Menu Close

SCOM 2022 – QuickStart Deployment Guide

image

There is already a very good deployment guide posted on Microsoft Docs here:  https://docs.microsoft.com/en-us/system-center/scom/deploy-overview

The following article will cover a basic install of System Center Operations Manager 2022.   The concept is to perform a limited deployment of SCOM, only utilizing as few servers as possible, but enough to demonstrate the roles and capabilities in SCOM.  For this reason, this document will cover a deployment on 3 servers. A dedicated SQL server, and two management servers will be deployed.  This will allow us to show the benefits of high availability for agent failover, and the highly available resource pool concepts.  This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not a detailed architecture guide nor intended to displace the need for a complete and thorough design guide.

Server Names\Roles:

  • DB1           SQL Database Services, Reporting Services
  • OM1         Management Server Role, Web Console Role, Console
  • OM2         Management Server Role, Web Console Role, Console

Windows Server 2022 will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2019 CU16 will be the base standard for all database and SQL reporting services.

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

  • DOMAIN\SCOMAA                 OM Server Action Account
  • DOMAIN\SCOMDAS               OM Config and Data Access Account
  • DOMAIN\SCOMREAD             OM Datawarehouse Reader Account
  • DOMAIN\SCOMWRITE            OM Datawarehouse Write Account
  • DOMAIN\SCOMAdmins          OM Administrators security group
  • DOMAIN\SQLSVC                  SQL Service Account

2.  Add the SCOMAA, SCOMDAS accounts to the “SCOMAdmins” global group.

3.  Add the domain user accounts for yourself and your SCOM Admin team to the “SCOMAdmins” group.

4.  Install Windows Server 2022 to all server role servers.

5.  Install Prerequisites and SQL 2019 CU16.

6.  Install the Management Server and Database Components

7.  Install the Reporting components.

8.  Deploy Agents

9.  Import Management packs

10.  Set up security (roles and run-as accounts)

 

Prerequisites:

1.  Install Windows Server 2022 to all Servers.

2.  Join all servers to domain.

3.  OPTIONAL:  If your organization enforces TLS 1.2, you must ensure the prerequisites for TLS 1.2 have been met on all Management Servers.  TLS 1.2 from Microsoft Docs

5.  Install all available Windows Updates to ensure the servers are patched and secure.

6.  Add the “SCOMAdmins” domain global group to the Local Administrators group on each server INCLUDING the SQL server used for Reporting.

7. Install IIS on any management server that will also host a web console:

Open PowerShell (as an administrator) and run the following:

Add-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth -Restart

Note:  The server needs to be restarted at this point, even if you are not prompted to do so.  If you do not reboot, you will get false failures about prerequisites missing for ISAPI/CGI/ASP.net registration.

8. Install SQL 2019 CU16 to server DB1

  • Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
  • Run setup, choose Installation > New SQL Server stand-alone installation…

image

  • When prompted for feature selection, install ALL of the following:
    • Database Engine Services
    • Full-Text and Semantic Extractions for Search

image

  • Note:  Reporting Services is not part of SQL DB Engine install.  This is a separate download, we will cover that later.
  • On the Instance configuration, choose a default instance, or a named instance.
  • On the Server configuration screen, set SQL Server Agent to Automatic.  You can accept the defaults for the service accounts, but I generally recommend using a Domain account for the service account.  You should do whatever your DBA standards are here.  Input the DOMAIN\SQLSVC account and password for SQL Server Agent, and SQL Server Database Engine.
  • Check the box to grant Volume Maintenance Task to the service account for the DB engine.  This will help performance when auto-grow is needed.

image

  • On the Collation tab – you should leave the default which is SQL_Latin1_General_CP1_CI_AS
  • On the Server Configuration tab – ADD your personal domain user account and/or a group you already have set up for SQL admins.
  • On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
  • Choose Install, and setup will complete.
  • You will need to disable Windows Firewall on the SQL server, or make the necessary modifications to the firewall to allow all SQL traffic.  See:  Configure Firewall for SQL
  • When you complete the installation – you might consider also downloading and installing SQL Server Management Studio Tools from: DOWNLOAD SQL Management Studio

9.  Apply SQL 2019 CU16 (or whatever the latest Cumulative update available is).  SCOM 2022 only supports SQL 2019 with CU8 or later and we STRONGLY recommend installing the latest CU.  At the time of this article being written, CU16 was the latest.

