()
at Microsoft.EnterpriseManagement.Mom.Sdk.Service.SdkSubService.AsyncStartCallback(Object notUsed)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
This is mention in UR4: MonitoringHost.exe process(es) crashes when a Management Server had neither Microsoft OLE DB Driver 18 for SQL Server nor SQL Server 2012 Native client 11.0 installed.
Same reference as you say with oledb16 and odbc16?
Hi Peter,
Have you solved this issue?
Thank you!
We were able to get the agent work with disabling “Hardware-enforced Stack Protection” for the MonitoringHost.exe process. We achieved this via this Powershell command and the crashes were no longer observable:
Set-ProcessMitigation -Name MonitoringHost.exe -Disable UserShadowStack
Restart-Service -Name HealthService
@Gerben – i was not aware off Hardware-enforced Stack Protection, is this something regarding Hyper-V (VMM) or something in general or something specific for Monitoringhost.exe and hyper-v/VMM
After installing SQL 2019 reporting services en SCOM reporting i got some errors (known errors).
When i tried to apply the fix (AllowedResourceExtensionsForUpload), but i can not open the properties of my reporting service from SSMS.
Followed the MS KB:
https://docs.microsoft.com/en-us/troubleshoot/system-center/scom/cannot-deploy-operations-manager-reports
The second method from the KB has also not resolved the problem.
This is the error message:
Cannot show requested dialog.
===================================
Constructor on type ‘Microsoft.SqlServer.Management.UI.RSUserInterface.ServerPropertiesMain’ not found. (mscorlib)
——————————
Program Location:
at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
at System.Activator.CreateInstance(Type type, Object[] args)
at Microsoft.SqlServer.Management.SqlMgmt.DefaultLaunchFormHostedControlAllocator.AllocateDialog(XmlDocument initializationXml, IServiceProvider dialogServiceProvider, CDataContainer dc)
at Microsoft.SqlServer.Management.SqlMgmt.DefaultLaunchFormHostedControlAllocator.Microsoft.SqlServer.Management.SqlMgmt.ILaunchFormHostedControlAllocator.CreateDialog(XmlDocument initializationXml, IServiceProvider dialogServiceProvider)
at Microsoft.SqlServer.Management.SqlMgmt.LaunchForm.InitializeForm(XmlDocument doc, IServiceProvider provider, ISqlControlCollection control)
at Microsoft.SqlServer.Management.SqlMgmt.LaunchForm..ctor(XmlDocument doc, IServiceProvider provider)
at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ToolMenuItemHelper.OnCreateAndShowForm(IServiceProvider sp, XmlDocument doc)
at Microsoft.SqlServer.Management.SqlMgmt.RunningFormsTable.RunningFormsTableImpl.ThreadStarter.StartThread()
We are considering upgrade from SCOM 2019 to 2022. I have few questions:
1. Now we have SCOM 2019 UR2, is it possible and safe to upgrade from this version directly to SCOM 2022 or will be better first upgrade to current version of SCOM 2019 and then to 2022?
2. Which server versions does the new SCOM support? I don’t mean the minimum requirements but the systems supported by the new SCOM. Because still we have a lot of Windows 2012 R2.
1. You can upgrade SCOM 2019 UR2 to SCOM 2022.
2. This is all clearly documented in our support documentation.
SCOM Server roles: https://docs.microsoft.com/en-us/system-center/scom/system-requirements?view=sc-om-2022#software-requirements-for-operations-manager-components
Supported Agent OS versions: https://docs.microsoft.com/en-us/system-center/scom/system-requirements?view=sc-om-2022#microsoft-monitoring-agent-operating-system
SQL requirements for SCOM infra: https://docs.microsoft.com/en-us/system-center/scom/plan-sqlserver-design?view=sc-om-2022#sql-server-requirements
Hi,
I setting up a new SCOM 2022 environment on Windows Server 2022 and all seems fine so far apart from the Auditing component, which keeps crashing:
Faulting application name: AdtServer.exe, version: 10.22.10118.0, time stamp: 0x6206dd5a
Faulting module name: ntdll.dll, version: 10.0.17763.2989, time stamp: 0x21d18902
Exception code: 0xc0000005
Fault offset: 0x000000000001437d
Faulting process id: 0xd90
Faulting application start time: 0x01d8a0f8a1513656
Faulting application path: C:\Windows\system32\Security\AdtServer\AdtServer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 04c59f38-b8bd-408e-832d-1763bbfd8a7e
Faulting package full name:
Faulting package-relative application ID:
Does anyone know if this is a known issue on Server 2022?
