Jaa


OpsMgr 2012: a quickstart deployment guide

There is already a very good deployment guide posted on TechNet here:  https://technet.microsoft.com/en-us/library/hh457006.aspx  The TechNet deployment guide provides an excellent walkthrough of installing OpsMgr 2012 for the “all in one” scenario, where all roles are installed on a single server.  That is a very good method for doing simple functionality testing and lab exercises.

The following article will cover a basic install of System Center Operations Manager 2012 as well.   The concept is to perform a limited deployment of OpsMgr, only utilizing as few servers as possible, but enough to demonstrate the new roles and capabilities in OM2012.  For this reason, this document will cover a deployment on 3 servers. A dedicated SQL server, and two management servers will be deployed.  This will allow us to show the benefits of the RMS removal, and the management server pools concepts.  This is to be used as a template only, for a customer to implement as their own pilot or POC, or customized deployment guide. It is intended to be general in nature and will require the customer to modify it to suit their specific data and processes.

This also happens to be a very typical scenario for small environments for a production deployment.  This is not an architecture guide or intended to be a design guide in any way. This is provided "AS IS" with no warranties, and confers no rights. Use is subject to the terms specified in the Terms of Use.

Definitions:

  • MS - Management Server
  • SRS - SQL reporting services

Server Names\Roles:

  • DB01          SQL 2008 R2 Database Services, Reporting Services
  • OMMS1    Management Server, Web Console server
  • OMMS2    Management Server

 

Windows Server 2008 R2 SP1 Enterprise edition will be installed as the base OS for all platforms.  All servers will be a member of the AD domain.

SQL 2008 R2 ENT edition with SP1 will be the base standard for all database and SQL reporting services.  (Note:  SP1 is not technically required, however it is strongly recommended to always apply the latest *supported* SP and CU to SQL when deploying.)

High Level Deployment Process:

1.  In AD, create the following accounts and groups, according to your naming convention:

  • DOMAIN\OMAA                 OM Server action account
  • DOMAIN\OMDAS               OM Config and Data Access service account
  • DOMAIN\OMWRITE          OM Reporting Write account
  • DOMAIN\OMREAD            OM Reporting Read account
  • DOMAIN\SQLSVC               SQL 2008 service account
  • DOMAIN\SCOMAdmins   OM Administrators security group

2.  Add the “OMAA” account and the “OMDAS” account to the “SCOMAdmins” global group.

3.  Add the domain user accounts for yourself and your team to the “SCOMAdmins” group.

4.  Install Windows Server 2008 R2 SP1 to all server role servers.

5.  Install Prerequisites and SQL 2008.

6.  Install the Management Server and Database Components

7.  Install the Reporting components.

8.  Deploy Agents

9.  Import Management packs

10.  Set up security (roles and run-as accounts)

 

Prerequisites:

1.  Install Windows Server 2008R2 SP1 to all Servers

2.  Add the .NET 3.5.1 feature to windows. Use the Server Manager UI, or use PowerShell:

Open PowerShell (as an administrator) and run the following:

Import-Module ServerManager

<then>

Add-WindowsFeature NET-Framework-Core

3.  Install .NET 4.0 to all servers

4.  Install the Report Viewer controls to all Management Servers. Install them from https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6442

5.  Install all available Windows Updates.

6.  Join all servers to domain.

7.  Add the “SCOMAdmins” domain global group to the Local Administrators group on each server.

8.  Install IIS on any management server that will also host a web console:

Open PowerShell (as an administrator) and run the following:

Import-Module ServerManager

<then>

Add-WindowsFeature NET-Framework-Core,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth -Restart