  • There are no special instructions for CU16, simply apply the update accepting defaults.
  • REBOOT the SQL server.

 

SCOM Step by step deployment guide:

1. Install the Management Server role on server named OM1.

  • Log on using your personal domain user account that is a member of the SCOMAdmins domain global group, and has “sysadmin” role level rights over the SQL instance.
  • Run Setup.exe (AS AN ADMINISTRATOR)
  • Click Install
    • If you see a message about not having administrator rights, make sure you run Setup.exe “as an administrator”
  • Select the following, and then click Next:
    • Management Server
    • Operations Console
    • Web Console
  • Accept or change the default install path and click Next.
  • You might see an error from the Prerequisites here. If so – read each error and try to resolve it.
  • On the Proceed with Setup screen – click Next.
  • On the specify an installation screen – choose to create the first management server in a new management group.  Give your management group a name. Don’t use any special or Unicode characters, just simple text.  KEEP YOUR MANAGEMENT GROUP NAME SHORT AND SIMPLE, and DO NOT put version info in there.  I typically use “SCOM1” as this is short, simple, and readily expandable in the future to additional management groups. Click Next.
  • Accept the license.  Next.
  • On the Configure the Operational Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1.domain.com”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
  • On the Configure the Data Warehouse Database screen, enter in the name of your SQL database server name and instance. In my case this is “DB1.domain.com”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
  • On the Web Console screen, choose the Default Web Site, and leave SSL unchecked. If you have already set up SSL for your default website with a certificate, you can choose SSL, or configure this later.  Click Next.
  • On the Web Console authentication screen, choose Mixed authentication and click Next.
  • On the accounts screen, change the accounts to Domain Account for ALL services, and enter in the unique DOMAIN\scomaa, DOMAIN\scomdas, DOMAIN\scomread, DOMAIN\scomwrite accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation (Data Access, Reader, and Writer accounts). Click Next.
  • On the Diagnostics and Usage Data – click Next.
  • On the Microsoft Update screen – choose OFFNext.
  • Click Install.
  • Close when complete.  Don’t worry if you see the Management Server have a yellow warning.  That’s just a reminder to license SCOM as it always installs as EVAL.

2.  (Optional)  Install the second Management Server on server named OM2.

  • Log on using your domain user account that is a member of the SCOMAdmins group, and has System Administrator (SA) role rights over the SQL instances.
  • Run Setup.exe
  • Click Install
  • Select the following, and then click Next:
    • Management Server
    • Operations Console
    • Web Console
  • Accept or change the default install path and click Next.
  • Resolve any issues with prerequisites, and click Next.
  • Choose “Add a management server to an existing management group” and click Next.
  • Accept the license terms and click Next.
  • Input the servername\instance hosting the existing Ops DB. Select the correct database from the drop down and click Next.
  • Accept the Default Web Site on the Web Console page and click Next.
  • Use Mixed Authentication and click Next.
  • On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\scomaa and DOMAIN\scomdas accounts we created previously.  Click Next.
  • On the Diagnostic Data screen – click Next.
  • On the Microsoft Update screen – choose OFFNext.
  • Click Install.
  • Close when complete.

3.  (Optional) Install SCOM Reporting Role on the server named DB1.

