Knallert: 2013

Thursday, November 28, 2013

MTUG: Presents Travis Wright - Automating datacenters and client management

Cireson is in Town and we got Travis Wright to hold a Session for MTUG OSLO.

This is going to be a great session on the following topics:

System Center Service Manager
Orchestrator (SMA)
Powershell
Azure

Join this session free session @ http://www.meetup.com/MTUG-System-Center/events/150733802/

Wednesday, November 27, 2013

Orchestrator: Problems with access to the Orchestrator Console after SP1 Upgrade?

Well.. Orchestrator SP1 has been around the block for a while now and I came across a weird thing the other day.

The customer had a problem with the Orchestrator console in their Runbook environment and got this message when trying to access the web console remote.

So I logged on to the Webservice Server (locally) and tested again..

Still no go...

It seemed like I did not have access to the directories. So I opened the IIS console and selected the
"Microsoft system center 2012 Orchetsrator Web service" site and selected [basic settings].
In the "Edit Site" I tested the settings to check that the results was valid.

The Test Connection failed on the Authorization, and saying that the account used could not access the installation directory. (Strange because my installation account has full permissions on the path).

Back in the edit Site again I could see that the "Microsoft system center 2012 Orchestrator Web service" site was linked to the DefaultAppPool and not the system Center Orchestrator Web Feature pool. (installed during installation).

So I changed it back to the right Application Pool and did the test.

Now the result was valid for both the tests.

On a remote computer I opened up the Orchestrator Web Console and it worked perfect again.

Monday, November 25, 2013

Orchestrator: Search for Text in a textfile with Regluar Expressions

Well I had a case the other day where I need to search for a username in a textfile and add the username as affected user in Service Manager. So I started to work on my plan on how to make this dynamic and bulletproof.

Here is a snip of the textfile:

The line that I am looking for is "Affected User: u2121" and my goal is to get only the u2121 id everytime the activity is run in different text files.

So how can I do this? Well then I remembered Regular expressions. What did Technet say on that subject again?

Regular expressions let you match a string to a pattern. The regular expression can contain a number of different elements that define the pattern.

Hmm... Pattern.. Interesting.. I know that all ID here start with a U and a chain of number like
u2121,u3434,u1414,u3535 and so on... So regular expressions it is

Affected user: u2121 was the text in the textfile. If the ID would have the following pattern in every textfile searched we can use a regular expression.

In the Search text I added u[1-9]+ and selected "Use regular expressions".

Then I did a test, and the matched text showed the ID in the textfile, Nice!.

So let's look at the text I searched for again. Well all ID started with a u then that would be my first search query. (Simple ;)

Then I know that the rest is numbers between 1-9. So I added [1-9] which means all between 1 and 9.

But the number of characters on the ID's was sometimes 4,5,6. so I added the + to the end to match all of them. Now it will find the ID either it is with 4,5,6 characters.

This was a quick intro in this and there are plenty of combinations to use. Check it out!

http://technet.microsoft.com/en-us/library/hh440535.aspx

Wednesday, October 23, 2013

Orchestrator: Changing the maximum number of simultanous Runbooks a Runbook Server can execute

Nice thing to know!
Changing the maximum number of simultanous Runbooks a Runbook Server can execute!

Great post!

http://www.kelverion.com/optimising-runbook-performance/

Friday, October 18, 2013

Orchestrator: Get Email Address of a SCSM user CI

When working with orchestrator there might come a day when you need the Email address of a SCSM user Object. This could be if you are going to used the Send Mail activity in a runbook.

When opening up a CI object in Service Manager we can see under the Notification tab that there is defined a SMTP address to the CI object. This is the address that SCSM will use when sending notifications in workflows and so on..

This is because this is a combination object to the user object. So to find the email address we need to do some powershell magic in the runbook to find the email address.

To find the email address in powershell, I will be using the SMLETS module extension that includes cmlets for managing Service Manager through PowerShell.

You can find this module on Codeplex:
http://smlets.codeplex.com/

Install the smlests on the Service Manager server.

The reason for this is that we do not want to have the Powershell module to be loaded on the Runbook server. So in order to use powershell against SCSM, we will use remote powershell.

The Runbook server will start a powershell session on the SCSM server by using remote powershell.