9. Install SQL 2008 R2 to the DB server role

  • Setup is fairly straightforward. This document will not go into details and best practices for SQL configuration. Consult your DBA team to ensure your SQL deployment is configured for best practices according to your corporate standards.
  • Run setup, choose Installation > New Installation…
  • When prompted for feature selection, install ALL of the following:
    • Database Engine Services
    • Full-Text Search
    • Reporting Services
  • Optionally – consider adding the following to ease administration:
    • Business Intelligence Development Studio (for custom report development)
    • Management Tools – Basic and Complete (for running queries and configuring SQL services)
  • On the Instance configuration, choose a default instance, or a named instance. Default instances are fine for testing and labs. Production clustered instances of SQL will generally be a named instance. For the purposes of the POC, choose default instance to keep things simple.
  • On the Server configuration screen, set SQL Server Agent to Automatic. Click “Use the same account for all SQL Server Services, and input the SQL service account and password we created earlier.
  • On the Collation Tab – make sure SQL_Latin1_General_CP1_CI_AS is selected, as that is the ONLY collation supported.
  • On the Account provisioning tab – add your personal domain user account or a group you already have set up for SQL admins. Alternatively, you can use the OMAdmins global group here. This will grant more rights than is required to all OMAdmin accounts, but is fine for testing purposes of the POC.
  • On the Data Directories tab – set your drive letters correctly for your SQL databases, logs, TempDB, and backup.
  • On the Reporting Services Configuration – choose to install the native mode default configuration. This will install and configure SRS to be active on this server, and use the default DBengine present to house the reporting server databases. This is the simplest configuration. If you install Reporting Services on a stand-alone (no DBEngine) server, you will need to configure this manually.
  • Setup will complete.
  • Apply SQL 2008 R2 SP1.
  • The update is very straightforward. Accept the defaults and update all features. When complete, reboot the SQL server.

Step by step deployment guide:

 

1.  Install the Management Server role on OMMS1. You can also refer to: https://technet.microsoft.com/en-us/library/hh301922.aspx

  • Log on using your personal domain user account that is a member of the SCOMAdmins group.
  • Run Setup.exe
  • Click Install
  • Select the following, and then click Next:
    • Management Server
    • Operations Console
    • Web Console
  • Accept or change the default install path and click Next.
  • You might see an error from the Prerequisites here. If so – read each error and try to resolve it. Common errors:
    • Report Viewer controls are not installed. Install them from https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6442
    • ISAPI/ASP.NET errors. This can happen if you install .NET 4.0 as part of your OS build, but then add the IIS role later. Simply run the following command to resolve, from an elevated command prompt: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -i -enable
  • On the Proceed with Setup screen – click Next.
  • On the specify an installation screen – choose to create the first management server in a new management group.  Give your management group a name. Don’t use any special or Unicode characters, just simple text. Click Next.
  • On the Database Configuration screen, enter in the name of your SQL database server name and instance. In my case this is “OMDB”. Leave the port at default unless you are using a special custom fixed port.  If necessary, change the database locations for the DB and log files. Leave the default size of 1000 MB for now. Click Next.
  • On the data warehouse database screen, input the servername, instance, and if necessary change path locations as on the previous screen. Click Next.
  • On the Web Console screen, choose the default web site, and leave SSL unchecked. If you have already set up SSL for your default website with a certificate, you can choose SSL.  Click Next.
  • On the Web Console authentication screen, choose Mixed authentication and click Next.
  • On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS, DOMAIN\OMREAD, and DOMAIN\OMWRITE accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
  • Choose Yes or No to send Customer Experience and Error reports.
  • Click Install.
  • Close when complete.
  • The Management Server will be very busy (CPU) for several minutes after the installation completes. Before continuing it is best to give the Management Server time to complete all post install processes, complete discoveries, configuration, etc. 10 minutes is typically sufficient.

