Compartilhar via

OpsMgr 2012 R2 – QuickStart Deployment Guide

  • Artigo

<!--[if lt IE 9]>

<![endif]-->

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    @Jon -

    Great question. However, as these are new features in Windows 2008R2 and later (and require domain/forest levels to support those), there is no support for MSA's or GMSA's in SCOM 2012. I'd imagine we will see support for GMSA's in the future as they grow in popularity.

    As to having distinct accounts per server.... the SDK account is used across multiple servers, it is not only assocuiated with a specific server, but it is used to access web console connections to an SDK, for the SDK to access SQL, for connector servers/Orchestrator to access the SDK, etc. Tying a service account down to a singular server seems a bit archaic, but I do understand different companies have unique security requirements. I do know that you can use different accounts for each management server's OMAA, I imagine you can also use different OMDAS accounts as well, this would just get a bit uglier with security access to the database, etc. You might be plotting some new ground, as most of my customers want to simplify and use fewer service accounts to have to deal with.

  • Anonymous
    January 01, 2003
    @Najam -

    You can remove SCOM 2007 R2 whenever you are ready to cut over to SCOM 2012R2 as production. Then once this step is complete, you can uninstall SCOM 2007 or just shut down/retire those servers, whatever is your normal process for server lifecycle. On the agents, you need to use the agent scripting objects to remove the additional management group:

    http://blogs.technet.com/b/kevinholman/archive/2014/01/29/using-the-agent-scripting-objects-on-a-scom-2012-agent.aspx

  • Anonymous
    January 01, 2003
    @Manaf - yes. Use gateways with certificates. This is covered in the product documentation on TechNet.

  • Anonymous
    January 01, 2003
    You should look at the OpsMgr Sizing helper for 2012. For a management group with 500 agents, and 100 network devices, you can place both the SCOM OpsDB and Warehouse in the same SQL instance. For SCCM - it will depend on the number of clients. Is SCCM being deployed only for targeting these servers, or will it be targeting the desktop environment? If for servers only, I'd split the DW and OpsDB in different instances and share the SCCM DB with the DW as you originally planned. If SCCM will be used for desktops as well, and good performance is needed, I might consider dedicating a SQL instance for SCCM DB, and combining OpsDB and DW together per the sizing guide.

  • Anonymous
    January 01, 2003
    @Jared. Yes - you put the agent on both nodes of the cluster. We don't alert on failovers. We assume that is a healthy part of clustering. We alert when a resource group is not online.

  • Anonymous
    January 01, 2003
    @John -
    Yes - to move your "tweaks" over, simply export and then import all your self-created custom unsealed management packs from one management group into the other. The only problem with this, is often you bring over a lot of "garbage" where you had tweaks saved to the wrong places, or you have a bunch of overrides set in the past that are undocumented and nobody understands why, etc. So most customers tend to choose to recreate their core overrides in the new environment and look at this as an opportunity to "do it right" and document all the changes you make to the environment, and leave the old stuff behind. If you just want to forklift whatever you have in SCOM 2007 and move it all over, then by all means you just move the unsealed MP's over and you are done.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    November 21, 2013
    Hi Kevin, For a new customer (300+ servers) I must design a SCOM2012 environment. My SQL desgin will be  a SQL2012 database with OM and DW database, on the same SQL machine there will be a separate instance for the Report Database. For me the most "challenging" issue are the service accounts. I want to narrow it down as much as possible  so that I will have only 1 service account for all the SCOM operations. Instead of separate accounts for reporting, action accounts, sdk etcetera. Is this a good idea to have only one account or should I use the "old" way and create separate accounts for each service ? Regards, Marlon

  • Anonymous
    November 21, 2013
    Using a single service account is just fine.  Using multiple accounts is simply a best practice from the standpoint that each role needs different rights, and therefore should use a separate account from a security perspective.  However, there is no problem using a single service account for SCOM, for the MSAA, DAS, and reporting roles.  It isn't a "new" way or "old" way... it is simply broken apart for security best practices because many management groups and responsibilities can be widely distributed.  But especially for smaller environments, using a single account is fine and will not create any support issues.  You simply are granting more rights to a single account, which isn't necessary, but might simplify things for you or your customer.

  • Anonymous
    November 24, 2013
    While installing ReportServer, do we have to use Data reader account or DAS account. Kindly confirm. Regards, Sundar

  • Anonymous
    November 25, 2013
    Tx, Kevin I will discuss it with my manager and the customer, Regards, Marlon

  • Anonymous
    March 04, 2014
    You might want to add a stepp about configuring the SPN for the SDK service to the domain user account since that does not happen automatically. Even worse, it tries to register that SPN to the computer account which is a bug:

    https://blogs.technet.com/b/kevinholman/archive/2011/08/08/opsmgr-2012-what-should-the-spn-s-look-like.aspx

  • Anonymous
    March 04, 2014
    Can managed service accounts be used without issue? Also, do the OMAA & OMDAS account on each management server need to be the same account. Due to our security policy they would like to have an account tied to a specific server, so ideally we would have OMAA01 & OMDAS01 for mgmt server 1 and OMAA02 & OMDAS02 for mgmt server2, etc....

