Powershell Commands to configure Gateway Server / Agent Failover
UPDATE: Some of these commands have been changed for OpsMgr 2012, so I’ve created updated scripts at the bottom of this post that should work in 2012.
I’ve assisted a few customers with configuring Gateway Servers/Agents for failover lately, so I figured I’d post the commands that I use for this.
Why do we need to configure failover servers for Gateway Servers and Agents?
When an Agent is installed and configured to report to a Management Server, it is automatically configured to fail over to ANY other Management Servers. So, if its assigned Management Server goes down, it will randomly pick any other Management Server in the Management Group to connect to (this could actually be a bad thing for large Management Groups, because some Agents will end up reporting to the RMS, which can cause performance problems….but that’s for a separate blog post).
When an Agent is installed and configured to report to a Gateway Server, no failover servers are automatically configured. So, if the Gateway Server goes down, the Agents will not be able to send any data to the Management Group.
Also, when a Gateway Server is installed, it is configured to report to a specific Management Server and no failover is automatically configured. So, if the Gateway Server’s Management Server goes down, the Gateway Server cannot send any data to the Management Group.
To handle the above scenarios, we must configure the Gateway Server to be able to connect to additional Management Servers, and we must configure the Gateway Agents to be able to connect to additional Gateway Servers. This cannot be done in the OpsMgr Console, and must be done with PowerShell commands.
Notes:
If a Gateway Server is in a Domain that is not trusted by the Domain where OpsMgr is installed, then you will be using Certificates for the Gateway to authenticate with it’s Management Server. If you configure the Gateway to be able to fail over to another Management Server, it (the failover Management Server) must also have an authentication Certificate installed and configured.
For the Gateway Agent Failover, if the Agents/Gateway are in a Domain that is not trusted by the Domain where OpsMgr is installed, then the Gateway Server that is used for Agent failover must be installed in this same domain (and must have an authentication Certificate installed and configured).
Here are the PowerShell commands that I use to configure and verify failover servers for Gateway Servers and Agents:
OpsMgr 2007:
Commands to configure Gateway Server Failover:
This first set of commands can be used to configure ALL Gateway Servers to use a specific Management Server as their Primary MS, and another Management Server for failover. Replace PRI_MS.DOMAIN.COM and FAILOVER_MS.DOMAIN.COM with the names of the Primary and Failover Management Servers in your environment.
#Set all Gateway Servers to use PRI_MS and Primary and FAILOVER_MS as Failover
$primaryMS = Get-ManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'}
$failoverMS = Get-ManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'}
$gatewayMS = Get-ManagementServer | where {$_.IsGateway -eq $true}
Set-ManagementServer -GatewayManagementServer: $gatewayMS -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS
This next set of commands can be used if you have several Gateway Servers and don’t want them to all use the same Primary Management Server. You specify the Gateway Server name (GATEWAY.DOMAIN.COM), the Primary Management Server Name (PRI_MS.DOMAIN.COM), and Failover Management Server name (FAILOVER_MS.DOMAIN.COM).
#Set specific Gateway Server to use PRI_MS and Primary and FAILOVER_MS as Failover
$primaryMS = Get-ManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'}
$failoverMS = Get-ManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'}
$gatewayMS = Get-ManagementServer | where {$_.Name –eq 'GATEWAY.DOMAIN.COM'}
Set-ManagementServer -GatewayManagementServer: $gatewayMS -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS
Commands to verify Gateway Server Failover:
After configuring the Gateway Server failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Gateway Server and its Primary and Failover Management Servers:
#Display Primary and Failover Management Servers for all Gateway Servers
$GWs = Get-ManagementServer | where {$_.IsGateway -eq $true}
$GWs | sort | foreach {
Write-Host "";
"Gateway MS :: " + $_.Name;
"--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName;
$failoverServers = $_.getFailoverManagementServers();
foreach ($managementServer in $failoverServers) {
"--Failover MS :: " + ($managementServer.ComputerName);
}
}
Write-Host "";
Commands to configure Gateway Agent Failover:
The commands for the Gateway Agent Failover will get all Agents that report to a specified Gateway Server and configure them to be able to failover to another Gateway Server. Replace GATEWAY_1.DOMAIN.COM with the name of the Primary Gateway Server, and replace GATEWAY_2.DOMAIN.COM with the name of the Failover Gateway Server.