 

2.  Install the second Management Server on OMMS2. You can also refer to: https://technet.microsoft.com/en-us/library/hh284673.aspx

  • Log on using your domain user account that is a member of the SCOMAdmins group.
  • Run Setup.exe
  • Click Install
  • Select the following, and then click Next:
    • Management Server
    • Operations Console
  • Accept or change the default install path and click Next.
  • Resolve any issues with prerequisites, and click Next.
  • Choose “Add a management server to an existing management group” and click Next.
  • Input the servername\instance hosting the Ops DB. Select the correct database from the drop down and click Next.
  • On the accounts screen, choose Domain Account for ALL services, and enter in the unique DOMAIN\OMAA, DOMAIN\OMDAS accounts we created previously. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
  • Choose Yes or No to send Customer Experience and Error reports.
  • Click Install.
  • Close when complete.

 

3.  Install OM12 Reporting on the SQL server. You can also refer to: https://technet.microsoft.com/en-us/library/hh298611.aspx

  • Log on using your domain user account that is a member of the SCOMAdmins group, and has System Administrator (SA) rights over the SQL instances.
  • Run Setup.exe. Click Install.
  • Select the following, and then click Next:
    • Reporting Server
  • Accept or change the default install path and click Next.
  • Resolve any issues with prerequisites, and click Next.
  • Type in the name of a management server, and click Next.
  • Choose the correct local SQL reporting instance and click Next.
  • Enter in the DOMAIN\OMREAD account when prompted. It is a best practice to use separate accounts for distinct roles in OpsMgr, although you can also just use the DOMAIN\OMDAS account for all SQL Database access roles to simplify your installation. Click Next.
  • Choose Yes or No to send ODR information to Microsoft. This is very important to assist Microsoft in getting good information to help improve the product.
  • Click Install.
  • Close when complete.

 

4.  Deploy an agent to the SQL DB server.

 

5.  Import management packs. Also refer to: https://technet.microsoft.com/en-us/library/hh212691.aspx

  • Using the console – you can import MP’s using the catalog, or directly importing from disk.  Note – some MP’s should only be imported from disk.
  • Import the Base OS and SQL MP’s at a minimum.

 

6.  Create a dashboard view:

 

7.  Manually grow your Database sizes and configure SQL

  • When we installed each database, we used the default of 1GB (1000MB). This is not a good setting for steady state as our databases will need to grow larger than that very soon.  We need to pre-grow these to allow for enough free space for maintenance operations, and to keep from having lots of auto-growth activities which impact performance during normal operations.
  • A good rule of thumb for most deployments of OpsMgr is to set the OpsDB to 30GB for the data file and 15GB for the transaction log file. This can be smaller for POC’s but generally you never want to have an OpsDB set less than 10GB/5GB.  Setting the transaction log to 50% of the DB size for the OpsDB is a good rule of thumb.
  • For the Warehouse – you will need to plan for the space you expect to need using the sizing tools available and pre-size this from time to time so that lots of autogrowths do not occur.

 

8.  Continue with optional activities from the Quick Start guide on TechNet:

 

9.  Enable Agent Proxy

I prefer to simply enable agent proxy for all agents.  You can do this by running a script on a schedule, either via scheduled task, Orchestrator, or embed into a management pack.

https://blogs.technet.com/b/kevinholman/archive/2010/11/09/how-to-set-agent-proxy-enabled-for-all-agents.aspx

Comments

  • Anonymous
    January 01, 2003
    @Keith - Right on the money - assuming you wanted to use DOMAINomaa as the run as account for AD publishing.  I'd recommend using the same account as your Management Server Action Account, however, this is not required.  You could use a distinct account for this purpose if needed for some reason.

  • Anonymous
    January 01, 2003
    Hi Kevin, currently I am running SCOM 2007 R2 CU4 as a single management group with two management servers. I am building a brand new SCOM 2012 CU1 with 4 VMs and a physical SQL server.  My question is since I am not upgrading my existing SCOM2007R2 environment, will I be able to move my Data Warehouse DB from 2007 r2 to SCOM 2012 and run the upgrade on it? If yes what steps do I need to follow without impacting my existing 2007 r2 production scom environment? We have almost two year worth of historical data in our data warehouse that can’t lose at any cost…please advice!