By default as you probably know, running remote powershell on a server is a no go. To do this you need to open up for remote management on servers.

1.Set-ExecutionPolicy RemoteSigned (depending on your security settings in the environment)

2.If Windows Remote Management (WinRM) is not installed and configured, WinRM scripts do not run and the Winrm command-line tool cannot perform data operations.

Command: Winrm quickconfig

http://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx

This can be performed in several ways based on your security policy.

Now when this is done, open a new runbook and select the "Run .Net Script" activity and add the following script:

$session = New-PSSession -ComputerName OSLWVSSM001L
Invoke-Command -Session $session -ScriptBlock {

Import-Module smlets
$Userdisplayname = "DISPLAYNAME OF THE USER "
$userpreferenceclass = Get-SCSMRelationshipClass -name system.userhaspreference
$class2 = get-scsmclass -name system.user$
$user = Get-SCSMObject -class $class2 -filter ”Displayname -eq $Userdisplayname”
$mail = (Get-scsmrelatedobject –smobject $user –relationship $userpreferenceclass | where{$_.displayname –match “smtp”}).targetaddress

}
$mail = Invoke-Command -Session $session -ScriptBlock { $mail }

Remove-PSSession $Session

The "DISPLAYNAME OF THE USER" needs to be gathered from a source. This could be a SCSM Get-Object activity, where the name is published to the .Net Activity.

The Displayname needs to match the display name of a CI user in SCSM, if not the script will fail in the lookup.

Then we need to publish the result to the next activity.

In this example the variable "mail" in the PS will be mapped to the Published Data called. "Email Address".

The Email address will now be available to use in a Send Mail activity.

Just to point it out! Editing directly in the ".Net activity" is not a preferred way of working with powershell in Orchestrator. The editor do not support CTRL -Z and gives you more trouble that good functionality. So working with the command in "Notepadd++ , "Powershell ISE" or another tool is a better approach.

Wednesday, October 9, 2013

Orchestrator: Integration Pack for PowerShell Script Execution 1.2

New Integration Pack for Powershell now available in version 1.2
View this Article on technet gallery by Charles Joy.
http://gallery.technet.microsoft.com/Orchestrator-Integration-438f9ece

This Integration Pack provides extended PowerShell Script Execution capabilities for the Orchestrator (executed from and against both x86 and x64 OSs).

For more information, please refer to the blog post announcement(s) for this contribution:

http://blogs.technet.com/b/privatecloud/archive/2013/10/01/automation-orchestrator-integration-pack-for-powershell-script-execution-version-1-2.aspx

http://blogs.technet.com/b/building_clouds/archive/2013/01/31/automation-orchestrator-integration-pack-for-powershell-script-execution.aspx

http://blogs.technet.com/b/charlesjoy/archive/2011/05/04/ois-integration-pack-for-powershell-script-execution-1-00.aspx

This Integration Pack adds the following activities to the Orchestrator:

Execute PS Script
Execute PS Script - Global

What's New?

New IP Connection - Authentication Method - CredSSP
New IP Global Connection / Activity Functionality - Get Host Name from Activity
New IP Activity Execution Option - Execute Asynchronously

NOTE: Much more detail is provided in both the associated blog post(s) and included documentation.

System Requirements

System Center 2012 Orchestrator (SP1+)
System Center 2012 Orchestrator Integration Toolkit (SP1)
Microsoft .NET 3.0 Framework
PowerShell 2.0+
winrm quickconfig command executed on local and target machines where PS Scripts will be executed
Enable-WSManCredSSP for Client and Server roles as needed if CredSSP functionality is desired

Included in the download (Orchestrator Integration Pack for PowerShell Script Execution 1.1.zip):

Integration Pack for PowerShell Script Execution 1.2 - User Guide.docx (updated documentation)
ExecutePS_1.2.oip (System Center 2012 SP1 – Orchestrator Integration Pack)

NOTE: Please Refer to the included User Guide for usage information.

Thursday, June 27, 2013

Orchestrator: Error deploying Service Manager IP to Runbook Servers

I have come across one thing that i thought was nice to mention here. I have been working with a customer that have only one runbook server that includes all the roles.

So the other day they needed to add a new runbook server "More horse power" to the solution.

So they installed the new server and deployed the new role from the "Deploy manager".

Select the server name and an account that has administrative privileges to install the Orchestrator runbook server role on the server.