Thanks,
Owen.
I installed ACS in SCOM 2022 on WS2022, using SQL 2019 CU16 (15.0.4223.1) and I do not see any crashes for AdtServer.exe.
Is your SQL server 2019 at LEAST CU8?
Thanks for getting back to me Kevin – I’m using CU16 as well (KB5011644). I’ll tried removing and reinstall it without any success. I did retain the DB, so I might try deleting that as well and giving it another go.
HI Kevin,
Thanks again for posting nice blogs. I have followed this and able to setup som 2022 .
I am using scomdr account for reporting sevi es. I am able to access the report service url. From one of scom MS. But getting below alert . Can you please guide me?
Data warehouse failed to request a list of management pack which contains report deployed to sql reporting server. Report deployment process failed to request management pack list from SQL RS server.The operation will be retired.
Exception WebException : The request failed with http status 403: Forbidden
Is the SCOMDR account a local administrator on the SQL Reporting Server?
Yes, we have added scomdr in local admin group where we have ssrs installed. We have installed reporting sevices to scom dwh and scom reporting role is on the same dwh server
Built a new server and got the same issue!
Following 3 events logged:
Event provider attempted to register query “select * from AdtsEvent” whose target class “AdtsEvent” in //./root/default namespace does not exist. The query will be ignored.
Event provider MacsEvProv attempted to register query “select * from AdtsEvent” whose target class “AdtsEvent” in //./root/default namespace does not exist. The query will be ignored.
Faulting application name: AdtServer.exe, version: 10.22.10118.0, time stamp: 0x6206dd5a
Faulting module name: ntdll.dll, version: 10.0.20348.740, time stamp: 0xb56a25fb
Exception code: 0xc0000005
Fault offset: 0x0000000000017fad
Faulting process id: 0x7b0
Faulting application start time: 0x01d8ab0ad5ac42df
Faulting application path: C:\Windows\system32\Security\AdtServer\AdtServer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: b7de16d5-85e0-42f4-b5dd-bd3778827444
Faulting package full name:
Faulting package-relative application ID:
Are you installing the ACS collector role on a SCOM management server?
If so, I recommend opening a support case.
I am indeed Kevin! I’ll try MS! Thanks for getting back to me! Apricate it!
Cheers,
Owen.
Hi Owen,
did you find a solution? I unfortunately have the same problem installing the ACS collector role on a SCOM 2022 management server on Windows Server 2022…
Hi Owen, same here :/ Your feedback would be much appreciated 😉
Hi Kevin,
I have followed your instructions. Everything works fine. But I have problem with registering to Azure Log Analytics. I received this error alert immediately:
Microsoft .NET Framework: System.IO.FileNotFoundException: Could not load file or assembly ‘Microsoft.IdentityModel.Clients.ActiveDirectory, Version=2.29.0.1078, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.
Any idea?
Thanks,
Petr
Why connect SCOM to azure? I never saw the value. What benefit are you accomplishing?
It’s the customer’s requirement. I’ll try to find out more…
Hi Kevin,
I got this error :”Failed to deploy reporting component to the SQL Server Reporting Services server”
I have tried what you suggested but get the Constructor on type Microsoft SqlServer Management UI RSUserInterface ServerProperiesMain not found. (mscorlib) I have also tried the powershell script but no luck.
Hello Kevin,
We can´t install the IIS with the PS-script. We have tried temporarily to open up server to Internet but still the same error:
Add-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed. Error: 0x800f0954
At line:1 char:1
+ Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-D …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (@{Vhd=; Credent…Name=localhost}:PSObject) [Install-WindowsFeature],
Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager.Commands.AddWind
owsFeatureCommand
Any idea what could be causing it?
It´s a new installed Windows Server 2022.
Best Regards
Håkan
The most likely cause is that your server cannot get to Windows Update, therefore you must supply the source files from the OS media, specifically to get the features for .NET 3.5 from \sources\sxs
Hi Kevin,
How can we move custom and scheduled reports in SCOM 2016 to our new SCOM 2022? We have migrated side by side from 2016 to SCOM 2022. Where are the scheduled reports saved in backend? how can we move it to new scom? Can you help me on this?