#Agents reporting to GATEWAY_1 - Failover to GATEWAY_2
$primaryMS = Get-ManagementServer | where {$_.Name –eq 'GATEWAY_1.DOMAIN.COM'}
$failoverMS = Get-ManagementServer | where {$_.Name –eq ' GATEWAY_2.DOMAIN.COM'}
$agent = Get-Agent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'}
Set-ManagementServer -AgentManagedComputer: $agent -PrimaryManagementServer: $primaryMS -FailoverServer: $failoverMS
Commands to verify Gateway Agent Failover:
After configuring the Gateway Agent failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Agent that reports to GATEWAY_1.DOMAIN.COM and its Primary and Failover Gateway Servers:
#Verify Failover for Agents reporting to GATEWAY_1
$Agents = Get-Agent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'}
$Agents | sort | foreach {
Write-Host "";
"Agent :: " + $_.Name;
"--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName;
$failoverServers = $_.getFailoverManagementServers();
foreach ($managementServer in $failoverServers) {
"--Failover MS :: " + ($managementServer.ComputerName);
}
}
Write-Host "";
OpsMgr 2012:
Commands to configure Gateway Server Failover:
This first set of commands can be used to configure ALL Gateway Servers to use a specific Management Server as their Primary MS, and another Management Server for failover. Replace PRI_MS.DOMAIN.COM and FAILOVER_MS.DOMAIN.COM with the names of the Primary and Failover Management Servers in your environment.
#Set all Gateway Servers to use PRI_MS and Primary and FAILOVER_MS as Failover
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'}
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'}
$gatewayMS = Get-SCOMManagementServer | where {$_.IsGateway -eq $true}
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -PrimaryServer: $primaryMS
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -FailoverServer: $failoverMS
This next set of commands can be used if you have several Gateway Servers and don’t want them to all use the same Primary Management Server. You specify the Gateway Server name (GATEWAY.DOMAIN.COM), the Primary Management Server Name (PRI_MS.DOMAIN.COM), and Failover Management Server name (FAILOVER_MS.DOMAIN.COM).
#Set specific Gateway Server to use PRI_MS and Primary and FAILOVER_MS as Failover
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq 'PRI_MS.DOMAIN.COM'}
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'FAILOVER_MS.DOMAIN.COM'}
$gatewayMS = Get-SCOMManagementServer | where {$_.Name –eq 'GATEWAY.DOMAIN.COM'}
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -PrimaryServer: $primaryMS
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -FailoverServer: $failoverMS
Commands to verify Gateway Server Failover:
After configuring the Gateway Server failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Gateway Server and its Primary and Failover Management Servers:
#Display Primary and Failover Management Servers for all Gateway Servers
$GWs = Get-SCOMManagementServer | where {$_.IsGateway -eq $true}
$GWs | sort | foreach {
Write-Host "";
"Gateway MS :: " + $_.Name;
"--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName;
$failoverServers = $_.getFailoverManagementServers();
foreach ($managementServer in $failoverServers) {
"--Failover MS :: " + ($managementServer.ComputerName);
}
}
Write-Host "";
Commands to configure Gateway Agent Failover:
The commands for the Gateway Agent Failover will get all Agents that report to a specified Gateway Server and configure them to be able to failover to another Gateway Server. Replace GATEWAY_1.DOMAIN.COM with the name of the Primary Gateway Server, and replace GATEWAY_2.DOMAIN.COM with the name of the Failover Gateway Server.