  • Log on using your domain user account that is a member of the SCOMAdmins group, and has ”sysadmin” role level rights over the SQL instance.
  • Install SQL 2019 Reporting Services
    • Download SQL 2019 Reporting Services from DOWNLOAD
    • Run SQLServerReportingServices.exe
    • Select “Install Reporting Services
    • Input a product key for your license.  (You can get your key by running setup from your SQL database media – make sure you use STD or ENT edition whichever you choose to deploy)
    • Accept the License agreement
    • Install Reporting Services Only
    • Choose a Path, and select Install
    • Choose “Configure report server”.  You must immediately configure the Report Server.
    • Connect to the local server
    • Select “Web Service URL” and click Apply
    • Select “Database” and click “Change Database
    • Action:  Create a new report server database and click Next
    • Database Server:  Click Test Connection then click Next
    • Database: Accept “ReportServer” for default name and click Next
    • Credentials: Accept default Service Credentials and click Next
    • Summary:  Click Next, then Finish when completed.
    • Select “Web Portal URL” and click Apply
    • Select “Email Settings” and configure your SMTP server and a return address in order to be able to use emailed reports in SCOM, and click Apply.
    • Now that configuration is done, click Exit
  • Validate SSRS is working:
    • Open a Web Browser on the server.
    • Browse to http://localhost/reports/
    • You MUST see an empty “Home” screen before continuing to install SCOM reporting role.
  • Install SCOM Reporting Role on the SSRS SQL server
    • Locate the SCOM media. Run Setup.exe (AS AND ADMINISTRATOR).
    • Click Install.
    • Check the box for Reporting Server and click Next
    • Accept or change the default install path and click Next.
    • Resolve any issues with prerequisites, and click Next.
    • Accept the license and click Next.
    • Type in the FQDN of a management server, and click Next.
    • Choose the correct local SQL reporting instance and click Next.
    • Enter in the DOMAIN\SCOMDAS and DOMAIN\SCOMREAD account when prompted.  You MUST input the same account here that you used for the OM DW Reader account when you installed the first management server.  Click Next.
    • On the Diagnostic Data screen – click Next.
    • Turn Microsoft Updates OFF for SCOM, Next.
    • Click Install.
    • Close when complete.
  • Configure Report extensions
    • Open SQL Management Studio on a server where you have this installed, or install it locally.
    • Connect to Reporting Services and type in DB1 for the server name.
    • Right Click DB1 and choose properties.
    • Select Advanced
    • Scroll down to “AllowedResourceExtensionsForUpload
    • Add “*.*” to the end of the list of allowed extensions.

You have a fully deployed SCOM Management group at this point.

Open/Reopen the SCOM consoles, ensure you have a Reporting tab now, and within an hour you should see reports populated in the console.

Look for any health issues or alerts, and review the SCOM event logs on both management servers for errors or warnings.

 

Known / Common issues:

1.  When using SSRS 2019, you might see errors on a management server for event ID 31567 with description “Failed to deploy reporting component to the SQL Server Reporting Services server” and “extension is not allowed”.  This is because of a security restriction in SSRS.  The workaround is to open SQL Management Studio, connect to your Reporting Services instance, open the Properties of the instance, Advanced, and add *.* to the list for “AllowedResourceExtensionsForUpload

     

     

    image

    What’s next?

    Once you have SCOM up and running, these are some good next steps to consider for getting some use out of it and keep it running smoothly:

    1.  Configure SCOM Security

    • You must add your SCOMAdmins Global group to allow “Log on as a service” right on Management Servers, in order to push agents.  https://kevinholman.com/2019/03/14/security-changes-in-scom-2019-log-on-as-a-service/
    • Add your SCOMAdmins Global Group to the SCOM Administrators User Role.  Ensure you, your team, and the SCOM DAS and Action accounts are members of this group FIRST.  Then, remove BUILTIN\Administrators from the Operations Manager Administrators – User Role, to secure your SCOM installation.

    2.  Apply the latest Update Rollup.

    • At the time of this blog posting there is not Update Rollup for SCOM 2022.  You should always find and apply the most current CUMULATIVE update rollup.