SCOM 2022 Webconsole Issue
When click in alert url-
https://XXXX/MonitoringView/default.aspx?ViewType=AlertView&DisplayMode=Pivot&AlertId=5ad7eb8e-7b30-49e0-9362-ca1d3802caaf
It redirects to landing monitoring url
http://XXXXXX/OperationsManager/#/monitoring/view
it does not show up the alert url details every time opens the landing page only.
Did you migrate your old Notification library from a previous version of SCOM? If so – you need to reconfigure or create a new SMTP channel, preferably with the new HMTL email format. The Web URL has changed when we moved to the HTML5 web console.
Thanks for the update, It works as you suggested. thanks a lot.
Hei Kevin
I want to install SCOM 2022 with group managed service accounts using commandline. How to start setup using group managed service accounts in commandline?
Thanks
Hi Kevin,
Hope you are doing well!
we installed SCOM 2022 everything is working fine, but while installing reporting feature, it fails. we successfully set up SSRS and after setting up the SSRS, url works fine. Now when try to install reporting feature it fails and then url gives configuration error.
Event logs from Managment server SCOM
Rule/Monitor “Microsoft.SystemCenter.DataWarehouse.Deployment.Report” running for instance “Data Warehouse Synchronization Service” with id:”XXXXXXX” cannot be initialized and will not be loaded. Management group “XXXX. Error %5.”
Could you please help!!
Hi Kevin,
Anything in the pipeline to add guidance on how to install SCOM 22 with DSC?
Thanks.
Hello Kevin, wonderful article!
I install SCOM 2022 fresh and faced an issue with agent installation to different domain. SCOM tired to access a server share using \\computername\C$\Windows\ rather than \\FQDN\C$\Windows\ as an installation directory.
The action account is has Administrator right in the target machine and has a ‘logon as a service’ right on the management server.
I’m able to install agent manually on the target server and communicate with the management server.
Below is the error
The Operations Manager Server could not find directory \\computername\C$\Windows\. Agent will not be installed on computer computername.domain.com. Please verify the required share exists.
Operation: Agent Install
Install account: Domain\SCOM-AA
Error Code: 80070035
Error Description: The network path was not found.
Has someone encountered same error like stated above?
I couldn’t get any article regarding this.
Any help would be much appreciated.
I’m able to solve this by adding DNS Suffix list of all the other existing domains.
Hi!
Has anyone encountered this before?
We’re setting up a new SCOM 2022 environment out of the box and we’ve run into the problem below (see linked picture) when trying to add more Administrators. The console just crashes. We have 2 MS but it fails on both of them. Tried with a domain admin account, same error (for reference, the same operation in SCOM 2016 in the same domain works fine). NT Authority\System is removed.
The UR1 is installed.
What could be the problem?
Thank you.
Image: https://learn.microsoft.com/answers/storage/attachments/268253-07-12-2022-15-37-26.png
Event Log/application errors:
Application: Microsoft.EnterpriseManagement.Monitoring.Console.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
at System.Windows.Threading.Dispatcher.VerifyAccess()
at MS.Internal.Media.VisualTreeUtils.AsVisual(System.Windows.DependencyObject, System.Windows.Media.Visual ByRef, System.Windows.Media.Media3D.Visual3D ByRef)
at System.Windows.Media.VisualTreeHelper.GetParent(System.Windows.DependencyObject)
at System.Windows.UIElement.GetUIParentWithinLayoutIsland()
at System.Windows.ContextLayoutManager+LayoutQueue.Add(System.Windows.UIElement)
at System.Windows.UIElement.InvalidateMeasure()
at System.Windows.Forms.Control.PerformLayout(System.Windows.Forms.LayoutEventArgs)
at System.Windows.Forms.Control+ControlCollection.Remove(System.Windows.Forms.Control)
at System.Windows.Forms.Integration.WinFormsAdapter.set_Child(System.Windows.Forms.Control)
at System.Windows.Forms.Integration.WindowsFormsHost.set_Child(System.Windows.Forms.Control)
at Microsoft.EnterpriseManagement.ConsoleFramework.Wpf.ClippableWinformHost.Dispose(Boolean)
at System.Windows.Interop.HwndHost.Finalize()
and
Faulting application name: Microsoft.EnterpriseManagement.Monitoring.Console.exe, version: 10.22.10337.0, time stamp: 0x638143e8
Faulting module name: KERNELBASE.dll, version: 10.0.20348.1129, time stamp: 0x2a5524ce
Exception code: 0xe0434352
Fault offset: 0x000000000003ef5c
Faulting process id: 0x860
Faulting application start time: 0x01d90a4e7f46ae80
Faulting application path: C:\Program Files\Microsoft System Center\Operations Manager\Console\Microsoft.EnterpriseManagement.Monitoring.Console.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 62a53347-5f8e-42d0-b6da-1eb918263424
Faulting package full name:
Faulting package-relative application ID:
Hello Kevin.