  • Anonymous
    January 01, 2003
    Very useful, thank you.  With Server 2012 you need to add one additional feature to you Add-WindowsFeature command NET-WCF-HTTP-Activation45 At least that was my experience with SCOM 2012 SP1 and Server 2012

  • Anonymous
    January 01, 2003
    Working on it!

  • Anonymous
    January 01, 2003
    I think we know what is the issue like. Ops 2012 doesn't like shared SQL instance which is used by another application. angOps 2012 requires its own SQL named isntance for OpsMananger and DW databases and same case foor Reporting Services.

  • Anonymous
    January 01, 2003
    @merwindz - SQL 2012 is not supported.  That is coming in SP1.

  • Anonymous
    January 01, 2003
    Where can I download SCOM 2012 RTM version?

  • Anonymous
    January 01, 2003
    Hi guys, I am in the final stage of testing SCOM2012 (Evaluation). My test environment  is 1 Management server, 1 server  with all the "SCOM" databases, 1 Reporting server including the reporting database and 7 other servers which are monitored. Everything is working fine. For me its time to write down my testresults and to present it to the IT staff. There is one final challenge: Management  wants that  all the System logs and Application logs from the Event Viewer  from all the Windows Servers must be monitored in SCOM2012. SCOM2012 must collect all the Event/Application logs in real time Only the critical and or errors will be collected ofcourse.. I really think that is not the purpose of SCOM , especially when it will be in production for some 200+ servers. I think this will generate to much traffic and will be difficutl to implement. So is there anybody out there who also use SCOM to read out the  Event Viewer  from monitored servers?? Regards, Marlon

  • Anonymous
    January 01, 2003
    Handy Work for step by step guide. Awesome.

  • Anonymous
    January 01, 2003
    Sorry, I meant do say SCOM 2012 reporting installation on SQL 2008 R2. social.technet.microsoft.com/.../e9dfccb2-6f5b-4598-8d11-38d5d1074a1e

  • Anonymous
    January 01, 2003
    Thanks for sharing, very useful!

  • Anonymous
    January 01, 2003
    I believe Graham Davies answered my question: social.technet.microsoft.com/.../79f281ea-5842-494c-8c46-b8f0231a5fe2

  • Anonymous
    January 01, 2003
    Tx, Kevin Your blog has been a great help for setting up a new testenvironment. I will present my results to the IT staff Ciao

  • Anonymous
    January 01, 2003
    Alex - you'd have to give me more data than "failed". :-) For starters - this guide is ancient history. The current one for SCOM 2012 R2 is at http://blogs.technet.com/b/kevinholman/archive/2013/10/18/opsmgr-2012-r2-quickstart-deployment-guide.aspx

  • Anonymous
    January 01, 2003
    @William - Active Directory is required.

  • Anonymous
    January 01, 2003
    Hi, Should SQL2008R2 SP2 be used now instead of SP1 ? Thx, John Bradshaw

  • Anonymous
    January 01, 2003
    Sam - you see my old EDS documentation style, eh?

  • Anonymous
    January 01, 2003
    Hi, I get the following error when I setup the SQL 2012 reporting? Does anyone have any clue about the error? Event xmlns="schemas.microsoft.com/.../event">