On the "Deploy Integration Packs or Hotfixes" selected the "Service Manager 2012" integration pack.

In the logs the deployment of the Runbook server was successful, but the deployment of the integration pack the status was "Fatal error during installation".

Fatal error in my opinion sounds very bad. So I needed to find some more information about this "Fatal error"....

When you deploy new roles, hotfixes and IP in Orchestrator from the Deployment Manager, you can view the logs and see what happened during the installation.

Right click and select [View Deployment logs]

Every time you make a change to the roles or add a new feature, there is created a new log.

So I open up the log from the "Service Manager IP".

I searched through the log file and found this:

CAQuietExec: Microsoft (R) .NET Framework Assembly Registration Utility 2.0.50727.5420

CAQuietExec:

CAQuietExec: RegAsm : error RA0000 : Could not load file or assembly 'System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. The system cannot find the file specified.

CAQuietExec: Error 0x80070064: Command line returned an error.

CAQuietExec: Error 0x80070064: CAQuietExec Failed

When a log often contains "The system cannot find the specified file" it mean that something is missing and the version=3.5.0.0 gave me a clue..

.Net framework 3.5....

So I logged on to the server and installed the .Net 3.5 and hit the deployment button again.

This time the deployment was successful, or as we say in Norwegian "Herlig" (trans:Perfect/lovely).

Orchestrator: What's new in System Center Orchestrator R2?

Here is some information about what has been added to Orchestrator R2.

What’s New

The following new features are added in this release:

You can install the Service Management Automation web service and up to three runbook workers from System Center 2012 R2 Orchestrator Setup program. These can be used as part of the Windows Azure Pack for Windows Server configuration or to enable you to run runbooks and perform other automation tasks using Windows PowerShell cmdlets. For evaluation purposes, you should install a single runbook worker on the same computer as the web service.
Windows Server 2012 R2 is supported in this release.

New in System Center 2012 R2

System Center Integration Pack for Microsoft SharePoint

Updated in System Center 2012 R2

Windows Azure Integration Pack for Orchestrator in System Center 2012 SP1 and System Center 2012 R2

System Center Integration Pack for System Center 2012 Virtual Machine Manager.

Wednesday, June 26, 2013

Orchestrator: Runbook logs Part:1

When it comes down to logging in Orchestrator, sometimes you might be confused on where to find the different logs. In this post I will go through some of the logging options in Orchestrator, and where to find them.

When working with orchestrator there are different types of loges that will give you information about your environment.

Runbook Logs - Will give you information about your runbooks, status and behaviour of your runbook creations.

Activity Events - Show Statuses about your Orchestrator infrastructure.

Audit Trail - List information about other services that interact with orchestrator.

Trace logs - Troubleshoot the Orchestrator environment.

Now reading log files can be hard, when you are not using a logging viewer tool. There are many different types of log viewers out there that will help you in your search through the jungle of text.

After working with SCCM and CMTrace for a while, CMtrace is my new friend in the fight against log files.

You can find CMTrace in ConfigMgr 2012 SP1 Toolkit.

Installs to \Start Menu\Programs\Microsoft System Center 2012 SP1\Configuration Manager Toolkit
Is located in C:\Program Files (x86)\Configmgr 2012 Toolkit SP1\ClientTools"

http://www.microsoft.com/en-us/download/details.aspx?id=36213

Runbook Logs:

Real Time log:

Runbook generates logs when they are running. The Runbook Designer enables you to view both real-time log information and historic logs.

You can view the real-time log of a runbook on the Log tab in the Log pane of the Runbook Designer. The log has an entry for each running instance of the runbook and the time that it was started. This is real time logs!

If you expand this entry, you can view the activity that is currently running in the Runbook. Double-click the activity to view its details. If you have configured logging for the workbook to include Published Data, this information is included in the activity’s details.

Historic Log

You can view the historic log of a runbook on the Log History tab in the Log pane of the Runbook Designer.

This log has an entry for each completed instance of the runbook with its start and end times and completion status. If you double-click an entry, the Runbook Details dialog box opens that includes each activity in the runbook and its completion status.

Now if you need more information about the specific Runbook activities, you can double click on the event and the Runbook details the runbook activities will open up.