I am trying to monitor a windows server 2012 r2 from Scom 2022. The SCOM server is a windows server 2019.
The two servers (Scom server and the Windows server 2012 r2) are in two different subnets&domains.
For the network communication I’ve created the access rule on Fortigate opening the required ports for the two subnets.
I have installed the agent on the server that I’m trying to monitor using the CA certificate and now I can see the server on my Scom console, but it’s in state ”Not monitored”.
I did even the installation of the management packs for the windows server 2012 r2, and allowed the required ports of communication on the servers firewalls (+ in the fortigate firewall).
The other servers which are on the same domain&network with my Scom server are ok (in health state).
I’ve checked even the agent proxy on the security part.
Can you please give me a hand because I don’t know what to check anymore.
Can you still use Local System for installing a Gateway server in a DMZ? The DMZ does have its own domain.
Absolutely. I almost always deploy gateways using local system.
Hi Kevin. Thank you for all of your work, notes, and support here! What are your thoughts on a complete 2022 setup? 2022 Server, 2022 SQL, 2022 SCOM. Being a complete NOOB to SCOM, my first couple attempts on a single server setup had mixed results of some success. Never could get the reporting/reports to work. Our plan now is to work with MS via a MIPS or other program to get it setup correctly from day one. Just FYI – our reporting now showing “System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Reporting.ReportingService.ReportingService2005.ListSubscriptions(String Report, String Owner)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Reporting.ManagementGroupReporting.GetSubscriptions(String owner)
at Microsoft.EnterpriseManagement.Mom.Internal.UI.Reporting.Views.ReportSubscriptionsView.ReportSubscriptionsView.LoadSubscriptionsJob(Object sender, ConsoleJobEventArgs args)”
Hi Kevin,
Fantastic guide as always. I’ve run through it and have an install up and running as expected. I’m running into a problem where as soon as I remove BUILTIN\Administrators from the Administrator role (after ensuring admins have access via an AD group) the web console stops allowing any admins/users to login. The installed console works perfectly for those same admins/users. Re-adding BUILTIN\Administrators restores functionality of the web console.
Any thoughts on what’s happening here?
Cheers, Steve
For the record, removing NT AUTHORITY\SYSTEM which had also been added to the Administrator role at install time fixed this issue. I guess it’s related to #2 in the known issues above, although what we were seeing with the web console was the only apparent problem.
There does seem to be a known issue with SCOM on Windows Server 2022. On *SOME* servers with WS2022, Monitoringhost.exe will crash.
Application Error : EventID 1000
Faulting application name: MonitoringHost.exe, version: 10.22.10056.0, time stamp: 0x620207a1
Faulting module name: ntdll.dll, version: 10.0.20348.1607, time stamp: 0x43a90791
Exception code: 0xc0000409
Fault offset: 0x00000000000a39f6
Faulting process id: 0x1064
Faulting application start time: 0x01d97fb8e2c5d893
Faulting application path: C:\Program Files\Microsoft System Center\Operations Manager\Server\MonitoringHost.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Health Service : EventID 1103
Summary: *** rule(s)/monitor(s) failed and got unloaded, *** of them reached the failure limit that prevents automatic reload. Management group “******”. This is summary only event, please see other events with descriptions of unloaded rule(s)/monitor(s).
Health Service : EventID 4000
A monitoring host is unresponsive or has crashed. The status code for the host failure was 2164195371.
Crashes in the MonitoringHost are related to the feature Hardware-enforced Stack Protection based on Intel’s Control-flow Enforcement Technology (CET).