  • <System>  <Provider Name=".NET Runtime" />  <EventID Qualifiers="0">1026</EventID>  <Level>2</Level>  <Task>0</Task>  <Keywords>0x80000000000000</Keywords>  <TimeCreated SystemTime="2012-10-12T09:47:34.000000000Z" />  <EventRecordID>54322</EventRecordID>  <Channel>Application</Channel>  <Computer>hostname</Computer>  <Security />  </System>
  • <EventData>  <Data>Application: SetupChainerUI.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException Stack: at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupValidationHelpers.ForceSqlServiceToRunningState(System.String) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupValidationHelpers.GetSQLLoginNameList(System.String, System.Nullable1&lt;Int32&gt;) at Microsoft.EnterpriseManagement.OperationsManager.Setup.Common.SetupValidationHelpers.OverrideAccountWithSQLUserLogin(System.String ByRef, System.String ByRef, System.String, System.Nullable1<Int32>) at Microsoft.SystemCenter.Essentials.SetupFramework.AccountsInformationPage.ValidateAccount(Boolean, System.String, System.Security.SecureString, Boolean, Boolean, System.String, System.Nullable`1<Int32>, Boolean ByRef, System.String ByRef) at Microsoft.SystemCenter.Essentials.SetupFramework.AccountsInformationPage.OnNextFinalValidationsDoWork(System.Object) at System.Threading.ExecutionContext.runTryCode(System.Object) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()</Data>  </EventData>  </Event>
  • Anonymous
    January 01, 2003
    @Marlon - You are correct - SCOM is not designed as an event collector/aggregator, to collect ALL events in an event log. HOWEVER - it is possible/feasible to do this - for application and system events - only if they meet some criteria, such as critical, etc.  Only you will be able to determine if this is sustainable... based on the number of events.  If the number of events per second is low, you should be able to handle this for 200 servers, which is a very small environment.  

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    May 03, 2012
    Thank's for sharing

  • Anonymous
    May 07, 2012
    Very nice quick and dirty walk-through! The links for "Deploy an agent to the SQL DB server", "Import management packs", and "Create a dashboard view" no longer work, though. Can you point us to the updated links?

  • Anonymous
    May 24, 2012
    The comment has been removed

  • Anonymous
    May 26, 2012
    Ah yes.  It has your name all over it. Good job!!

  • Anonymous
    May 26, 2012
    BTW:  Per the msg I sent you Thursday there's no need to get back to me yet.  Let me first digest some of the pointers and tips you articulated so well in this blog.  If I have further questions I'll let you you know. But thanks again for sharing your thoughts.

  • Anonymous
    May 30, 2012
    Any hints on what to do when an upgrade from a cluster 2007 R2 RMS does wrong? or at least in my case fails the prereqs due to devices still claiming to report to the RMS but the only thing the DB shows reporting to the RMs are the secondary management servers.

  • Anonymous
    June 11, 2012
    I am trying to add second management server but getting below error even though Data Access service is running on other management server. Error- Setup was unable to to connect to a management server in this management group. Please make sure that the Data Access service is running on at least one management server in this management group.

  • Anonymous
    June 14, 2012
    the guide is awesome i just used it to deploy the scom 2012 in our organization. Thanks

  • Anonymous
    June 27, 2012
    The page technet.microsoft.com/.../hh205985.aspx is no longer available.

  • Anonymous
    August 02, 2012
    Thanks for the article Kevin.  If I want to create an AD services container for the management group would l use the following syntax according to your example? MOMADAdmin.exe   <ManagementGroupName> DOMAINSCOMAdmins DOMAINOMAA DOMAIN I understand the syntax accoring to the SCOM 2012 documentation reads the following and am trying to get clarification on the <MOMAdminSecurityGroup> and < RunAsAccount>. <path>MOMADAdmin.exe <ManagementGroupName> <MOMAdminSecurityGroup> < RunAsAccount> <Domain> technet.microsoft.com/.../hh212738

  • Anonymous
    August 23, 2012
    Kevin - While installing SCOM 2012, I'm selecting 'Add a Management server to an existing management group' but the 'Operations Manager' DB is not listed for the selected SQL instance. It does not give any error but just won't list anything in the drop down. The respective account is part of 'OpsMgrAdmins' group and also 'sysadmin' on that SQL instance. Its SQL Server 2008 R2 SP1 with CU6 and its server collation is SQL_Latin1_General_CP1_CI_AS What could be the issue and how can we enable logging to determine the cause?