#Agents reporting to GATEWAY_1 - Failover to GATEWAY_2
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq 'GATEWAY_1.DOMAIN.COM'}
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'GATEWAY_2.DOMAIN.COM'}
$agent = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'}
Set-SCOMParentManagementServer -Agent: $agent -PrimaryServer: $primaryMS
Set-SCOMParentManagementServer -Agent: $agent -FailoverServer: $failoverMS
Commands to verify Gateway Agent Failover:
After configuring the Gateway Agent failover, you’ll want to verify the configuration. The following PowerShell commands will output the name of each Agent that reports to GATEWAY_1.DOMAIN.COM and its Primary and Failover Gateway Servers:
#Verify Failover for Agents reporting to GATEWAY_1
$Agents = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq 'GATEWAY_1.DOMAIN.COM'}
$Agents | sort | foreach {
Write-Host "";
"Agent :: " + $_.Name;
"--Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName;
$failoverServers = $_.getFailoverManagementServers();
foreach ($managementServer in $failoverServers) {
"--Failover MS :: " + ($managementServer.ComputerName);
}
}
Write-Host "";
Comments
Anonymous
January 01, 2003
What you will need to do here is first set the Failover MS to nothing...do this by using a server name that does not exist: $failoverMS = Get-SCOMManagementServer | where {$_.Name –eq 'FAKE_SERVER_NAME.DOMAIN.COM'} Now, run the "Verify" commands to verify that the Primary MS is still the same and the Failover MS is empty. Now proceed with the original commands to set Primary/Failover. There may be a better way to do this, but this is what I came up with in my lab and it seemed to work as expected...test on one of the GWs first to verify.Anonymous
January 01, 2003
Thanks Jonathan and Joe....I've updated the OpsMgr 2012 command to use -PrimaryServer and use separate lines for setting primary and failover.Anonymous
January 01, 2003
That would work, but even if you keep the GWs pointed at the primary during the upgrade, they will failover to the secondary whenever they can't connect to the Primary.Anonymous
January 01, 2003
How many MS/Gw can be configured as failover? Do we have any limit for this ?Anonymous
January 01, 2003
As long as the failover Management Server is configure to use a cert and the Health Service is loading it without error, then you should be fine. You only need to run the Gateway Approval Tool once (this allows the gateway to communicate with the management group and is not management server-specific). The easiest way to verify is to stop the health service on the primary MS and let the gateway fail over to the other one and verify that it works.Anonymous
January 01, 2003
The PowerShell commands can be run from any computer that has the SCOM Command Shell installed...it does not need to be run from an Agent. I usually use one of the Management Servers.Anonymous
January 04, 2012
The comment has been removedAnonymous
October 02, 2012
From what I can tell it looks like the Set-SCOMParentManagementServer now has the Primary and Failover switches in separate parameter sets; so each would need to be run independentlyAnonymous
October 02, 2012
The comment has been removedAnonymous
October 03, 2012
Excellent post!Anonymous
March 05, 2013
How do I configure failover on an agent where PowerShell is not available. For example if PowerShell is not already installed. By default the SCOM agent does not appear to install any PowerShell cmdlets.Anonymous
March 22, 2013
I have 2 MS and 6 GW that all report to primary MS (MS1) . I configured my gateways to primary (MS1) and secondary management servers (MS2) few days back. Now , we need to spread the load of GW half to MS1 as their primary ( for which MS2 would be failover) and remaining half to MS2 as their primary (for which MS1 would be failover) . Can we do this? If I run the command for this configuration I get the error "the failover MS can not be the same as primary". I belive this is due to my earlier configuration where we had all GW reporting to MS1 as primary and MS2 as secondary . How can I now distribute the GW load equally between 2 management server ? Help ..!!Anonymous
April 01, 2013
Yes , indeed it worked .. thanks . I have 2 MS in my environment and 4 GW's . All my GW are connected to Primary MS and secondary as failover. I am planning to upgrade scom 2012 to SP1 , would this approach work , if I don't need monitoring to be hampered at any point in time : Move all GW to secondary MS and then patch Primary , reboot etc . Then move all GW's back to primary MS and patch secondary MS . Let me know your thoughts on this.Anonymous
December 16, 2013
In the first part of this blog post series I introduced the ...Anonymous
March 26, 2014
Is there a way to find out what the failover host(s) are set to on the agent side? Is it hiding in the registry or somewhere else?Anonymous
April 04, 2014
Hi Harper,
As u said after giving a fake server name there was no fail over server,my doubt if i changed the primary management server using power shell command whether it will get communicated with its new management server,because in one article i read "An issue that occurs if there is not a fail over server set up already for the Gateway Server and you change the Primary Server programmatically is that the Gateway Server becomes orphaned due to the Gateway Server still trying to connect to it’s previous Primary Server, since the Gateway Server does not receive it’s new configuration before the Management Servers and therefore the Management Server rejects the Gateway Server’s connection."Anonymous
May 07, 2014
The comment has been removedAnonymous
March 04, 2015
Hi,
We are plannin to configure failover MS for our GW servers. So just wanted to check would the GW's start reporting back to the Primary MS once the Primary MS is back online?Anonymous
March 02, 2016
The comment has been removed