You can disable “Hardware-enforced Stack Protection” for the MonitoringHost.exe process, via this PowerShell command:
Set-ProcessMitigation -Name MonitoringHost.exe -Disable UserShadowStack
Restart-Service -Name HealthService
Hallo Kevin, I have this exactly same issues happening in my 2019 Environment
Monitoring Environment: 2019 UR5
All the mentioned are appearing in my environment in recent times 2 months after applying UR5
Application Error : EventID 1000
Health Service : EventID 1103
Health Service : EventID 4000
All the management servers Going grey but workflows are running but state changes are false, and in database i have following reason code for all management servers i
49 Collection of Object State Change Events is stalled.
Management Server state from Health Service for all management server is showing grey and it keeps changing Healthy to Gray Gray to Healthy between them
Management Server Health Service Watcher Groups Showing Critical (Even though services were running)
I already opened a case with microsoft they suggested disabling some of noisy rules ane monitors but that didnt help , but i am very confident about your suggestion and wanted give it a try
Appreciate Your Reply
My suggestion in a reactive issue like this is always to open a support case – they are most skilled at resolving these types of issues.
I am having exactly the same issue after upgrading to SCOM 2022 CU1 and all hotfixes, not CU2. I have disabled some of the noise alerts but no use. Please let us know what Microsoft support suggested to resolve the issue. Looks like this is a kind of bug in the build and is hugely affecting the SCOM environment Thank you.
I am having exactly the same issue after upgrading to SCOM 2022 CU1 and all hotfixes, not CU2. I have disabled some of the noise alerts but no use. Please let us know what Microsoft support suggested to resolve the issue. Looks like this is a kind of bug in the build and is hugely affecting the SCOM environment Thank you.
Does SCOM support monitoring asp.net core applications
No, it does not.
Did anyone else have issues with the 2022 install on SQL instance config with manually creating the firewall rules for the sqlbrowser and sqlsrver processes? I created the rules and was able to connect with SSMS from management station and SimplySQL Powershell from the OM1 server but still got the error “the installed version of sql server could not be verified or is not supported…”.
Finally got past by just disabling the firewall completely on the DB1 but don’t see any additional connections in netstat that would have been blocked.
Install issue of SCOM 2022 on Windows Server 2019 and SQL 2022. We are getting an error with PopulateUserRoles. Please let us know if you have any suggestions.
[15:25:27]: Error: :PopulateUserRoles: failed : Threw Exception.Type: System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UserRoleUserUnresolvedException], Exception Error Code: 0x80131501, Exception.Message: The creator of this fault did not specify a Reason.
[15:25:27]: Error: :StackTrace: at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.GetSid(String userRoleId, String userName)
at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthManager.ValidateUserRoleUsers(Result urUpsertResult, ICollection`1 urUserUpsertResults, List`1 urUsers, List`1 urUserSids)
at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthManager.UpsertUserRoles(ICollection`1 urUpsertResults, ICollection`1 urScopeUpsertResults, ICollection`1 urViewScopeUpsertResults, ICollection`1 urTaskScopeUpsertResults, ICollection`1 urConsoleTaskScopeUpsertResults, ICollection`1 urTemplateScopeUpsertResults, ICollection`1 urDashboardReferenceScopeUpsertResults, ICollection`1 urUserUpsertResults)
at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AuthorizationService.UpsertUserRolesV2(ICollection`1 urUpsertResults, ICollection`1 urScopeUpsertResults, ICollection`1 urViewScopeUpsertResults, ICollection`1 urTaskScopeUpsertResults, ICollection`1 urConsoleTaskScopeUpsertResults, ICollection`1 urTemplateScopeUpsertResults, ICollection`1 urDashboardScopeUpsertResults, ICollection`1 urUserUpsertResults)
at Microsoft.Mom.Sdk.UserRoleSetup.ImporterSetup.ProcessUserRoles(XmlElement root, SortedList`2 sortedProfileNodes, String adminRoleGroup, String sdkAccount, InstallTypes installType, Boolean overwriteExistingUsers)
at Microsoft.Mom.Sdk.UserRoleSetup.ImporterSetup.Import(String adminRoleGroup, String sdkAccount, InstallTypes installType, Boolean overwriteExistingUsers)
at Microsoft.Mom.Sdk.UserRoleSetup.SetupProgram.populateUserRoles(String adminRoleGroup, String sdkAccount, InstallTypes installType, String installDirectory, Boolean overwriteExistingUsers)
at Microsoft.EnterpriseManagement.OperationsManager.Setup.ServerConfiguration.PopulateUserRoles(String adminRoleGroup, String sdkAccount, String installDirPath)
[15:25:27]: Error: :FATAL ACTION: PopulateUserRoles
[15:25:27]: Error: :FATAL ACTION: DatabaseActions
This is almost always caused by TLS. You likely have policy disabling TLS 1.0 (which is good) but are missing the prerequisites for TLS supported SQL drivers:
For SCOM 2016 and later (always with latest Update Rollup), we recommend that customers use these specific SQL drivers which support TLS 1.2:
MS OLE DB Driver 18.6.6: https://go.microsoft.com/fwlink/?linkid=2238605
ODBC Driver 17.10.4.1: https://go.microsoft.com/fwlink/?linkid=2239168
Thank you for getting back to me so quickly. Does it have to be those versions specifically? We have ODBC 18.1.2.1 and OLE 19.2.0.0 installed.