  • Anonymous
    March 15, 2013
    Maybe you can help clear up some questions regarding the Required Accounts for me. It is a bit frustrating for me as I try to map out my install using the documentation provided. Management server action account: This account is used to carry out actions on monitored computers across a network connection. Permissions: To save time, specify a domain-based account. We recommend that you create an account for this purpose that has local administrative credentials. You should not use an account that has domain administrative credentials.  - My Comment: This does not really state where the local admin rights should be. It leaves me to assume but it is not clear. It sounds as if it might be needed on all systems being monitored. I am told this is only needed on the MS. Data Warehouse Write account: and has logon rights for the computers hosting both the operational database and the reporting data warehouse.  - My Comment Am I to assume local users group? I have even seen this account given admin rights on the DB server in some posts. Data Reader Account: and Management Server logon rights. My Comment -  Am I to assume local user on all MS? How is it that the technical documentation can be so ambiguous? Does Microsoft expect me to buy book or rely on the user community? Perhaps they could just CLEARLY state what they are looking for with some examples… I have a link to the original document and a summary of the document. The SQL portion seems failrly clear.

  • Anonymous
    March 15, 2013
    One other thought In a production environment wouldn't It makes sense to separate a SCOMInfastructureAdmins separate from SCOMAdmins? As the Authoring Console requires Admin rights it would seem as if some SCOM admins would not necessarily need Local Admins on the infrastructure servers. Thanks for taking the time to write this document and field questions.

  • Anonymous
    March 27, 2013
    What's a typical strategy to roll out agents and management packs into an enterprise environment?

  • Anonymous
    April 08, 2013
    Hi Kevin, I would like to know if SCOM 2012 can be deployed into an environment that has only LDAP? If it is possible, will there be any limitations to what SCOM can do and what is the workaround for an LDAP environment deployment? Thanks, William.

  • Anonymous
    April 30, 2013
    This is excellent. Thanks so much! Just what I needed.

  • Anonymous
    October 18, 2013
    Hi Holman, I am following a single server deployment of operations manager,i created separate instance for both operational database and data warehouse(reporting),when i tried to install report server,it shows the  error,the installed version of sql server is not supported, verify that the computer and installed version of sql server meet the minimum requirements for installation.however i am using MSSQL 2012 SP1. any help will be thankfull Regards, Nikhil

  • Anonymous
    November 06, 2013
    Had a question.  Our AD Domain has a root domain and five child domains.  When installing SCOM on a server, does it matter what domain that server is a member of.  I would like to install SCOM on a server that is a member of one of the child domains and still be able to manage objects in the other child domains.  I that possible. Any advice appreciated.

  • Anonymous
    November 06, 2013
    @Al - As long as you are in the same AD forest - you are good to go.  The SCOM agent simply needs to authenticate via Kerberos - which is forest wide.  it is only when you cross a forest boundary that you need to consider gateways/certificates here.

  • Anonymous
    November 11, 2013
    Kevin - Thanks that is what I am looking for.

  • Anonymous
    November 27, 2013
    Thanks Kevin! I am actually using your notes to install SCOM 2012 on Windows 2012 R2 and SQL Server 2012. Very few differences so far except .NET 4.0 is native on the servers and the Business Intelligence in SQL Server 2008 R2 is renamed to Data Tools. Will let you know if successful.

  • Andre
  • Anonymous
    November 27, 2013
    Good day guys please I'm having an issue with installing SCOM2012 i have managed to join the two servers but I cannot still get SCOM to communicate with my SQL Server. I just doesnt wanna install. please help

  • Anonymous
    January 01, 2014
    Pingback from OpsMgr 2012: a quickstart deployment guide – Kevin Holman's … - FunLand.ORGfree.Com

  • Anonymous
    January 21, 2014
    Kevin, your post has been a great guide to start deployment of SCOM 2012 R2 + SQL2012 , but the installation is still failed in the beginning, can u give me ur suggestion plz , and i don't have problem with the prerequisites ,

  • Anonymous
    January 29, 2015
    Hi Kevin,

    Could you let me how much time (ideal) does it take to plan & deploy SCOM ?

    Thanks in advance!