    3.  Set SCOM License.

    4.  Optimize SQL Server for growth and performance

    • Make sure you SQL server data, log, and TempDB files are on a disk that is formatted with a 64 KB Allocation Unit size.  Best practices
    • Pre-size the OpsDB:  When we installed each database, we used the default of 1GB (1000MB). This is not a good setting for steady state as our databases will need to grow larger than that very soon.  We need to pre-grow these to allow for enough free space for maintenance operations, and to keep from having lots of auto-growth activities which impact performance during normal operations.  A good rule of thumb for most deployments of OpsMgr is to set the OpsDB to 50GB for the data file and 25GB for the transaction log file. This can be smaller for POC’s/LAB’s but generally you never want to have an OpsDB set less than 10GB/5GB.  Setting the transaction log to 50% of the DB size for the OpsDB is a good rule of thumb.
    • Pre-size the Data Warehouse:  You will need to plan for the space you expect to need using the sizing tools available and pre-size this from time to time so that lots of smaller auto-growths do not occur.  The sizing helper is available at:  DOWNLOAD.  You do not need to pre-size out terabytes of space, but there is nothing wrong with growing the DB manually a couple hundred gigs if you KNOW you will be using that much space soon.
    • Limit SQL MAX memory reserving memory for the OS.
    • Set Power Management plan in OS to “High Performance”
    • (Optional) Create a high performance TempDB: (This is already configured by default in SQL 2016 and later) Optimizing TempDB Performance
    • (Optional) Optimize MAXDOP: Optimizing MAXDOP
    • If you have a SQL Always On scenario – the secondary replicas need a SQL script run on them: https://kevinholman.com/2017/08/27/scom-2016-event-18054-errors-in-the-sql-application-log/

    5.  Set up SQL maintenance jobs.

    6.  Configure Data Warehouse Retention.

    7.  Optimize your management servers registry

    8.  Enable Agent Proxy as a default setting

    9.  Configure Administration Settings per your requirements:

    • Database Grooming
    • Automatic Alert Resolution
    • Heartbeat configuration (modify only if required)
    • Manual Agent Installs (Reject, Review, or Accept)

    10.  Backup Unsealed Management packs

    • You need to set this up so that in case of a disaster, or an unplanned change, you will have a simple back-out or recovery plan that wont require a brute force restore of your databases.  I have seen this save many a customer’s bacon when they had this available, and cause them great pain when it wasn’t.
    • https://kevinholman.com/2017/07/07/scom-2012-and-2016-unsealed-mp-backup/

    11.  Deploy an agent to the SQL DB server.

    • This process has not changed from OpsMgr 2012, so you would use the typical mechanism to push or manually install. You can also refer to: SCOM Agent Deployment
    • You could also deploy any additional agents at this point.

    12.  Import management packs.

    13.  Configure Notifications:

    14.  Deploy Unix and Linux Agents

    15.  Configure Network Monitoring

    16.  Configure SQL MP RunAs Security:

    17.  Continue with optional activities from the Quick Reference guide:

    18.  (Optional) Configure your management group to support APM monitoring.

    19.  (Optional) Deploy Audit Collection Services

    20.  Learn MP authoring.

    10 Comments

    1. Stefan

      Thank you Kevin for this great article! You helped a newbie successfully setting up his first SCOM environment.

      Best regards
      Stefan

    2. Hung

      I have installed SCOM 2022.
      The first thing that makes SCOM 2022 not usable is the fact that the SCOM 2022 agent needs to have .net 3.5 or .net 4.7.2. A lot of our servers don’t have .net or don’t have the version mentioned.

      Regards
      Hung

      • Kevin Holman

        Thanks for your feedback. I am sending this to the product group.

        You are correct, in SCOM 2019 we required simply “Microsoft .NET Framework 3.5 or later.” which was easy to meet – since that version or higher would be present in any supported OS. I am trying to find out why we now require .NET 3.5 -AND- 4.7.2 or higher.

    3. Aditi Prakash

      Hi Kevin,

      We are in a phase to upgrade SCOM. The version we currently hold is SCOM 2016 and would like to upgrade to SCOM 2022. Knowing in place upgrade is not allowed.We would like to go for side by side migration. Could you please post a guide for this?

      • Kamil

        IMO is not good practice upgrade from 2016 to 2019 and the same SCOM instance upgrade to 2022. Better option will be create new SCOM 2022 instance and connect agents in multihomming. After you can decommisioned old instance. It’s save.

    Leave a Reply

    Your email address will not be published.