  • Anonymous
    March 04, 2014
    Great, thanks for the information. I would agree with your sentiment about multiple accounts...only wish I made the policies :).

    Thanks,

    Jon

  • Anonymous
    May 30, 2014
    Pingback from SCOM QUICK Install | config.re

  • Anonymous
    July 03, 2014
    Hi Kevin,

    I want to try to find out why I don’t have issues in Discovering Windows Computer when I use my user account instead of SCOM action account (DOMAINOMAA), since both are local administrator of the target server.
    Discovery only fails with DOMAINOMAA. With my user runs ok.

    Regards

  • Anonymous
    July 03, 2014
    Ok, I’ve found out where was the problem.

    DOMAINOMAA need to be Local Administrator of the SCOM Management Server. Add it to the Administrators Group and had the problem solved.
    I just don't know why SCOM didn't add it to the Administrators group when it was installed.

  • Anonymous
    July 04, 2014
    Is it possible to change the data reader and data writer account after the setup to use separate accounts when I installed scom to use the DAS account for data reader and data writer as well?

  • Anonymous
    September 23, 2014
    The comment has been removed

  • Anonymous
    September 24, 2014
    do we able to create 2 management server which shared the same clustered SQL DB ?

  • Anonymous
    September 26, 2014
    You can add in as many management servers as you want. During setup, you add to an existing management group.

  • Anonymous
    September 29, 2014
    The comment has been removed

  • Anonymous
    October 16, 2014
    Kevin, I have a question.
    Some people told me that the best practice to install MSSQL and OM is to run setup for:
    - Operation Manager using Run As different user account and use OM Server action account
    - MS SQL using Run As different user option and use SQLDB account (for Database Engine Service)

    Why? Could you please explain what is the clue?

  • Anonymous
    November 04, 2014
    The comment has been removed

  • Anonymous
    December 12, 2014
    by consulting the event log SQLPRD, I found several connection attempt fails with the admin of scom, there is there a problem with connectivity between Scom 2012 R2 SP1 & SQL. I think it is a right of access problem for the "admin Scom" or Harbor problem with sql.
    knowing that I use one account SCOM Service

  • Anonymous
    January 05, 2015
    Hi Kevin,

    I want to configure my existing SQL 2008 R2 cluster for SCOM 2012 R2 installation. Do you have any suggestions or guide mention somewhere?

  • Anonymous
    February 24, 2015
    Hi Kevin,
    I need your advice on this ......

    Have been provided a Single SQL Cluster which would be common for SCOM & SCCM.
    we are planning to have
    - on 1 instance SCOM DB
    - on another SCOM DW and SCCM DB....

    Could this be achieved? pros and cons if any?

    Thank you very much...

  • Anonymous
    February 24, 2015
    The comment has been removed

  • Anonymous
    March 02, 2015
    Hi Kevin,

    I wanted to know if it is possible to Monitor 2 non trusted forest with a single scom 2012 R2 setup?

    If yes, how to achieve this?

    Thank You.

  • Anonymous
    March 03, 2015
    I setup my SQL DB in a cluster everything is working great. In the document it says to Deploy an agent to the SQL DB server. In my case should I deploy to each server in the cluster? how will it handle alerts for the clustered servers example: you fail-over the cluster will that generate an event on the services stopping on the SQL server handing off the roles?

  • Anonymous
    March 03, 2015
    Thanks Kevin

  • Anonymous
    March 04, 2015
    The comment has been removed

  • Anonymous
    March 18, 2015
    Hi Kevin,

    Thanks for your contributions. Just lovin it :)

    I have upgraded the our SCOM 2007 R2 to SCOM 2012 R2 side by side. Now, how can I remove SCOM 2007 R2 from my environment completely?

    Note: All my agents are pointing to both SCOM 2007 and 2012.

  • Anonymous
    August 24, 2015
    In our infra we have 2 SCOM mgmt servers, 2 SQL servers (clustered) and 1 server for reporting. Is it possible to install reporting role in any one of the SQL servers ?

  • Anonymous
    August 24, 2015
    @Raghul -

    You would never install reporting on any clustered node. I am not sure what the question is.... if you have allocated 1 server for reporting, you would install reporting on that server.

  • Anonymous
    August 24, 2015
    Ya correct. Even though we have a dedicated server for reporting, installation of SSRS on that would require additional license, whereas if we install on the same SQL machine it would not require additional license. Hence the query.

  • Anonymous
    August 24, 2015
    There is no additional licensing required as long as you use System Center Standard edition. System Center licensing includes access to use SQL server standard edition as part of system center, as long as the SQL installation is dedicated to System Center products. It does not matter if you deploy 1 SQL or 10 SQL servers to support System Center deployment.

  • Anonymous
    September 04, 2015
    Hi Kevin, Thank you for a Great Post. One small issue I am facing is my Reporting Pane is blank when I access the SCOM console - remotely as well as from the Mgmt Servers. Went through numerous web searches but not able to find a solution. Will you be able to help. Thanks.

  • Anonymous
    September 04, 2015
    @Nirmal - blank reporting is normal for up to one hour. After that - if reports don't deploy, it usually means you missed a step in applying correct permissions as called by the document, or you have some odd security policy in your environment which is blocking some account access. You should review all the events on all management servers Operations Manager logs for failure clues.

  • Anonymous
    September 04, 2015
    Thanks Kevin for quick response. I have looked the OM logs. There is one service failure that I get which is then resolved right away automatically in about couple of minutes time...The error is "Report deployment process failed to request management pack list from SQL RS Server. The operation will be retried." The resolved event shows "Report deployment process successfully requested management pack list from SQL RS Server " Both events are logged under Data Warehouse category. Is there any specific security policy for particular account that I need to look into? Thanks.

  • Anonymous
    October 05, 2015
    Hi Kevin, I have issue with my newly SCOM 2012 R2 where my reporting on availability is only showing few clients from total clients that it monitor. Please advise what could be the rootcause here. Thanks.

  • Anonymous
    November 01, 2015
    Hi Kevin:

    Thank you for this and all of your information. Do you have any specific step by step guide to deploy ACS (SCOM 2012 R2)? If not, could you please refer to any?

  • Anonymous
    December 10, 2015
    Thanks Kevin,
    I have lot of agents showing as critical and greyed out as well as some showing as not monitored. Checking event log I can see ;lots of login failures.

    Login failed for user DOMAINSERVER$'. Reason: Could not find a login matching the name provided.

  • Anonymous
    April 25, 2016
    Hi Kevin,Can you please help me out?! I get to the same point Dale does, "setup could not connect to the sdk to retrieve the necessary information to validate this account". I have double checked the DAS access to the Database Engine, and all looks fine. Please help?

  • Anonymous
    April 25, 2016
    Hi Kevin, i am experiencing this error: setup could not connect to the sdk to retrieve the necessary information to validate this account. Please advise as to what the issue could be? Account is part of the local admin and domain admin group, is a sysadmin when referring to the Database Engine. But still i cannot install reporting on my SQL instance

    • Anonymous
      April 25, 2016
      My first thought would be firewall, or something odd like disabled remove registry service.
      • Anonymous
        April 25, 2016
        Hi Kevin,Remote registry is active on both servers, and firewalls are completely switched off. I can telnet to the SQL Server through port 1433 and i can telnet to the management server through port 5723. When doing the reporting server install on the SQL server, the error comes just after the pointing to the SQL Server instance, where you have to specify a service account with the appropriate rights.problem is the appropriate rights have already been assigned to the account im using, from Sysadmin rights in SQL, to local admin rights on both MS and SQL Server, to even domain admin rights. it just doesnt want to validate the account for some reason.
        • Anonymous
          September 13, 2016
          The comment has been removed
          • Anonymous
            September 13, 2016
            Piece of advice. If its a brand new setup, you are better off starting fresh. My first MS did generate some errors during setup but it still did install. But no matter what I did, could not configure Data Reader account to work with Report Server setup like I mentioned above.SECOND TIME AROUND IT WORKED!!!!Kapil Dham

  • Anonymous
    October 28, 2016
    The comment has been removed

    • Anonymous
      October 28, 2016
      The comment has been removed
      • Anonymous
        November 01, 2016
        Thank you for your feedback Kevin. I really appreciate it!

  • Anonymous
    February 02, 2017
    The comment has been removed

    • Anonymous
      February 02, 2017
      The comment has been removed
      • Anonymous
        February 02, 2017
        Afternoon,Wow, answers that questions, thank you again so much! When the original install was done in the lab, it used sql2008r2, so I wanted to update things a bit when I revived it.....how much of a performance/resource hit would I incur putting SRS on one of the two Mgmt Servers? Would it matter which mgmt server it went on? The lab environment only has 15-20 servers of varying OS and application.Also, to touch on the info regarding use of MSA'a/GMSA's, do you know if there is currently a plan for when these will be supported in SCOM configurations?Thanks again for all your great contributions and assistance!Tony
        • Anonymous
          February 02, 2017
          Resources are not a concern in a lab. SCOM is designed to support ALL roles on a single server for up to 250 agents. Doesnt matter which one you pick. There is no support for MSA/GMSA, and they are not supported for SCOM 2016 either. The reason for this was very low customer demand when we asked customers for what changes they wanted. GMSA's require an ad level and most customers were not using yet.

  • Anonymous
    April 02, 2017
    Hi Kevin,I have questions that hope you can help me. I'm using SCOM 2012 SP1 and want upgrade to SCOM 2016. I understand in-place upgrade is not support. Would it be make sense if:Install a new SCOM 2012 R2 Management server and join the existing domain of SCOM 2012 SP1In-place upgrade the SCOM 2012 R2 Management server to SCOM 2016?The above SCOM 2012 R2 and SCOM 2016 will use SQL Server 2014.Any comments are welcome.Much appreciated.ThxSylvian

  • Anonymous
    May 28, 2017
    The comment has been removed

  • Anonymous
    June 07, 2017
    Crisp & clear!! Again a great blog by you Kevin. Trust, I completed all my SCOM certifications just reading your blogs. Thanks for all your in depth knowledge on system tools.