Hi Kevin,
In previous articles you always mentioned that you have to wait at least one hour before applying Update Rollups.
I don’t see that in this article anymore. Has something changed in such way that you can apply those right away?
I still recommend that. It is not critical, however, there are scripts running in the background, and I generally feel it is better to wait about an hour for the SCOM management groups discoveries, and any special SQL processes to settle down before attempting an Update Rollup, simply because the UR’s contain SQL scripts and new discoveries of their own. I dont know of any single one specific issue that is known to break by applying a UR too soon, this was more of a general best practice to remove unknown variables.
Hi Kevin,
Does SCOM benefit from Hyperthreading being enabled either on the SCOM Server or the SQL Backend?
trying to find a PRO’s and CON’s list, also do the hyperthreading options differ if running on a physical or virtual environment.
Hi Kevin,
We installed all with GMSA accounts and its working fine accept reporting. in the quick start you say:
Enter in the DOMAIN\SCOMDAS and DOMAIN\SCOMREAD account when prompted. You MUST input the same account here that you used for the OM DW Reader account when you installed the first management server.
But now i’ll find a Microsoft article
https://learn.microsoft.com/en-us/system-center/scom/support-group-managed-service-accounts?view=sc-om-2022
that says
Group Managed Service Accounts (gMSAs) are not supported as a SQL report server service account for Data reader account.
How to solve this? How can i change the somread gmsa account that i first used?
Hi Kevin
We have successfully installed SCOM 2022 environment in my lab, the issue is after the successful installation, the Management server is showing as Not Monitored and we got the error in the event viewer as “A monitoring host is unresponsive or has crashed, the status code for the host failure was 2164195371”. Event ID : 4000.
Kindly someone help here…
All the account were created and added to the admin group in AD, setup the DB and installed the SCOM 2022 setup in Windows 2022 server as suggested.
A curly one for you Kevin.
say you have a unsealed MP and you want to import it from management group A to B as part of your deployment
so you export and try and import as you have numerous others successfully…
except it complains that a management pack (exchange 2010) is referenced by this MP and its not on management group B. you look at the xml and there Is no reference to any exchange management packs. you close console and reopen…. now it references two exchange management packs (xml still shows zero references to exchange)
SCOM 2022 Agent upgrade seems to have deleted C:\WINDOWS\system32\msvcr120.dll on our Servers. Has anyone else encountered this issue?
i am getting the below error after moveing the DB from Local to AOG :
after i did all this which in Microsoft site :
https://learn.microsoft.com/en-us/system-center/scom/manage-sqlserver-communication?view=sc-om-2022
OpsMgr Management Configuration Service failed to execute bootstrap work item ‘ConfigurationDataProviderInitializeWorkItem’ due to the following exception
System.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified)
at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource`1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection)
at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource`1 retry, DbConnectionOptions userOptions)
at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource`1 retry)
at System.Data.SqlClient.SqlConnection.Open()
at Microsoft.EnterpriseManagement.ManagementConfiguration.DataAccessLayer.ConnectionManagementOperation.Execute()
at Microsoft.EnterpriseManagement.ManagementConfiguration.DataAccessLayer.DataAccessOperation.ExecuteSynchronously(Int32 timeoutSeconds, WaitHandle stopWaitHandle)
at Microsoft.EnterpriseManagement.ManagementConfiguration.CmdbOperations.CmdbDataProvider.Initialize()
at Microsoft.EnterpriseManagement.ManagementConfiguration.Engine.ConfigurationDataProviderInitializeWorkItem.ExecuteWorkItem()
at Microsoft.EnterpriseManagement.ManagementConfiguration.Interop.ConfigServiceEngineWorkItem.Execute()
ClientConnectionId:00000000-0000-0000-0000-000000000000
Error Number:-1,State:0,Class:20
We work with small volumes (<1000MB) holding mountpoints for DATA, LOG and Backup. I could not find a parameter for setup.exe to skip the checks. Is there any option to skip the DB size checks?