Default configuration in Orchestrator is not to include all published information in each activity, this would in a production scenario fill up the orchestrator database with logs. In a Development / test runbook you might need to see what is happening in the different stages of the runbook activities and see what is published in each activity.

So to turn logging on you need to do the following.

1. [Check Out] the Runbook

2. Right click on the runbook and Select [Properties]

3. In the logging pane enable both

"Store Activity specific Published Data"

"Store Common Published Data"

4. Click Finished when done.

Now the next time you run your runbook you will se that all the activities are showing their published data in the "Details" window.

Runbook Audit History

The Runbook Audit History tracks the changes to each activity in a runbook. This includes the user that made the change, the date and time that the change occurred, the activity that was changed, and the current and previous values of any changed properties. The audit history is maintained as long as the runbook exists and cannot be cleared.

You can view the "Runbook Audit History" on the Audit History tab of the Runbook Designer. The entries for the currently selected runbook will be displayed. Double-click an entry to open the "Details" dialog box where you can view a list of all activities that were part of the change. Select one of the entries to view the activity that was performed in addition to the old and new values of any properties that were changed.

So when looking at the "Audit History" you can see that we can track information about the changes made to the runbook.

When clicking on the activity we can se more details about the changes that were done.

Often there is more than one administrator making changes in your environment.

Then you as an administrator need more information about the changes that were done in a runbook. You can "enable required promt for comment" in the runbook.

"Enable required promt for comment" ensures that everyone who changes a runbook, have to add a comment when "Checking In" the runbook. The commnent is then added to the comment field in the "Audit History" tab.

Now to enable this click on [Options] in the menu bar and Select [Configure]

In the Configuration window, enable "Prompt for comment on check in" click [OK]

In part 2 I will go through Activity Events, Audit Trail and trace logs.

Link: Part 2

Tuesday, May 7, 2013

Orchestrator: Validate you Runbook Design

Ander Bengtsson at Contoso.se has created a really nice "Runbook Validator" for Your runbooks. Check out Anders's blog post.

http://contoso.se/blog/?p=2623

Friday, May 3, 2013

Orchestrator: Extend logging with Orchestrator Integration Pack for Standard Logging 1.2

The use of logging in Orchestrator Completes the overall quality of the runbooks. In order to get control over the logging take a look at the following Integration Pack

"Orchestrator Integration Pack for Standard Logging 1.2" it enables new opportunities for logging activities and status.

http://gallery.technet.microsoft.com/Orchestrator-Integration-4f796cb5

Monday, April 8, 2013

Orchestrator: Validate your runbook design

Great article from Anders Begntsson contoso.se on how to validate your Runbooks.
http://contoso.se/blog/?p=2524

Friday, April 5, 2013

Orchestrator: Monitoring Runbooks with Operation Manager 2012

When you have a large amount of Runbooks running in your environment. There may be a good plan to do some monitoring of the solution.

Microsoft has released a SCOM Management Pack for orchestrator:
http://www.microsoft.com/en-us/download/details.aspx?id=29269

But this management pack does not monitor the actual runbooks on the runbook server.

To be able to do that Infront has developed a free MP for Orchestrator that monitor the runbooks.

Check it out!

"The Infront System Center Orchestrator Management Pack is a FREE MP that allows you to monitor your Orchestrator Runbooks in System Center Operations Manager 2007 R2 or 2012. The native Microsoft MP provides monitoring for the Orchestrator server roles and architecture but it doesn't monitor your Runbooks. The free Infront System Center Orchestrator Management Pack fills in this gap by allowing you to monitor your Runbooks in SCOM. Register for the free MP"

http://www.infrontconsulting.com/software.php

Monday, March 18, 2013

Orchestrator: Password reset with Service manager self service Portal

Great article from Anders Bengtsson @contoso.se

http://contoso.se/blog/?p=3085

Thursday, February 28, 2013

Orchestrator: Problems with Orchestrator? check the System Center Orchestrator Engineering Blog

The

http://blogs.technet.com/b/orchestrator/

Wednesday, February 20, 2013

Orchestrator: SCSM Notify “Assigned To” User on Assignment Change with Orchestrator

Great article from Nathan Lasnoski.

http://blog.concurrency.com/infrastructure/scsm-notify-assigned-to-user-on-assignment-change-with-orchestrator/

Wednesday, February 13, 2013

Orchestrator: Export Runbooks!

I came across one thing the other day, when I was working on a runbook in my lab environment.
When I was finished with my runbook (very pleased with the result btw...:) So I did an export of the runbook and copied it to my USB drive.

When I imported the runbook in the Production environment, my runbook was all blank..... The import went to 100% but nothing there.. So I imported 10 times again and could not see where I had missed.... &/&(/&(/&/(&/%¤!!!

Then suddenly I remembered, did I check-in the runbook?.... No... (&(/&&%&/%&/!!!)

So that's my blog post of the day, check in the runbook With the changes then import / export will work smooth.....:)

Orchestrator: Read Line activity

Great overview over the Read line Activity usage.

Type the line numbers of the text that you want to read from the file that you specified.

· To specify a range of lines, use a hyphen: 1-3. This reads lines 1 to 3.

· To specify specific lines, use a comma: 5,7,9. This reads lines 5, 7, and 9.

· Combine the range and specific lines: 1-3,5,7,9. This reads lines 1 to 3, and lines 5, 7, and 9.

· To specify from a specific line to the last line of the file, type the line number, hyphen, and END: 4-END. This reads lines 4 to the last line of the file.

· To specify from a specific line to a line relative to the last line of the file, type the line number, hyphen, the less-than sign, and the line number relative to the end line: 4-END<3. If the file has 20 lines, this reads lines 4 to 17 from the file. <3 represents the third line from the end.

· To specify the last number of lines, type LASTLINES, colon, and the last number of lines that you want to delete: LASTLINES:10. This reads the last 10 lines of the file.

· Combine different types of operations: 1-5, 8, 10-END<20, LASTLINES:10. This reads lines 1 to 5, line 8, line 10 to the 20th line from the end, and the last 10 lines. Do not overlap lines or line ranges when combining operations. For example, 5-END, LASTLINES:10 fails because the 5-END operation already reads to the end, so the LASTLINES:10 operation cannot succeed because the lines are already read, and the activity fails.

Wednesday, January 30, 2013

Orchestrator: Building a log for your runbooks

Great article from Anders Begntsson on creating a database for Runbook logs.

http://contoso.se/blog/?p=2488

Tuesday, January 15, 2013

Orchestrator: Orchestrator Web console automatic logon

If your browser is configured for automatic logon, you are not prompted for a name and password. Your browser supplies this information automatically each time you connect to the Orchestration console.

To configure Internet Explorer for automatic logon

1.   In Internet Explorer, click Tools, and then click Internet Options. The Internet Options dialog box opens.

2.   On the Security tab, select Local intranet, and then click Custom Level.

3.   Scroll down to User Authentication, and under Logon, select Automatic logon only in Intranet zone. Click OK.

4.   In the Internet Options dialog box on the Security Settings tab, with Local intranet still selected, click Sites.

5.   Click Advanced.

6.   Type the URL of the Orchestration console server (for example, http://OrchSrv.contoso.com) in the Add this Web site to the zone box, and then click Add.

If the Require server verification (https:) for all sites in this zone is selected, you have to specify https for the address, and your web server has to be configured to support Secure Sockets Layer (SSL).

7.   Click OK for this and the remaining dialog boxes.

Orchestrator: Using System Center 2012 Orchestrator to create a new user in Office 365 from a Service Manager Service Request

http://seethruthecloud.com/using-system-center-2012-orchestrator-to-create-a-new-user-in-office-365-from-a-service-manager-service-request

Orchestrator: Upgrade to System Center SP1

http://technet.microsoft.com/en-us/library/jj900231.aspx

Warning
If you are planning to upgrade two or more System Center components, it is important to start by reading the guide Upgrade Sequencing for System Center 2012 SP1. The order in which you perform component upgrades is important. Failure to follow the correct upgrade sequence might result in component failure for which no recovery options exist. The affected System Center components are: Orchestrator Service Manager Data Protection Manager (DPM) Operations Manager Configuration Manager Virtual Machine Manager App Controller

Warning

If you are planning to upgrade two or more System Center components, it is important to start by reading the guide Upgrade Sequencing for System Center 2012 SP1. The order in which you perform component upgrades is important. Failure to follow the correct upgrade sequence might result in component failure for which no recovery options exist. The affected System Center components are: